Skip to content
Latchkey

kunlun-ci-scan workflow (LoRexxar/Kunlun-M)

The kunlun-ci-scan workflow from LoRexxar/Kunlun-M, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: LoRexxar/Kunlun-M.github/workflows/kunlun-scan.ymlLicense MITView source

What it does

This is the kunlun-ci-scan workflow from the LoRexxar/Kunlun-M repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: kunlun-ci-scan

on:
  push:
  pull_request:
  workflow_dispatch:

jobs:
  scan:
    runs-on: ubuntu-latest
    env:
      KUNLUN_INCLUDE_UNCONFIRM: "0"
      KUNLUN_WITH_VENDOR: "0"
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install system dependencies
        run: sudo apt-get update -qq && sudo apt-get install -y default-libmysqlclient-dev build-essential pkg-config
      - name: Install dependencies
        run: python -m pip install -r requirements.txt
      - name: Debug Go scan
        run: |
          echo "=== Git info ==="
          git log --oneline -3
          echo "=== Test Go scan_parser directly ==="
          python -c "
          import os, sys, django
          os.environ['DJANGO_SETTINGS_MODULE'] = 'Kunlun_M.settings_ci'
          sys.path.insert(0, '.')
          django.setup()
          from core.core_engine.go.parser import scan_parser as go_scan_parser, _HAS_TREE_SITTER, _parse_go_ast
          print('_HAS_TREE_SITTER:', _HAS_TREE_SITTER)
          tree = _parse_go_ast(os.path.abspath('ci_target/cmd_inject.go'))
          print('AST tree:', 'OK' if tree else 'None')
          result = go_scan_parser(['exec.Command'], 11, os.path.abspath('ci_target/cmd_inject.go'), svid=8001)
          print('scan_parser result:', result)
          "
      - name: Run KunLun CI scan
        run: python tools/ci_scan.py --target ci_target --output artifacts/kunlun-ci.json
      - name: Upload report artifact
        uses: actions/upload-artifact@v4
        with:
          name: kunlun-ci-report
          path: artifacts/kunlun-ci.json

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: kunlun-ci-scan
 
on:
  push:
  pull_request:
  workflow_dispatch:
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  scan:
    timeout-minutes: 30
    runs-on: latchkey-small
    env:
      KUNLUN_INCLUDE_UNCONFIRM: "0"
      KUNLUN_WITH_VENDOR: "0"
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          cache: 'pip'
          python-version: "3.11"
      - name: Install system dependencies
        run: sudo apt-get update -qq && sudo apt-get install -y default-libmysqlclient-dev build-essential pkg-config
      - name: Install dependencies
        run: python -m pip install -r requirements.txt
      - name: Debug Go scan
        run: |
          echo "=== Git info ==="
          git log --oneline -3
          echo "=== Test Go scan_parser directly ==="
          python -c "
          import os, sys, django
          os.environ['DJANGO_SETTINGS_MODULE'] = 'Kunlun_M.settings_ci'
          sys.path.insert(0, '.')
          django.setup()
          from core.core_engine.go.parser import scan_parser as go_scan_parser, _HAS_TREE_SITTER, _parse_go_ast
          print('_HAS_TREE_SITTER:', _HAS_TREE_SITTER)
          tree = _parse_go_ast(os.path.abspath('ci_target/cmd_inject.go'))
          print('AST tree:', 'OK' if tree else 'None')
          result = go_scan_parser(['exec.Command'], 11, os.path.abspath('ci_target/cmd_inject.go'), svid=8001)
          print('scan_parser result:', result)
          "
      - name: Run KunLun CI scan
        run: python tools/ci_scan.py --target ci_target --output artifacts/kunlun-ci.json
      - name: Upload report artifact
        uses: actions/upload-artifact@v4
        with:
          name: kunlun-ci-report
          path: artifacts/kunlun-ci.json
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow