check_commit_metadata workflow (stdlib-js/stdlib)
The check_commit_metadata workflow from stdlib-js/stdlib, explained and optimized by Latchkey.
A
CI health: A - excellent
Point runs-on at Latchkey and get job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the check_commit_metadata workflow from the stdlib-js/stdlib repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
workflow (.yml)
#/
# @license Apache-2.0
#
# Copyright (c) 2025 The Stdlib Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#/
# Workflow name:
name: check_commit_metadata
# Workflow triggers:
on:
# Trigger on pull request events:
pull_request_target:
types:
- opened
# Global permissions:
permissions:
# Allow read-only access to the repository contents:
contents: read
# Workflow jobs:
jobs:
# Define a job for checking the commit metadata for whether local development is properly setup...
check_commit_metadata:
# Define a display name:
name: 'Check Commit Metadata'
# Define the type of virtual host machine:
runs-on: ubuntu-latest
# Temporarily disable the entire workflow:
if: false
# Define the sequence of job steps...
steps:
# Checkout the repository:
- name: 'Checkout repository'
# Pin action to full length commit SHA
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# Ensure we have access to the scripts directory:
sparse-checkout: |
.github/workflows/scripts
sparse-checkout-cone-mode: false
timeout-minutes: 10
# Extract commit metadata from commit messages as JSON:
- name: 'Extract commit metadata'
id: extract-metadata
# Pin action to full length commit SHA
uses: stdlib-js/metadata-action@3ccf68f24c51ae23470319e8e5619d539df8212b # v3.0.0
# Check commit metadata:
- name: 'Check commit metadata'
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
COMMIT_METADATA: ${{ steps.extract-metadata.outputs.metadata }}
GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
run: |
. "$GITHUB_WORKSPACE/.github/workflows/scripts/check_commit_metadata/run" $PR_NUMBER $COMMIT_METADATA
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
#/ # @license Apache-2.0 # # Copyright (c) 2025 The Stdlib Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #/ # Workflow name: name: check_commit_metadata # Workflow triggers: on: # Trigger on pull request events: pull_request_target: types: - opened # Global permissions: permissions: # Allow read-only access to the repository contents: contents: read # Workflow jobs: jobs: # Define a job for checking the commit metadata for whether local development is properly setup... check_commit_metadata: timeout-minutes: 30 # Define a display name: name: 'Check Commit Metadata' # Define the type of virtual host machine: runs-on: latchkey-small # Temporarily disable the entire workflow: if: false # Define the sequence of job steps... steps: # Checkout the repository: - name: 'Checkout repository' # Pin action to full length commit SHA uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Ensure we have access to the scripts directory: sparse-checkout: | .github/workflows/scripts sparse-checkout-cone-mode: false timeout-minutes: 10 # Extract commit metadata from commit messages as JSON: - name: 'Extract commit metadata' id: extract-metadata # Pin action to full length commit SHA uses: stdlib-js/metadata-action@3ccf68f24c51ae23470319e8e5619d539df8212b # v3.0.0 # Check commit metadata: - name: 'Check commit metadata' env: PR_NUMBER: ${{ github.event.pull_request.number }} COMMIT_METADATA: ${{ steps.extract-metadata.outputs.metadata }} GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} run: | . "$GITHUB_WORKSPACE/.github/workflows/scripts/check_commit_metadata/run" $PR_NUMBER $COMMIT_METADATA
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.