Skip to content
Latchkey

Integrate workflow (LukasNiessen/ArchUnitPython)

The Integrate workflow from LukasNiessen/ArchUnitPython, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: LukasNiessen/ArchUnitPython.github/workflows/integrate.yamlLicense MITView source

What it does

This is the Integrate workflow from the LukasNiessen/ArchUnitPython repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Integrate
on:
    - push
    - pull_request
concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true
jobs:
    integrate:
        runs-on: ubuntu-latest
        strategy:
            matrix:
                python-version: ["3.10", "3.11", "3.12", "3.13"]
        steps:
            - uses: actions/checkout@v6
            - name: Set up Python ${{ matrix.python-version }}
              uses: actions/setup-python@v6
              with:
                  python-version: ${{ matrix.python-version }}
            - name: Cache pip
              uses: actions/cache@v5
              with:
                  path: ~/.cache/pip
                  key: pip-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml') }}
                  restore-keys: |
                      pip-${{ runner.os }}-${{ matrix.python-version }}-
            - name: Install dependencies
              run: pip install -e ".[dev]"
            - name: Check release metadata
              run: python scripts/check_release_metadata.py
            - name: Lint
              run: ruff check src/ scripts/
            - name: Type check
              run: mypy src/archunitpython/ --ignore-missing-imports
            - name: Test
              run: pytest --tb=short -q
            - name: Build package
              run: python -m build

    publish:
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        needs: integrate
        runs-on: ubuntu-latest
        permissions:
            contents: write
            issues: write
            pull-requests: write
            id-token: write
        steps:
            - uses: actions/checkout@v6
              with:
                  fetch-depth: 0
                  token: ${{ secrets.GITHUB_TOKEN }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: 22
            - name: Set up Python
              uses: actions/setup-python@v6
              with:
                  python-version: "3.12"
            - name: Install semantic-release plugins
              run: npm install -g semantic-release @semantic-release/changelog @semantic-release/git @semantic-release/exec @semantic-release/github
            - name: Semantic Release
              id: release
              run: npx semantic-release
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
            # After semantic-release: re-read the (potentially bumped) pyproject.toml,
            # build, and publish to PyPI
            - name: Pull latest (version-bumped) commit
              run: git pull --ff-only origin main || true
            - name: Install build tools
              run: pip install build twine
            - name: Build package
              run: python -m build
            - name: Publish to PyPI
              env:
                  TWINE_USERNAME: __token__
                  TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
              run: twine upload dist/* --skip-existing

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Integrate
on:
    - push
    - pull_request
concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true
jobs:
    integrate:
        timeout-minutes: 30
        runs-on: latchkey-small
        strategy:
            matrix:
                python-version: ["3.10", "3.11", "3.12", "3.13"]
        steps:
            - uses: actions/checkout@v6
            - name: Set up Python ${{ matrix.python-version }}
              uses: actions/setup-python@v6
              with:
                  python-version: ${{ matrix.python-version }}
            - name: Cache pip
              uses: actions/cache@v5
              with:
                  path: ~/.cache/pip
                  key: pip-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml') }}
                  restore-keys: |
                      pip-${{ runner.os }}-${{ matrix.python-version }}-
            - name: Install dependencies
              run: pip install -e ".[dev]"
            - name: Check release metadata
              run: python scripts/check_release_metadata.py
            - name: Lint
              run: ruff check src/ scripts/
            - name: Type check
              run: mypy src/archunitpython/ --ignore-missing-imports
            - name: Test
              run: pytest --tb=short -q
            - name: Build package
              run: python -m build
 
    publish:
        timeout-minutes: 30
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        needs: integrate
        runs-on: latchkey-small
        permissions:
            contents: write
            issues: write
            pull-requests: write
            id-token: write
        steps:
            - uses: actions/checkout@v6
              with:
                  fetch-depth: 0
                  token: ${{ secrets.GITHUB_TOKEN }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  cache: 'npm'
                  node-version: 22
            - name: Set up Python
              uses: actions/setup-python@v6
              with:
                  python-version: "3.12"
            - name: Install semantic-release plugins
              run: npm install -g semantic-release @semantic-release/changelog @semantic-release/git @semantic-release/exec @semantic-release/github
            - name: Semantic Release
              id: release
              run: npx semantic-release
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
            # After semantic-release: re-read the (potentially bumped) pyproject.toml,
            # build, and publish to PyPI
            - name: Pull latest (version-bumped) commit
              run: git pull --ff-only origin main || true
            - name: Install build tools
              run: pip install build twine
            - name: Build package
              run: python -m build
            - name: Publish to PyPI
              env:
                  TWINE_USERNAME: __token__
                  TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
              run: twine upload dist/* --skip-existing
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs (5 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow