Skip to content
Latchkey

CI workflow (samuelcolvin/pytest-pretty)

The CI workflow from samuelcolvin/pytest-pretty, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: samuelcolvin/pytest-pretty.github/workflows/ci.ymlLicense MITView source

What it does

This is the CI workflow from the samuelcolvin/pytest-pretty repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: CI

on:
  push:
    branches:
      - main
    tags:
      - "**"
  pull_request: {}

env:
  COLUMNS: 150
  UV_PYTHON: 3.12
  UV_FROZEN: "1"

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: astral-sh/setup-uv@v5
        with:
          enable-cache: true

      - run: uv sync

      - uses: pre-commit/action@v3.0.0
        with:
          extra_args: --all-files --verbose
        env:
          SKIP: no-commit-to-branch

  test:
    name: test py${{ matrix.python-version }} on ${{ matrix.os }}

    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu, macos, windows]
        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]

    env:
      UV_PYTHON: ${{ matrix.python-version }}

    runs-on: ${{ matrix.os }}-latest
    steps:
      - uses: actions/checkout@v3

      - uses: astral-sh/setup-uv@v5
        with:
          enable-cache: true

      - run: uv sync
      - run: uv run pytest

  # https://github.com/marketplace/actions/alls-green#why used for branch protection checks
  check:
    if: always()
    needs: [lint, test]
    runs-on: ubuntu-latest
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}

  release:
    needs: [check]
    if: success() && startsWith(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest

    environment:
      name: release

    permissions:
      id-token: write

    steps:
      - uses: actions/checkout@v4

      - uses: astral-sh/setup-uv@v5
        with:
          enable-cache: true

      - name: check GITHUB_REF matches package version
        uses: samuelcolvin/check-python-version@v4.1
        with:
          version_file_path: pyproject.toml

      - run: uv build

      - run: uv publish --trusted-publishing always

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: CI
 
on:
  push:
    branches:
      - main
    tags:
      - "**"
  pull_request: {}
 
env:
  COLUMNS: 150
  UV_PYTHON: 3.12
  UV_FROZEN: "1"
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  lint:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v4
 
      - uses: astral-sh/setup-uv@v5
        with:
          enable-cache: true
 
      - run: uv sync
 
      - uses: pre-commit/action@v3.0.0
        with:
          extra_args: --all-files --verbose
        env:
          SKIP: no-commit-to-branch
 
  test:
    timeout-minutes: 30
    name: test py${{ matrix.python-version }} on ${{ matrix.os }}
 
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu, macos, windows]
        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
 
    env:
      UV_PYTHON: ${{ matrix.python-version }}
 
    runs-on: ${{ matrix.os }}-latest
    steps:
      - uses: actions/checkout@v3
 
      - uses: astral-sh/setup-uv@v5
        with:
          enable-cache: true
 
      - run: uv sync
      - run: uv run pytest
 
  # https://github.com/marketplace/actions/alls-green#why used for branch protection checks
  check:
    timeout-minutes: 30
    if: always()
    needs: [lint, test]
    runs-on: latchkey-small
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}
 
  release:
    timeout-minutes: 30
    needs: [check]
    if: success() && startsWith(github.ref, 'refs/tags/')
    runs-on: latchkey-small
 
    environment:
      name: release
 
    permissions:
      id-token: write
 
    steps:
      - uses: actions/checkout@v4
 
      - uses: astral-sh/setup-uv@v5
        with:
          enable-cache: true
 
      - name: check GITHUB_REF matches package version
        uses: samuelcolvin/check-python-version@v4.1
        with:
          version_file_path: pyproject.toml
 
      - run: uv build
 
      - run: uv publish --trusted-publishing always
 

What changed

4 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 4 jobs (18 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow