CI workflow (marko-js/marko)
The CI workflow from marko-js/marko, explained and optimized by Latchkey.
CI health: B - good
Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the CI workflow from the marko-js/marko repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: CI
on:
pull_request:
types: [opened, synchronize]
push:
branches: [main, v3, v4]
concurrency:
group: "${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Use node
uses: actions/setup-node@v6
with:
node-version: 26
cache: npm
- name: Install dependencies
run: npm ci
- name: Build
run: npm run @ci:build
- name: Lint Code
run: npm run @ci:lint
test:
runs-on: ubuntu-latest
name: "test: node@${{ matrix.node }}"
strategy:
fail-fast: false
matrix:
node: [22, 24, 26]
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Use node@${{ matrix.node }}
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node }}
cache: npm
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm run @ci:test
- name: Report code coverage
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
release:
runs-on: ubuntu-latest
needs: [build, test]
if: ${{ github.repository_owner == 'marko-js' && github.event_name == 'push' }}
permissions:
id-token: write
contents: write
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Setup node
uses: actions/setup-node@v6
with:
node-version: 26
cache: npm
- name: Install dependencies
run: npm ci
- name: Release
id: changesets
uses: changesets/action@v1
with:
version: npm run @ci:version
publish: npm run @ci:release
commit: "[ci] release"
title: "[ci] release"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: CI on: pull_request: types: [opened, synchronize] push: branches: [main, v3, v4] concurrency: group: "${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}" cancel-in-progress: true jobs: build: timeout-minutes: 30 runs-on: latchkey-small steps: - name: Checkout code uses: actions/checkout@v6 - name: Use node uses: actions/setup-node@v6 with: node-version: 26 cache: npm - name: Install dependencies run: npm ci - name: Build run: npm run @ci:build - name: Lint Code run: npm run @ci:lint test: timeout-minutes: 30 runs-on: latchkey-small name: "test: node@${{ matrix.node }}" strategy: fail-fast: false matrix: node: [22, 24, 26] steps: - name: Checkout code uses: actions/checkout@v6 - name: Use node@${{ matrix.node }} uses: actions/setup-node@v6 with: node-version: ${{ matrix.node }} cache: npm - name: Install dependencies run: npm ci - name: Run tests run: npm run @ci:test - name: Report code coverage uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} release: timeout-minutes: 30 runs-on: latchkey-small needs: [build, test] if: ${{ github.repository_owner == 'marko-js' && github.event_name == 'push' }} permissions: id-token: write contents: write pull-requests: write steps: - name: Checkout code uses: actions/checkout@v6 - name: Setup node uses: actions/setup-node@v6 with: node-version: 26 cache: npm - name: Install dependencies run: npm ci - name: Release id: changesets uses: changesets/action@v1 with: version: npm run @ci:version publish: npm run @ci:release commit: "[ci] release" title: "[ci] release" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 3 jobs (5 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.