Backport workflow (python-poetry/poetry)
The Backport workflow from python-poetry/poetry, explained and optimized by Latchkey.
A
CI health: A - excellent
Point runs-on at Latchkey and get job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Backport workflow from the python-poetry/poetry repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
workflow (.yml)
name: Backport
on:
pull_request_target: # zizmor: ignore[dangerous-triggers]
types:
- closed
- labeled
# we create the token we need later on
permissions: {}
jobs:
backport:
name: Create backport
runs-on: ubuntu-latest
# This workflow only applies to merged PRs; and triggers on a PR being closed, or the backport label being applied.
# See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
if: >
github.event.pull_request.merged
&& (
github.event.action == 'closed'
||
(github.event.action == 'labeled' && contains(github.event.label.name, 'backport/')
)
)
steps:
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
id: app-token
with:
app-id: ${{ secrets.POETRY_TOKEN_APP_ID }}
private-key: ${{ secrets.POETRY_TOKEN_APP_KEY }}
- uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2.0.4
with:
github_token: ${{ steps.app-token.outputs.token }}
title_template: "[<%= base %>] <%= title %>"
label_pattern: "^backport/(?<base>([^ ]+))$"
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Backport on: pull_request_target: # zizmor: ignore[dangerous-triggers] types: - closed - labeled # we create the token we need later on permissions: {} jobs: backport: timeout-minutes: 30 name: Create backport runs-on: latchkey-small # This workflow only applies to merged PRs; and triggers on a PR being closed, or the backport label being applied. # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target. if: > github.event.pull_request.merged && ( github.event.action == 'closed' || (github.event.action == 'labeled' && contains(github.event.label.name, 'backport/') ) ) steps: - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ secrets.POETRY_TOKEN_APP_ID }} private-key: ${{ secrets.POETRY_TOKEN_APP_KEY }} - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2.0.4 with: github_token: ${{ steps.app-token.outputs.token }} title_template: "[<%= base %>] <%= title %>" label_pattern: "^backport/(?<base>([^ ]+))$"
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.