Skip to content
Latchkey

check_commit_metadata workflow (stdlib-js/stdlib)

The check_commit_metadata workflow from stdlib-js/stdlib, explained and optimized by Latchkey.

A

CI health: A - excellent

Point runs-on at Latchkey and get job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: stdlib-js/stdlib.github/workflows/check_commit_metadata.ymlLicense Apache-2.0View source

What it does

This is the check_commit_metadata workflow from the stdlib-js/stdlib repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
#/
# @license Apache-2.0
#
# Copyright (c) 2025 The Stdlib Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#/

# Workflow name:
name: check_commit_metadata

# Workflow triggers:
on:
  # Trigger on pull request events:
  pull_request_target:
    types:
      - opened

# Global permissions:
permissions:
  # Allow read-only access to the repository contents:
  contents: read

# Workflow jobs:
jobs:

  # Define a job for checking the commit metadata for whether local development is properly setup...
  check_commit_metadata:

    # Define a display name:
    name: 'Check Commit Metadata'

    # Define the type of virtual host machine:
    runs-on: ubuntu-latest

    # Temporarily disable the entire workflow:
    if: false

    # Define the sequence of job steps...
    steps:
      # Checkout the repository:
      - name: 'Checkout repository'
        # Pin action to full length commit SHA
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          # Ensure we have access to the scripts directory:
          sparse-checkout: |
              .github/workflows/scripts
          sparse-checkout-cone-mode: false
        timeout-minutes: 10

      # Extract commit metadata from commit messages as JSON:
      - name: 'Extract commit metadata'
        id: extract-metadata
        # Pin action to full length commit SHA
        uses: stdlib-js/metadata-action@3ccf68f24c51ae23470319e8e5619d539df8212b # v3.0.0

      # Check commit metadata:
      - name: 'Check commit metadata'
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}
          COMMIT_METADATA: ${{ steps.extract-metadata.outputs.metadata }}
          GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
        run: |
          . "$GITHUB_WORKSPACE/.github/workflows/scripts/check_commit_metadata/run" $PR_NUMBER $COMMIT_METADATA

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

#/
# @license Apache-2.0
#
# Copyright (c) 2025 The Stdlib Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#/
 
# Workflow name:
name: check_commit_metadata
 
# Workflow triggers:
on:
  # Trigger on pull request events:
  pull_request_target:
    types:
      - opened
 
# Global permissions:
permissions:
  # Allow read-only access to the repository contents:
  contents: read
 
# Workflow jobs:
jobs:
 
  # Define a job for checking the commit metadata for whether local development is properly setup...
  check_commit_metadata:
    timeout-minutes: 30
 
    # Define a display name:
    name: 'Check Commit Metadata'
 
    # Define the type of virtual host machine:
    runs-on: latchkey-small
 
    # Temporarily disable the entire workflow:
    if: false
 
    # Define the sequence of job steps...
    steps:
      # Checkout the repository:
      - name: 'Checkout repository'
        # Pin action to full length commit SHA
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          # Ensure we have access to the scripts directory:
          sparse-checkout: |
              .github/workflows/scripts
          sparse-checkout-cone-mode: false
        timeout-minutes: 10
 
      # Extract commit metadata from commit messages as JSON:
      - name: 'Extract commit metadata'
        id: extract-metadata
        # Pin action to full length commit SHA
        uses: stdlib-js/metadata-action@3ccf68f24c51ae23470319e8e5619d539df8212b # v3.0.0
 
      # Check commit metadata:
      - name: 'Check commit metadata'
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}
          COMMIT_METADATA: ${{ steps.extract-metadata.outputs.metadata }}
          GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
        run: |
          . "$GITHUB_WORKSPACE/.github/workflows/scripts/check_commit_metadata/run" $PR_NUMBER $COMMIT_METADATA
 

What changed

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow