SMB AdTech Platform CI workflow (haoyangfeng2024/smb-adtech-platform)
The SMB AdTech Platform CI workflow from haoyangfeng2024/smb-adtech-platform, explained and optimized by Latchkey.
CI health: F - at risk
Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the SMB AdTech Platform CI workflow from the haoyangfeng2024/smb-adtech-platform repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: SMB AdTech Platform CI
on:
push:
branches: [ main, master ]
pull_request:
branches: [ main, master ]
workflow_dispatch:
jobs:
# ─────────────────────────────────────────────
# Lint & Code Quality
# ─────────────────────────────────────────────
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install linting tools
run: |
pip install flake8 black isort
- name: Check Python syntax
run: flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- name: Check code formatting (Black)
run: black --check .
- name: Check import order (isort)
run: isort --check-only .
# ─────────────────────────────────────────────
# Security Scan
# ─────────────────────────────────────────────
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Check for security vulnerabilities (pip-audit)
run: pip install pip-audit && pip-audit
- name: Run Bandit security scan
run: pip install bandit && bandit -r ml/ api/ -f json
# ─────────────────────────────────────────────
# Tests
# ─────────────────────────────────────────────
test:
runs-on: ubuntu-latest
services:
redis:
image: redis:7-alpine
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install pytest pytest-asyncio pytest-cov
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Run tests with coverage
env:
REDIS_URL: redis://localhost:6379/0
DATABASE_URL: sqlite+aiosqlite:///./test.db
run: |
pytest tests/ -v --cov=. --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v3
# ─────────────────────────────────────────────
# Frontend Build
# ─────────────────────────────────────────────
frontend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install frontend dependencies
working-directory: ./frontend
run: npm ci
- name: Run frontend linter
working-directory: ./frontend
run: npm run lint || true
- name: Build frontend
working-directory: ./frontend
run: npm run build
# ─────────────────────────────────────────────
# Release (only on tags)
# ─────────────────────────────────────────────
release:
needs: [lint, security, test, frontend]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: SMB AdTech Platform CI on: push: branches: [ main, master ] pull_request: branches: [ main, master ] workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: # ───────────────────────────────────────────── # Lint & Code Quality # ───────────────────────────────────────────── lint: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Set up Python 3.12 uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install linting tools run: | pip install flake8 black isort - name: Check Python syntax run: flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - name: Check code formatting (Black) run: black --check . - name: Check import order (isort) run: isort --check-only . # ───────────────────────────────────────────── # Security Scan # ───────────────────────────────────────────── security: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.12" - name: Check for security vulnerabilities (pip-audit) run: pip install pip-audit && pip-audit - name: Run Bandit security scan run: pip install bandit && bandit -r ml/ api/ -f json # ───────────────────────────────────────────── # Tests # ───────────────────────────────────────────── test: timeout-minutes: 30 runs-on: latchkey-small services: redis: image: redis:7-alpine ports: - 6379:6379 steps: - uses: actions/checkout@v4 - name: Set up Python 3.12 uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install dependencies run: | python -m pip install --upgrade pip pip install pytest pytest-asyncio pytest-cov if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - name: Run tests with coverage env: REDIS_URL: redis://localhost:6379/0 DATABASE_URL: sqlite+aiosqlite:///./test.db run: | pytest tests/ -v --cov=. --cov-report=xml - name: Upload coverage uses: codecov/codecov-action@v3 # ───────────────────────────────────────────── # Frontend Build # ───────────────────────────────────────────── frontend: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: cache: 'npm' node-version: '20' - name: Install frontend dependencies working-directory: ./frontend run: npm ci - name: Run frontend linter working-directory: ./frontend run: npm run lint || true - name: Build frontend working-directory: ./frontend run: npm run build # ───────────────────────────────────────────── # Release (only on tags) # ───────────────────────────────────────────── release: timeout-minutes: 30 needs: [lint, security, test, frontend] if: startsWith(github.ref, 'refs/tags/') runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Create GitHub Release uses: softprops/action-gh-release@v1 with: tag_name: ${{ github.ref }} release_name: Release ${{ github.ref }} draft: false prerelease: false env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 5 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.