Reset test accounts workflow (Titan-Systems/titan)
The Reset test accounts workflow from Titan-Systems/titan, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Reset test accounts workflow from the Titan-Systems/titan repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Reset test accounts
on:
workflow_dispatch:
workflow_call:
secrets:
TEST_SNOWFLAKE_ACCOUNT:
required: true
TEST_SNOWFLAKE_USER:
required: true
TEST_SNOWFLAKE_PASSWORD:
required: true
VAR_STORAGE_BASE_URL:
required: true
VAR_STORAGE_ROLE_ARN:
required: true
VAR_STORAGE_AWS_EXTERNAL_ID:
required: true
STATIC_USER_RSA_PUBLIC_KEY:
required: true
STATIC_USER_MFA_PASSWORD:
required: true
jobs:
reset-test-accounts:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- environment: snowflake-azure-standard
- environment: snowflake-gcp-standard
- environment: snowflake-aws-standard
- environment: snowflake-aws-enterprise
- environment: snowflake-aws-business-critical
environment: ${{ matrix.environment }}
steps:
- name: actions/checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Create a virtual environment
run: |
python -m venv .venv
- name: Install dependencies
run: |
source ./.venv/bin/activate
python -m pip install --upgrade pip
make install-dev
- name: Reset test account
run: |
source ./.venv/bin/activate
python tools/manage_test_account.py teardown-and-reset
env:
SNOWFLAKE_ACCOUNT: ${{ secrets.TEST_SNOWFLAKE_ACCOUNT }}
SNOWFLAKE_USER: ${{ secrets.TEST_SNOWFLAKE_USER }}
SNOWFLAKE_PASSWORD: ${{ secrets.TEST_SNOWFLAKE_PASSWORD }}
SNOWFLAKE_ROLE: ACCOUNTADMIN
TITAN_VAR_STORAGE_BASE_URL: ${{ secrets.VAR_STORAGE_BASE_URL }}
TITAN_VAR_STORAGE_ROLE_ARN: ${{ secrets.VAR_STORAGE_ROLE_ARN }}
TITAN_VAR_STORAGE_AWS_EXTERNAL_ID: ${{ secrets.VAR_STORAGE_AWS_EXTERNAL_ID }}
TITAN_VAR_STATIC_USER_RSA_PUBLIC_KEY: ${{ secrets.STATIC_USER_RSA_PUBLIC_KEY }}
TITAN_VAR_STATIC_USER_MFA_PASSWORD: ${{ secrets.STATIC_USER_MFA_PASSWORD }}The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Reset test accounts on: workflow_dispatch: workflow_call: secrets: TEST_SNOWFLAKE_ACCOUNT: required: true TEST_SNOWFLAKE_USER: required: true TEST_SNOWFLAKE_PASSWORD: required: true VAR_STORAGE_BASE_URL: required: true VAR_STORAGE_ROLE_ARN: required: true VAR_STORAGE_AWS_EXTERNAL_ID: required: true STATIC_USER_RSA_PUBLIC_KEY: required: true STATIC_USER_MFA_PASSWORD: required: true jobs: reset-test-accounts: timeout-minutes: 30 runs-on: latchkey-small strategy: fail-fast: false matrix: include: - environment: snowflake-azure-standard - environment: snowflake-gcp-standard - environment: snowflake-aws-standard - environment: snowflake-aws-enterprise - environment: snowflake-aws-business-critical environment: ${{ matrix.environment }} steps: - name: actions/checkout uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: cache: 'pip' python-version: '3.9' - name: Create a virtual environment run: | python -m venv .venv - name: Install dependencies run: | source ./.venv/bin/activate python -m pip install --upgrade pip make install-dev - name: Reset test account run: | source ./.venv/bin/activate python tools/manage_test_account.py teardown-and-reset env: SNOWFLAKE_ACCOUNT: ${{ secrets.TEST_SNOWFLAKE_ACCOUNT }} SNOWFLAKE_USER: ${{ secrets.TEST_SNOWFLAKE_USER }} SNOWFLAKE_PASSWORD: ${{ secrets.TEST_SNOWFLAKE_PASSWORD }} SNOWFLAKE_ROLE: ACCOUNTADMIN TITAN_VAR_STORAGE_BASE_URL: ${{ secrets.VAR_STORAGE_BASE_URL }} TITAN_VAR_STORAGE_ROLE_ARN: ${{ secrets.VAR_STORAGE_ROLE_ARN }} TITAN_VAR_STORAGE_AWS_EXTERNAL_ID: ${{ secrets.VAR_STORAGE_AWS_EXTERNAL_ID }} TITAN_VAR_STATIC_USER_RSA_PUBLIC_KEY: ${{ secrets.STATIC_USER_RSA_PUBLIC_KEY }} TITAN_VAR_STATIC_USER_MFA_PASSWORD: ${{ secrets.STATIC_USER_MFA_PASSWORD }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.