Skip to content
Latchkey

codejail-ci workflow (openedx/codejail)

The codejail-ci workflow from openedx/codejail, explained and optimized by Latchkey.

C

CI health: C - fair

Run this on Latchkey for self-healing, caching, and up to 58% lower cost.

Grade your own workflow free or run it on Latchkey →
Source: openedx/codejail.github/workflows/ci.ymlLicense Apache-2.0View source

What it does

This is the codejail-ci workflow from the openedx/codejail repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: codejail-ci
on:
  push:
    branches:
      - master
  pull_request:

jobs:
  codejail_ci:
    name: tests
    runs-on: ubuntu-${{ matrix.ubuntu_version }}
    strategy:
      fail-fast: false
      matrix:
        python_version: ['3.12']
        ubuntu_version: ['22.04', '24.04']
        tox_env: [ "django42", "django52"]
        include:
          - tox_env: quality
            ubuntu_version: '24.04'
            python_version: '3.12'

    steps:
      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      - name: Parse custom apparmor profile with ABI 3.0
        run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox.bin.python-abi3

      - name: Build latest code changes into CI image
        run: |
          docker build -t openedx-codejail \
            --cache-to type=gha \
            --cache-from type=gha \
            --build-arg python_version=${{ matrix.python_version }} \
            --build-arg ubuntu_version=${{ matrix.ubuntu_version }} .

      - name: Run container with custom apparmor profile and codejail CI image
        run: |
          docker run --name=codejail --privileged -d --security-opt apparmor=openedx_codejail_sandbox \
            openedx-codejail tail -f /dev/null

      - name: Run Tests
        run: docker exec -e TOXENV=${{ matrix.tox_env }} -t codejail bash -c 'tox'

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: codejail-ci
on:
  push:
    branches:
      - master
  pull_request:
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  codejail_ci:
    timeout-minutes: 30
    name: tests
    runs-on: ubuntu-${{ matrix.ubuntu_version }}
    strategy:
      fail-fast: false
      matrix:
        python_version: ['3.12']
        ubuntu_version: ['22.04', '24.04']
        tox_env: [ "django42", "django52"]
        include:
          - tox_env: quality
            ubuntu_version: '24.04'
            python_version: '3.12'
 
    steps:
      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      - name: Parse custom apparmor profile with ABI 3.0
        run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox.bin.python-abi3
 
      - name: Build latest code changes into CI image
        run: |
          docker build -t openedx-codejail \
            --cache-to type=gha \
            --cache-from type=gha \
            --build-arg python_version=${{ matrix.python_version }} \
            --build-arg ubuntu_version=${{ matrix.ubuntu_version }} .
 
      - name: Run container with custom apparmor profile and codejail CI image
        run: |
          docker run --name=codejail --privileged -d --security-opt apparmor=openedx_codejail_sandbox \
            openedx-codejail tail -f /dev/null
 
      - name: Run Tests
        run: docker exec -e TOXENV=${{ matrix.tox_env }} -t codejail bash -c 'tox'
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job (4 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow