Integration workflow (plexe-ai/plexe)
The Integration workflow from plexe-ai/plexe, explained and optimized by Latchkey.
CI health: D - needs work
Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Integration workflow from the plexe-ai/plexe repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Integration
on:
workflow_dispatch: {}
push:
branches:
- main
pull_request:
branches:
- main
types:
- opened
- synchronize
- reopened
jobs:
validate-branch-name:
name: Validate Branch Name
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
permissions:
contents: read
pull-requests: read
steps:
- name: Check branch name
run: |
branch_name="${{ github.head_ref }}"
if [[ ! $branch_name =~ ^(feature|feat|fix|hotfix|chore|refactor|codex)/.+ ]]; then
echo "❌ Branch name '$branch_name' does not follow the required pattern."
echo "Branch name must start with: feature/, feat/, fix/, hotfix/, chore/, refactor/, or codex/"
exit 1
fi
echo "✅ Branch name '$branch_name' is valid."
validate-pr-title:
name: Validate PR Title
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
permissions:
contents: read
pull-requests: read
steps:
- name: Check PR title follows conventional commits
run: |
pr_title="${{ github.event.pull_request.title }}"
if [[ ! $pr_title =~ ^(feat|fix|docs|style|refactor|perf|test|chore|ci|build|revert)(\(.+\))?!?:.+ ]]; then
echo "❌ PR title '$pr_title' does not follow conventional commits format."
echo "Expected format: type(optional-scope): description"
echo "Valid types: feat, fix, docs, style, refactor, perf, test, chore, ci, build, revert"
echo "Examples:"
echo " - feat: add user authentication"
echo " - fix(api): handle null response from external service"
echo " - feat!: breaking change to user API"
exit 1
fi
echo "✅ PR title '$pr_title' follows conventional commits format."
lint-python-black:
name: Check Python Formatting (Black)
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Black
run: pip install black==25.12.0
- name: Get changed Python files
id: changed-files
run: |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
git fetch origin ${{ github.base_ref }}
FILES=$(git diff --name-only --diff-filter=ACMRT origin/${{ github.base_ref }}...HEAD | grep '\.py$' || true)
else
FILES=$(git diff --name-only --diff-filter=ACMRT HEAD~1 | grep '\.py$' || true)
fi
if [ -z "$FILES" ]; then
echo "No Python files changed"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "Changed Python files:"
echo "$FILES"
echo "has_changes=true" >> $GITHUB_OUTPUT
echo "files<<EOF" >> $GITHUB_OUTPUT
echo "$FILES" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi
- name: Run Black check on changed files
if: steps.changed-files.outputs.has_changes == 'true'
run: |
echo "${{ steps.changed-files.outputs.files }}" | xargs black --check --diff
lint-python-ruff:
name: Lint Python Code (Ruff)
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Ruff
run: pip install ruff==0.14.9
- name: Get changed Python files
id: changed-files
run: |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
git fetch origin ${{ github.base_ref }}
FILES=$(git diff --name-only --diff-filter=ACMRT origin/${{ github.base_ref }}...HEAD | grep '\.py$' || true)
else
FILES=$(git diff --name-only --diff-filter=ACMRT HEAD~1 | grep '\.py$' || true)
fi
if [ -z "$FILES" ]; then
echo "No Python files changed"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "Changed Python files:"
echo "$FILES"
echo "has_changes=true" >> $GITHUB_OUTPUT
echo "files<<EOF" >> $GITHUB_OUTPUT
echo "$FILES" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi
- name: Run Ruff check on changed files
if: steps.changed-files.outputs.has_changes == 'true'
run: |
echo "${{ steps.changed-files.outputs.files }}" | xargs ruff check --output-format=github
run-tests:
permissions:
contents: read
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.11', '3.12']
dependencies: ['lightweight', 'extras']
env:
GOOGLE_API_KEY: ${{ vars.GOOGLE_API_KEY }}
OPENAI_API_KEY: ${{ vars.OPENAI_API_KEY }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
if [ "${{ matrix.dependencies }}" == "extras" ]; then
poetry install -E pyspark -E aws
else
poetry install
fi
- name: Run Tests
run: poetry run pytest tests/unit/
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Integration on: workflow_dispatch: {} push: branches: - main pull_request: branches: - main types: - opened - synchronize - reopened concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: validate-branch-name: timeout-minutes: 30 name: Validate Branch Name runs-on: latchkey-small if: github.event_name == 'pull_request' permissions: contents: read pull-requests: read steps: - name: Check branch name run: | branch_name="${{ github.head_ref }}" if [[ ! $branch_name =~ ^(feature|feat|fix|hotfix|chore|refactor|codex)/.+ ]]; then echo "❌ Branch name '$branch_name' does not follow the required pattern." echo "Branch name must start with: feature/, feat/, fix/, hotfix/, chore/, refactor/, or codex/" exit 1 fi echo "✅ Branch name '$branch_name' is valid." validate-pr-title: timeout-minutes: 30 name: Validate PR Title runs-on: latchkey-small if: github.event_name == 'pull_request' permissions: contents: read pull-requests: read steps: - name: Check PR title follows conventional commits run: | pr_title="${{ github.event.pull_request.title }}" if [[ ! $pr_title =~ ^(feat|fix|docs|style|refactor|perf|test|chore|ci|build|revert)(\(.+\))?!?:.+ ]]; then echo "❌ PR title '$pr_title' does not follow conventional commits format." echo "Expected format: type(optional-scope): description" echo "Valid types: feat, fix, docs, style, refactor, perf, test, chore, ci, build, revert" echo "Examples:" echo " - feat: add user authentication" echo " - fix(api): handle null response from external service" echo " - feat!: breaking change to user API" exit 1 fi echo "✅ PR title '$pr_title' follows conventional commits format." lint-python-black: timeout-minutes: 30 name: Check Python Formatting (Black) runs-on: latchkey-small permissions: contents: read steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v5 with: cache: 'pip' python-version: '3.12' - name: Install Black run: pip install black==25.12.0 - name: Get changed Python files id: changed-files run: | if [[ "${{ github.event_name }}" == "pull_request" ]]; then git fetch origin ${{ github.base_ref }} FILES=$(git diff --name-only --diff-filter=ACMRT origin/${{ github.base_ref }}...HEAD | grep '\.py$' || true) else FILES=$(git diff --name-only --diff-filter=ACMRT HEAD~1 | grep '\.py$' || true) fi if [ -z "$FILES" ]; then echo "No Python files changed" echo "has_changes=false" >> $GITHUB_OUTPUT else echo "Changed Python files:" echo "$FILES" echo "has_changes=true" >> $GITHUB_OUTPUT echo "files<<EOF" >> $GITHUB_OUTPUT echo "$FILES" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT fi - name: Run Black check on changed files if: steps.changed-files.outputs.has_changes == 'true' run: | echo "${{ steps.changed-files.outputs.files }}" | xargs black --check --diff lint-python-ruff: timeout-minutes: 30 name: Lint Python Code (Ruff) runs-on: latchkey-small permissions: contents: read steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v5 with: cache: 'pip' python-version: '3.12' - name: Install Ruff run: pip install ruff==0.14.9 - name: Get changed Python files id: changed-files run: | if [[ "${{ github.event_name }}" == "pull_request" ]]; then git fetch origin ${{ github.base_ref }} FILES=$(git diff --name-only --diff-filter=ACMRT origin/${{ github.base_ref }}...HEAD | grep '\.py$' || true) else FILES=$(git diff --name-only --diff-filter=ACMRT HEAD~1 | grep '\.py$' || true) fi if [ -z "$FILES" ]; then echo "No Python files changed" echo "has_changes=false" >> $GITHUB_OUTPUT else echo "Changed Python files:" echo "$FILES" echo "has_changes=true" >> $GITHUB_OUTPUT echo "files<<EOF" >> $GITHUB_OUTPUT echo "$FILES" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT fi - name: Run Ruff check on changed files if: steps.changed-files.outputs.has_changes == 'true' run: | echo "${{ steps.changed-files.outputs.files }}" | xargs ruff check --output-format=github run-tests: timeout-minutes: 30 permissions: contents: read runs-on: latchkey-small strategy: matrix: python-version: ['3.11', '3.12'] dependencies: ['lightweight', 'extras'] env: GOOGLE_API_KEY: ${{ vars.GOOGLE_API_KEY }} OPENAI_API_KEY: ${{ vars.OPENAI_API_KEY }} steps: - name: Checkout Code uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: cache: 'pip' python-version: ${{ matrix.python-version }} - name: Install Dependencies run: | python -m pip install --upgrade pip pip install poetry if [ "${{ matrix.dependencies }}" == "extras" ]; then poetry install -E pyspark -E aws else poetry install fi - name: Run Tests run: poetry run pytest tests/unit/
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 5 jobs (8 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.