CI workflow (pinojs/pino)
The CI workflow from pinojs/pino, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get caching, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the CI workflow from the pinojs/pino repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: CI
on:
push:
branches:
- main
- 'v*'
paths-ignore:
- 'docs/**'
- '*.md'
pull_request:
paths-ignore:
- 'docs/**'
- '*.md'
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
dependency-review:
name: Dependency Review
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Check out repo
uses: actions/checkout@v6.0.2
with:
persist-credentials: false
- name: Dependency review
uses: actions/dependency-review-action@v4
test:
name: ${{ matrix.node-version }} ${{ matrix.os }}
runs-on: ${{ matrix.os }}
permissions:
contents: read
strategy:
fail-fast: false
matrix:
os: [macOS-latest, windows-latest, ubuntu-latest]
node-version: [20, 22, 24, 25]
exclude:
- os: windows-latest
node-version: 22
steps:
- name: Check out repo
uses: actions/checkout@v6.0.2
with:
persist-credentials: false
- name: Setup Node ${{ matrix.node-version }}
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node-version }}
- name: Install dependencies
run: npm i --ignore-scripts
- name: Run tests
run: npm run test-ci
- name: Run smoke test
if: >
matrix.os != 'windows-latest' &&
matrix.node-version > 14
run: npm run test:smoke
automerge:
name: Automerge Dependabot PRs
if: >
github.event_name == 'pull_request' &&
github.event.pull_request.user.login == 'dependabot[bot]'
needs: test
permissions:
pull-requests: write
contents: write
runs-on: ubuntu-latest
steps:
- uses: fastify/github-action-merge-dependabot@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: 'sonic-boom,pino-std-serializers,quick-format-unescaped,fast-redact'
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: CI on: push: branches: - main - 'v*' paths-ignore: - 'docs/**' - '*.md' pull_request: paths-ignore: - 'docs/**' - '*.md' # This allows a subsequently queued workflow run to interrupt previous runs concurrency: group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}" cancel-in-progress: true jobs: dependency-review: timeout-minutes: 30 name: Dependency Review if: github.event_name == 'pull_request' runs-on: latchkey-small permissions: contents: read steps: - name: Check out repo uses: actions/checkout@v6.0.2 with: persist-credentials: false - name: Dependency review uses: actions/dependency-review-action@v4 test: timeout-minutes: 30 name: ${{ matrix.node-version }} ${{ matrix.os }} runs-on: ${{ matrix.os }} permissions: contents: read strategy: fail-fast: false matrix: os: [macOS-latest, windows-latest, ubuntu-latest] node-version: [20, 22, 24, 25] exclude: - os: windows-latest node-version: 22 steps: - name: Check out repo uses: actions/checkout@v6.0.2 with: persist-credentials: false - name: Setup Node ${{ matrix.node-version }} uses: actions/setup-node@v6 with: cache: 'npm' node-version: ${{ matrix.node-version }} - name: Install dependencies run: npm i --ignore-scripts - name: Run tests run: npm run test-ci - name: Run smoke test if: > matrix.os != 'windows-latest' && matrix.node-version > 14 run: npm run test:smoke automerge: timeout-minutes: 30 name: Automerge Dependabot PRs if: > github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]' needs: test permissions: pull-requests: write contents: write runs-on: latchkey-small steps: - uses: fastify/github-action-merge-dependabot@v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} exclude: 'sonic-boom,pino-std-serializers,quick-format-unescaped,fast-redact'
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 3 jobs (14 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.