CI workflow (fuzzylabs/sre-agent)
The CI workflow from fuzzylabs/sre-agent, explained and optimized by Latchkey.
CI health: D - needs work
Point runs-on at Latchkey and get caching, run de-duplication, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the CI workflow from the fuzzylabs/sre-agent repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: CI
on:
workflow_dispatch:
pull_request:
branches:
- main
- develop
- "feature/*"
- "hotfix/*"
- "release/*"
- "fixes/*"
push:
branches:
- main
- develop
jobs:
pre-commit:
name: Pre-commit Hooks CI
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v6
- name: "Set up Python"
uses: actions/setup-python@v6
with:
python-version-file: "pyproject.toml"
- name: Install uv
uses: astral-sh/setup-uv@v7
with:
version: "0.10.9"
- name: Install the project
run: uv sync --locked --all-extras --dev
- name: Run Pre-commit
run: |
uv run pre-commit run --show-diff-on-failure --color=always --all-files
unit_tests:
name: Unit Tests
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v6
- name: "Set up Python"
uses: actions/setup-python@v6
with:
python-version-file: "pyproject.toml"
- name: Install uv
uses: astral-sh/setup-uv@v7
with:
version: "0.10.9"
- name: Install the project
run: uv sync --locked --all-extras --dev
- name: Run Tests
run: |
uv run pytest tests
# Llama firewall is not yet supported
# security_tests:
# name: Security Tests
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v3
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
# - name: Set up Docker Compose
# run: |
# sudo curl -L "https://github.com/docker/compose/releases/download/v2.24.5/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose
# sudo chmod +x /usr/local/bin/docker-compose
# - name: Deploy Agent
# run: HF_TOKEN=${{ secrets.HF_TOKEN }} docker compose -f compose.tests.yaml up -d --build
# - name: Setup Python
# uses: actions/setup-python@v4
# with:
# python-version: 3.12
# - name: Install the latest version of uv
# uses: astral-sh/setup-uv@v5
# with:
# enable-cache: true
# cache-dependency-glob: ".pre-commit-config.yaml"
# - name: Install dependencies
# run: |
# uv sync --group ci
# alias pip="uv pip" # T
# - name: Run Security Tests
# run: |
# uv run pytest tests/security_tests
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: CI on: workflow_dispatch: pull_request: branches: - main - develop - "feature/*" - "hotfix/*" - "release/*" - "fixes/*" push: branches: - main - develop concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: pre-commit: name: Pre-commit Hooks CI runs-on: latchkey-small timeout-minutes: 10 steps: - uses: actions/checkout@v6 - name: "Set up Python" uses: actions/setup-python@v6 with: cache: 'pip' python-version-file: "pyproject.toml" - name: Install uv uses: astral-sh/setup-uv@v7 with: version: "0.10.9" - name: Install the project run: uv sync --locked --all-extras --dev - name: Run Pre-commit run: | uv run pre-commit run --show-diff-on-failure --color=always --all-files unit_tests: name: Unit Tests runs-on: latchkey-small timeout-minutes: 10 steps: - uses: actions/checkout@v6 - name: "Set up Python" uses: actions/setup-python@v6 with: cache: 'pip' python-version-file: "pyproject.toml" - name: Install uv uses: astral-sh/setup-uv@v7 with: version: "0.10.9" - name: Install the project run: uv sync --locked --all-extras --dev - name: Run Tests run: | uv run pytest tests # Llama firewall is not yet supported # security_tests: # name: Security Tests # runs-on: latchkey-small # steps: # - name: Checkout # uses: actions/checkout@v3 # - name: Set up Docker Buildx # uses: docker/setup-buildx-action@v3 # - name: Set up Docker Compose # run: | # sudo curl -L "https://github.com/docker/compose/releases/download/v2.24.5/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose # sudo chmod +x /usr/local/bin/docker-compose # - name: Deploy Agent # run: HF_TOKEN=${{ secrets.HF_TOKEN }} docker compose -f compose.tests.yaml up -d --build # - name: Setup Python # uses: actions/setup-python@v4 with: cache: 'pip' # with: # python-version: 3.12 # - name: Install the latest version of uv # uses: astral-sh/setup-uv@v5 # with: # enable-cache: true # cache-dependency-glob: ".pre-commit-config.yaml" # - name: Install dependencies # run: | # uv sync --group ci # alias pip="uv pip" # T # - name: Run Security Tests # run: | # uv run pytest tests/security_tests
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Container pulls and builds
- Network fetches
This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.