Python application workflow (tastyware/tastytrade)
The Python application workflow from tastyware/tastytrade, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Python application workflow from the tastyware/tastytrade repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Python application
on:
push:
branches: [ master ]
pull_request_target:
branches: [ master ]
jobs:
authorize:
if: github.event_name == 'pull_request_target'
environment:
${{ github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true
build:
if: always() && (github.event_name != 'pull_request_target' || needs.authorize.result == 'success')
needs: authorize
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix:
python-version:
- "3.11"
- "3.12"
- "3.13"
- "3.14"
steps:
- uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Install uv and Python
uses: astral-sh/setup-uv@v6
with:
enable-cache: true
python-version: ${{ matrix.python-version }}
- name: Setup uv venv
run: |
uv sync --locked --all-extras --dev
- name: Lint with ruff
run: |
uv run ruff check tastytrade/ tests/
- name: Type check with pyright
run: |
uv run pyright tastytrade/ tests/
- name: Type check with mypy
run: |
uv run mypy tastytrade/
- name: Test with pytest
run: |
uv run pytest --cov=tastytrade --cov-report=term-missing tests/ --cov-fail-under=95 -v
env:
TT_REFRESH_SANDBOX: ${{ secrets.TT_REFRESH_SANDBOX }}
TT_SECRET_SANDBOX: ${{ secrets.TT_SECRET_SANDBOX }}
TT_ACCOUNT: ${{ secrets.TT_ACCOUNT }}
TT_REFRESH: ${{ secrets.TT_REFRESH }}
TT_SECRET: ${{ secrets.TT_SECRET }}
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Python application on: push: branches: [ master ] pull_request_target: branches: [ master ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: authorize: timeout-minutes: 30 if: github.event_name == 'pull_request_target' environment: ${{ github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }} runs-on: latchkey-small steps: - run: true build: timeout-minutes: 30 if: always() && (github.event_name != 'pull_request_target' || needs.authorize.result == 'success') needs: authorize runs-on: latchkey-small strategy: max-parallel: 1 matrix: python-version: - "3.11" - "3.12" - "3.13" - "3.14" steps: - uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Install uv and Python uses: astral-sh/setup-uv@v6 with: enable-cache: true python-version: ${{ matrix.python-version }} - name: Setup uv venv run: | uv sync --locked --all-extras --dev - name: Lint with ruff run: | uv run ruff check tastytrade/ tests/ - name: Type check with pyright run: | uv run pyright tastytrade/ tests/ - name: Type check with mypy run: | uv run mypy tastytrade/ - name: Test with pytest run: | uv run pytest --cov=tastytrade --cov-report=term-missing tests/ --cov-fail-under=95 -v env: TT_REFRESH_SANDBOX: ${{ secrets.TT_REFRESH_SANDBOX }} TT_SECRET_SANDBOX: ${{ secrets.TT_SECRET_SANDBOX }} TT_ACCOUNT: ${{ secrets.TT_ACCOUNT }} TT_REFRESH: ${{ secrets.TT_REFRESH }} TT_SECRET: ${{ secrets.TT_SECRET }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 2 jobs (5 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.