Skip to content
Latchkey

CI workflow (less/less.js)

The CI workflow from less/less.js, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: less/less.js.github/workflows/ci.ymlLicense Apache-2.0View source

What it does

This is the CI workflow from the less/less.js repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
# Github actions workflow name

name: CI


# Triggers the workflow on push or pull request events

on:
  push:
    branches: [main, master]

  pull_request:
    branches: [main, master]


jobs:
  test:
    name: 'Tests on ${{matrix.os}} with Node "${{matrix.node}}"'

    strategy:
      fail-fast: false

      matrix:
        # Test all mainstream operating systems

        os: [ubuntu-latest, macos-latest, windows-latest]

        node: ['current']

        include:
          - os: ubuntu-latest

            node: 'lts/*'

          - os: ubuntu-latest

            node: 'lts/-1'

          - os: ubuntu-latest

            node: 'lts/-2'

          - os: ubuntu-latest

            node: 'lts/-3'


    runs-on: ${{ matrix.os }}

    # This has copy/paste steps and should be refactored using DRY

    steps:
      - uses: actions/checkout@v4

      - name: Install pnpm

        uses: pnpm/action-setup@v4

      - uses: actions/setup-node@v4

        with:
          node-version: ${{ matrix.node }}

          cache: 'pnpm'

      - name: Install dependencies

        run: pnpm install --frozen-lockfile --ignore-scripts

      - name: Print put node & npm version

        run: node --version && pnpm --version

      - name: Run node tests (ESM + CJS)

        run: pnpm run test:node


  copilot-review:
    name: Request Copilot review

    runs-on: ubuntu-latest

    continue-on-error: true

    if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')

    permissions:
      pull-requests: write

    steps:
      - name: Request Copilot review

        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

        run: |

          gh api \

            --method POST \

            -H "Accept: application/vnd.github+json" \

            /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \

            -f "reviewers[]=copilot-pull-request-reviewer" \

          || echo "::warning::Could not request Copilot review (the token may lack pull-requests: write access, or Copilot PR reviews may not be enabled for this repository)"

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

# Github actions workflow name

name: CI



# Triggers the workflow on push or pull request events

on:

  push:

    branches: [main, master]

  pull_request:

    branches: [main, master]



concurrency:

  group: ${{ github.workflow }}-${{ github.ref }}

  cancel-in-progress: true



jobs:

  test:

    timeout-minutes: 30

    name: 'Tests on ${{matrix.os}} with Node "${{matrix.node}}"'

    strategy:

      fail-fast: false

      matrix:

        # Test all mainstream operating systems

        os: [ubuntu-latest, macos-latest, windows-latest]

        node: ['current']

        include:

          - os: ubuntu-latest

            node: 'lts/*'

          - os: ubuntu-latest

            node: 'lts/-1'

          - os: ubuntu-latest

            node: 'lts/-2'

          - os: ubuntu-latest

            node: 'lts/-3'



    runs-on: ${{ matrix.os }}

    # This has copy/paste steps and should be refactored using DRY

    steps:

      - uses: actions/checkout@v4

      - name: Install pnpm

        uses: pnpm/action-setup@v4

      - uses: actions/setup-node@v4

        with:

          node-version: ${{ matrix.node }}

          cache: 'pnpm'

      - name: Install dependencies

        run: pnpm install --frozen-lockfile --ignore-scripts

      - name: Print put node & npm version

        run: node --version && pnpm --version

      - name: Run node tests (ESM + CJS)

        run: pnpm run test:node



  copilot-review:

    timeout-minutes: 30

    name: Request Copilot review

    runs-on: latchkey-small

    continue-on-error: true

    if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')

    permissions:

      pull-requests: write

    steps:

      - name: Request Copilot review

        env:

          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

        run: |

          gh api \

            --method POST \

            -H "Accept: application/vnd.github+json" \

            /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \

            -f "reviewers[]=copilot-pull-request-reviewer" \

          || echo "::warning::Could not request Copilot review (the token may lack pull-requests: write access, or Copilot PR reviews may not be enabled for this repository)"

 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs (4 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow