codejail-ci workflow (openedx/codejail)
The codejail-ci workflow from openedx/codejail, explained and optimized by Latchkey.
CI health: C - fair
Run this on Latchkey for self-healing, caching, and up to 58% lower cost.
Grade your own workflow free or run it on Latchkey →What it does
This is the codejail-ci workflow from the openedx/codejail repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: codejail-ci
on:
push:
branches:
- master
pull_request:
jobs:
codejail_ci:
name: tests
runs-on: ubuntu-${{ matrix.ubuntu_version }}
strategy:
fail-fast: false
matrix:
python_version: ['3.12']
ubuntu_version: ['22.04', '24.04']
tox_env: [ "django42", "django52"]
include:
- tox_env: quality
ubuntu_version: '24.04'
python_version: '3.12'
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Parse custom apparmor profile with ABI 3.0
run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox.bin.python-abi3
- name: Build latest code changes into CI image
run: |
docker build -t openedx-codejail \
--cache-to type=gha \
--cache-from type=gha \
--build-arg python_version=${{ matrix.python_version }} \
--build-arg ubuntu_version=${{ matrix.ubuntu_version }} .
- name: Run container with custom apparmor profile and codejail CI image
run: |
docker run --name=codejail --privileged -d --security-opt apparmor=openedx_codejail_sandbox \
openedx-codejail tail -f /dev/null
- name: Run Tests
run: docker exec -e TOXENV=${{ matrix.tox_env }} -t codejail bash -c 'tox'
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: codejail-ci on: push: branches: - master pull_request: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: codejail_ci: timeout-minutes: 30 name: tests runs-on: ubuntu-${{ matrix.ubuntu_version }} strategy: fail-fast: false matrix: python_version: ['3.12'] ubuntu_version: ['22.04', '24.04'] tox_env: [ "django42", "django52"] include: - tox_env: quality ubuntu_version: '24.04' python_version: '3.12' steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Parse custom apparmor profile with ABI 3.0 run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox.bin.python-abi3 - name: Build latest code changes into CI image run: | docker build -t openedx-codejail \ --cache-to type=gha \ --cache-from type=gha \ --build-arg python_version=${{ matrix.python_version }} \ --build-arg ubuntu_version=${{ matrix.ubuntu_version }} . - name: Run container with custom apparmor profile and codejail CI image run: | docker run --name=codejail --privileged -d --security-opt apparmor=openedx_codejail_sandbox \ openedx-codejail tail -f /dev/null - name: Run Tests run: docker exec -e TOXENV=${{ matrix.tox_env }} -t codejail bash -c 'tox'
What changed
- Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Container pulls and builds
This workflow runs 1 job (4 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.