Skip to content
Latchkey

CI Tests workflow (posit-dev/great-tables)

The CI Tests workflow from posit-dev/great-tables, explained and optimized by Latchkey.

F

CI health: F - at risk

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: posit-dev/great-tables.github/workflows/ci-tests.yamlLicense MITView source

What it does

This is the CI Tests workflow from the posit-dev/great-tables repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
  release:
    types: [published]

name: CI Tests

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
      fail-fast: false

    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
      - name: Install dependencies
        run: |
          # we are using the -e flag, so that code cov finds the source.
          # this is not ideal, since installing an editable can technically
          # differ from a normal install in surprising ways.
          pip install -e '.[all]'
      - name: pytest unit tests
        run: |
          make test

      - name: Upload coverage reports to Codecov
        uses: codecov/codecov-action@v6
        with:
          name: "py${{ matrix.python-version }}"
          token: ${{ secrets.CODECOV_TOKEN }}

  test-windows:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.12"
      - name: Install dependencies
        run: |
          pip install -e '.[all]'
      - name: pytest unit tests
        run: |
          make test

  test-pandas:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.12"
      - name: Install dependencies
        run: |
          pip install -e '.[dev-no-pandas]'
      - name: pytest unit tests
        run: |
          make test-no-pandas

  release-pypi:
    name: "Release to pypi"
    runs-on: ubuntu-latest
    environment: deploy-pypi
    needs: [build, test-pandas]
    if: github.event_name == 'release'
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - uses: actions/setup-python@v6
        with:
          python-version: "3.10"
      - name: "Build Package"
        run: |
          python -m pip install build wheel
          python -m build --sdist --wheel
      - name: "Deploy to PyPI"
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          user: __token__
          password: ${{ secrets.PYPI_API_TOKEN }}

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
  release:
    types: [published]
 
name: CI Tests
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    runs-on: latchkey-small
    strategy:
      matrix:
        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
      fail-fast: false
 
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: ${{ matrix.python-version }}
      - name: Install dependencies
        run: |
          # we are using the -e flag, so that code cov finds the source.
          # this is not ideal, since installing an editable can technically
          # differ from a normal install in surprising ways.
          pip install -e '.[all]'
      - name: pytest unit tests
        run: |
          make test
 
      - name: Upload coverage reports to Codecov
        uses: codecov/codecov-action@v6
        with:
          name: "py${{ matrix.python-version }}"
          token: ${{ secrets.CODECOV_TOKEN }}
 
  test-windows:
    timeout-minutes: 30
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: "3.12"
      - name: Install dependencies
        run: |
          pip install -e '.[all]'
      - name: pytest unit tests
        run: |
          make test
 
  test-pandas:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: "3.12"
      - name: Install dependencies
        run: |
          pip install -e '.[dev-no-pandas]'
      - name: pytest unit tests
        run: |
          make test-no-pandas
 
  release-pypi:
    timeout-minutes: 30
    name: "Release to pypi"
    runs-on: latchkey-small
    environment: deploy-pypi
    needs: [build, test-pandas]
    if: github.event_name == 'release'
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: "3.10"
      - name: "Build Package"
        run: |
          python -m pip install build wheel
          python -m build --sdist --wheel
      - name: "Deploy to PyPI"
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          user: __token__
          password: ${{ secrets.PYPI_API_TOKEN }}
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 4 jobs (8 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow