ci workflow (PicnicSupermarket/dbt-score)
The ci workflow from PicnicSupermarket/dbt-score, explained and optimized by Latchkey.
C
CI health: C - fair
Run this on Latchkey for self-healing, caching, and up to 58% lower cost.
Grade your own workflow free or run it on Latchkey →What it does
This is the ci workflow from the PicnicSupermarket/dbt-score repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
workflow (.yml)
name: ci
on:
pull_request:
branches:
- master
push:
branches:
- master
permissions:
contents: write
pull-requests: write
jobs:
build:
runs-on: ubuntu-slim
strategy:
matrix:
python: ["3.10", "3.11", "3.12", "3.13"]
dbt-core: ["15", "16", "17", "110", "111"]
steps:
- name: Create GitHub App Token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
id: app
continue-on-error: true
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
permission-contents: write
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
ref: ${{ github.event.pull_request.head.ref || github.ref }}
repository:
${{ github.event.pull_request.head.repo.full_name ||
github.repository }}
token: ${{ steps.app.outputs.token || github.token }}
- name: Install uv and set the Python version
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
with:
python-version: ${{ matrix.python }}
# refresh lock only for Dependabot PRs
- name: Refresh uv.lock (Dependabot only)
if: |
github.event_name == 'pull_request' &&
github.actor == 'dependabot[bot]'
run: |
uv lock
if ! git diff --quiet -- uv.lock; then
git config user.name "uv-lock-bot[bot]"
git config user.email "uv-lock-bot[bot]@users.noreply.github.com"
git add uv.lock
git commit -m "chore: refresh uv.lock"
git push || echo "push skipped (no perms)"
fi
- name: Install dependencies
run: |
uv sync --locked --only-dev
- name: Run Tox
run: |
PYTHON_VERSION=$(echo "${{ matrix.python }}" | sed 's/\.//')
uv run tox -e py${PYTHON_VERSION}-dbt${{ matrix.dbt-core }}
lint:
runs-on: ubuntu-slim
steps:
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- name: Install uv and set the Python version
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
with:
python-version: "3.13"
- name: Install dependencies
run: |
uv sync --locked --only-dev
- name: Run Prettier
run: npx --yes prettier@3.1.0 --check "**/*.{json,yaml,yml,md}"
- name: Run Tox lint
run: |
uv run tox -e lint
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: ci on: pull_request: branches: - master push: branches: - master permissions: contents: write pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: build: timeout-minutes: 30 runs-on: ubuntu-slim strategy: matrix: python: ["3.10", "3.11", "3.12", "3.13"] dbt-core: ["15", "16", "17", "110", "111"] steps: - name: Create GitHub App Token uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: app continue-on-error: true with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} permission-contents: write - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: ref: ${{ github.event.pull_request.head.ref || github.ref }} repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} token: ${{ steps.app.outputs.token || github.token }} - name: Install uv and set the Python version uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 with: python-version: ${{ matrix.python }} # refresh lock only for Dependabot PRs - name: Refresh uv.lock (Dependabot only) if: | github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' run: | uv lock if ! git diff --quiet -- uv.lock; then git config user.name "uv-lock-bot[bot]" git config user.email "uv-lock-bot[bot]@users.noreply.github.com" git add uv.lock git commit -m "chore: refresh uv.lock" git push || echo "push skipped (no perms)" fi - name: Install dependencies run: | uv sync --locked --only-dev - name: Run Tox run: | PYTHON_VERSION=$(echo "${{ matrix.python }}" | sed 's/\.//') uv run tox -e py${PYTHON_VERSION}-dbt${{ matrix.dbt-core }} lint: timeout-minutes: 30 runs-on: ubuntu-slim steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Install uv and set the Python version uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 with: python-version: "3.13" - name: Install dependencies run: | uv sync --locked --only-dev - name: Run Prettier run: npx --yes prettier@3.1.0 --check "**/*.{json,yaml,yml,md}" - name: Run Tox lint run: | uv run tox -e lint
What changed
- Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
This workflow runs 2 jobs (21 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.