Pull request workflow workflow (ipfs/awesome-ipfs)
The Pull request workflow workflow from ipfs/awesome-ipfs, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get caching, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Pull request workflow workflow from the ipfs/awesome-ipfs repository, a real project running GitHub Actions. It is shown here with attribution under its CC0-1.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Pull request workflow
on:
pull_request_target:
types: [ opened, synchronize, reopened ]
branches: [ master, main ]
jobs:
run-awesome-bot:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[skip ci]')"
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 13
- name: Set up Ruby 3.1.2
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1.2
- name: Install and run awesome_bot
# It's okay for awesome_bot to fail (for maintainers only). Danger will post a comment on the PR (for maintainers only) if it fails.
run: |
gem install awesome_bot
# Only fail the pull request if $DANGER_GITHUB_API_TOKEN is empty
awesome_bot --allow 429 --allow-redirect --allow-dupe --allow-ssl -w ipfs.io README.md || [ -n $DANGER_GITHUB_API_TOKEN ]
env:
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
- name: Run danger
if: always()
# see https://github.com/danger/danger/issues/1103
# see https://github.com/danger/danger/blob/master/.github/workflows/CI.yml#L38-L41
run: |
TOKEN='7469b4e94ce21b43e3ab7a'
TOKEN+='79960c12a1e067f2ec'
SECRET_TOKEN="${DANGER_GITHUB_API_TOKEN:-$GITHUB_TOKEN}"
DANGER_GITHUB_API_TOKEN=${SECRET_TOKEN:-$TOKEN} RUNNING_IN_ACTIONS=true npm run ci:danger || echo "Skipping Danger for External Contributor"
env:
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Pull request workflow on: pull_request_target: types: [ opened, synchronize, reopened ] branches: [ master, main ] jobs: run-awesome-bot: timeout-minutes: 30 runs-on: latchkey-small if: "!contains(github.event.head_commit.message, '[skip ci]')" steps: - name: Checkout uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v3 with: cache: 'npm' node-version: 13 - name: Set up Ruby 3.1.2 uses: ruby/setup-ruby@v1 with: ruby-version: 3.1.2 - name: Install and run awesome_bot # It's okay for awesome_bot to fail (for maintainers only). Danger will post a comment on the PR (for maintainers only) if it fails. run: | gem install awesome_bot # Only fail the pull request if $DANGER_GITHUB_API_TOKEN is empty awesome_bot --allow 429 --allow-redirect --allow-dupe --allow-ssl -w ipfs.io README.md || [ -n $DANGER_GITHUB_API_TOKEN ] env: DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} - name: Run danger if: always() # see https://github.com/danger/danger/issues/1103 # see https://github.com/danger/danger/blob/master/.github/workflows/CI.yml#L38-L41 run: | TOKEN='7469b4e94ce21b43e3ab7a' TOKEN+='79960c12a1e067f2ec' SECRET_TOKEN="${DANGER_GITHUB_API_TOKEN:-$GITHUB_TOKEN}" DANGER_GITHUB_API_TOKEN=${SECRET_TOKEN:-$TOKEN} RUNNING_IN_ACTIONS=true npm run ci:danger || echo "Skipping Danger for External Contributor" env: DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.