Skip to content
Latchkey

Python application workflow (tastyware/tastytrade)

The Python application workflow from tastyware/tastytrade, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: tastyware/tastytrade.github/workflows/python-app.ymlLicense MITView source

What it does

This is the Python application workflow from the tastyware/tastytrade repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Python application

on:
  push:
    branches: [ master ]
  pull_request_target:
    branches: [ master ]

jobs:
  authorize:
    if: github.event_name == 'pull_request_target'
    environment:
      ${{ github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
    runs-on: ubuntu-latest
    steps:
      - run: true

  build:
    if: always() && (github.event_name != 'pull_request_target' || needs.authorize.result == 'success')
    needs: authorize
    runs-on: ubuntu-latest
    strategy:
      max-parallel: 1
      matrix:
        python-version:
          - "3.11"
          - "3.12"
          - "3.13"
          - "3.14"
    steps:
    - uses: actions/checkout@v5
      with:
        ref: ${{ github.event.pull_request.head.sha || github.sha }}
    - name: Install uv and Python
      uses: astral-sh/setup-uv@v6
      with:
        enable-cache: true
        python-version: ${{ matrix.python-version }}
    - name: Setup uv venv
      run: |
        uv sync --locked --all-extras --dev
    - name: Lint with ruff
      run: |
        uv run ruff check tastytrade/ tests/
    - name: Type check with pyright
      run: |
        uv run pyright tastytrade/ tests/
    - name: Type check with mypy
      run: |
        uv run mypy tastytrade/
    - name: Test with pytest
      run: |
        uv run pytest --cov=tastytrade --cov-report=term-missing tests/ --cov-fail-under=95 -v
      env:
        TT_REFRESH_SANDBOX: ${{ secrets.TT_REFRESH_SANDBOX }}
        TT_SECRET_SANDBOX: ${{ secrets.TT_SECRET_SANDBOX }}
        TT_ACCOUNT: ${{ secrets.TT_ACCOUNT }}
        TT_REFRESH: ${{ secrets.TT_REFRESH }}
        TT_SECRET: ${{ secrets.TT_SECRET }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Python application
 
on:
  push:
    branches: [ master ]
  pull_request_target:
    branches: [ master ]
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  authorize:
    timeout-minutes: 30
    if: github.event_name == 'pull_request_target'
    environment:
      ${{ github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
    runs-on: latchkey-small
    steps:
      - run: true
 
  build:
    timeout-minutes: 30
    if: always() && (github.event_name != 'pull_request_target' || needs.authorize.result == 'success')
    needs: authorize
    runs-on: latchkey-small
    strategy:
      max-parallel: 1
      matrix:
        python-version:
          - "3.11"
          - "3.12"
          - "3.13"
          - "3.14"
    steps:
    - uses: actions/checkout@v5
      with:
        ref: ${{ github.event.pull_request.head.sha || github.sha }}
    - name: Install uv and Python
      uses: astral-sh/setup-uv@v6
      with:
        enable-cache: true
        python-version: ${{ matrix.python-version }}
    - name: Setup uv venv
      run: |
        uv sync --locked --all-extras --dev
    - name: Lint with ruff
      run: |
        uv run ruff check tastytrade/ tests/
    - name: Type check with pyright
      run: |
        uv run pyright tastytrade/ tests/
    - name: Type check with mypy
      run: |
        uv run mypy tastytrade/
    - name: Test with pytest
      run: |
        uv run pytest --cov=tastytrade --cov-report=term-missing tests/ --cov-fail-under=95 -v
      env:
        TT_REFRESH_SANDBOX: ${{ secrets.TT_REFRESH_SANDBOX }}
        TT_SECRET_SANDBOX: ${{ secrets.TT_SECRET_SANDBOX }}
        TT_ACCOUNT: ${{ secrets.TT_ACCOUNT }}
        TT_REFRESH: ${{ secrets.TT_REFRESH }}
        TT_SECRET: ${{ secrets.TT_SECRET }}
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 2 jobs (5 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow