Skip to content
Latchkey

ci workflow (PicnicSupermarket/dbt-score)

The ci workflow from PicnicSupermarket/dbt-score, explained and optimized by Latchkey.

C

CI health: C - fair

Run this on Latchkey for self-healing, caching, and up to 58% lower cost.

Grade your own workflow free or run it on Latchkey →
Source: PicnicSupermarket/dbt-score.github/workflows/ci.ymlLicense MITView source

What it does

This is the ci workflow from the PicnicSupermarket/dbt-score repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: ci

on:
  pull_request:
    branches:
      - master

  push:
    branches:
      - master

permissions:
  contents: write
  pull-requests: write

jobs:
  build:
    runs-on: ubuntu-slim
    strategy:
      matrix:
        python: ["3.10", "3.11", "3.12", "3.13"]
        dbt-core: ["15", "16", "17", "110", "111"]

    steps:
      - name: Create GitHub App Token
        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
        id: app
        continue-on-error: true
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
          permission-contents: write
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
        with:
          ref: ${{ github.event.pull_request.head.ref || github.ref }}
          repository:
            ${{ github.event.pull_request.head.repo.full_name ||
            github.repository }}
          token: ${{ steps.app.outputs.token || github.token }}
      - name: Install uv and set the Python version
        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
        with:
          python-version: ${{ matrix.python }}
      # refresh lock only for Dependabot PRs
      - name: Refresh uv.lock (Dependabot only)
        if: |
          github.event_name == 'pull_request' &&
          github.actor == 'dependabot[bot]'
        run: |
          uv lock
          if ! git diff --quiet -- uv.lock; then
            git config user.name "uv-lock-bot[bot]"
            git config user.email "uv-lock-bot[bot]@users.noreply.github.com"
            git add uv.lock
            git commit -m "chore: refresh uv.lock"
            git push || echo "push skipped (no perms)"
          fi
      - name: Install dependencies
        run: |
          uv sync --locked --only-dev
      - name: Run Tox
        run: |
          PYTHON_VERSION=$(echo "${{ matrix.python }}" | sed 's/\.//')
          uv run tox -e py${PYTHON_VERSION}-dbt${{ matrix.dbt-core }}

  lint:
    runs-on: ubuntu-slim

    steps:
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
      - name: Install uv and set the Python version
        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
        with:
          python-version: "3.13"
      - name: Install dependencies
        run: |
          uv sync --locked --only-dev
      - name: Run Prettier
        run: npx --yes prettier@3.1.0 --check "**/*.{json,yaml,yml,md}"
      - name: Run Tox lint
        run: |
          uv run tox -e lint

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: ci
 
on:
  pull_request:
    branches:
      - master
 
  push:
    branches:
      - master
 
permissions:
  contents: write
  pull-requests: write
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    runs-on: ubuntu-slim
    strategy:
      matrix:
        python: ["3.10", "3.11", "3.12", "3.13"]
        dbt-core: ["15", "16", "17", "110", "111"]
 
    steps:
      - name: Create GitHub App Token
        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
        id: app
        continue-on-error: true
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
          permission-contents: write
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
        with:
          ref: ${{ github.event.pull_request.head.ref || github.ref }}
          repository:
            ${{ github.event.pull_request.head.repo.full_name ||
            github.repository }}
          token: ${{ steps.app.outputs.token || github.token }}
      - name: Install uv and set the Python version
        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
        with:
          python-version: ${{ matrix.python }}
      # refresh lock only for Dependabot PRs
      - name: Refresh uv.lock (Dependabot only)
        if: |
          github.event_name == 'pull_request' &&
          github.actor == 'dependabot[bot]'
        run: |
          uv lock
          if ! git diff --quiet -- uv.lock; then
            git config user.name "uv-lock-bot[bot]"
            git config user.email "uv-lock-bot[bot]@users.noreply.github.com"
            git add uv.lock
            git commit -m "chore: refresh uv.lock"
            git push || echo "push skipped (no perms)"
          fi
      - name: Install dependencies
        run: |
          uv sync --locked --only-dev
      - name: Run Tox
        run: |
          PYTHON_VERSION=$(echo "${{ matrix.python }}" | sed 's/\.//')
          uv run tox -e py${PYTHON_VERSION}-dbt${{ matrix.dbt-core }}
 
  lint:
    timeout-minutes: 30
    runs-on: ubuntu-slim
 
    steps:
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
      - name: Install uv and set the Python version
        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
        with:
          python-version: "3.13"
      - name: Install dependencies
        run: |
          uv sync --locked --only-dev
      - name: Run Prettier
        run: npx --yes prettier@3.1.0 --check "**/*.{json,yaml,yml,md}"
      - name: Run Tox lint
        run: |
          uv run tox -e lint
 

What changed

This workflow runs 2 jobs (21 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow