Repo Checks workflow (PatrickJS/awesome-cursorrules)
The Repo Checks workflow from PatrickJS/awesome-cursorrules, explained and optimized by Latchkey.
CI health: D - needs work
Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Repo Checks workflow from the PatrickJS/awesome-cursorrules repository, a real project running GitHub Actions. It is shown here with attribution under its CC0-1.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Repo Checks
on:
pull_request_target:
branches: [main]
types: [opened, synchronize, reopened]
pull_request:
branches: [main]
push:
branches: [main]
permissions:
contents: read
jobs:
pull-request-trust:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request_target'
steps:
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Checkout trusted base checks
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: ${{ github.event.pull_request.base.ref }}
path: .trusted-base
fetch-depth: 0
persist-credentials: false
- name: Check PR author account age
env:
GITHUB_TOKEN: ${{ github.token }}
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
PR_AUTHOR_MINIMUM_AGE_DAYS: ${{ vars.PR_AUTHOR_MINIMUM_AGE_DAYS || '30' }}
PR_AUTHOR_AGE_ALLOWLIST: ${{ vars.PR_AUTHOR_AGE_ALLOWLIST || 'PatrickJS,dependabot[bot],Copilot' }}
run: |
node .trusted-base/scripts/check-pr-author.mjs \
--username "$PR_AUTHOR" \
--minimum-age-days "$PR_AUTHOR_MINIMUM_AGE_DAYS" \
--allowlist "$PR_AUTHOR_AGE_ALLOWLIST"
readme-hygiene:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request_target' || github.event_name == 'push'
steps:
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Checkout trusted base checks
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: ${{ github.event.pull_request.base.ref }}
path: .trusted-base
fetch-depth: 0
persist-credentials: false
- name: Checkout pull request content
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.sha }}
path: pr
fetch-depth: 0
persist-credentials: false
- name: Determine pull request changed files
if: github.event_name == 'pull_request_target'
shell: bash
env:
BASE_REF: ${{ github.event.pull_request.base.ref }}
run: |
git -C pr remote add trusted-base "$GITHUB_SERVER_URL/${{ github.repository }}.git"
git -C pr fetch --no-tags trusted-base "$BASE_REF"
base="$(git -C pr rev-parse FETCH_HEAD)"
git -C pr diff --name-only "$base"...HEAD > pr/.changed-files
git -C pr diff --unified=0 "$base"...HEAD -- README.md > pr/.readme.diff || true
- name: Run trusted README hygiene checks
if: github.event_name == 'pull_request_target'
run: node .trusted-base/scripts/check-readme-hygiene.mjs --root "$GITHUB_WORKSPACE/pr" --changed-files .changed-files --diff-file .readme.diff
- name: Checkout push content
if: github.event_name == 'push'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Determine push changed files
if: github.event_name == 'push'
shell: bash
run: |
if [[ -n "${{ github.event.before }}" && "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then
base="${{ github.event.before }}"
else
base="$(git rev-list --max-parents=0 HEAD)"
fi
git diff --name-only "$base"...HEAD > .changed-files
git diff --unified=0 "$base"...HEAD -- README.md > .readme.diff || true
- name: Run README hygiene checks
if: github.event_name == 'push'
run: node scripts/check-readme-hygiene.mjs --changed-files .changed-files --diff-file .readme.diff
rule-hygiene:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request_target' || github.event_name == 'push'
steps:
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Checkout trusted base checks
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: ${{ github.event.pull_request.base.ref }}
path: .trusted-base
fetch-depth: 0
persist-credentials: false
- name: Checkout pull request content
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.sha }}
path: pr
fetch-depth: 0
persist-credentials: false
- name: Determine pull request changed files
if: github.event_name == 'pull_request_target'
shell: bash
env:
BASE_REF: ${{ github.event.pull_request.base.ref }}
run: |
git -C pr remote add trusted-base "$GITHUB_SERVER_URL/${{ github.repository }}.git"
git -C pr fetch --no-tags trusted-base "$BASE_REF"
base="$(git -C pr rev-parse FETCH_HEAD)"
git -C pr diff --name-only "$base"...HEAD > pr/.changed-files
- name: Run trusted rule hygiene checks
if: github.event_name == 'pull_request_target'
run: node .trusted-base/scripts/check-rule-hygiene.mjs --root "$GITHUB_WORKSPACE/pr" --changed-files .changed-files
- name: Checkout push content
if: github.event_name == 'push'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Determine push changed files
if: github.event_name == 'push'
shell: bash
run: |
if [[ -n "${{ github.event.before }}" && "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then
base="${{ github.event.before }}"
else
base="$(git rev-list --max-parents=0 HEAD)"
fi
git diff --name-only "$base"...HEAD > .changed-files
- name: Run rule hygiene checks
if: github.event_name == 'push'
run: node scripts/check-rule-hygiene.mjs --changed-files .changed-files
issue-template-policy:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request_target' || github.event_name == 'push'
steps:
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Checkout trusted base checks
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: ${{ github.event.pull_request.base.ref }}
path: .trusted-base
fetch-depth: 0
persist-credentials: false
- name: Checkout pull request content
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.sha }}
path: pr
fetch-depth: 0
persist-credentials: false
- name: Run trusted issue template policy checks
if: github.event_name == 'pull_request_target'
run: node .trusted-base/scripts/check-issue-template-policy.mjs --root "$GITHUB_WORKSPACE/pr"
- name: Checkout push content
if: github.event_name == 'push'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Run issue template policy checks
if: github.event_name == 'push'
run: node scripts/check-issue-template-policy.mjs
repo-security:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request_target' || github.event_name == 'push'
steps:
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Checkout trusted base checks
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: ${{ github.event.pull_request.base.ref }}
path: .trusted-base
fetch-depth: 0
persist-credentials: false
- name: Checkout pull request content
if: github.event_name == 'pull_request_target'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.sha }}
path: pr
fetch-depth: 0
persist-credentials: false
- name: Determine pull request changed files
if: github.event_name == 'pull_request_target'
shell: bash
env:
BASE_REF: ${{ github.event.pull_request.base.ref }}
run: |
git -C pr remote add trusted-base "$GITHUB_SERVER_URL/${{ github.repository }}.git"
git -C pr fetch --no-tags trusted-base "$BASE_REF"
base="$(git -C pr rev-parse FETCH_HEAD)"
git -C pr diff --name-only "$base"...HEAD > pr/.changed-files
- name: Run trusted repo security checks
if: github.event_name == 'pull_request_target'
run: node .trusted-base/scripts/check-repo-security.mjs --root "$GITHUB_WORKSPACE/pr" --changed-files .changed-files
- name: Checkout push content
if: github.event_name == 'push'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Determine push changed files
if: github.event_name == 'push'
shell: bash
run: |
if [[ -n "${{ github.event.before }}" && "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then
base="${{ github.event.before }}"
else
base="$(git rev-list --max-parents=0 HEAD)"
fi
git diff --name-only "$base"...HEAD > .changed-files
- name: Run repo security checks
if: github.event_name == 'push'
run: node scripts/check-repo-security.mjs --changed-files .changed-files
test:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' || github.event_name == 'push'
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 1
persist-credentials: false
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Enable pnpm
run: |
corepack enable
corepack prepare pnpm@10.20.0 --activate
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run tests
run: pnpm test
awesome-lint:
name: awesome-lint
runs-on: ubuntu-latest
if: github.event_name != 'pull_request_target'
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 1
persist-credentials: false
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20
- name: Enable pnpm
run: |
corepack enable
corepack prepare pnpm@10.20.0 --activate
- name: Checkout trusted base checks
if: github.event_name == 'pull_request'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: ${{ github.event.pull_request.base.sha }}
path: .trusted-base
fetch-depth: 1
persist-credentials: false
- name: Run trusted awesome-list checks
if: github.event_name == 'pull_request'
run: |
node .trusted-base/scripts/check-awesome-list.mjs --root "$GITHUB_WORKSPACE"
(cd .trusted-base && pnpm dlx awesome-lint@2.3.0 "$GITHUB_WORKSPACE/README.md")
- name: Install dependencies
if: github.event_name != 'pull_request'
run: pnpm install --frozen-lockfile
- name: Run awesome-list checks
if: github.event_name != 'pull_request'
run: |
pnpm run check:awesome-list
pnpm run check:awesome-list:upstream
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Repo Checks on: pull_request_target: branches: [main] types: [opened, synchronize, reopened] pull_request: branches: [main] push: branches: [main] permissions: contents: read concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: pull-request-trust: timeout-minutes: 30 runs-on: latchkey-small if: github.event_name == 'pull_request_target' steps: - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Checkout trusted base checks uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.ref }} path: .trusted-base fetch-depth: 0 persist-credentials: false - name: Check PR author account age env: GITHUB_TOKEN: ${{ github.token }} PR_AUTHOR: ${{ github.event.pull_request.user.login }} PR_AUTHOR_MINIMUM_AGE_DAYS: ${{ vars.PR_AUTHOR_MINIMUM_AGE_DAYS || '30' }} PR_AUTHOR_AGE_ALLOWLIST: ${{ vars.PR_AUTHOR_AGE_ALLOWLIST || 'PatrickJS,dependabot[bot],Copilot' }} run: | node .trusted-base/scripts/check-pr-author.mjs \ --username "$PR_AUTHOR" \ --minimum-age-days "$PR_AUTHOR_MINIMUM_AGE_DAYS" \ --allowlist "$PR_AUTHOR_AGE_ALLOWLIST" readme-hygiene: timeout-minutes: 30 runs-on: latchkey-small if: github.event_name == 'pull_request_target' || github.event_name == 'push' steps: - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Checkout trusted base checks if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.ref }} path: .trusted-base fetch-depth: 0 persist-credentials: false - name: Checkout pull request content if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.sha }} path: pr fetch-depth: 0 persist-credentials: false - name: Determine pull request changed files if: github.event_name == 'pull_request_target' shell: bash env: BASE_REF: ${{ github.event.pull_request.base.ref }} run: | git -C pr remote add trusted-base "$GITHUB_SERVER_URL/${{ github.repository }}.git" git -C pr fetch --no-tags trusted-base "$BASE_REF" base="$(git -C pr rev-parse FETCH_HEAD)" git -C pr diff --name-only "$base"...HEAD > pr/.changed-files git -C pr diff --unified=0 "$base"...HEAD -- README.md > pr/.readme.diff || true - name: Run trusted README hygiene checks if: github.event_name == 'pull_request_target' run: node .trusted-base/scripts/check-readme-hygiene.mjs --root "$GITHUB_WORKSPACE/pr" --changed-files .changed-files --diff-file .readme.diff - name: Checkout push content if: github.event_name == 'push' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 persist-credentials: false - name: Determine push changed files if: github.event_name == 'push' shell: bash run: | if [[ -n "${{ github.event.before }}" && "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then base="${{ github.event.before }}" else base="$(git rev-list --max-parents=0 HEAD)" fi git diff --name-only "$base"...HEAD > .changed-files git diff --unified=0 "$base"...HEAD -- README.md > .readme.diff || true - name: Run README hygiene checks if: github.event_name == 'push' run: node scripts/check-readme-hygiene.mjs --changed-files .changed-files --diff-file .readme.diff rule-hygiene: timeout-minutes: 30 runs-on: latchkey-small if: github.event_name == 'pull_request_target' || github.event_name == 'push' steps: - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Checkout trusted base checks if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.ref }} path: .trusted-base fetch-depth: 0 persist-credentials: false - name: Checkout pull request content if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.sha }} path: pr fetch-depth: 0 persist-credentials: false - name: Determine pull request changed files if: github.event_name == 'pull_request_target' shell: bash env: BASE_REF: ${{ github.event.pull_request.base.ref }} run: | git -C pr remote add trusted-base "$GITHUB_SERVER_URL/${{ github.repository }}.git" git -C pr fetch --no-tags trusted-base "$BASE_REF" base="$(git -C pr rev-parse FETCH_HEAD)" git -C pr diff --name-only "$base"...HEAD > pr/.changed-files - name: Run trusted rule hygiene checks if: github.event_name == 'pull_request_target' run: node .trusted-base/scripts/check-rule-hygiene.mjs --root "$GITHUB_WORKSPACE/pr" --changed-files .changed-files - name: Checkout push content if: github.event_name == 'push' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 persist-credentials: false - name: Determine push changed files if: github.event_name == 'push' shell: bash run: | if [[ -n "${{ github.event.before }}" && "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then base="${{ github.event.before }}" else base="$(git rev-list --max-parents=0 HEAD)" fi git diff --name-only "$base"...HEAD > .changed-files - name: Run rule hygiene checks if: github.event_name == 'push' run: node scripts/check-rule-hygiene.mjs --changed-files .changed-files issue-template-policy: timeout-minutes: 30 runs-on: latchkey-small if: github.event_name == 'pull_request_target' || github.event_name == 'push' steps: - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Checkout trusted base checks if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.ref }} path: .trusted-base fetch-depth: 0 persist-credentials: false - name: Checkout pull request content if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.sha }} path: pr fetch-depth: 0 persist-credentials: false - name: Run trusted issue template policy checks if: github.event_name == 'pull_request_target' run: node .trusted-base/scripts/check-issue-template-policy.mjs --root "$GITHUB_WORKSPACE/pr" - name: Checkout push content if: github.event_name == 'push' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 persist-credentials: false - name: Run issue template policy checks if: github.event_name == 'push' run: node scripts/check-issue-template-policy.mjs repo-security: timeout-minutes: 30 runs-on: latchkey-small if: github.event_name == 'pull_request_target' || github.event_name == 'push' steps: - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Checkout trusted base checks if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.ref }} path: .trusted-base fetch-depth: 0 persist-credentials: false - name: Checkout pull request content if: github.event_name == 'pull_request_target' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.sha }} path: pr fetch-depth: 0 persist-credentials: false - name: Determine pull request changed files if: github.event_name == 'pull_request_target' shell: bash env: BASE_REF: ${{ github.event.pull_request.base.ref }} run: | git -C pr remote add trusted-base "$GITHUB_SERVER_URL/${{ github.repository }}.git" git -C pr fetch --no-tags trusted-base "$BASE_REF" base="$(git -C pr rev-parse FETCH_HEAD)" git -C pr diff --name-only "$base"...HEAD > pr/.changed-files - name: Run trusted repo security checks if: github.event_name == 'pull_request_target' run: node .trusted-base/scripts/check-repo-security.mjs --root "$GITHUB_WORKSPACE/pr" --changed-files .changed-files - name: Checkout push content if: github.event_name == 'push' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 persist-credentials: false - name: Determine push changed files if: github.event_name == 'push' shell: bash run: | if [[ -n "${{ github.event.before }}" && "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then base="${{ github.event.before }}" else base="$(git rev-list --max-parents=0 HEAD)" fi git diff --name-only "$base"...HEAD > .changed-files - name: Run repo security checks if: github.event_name == 'push' run: node scripts/check-repo-security.mjs --changed-files .changed-files test: timeout-minutes: 30 runs-on: latchkey-small if: github.event_name == 'pull_request' || github.event_name == 'push' steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 1 persist-credentials: false - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Enable pnpm run: | corepack enable corepack prepare pnpm@10.20.0 --activate - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run tests run: pnpm test awesome-lint: timeout-minutes: 30 name: awesome-lint runs-on: latchkey-small if: github.event_name != 'pull_request_target' steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 1 persist-credentials: false - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: cache: 'npm' node-version: 20 - name: Enable pnpm run: | corepack enable corepack prepare pnpm@10.20.0 --activate - name: Checkout trusted base checks if: github.event_name == 'pull_request' uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.sha }} path: .trusted-base fetch-depth: 1 persist-credentials: false - name: Run trusted awesome-list checks if: github.event_name == 'pull_request' run: | node .trusted-base/scripts/check-awesome-list.mjs --root "$GITHUB_WORKSPACE" (cd .trusted-base && pnpm dlx awesome-lint@2.3.0 "$GITHUB_WORKSPACE/README.md") - name: Install dependencies if: github.event_name != 'pull_request' run: pnpm install --frozen-lockfile - name: Run awesome-list checks if: github.event_name != 'pull_request' run: | pnpm run check:awesome-list pnpm run check:awesome-list:upstream
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 7 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.