Skip to content
Latchkey

CI workflow (violentmonkey/violentmonkey)

The CI workflow from violentmonkey/violentmonkey, explained and optimized by Latchkey.

F

CI health: F - at risk

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: violentmonkey/violentmonkey.github/workflows/ci.ymlLicense MITView source

What it does

This is the CI workflow from the violentmonkey/violentmonkey repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: CI

on:
  workflow_dispatch:
  push:
    branches: [master]
    tags-ignore:
      - 'v*' # version-tagged commits are releases which have their own workflow
    paths-ignore:
      - '.github/**' # this ci.yml is also excluded so you need to re-run it explicitly if necessary
      - src/types.d.ts
      - LICENSE
      - README.md
  pull_request:
    branches: [master]

jobs:
  ci:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 100 # for revision index in version and the `has-changed-path` action
          fetch-tags: true

      - uses: pnpm/action-setup@v6

      - uses: actions/setup-node@v6
        with:
          node-version-file: 'package.json'

      - name: Install
        run: pnpm i
      - name: Test & Build
        run: |
          pnpm exec run-p ci build
          pnpm build:mv3
        env:
          SYNC_DROPBOX_CLIENT_ID: ${{ secrets.SYNC_DROPBOX_CLIENT_ID }}
          SYNC_GOOGLE_DESKTOP_ID: ${{ secrets.SYNC_GOOGLE_DESKTOP_ID }}
          SYNC_GOOGLE_DESKTOP_SECRET: ${{ secrets.SYNC_GOOGLE_DESKTOP_SECRET }}
          SYNC_ONEDRIVE_CLIENT_ID: ${{ secrets.SYNC_ONEDRIVE_CLIENT_ID }}

      - name: Get version and SHA
        run: node scripts/action-helper.js ci
      - name: Upload MV2 zip
        uses: actions/upload-artifact@v7
        continue-on-error: true
        with:
          name: 'Violentmonkey-test-webext-${{ env.GIT_DESCRIBE }}'
          path: 'dist/*'
          if-no-files-found: error
      - name: Upload MV3 zip
        uses: actions/upload-artifact@v7
        continue-on-error: true
        with:
          name: 'Violentmonkey-test-mv3-${{ env.GIT_DESCRIBE }}'
          path: 'dist-mv3/*'
          if-no-files-found: error

      - name: Upload to Transifex - check src
        if: github.event_name == 'push' || github.event.pull_request.merged == true
        uses: marceloprado/has-changed-path@v1.0.1
        id: changed-path-src
        with:
          paths: src
      - name: Upload to Transifex
        if: steps.changed-path-src.outputs.changed == 'true'
        run: node scripts/transifex.mjs update
        env:
          TRANSIFEX_TOKEN: ${{ secrets.TRANSIFEX_TOKEN }}

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: CI
 
on:
  workflow_dispatch:
  push:
    branches: [master]
    tags-ignore:
      - 'v*' # version-tagged commits are releases which have their own workflow
    paths-ignore:
      - '.github/**' # this ci.yml is also excluded so you need to re-run it explicitly if necessary
      - src/types.d.ts
      - LICENSE
      - README.md
  pull_request:
    branches: [master]
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  ci:
    timeout-minutes: 30
    runs-on: latchkey-small
 
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 100 # for revision index in version and the `has-changed-path` action
          fetch-tags: true
 
      - uses: pnpm/action-setup@v6
 
      - uses: actions/setup-node@v6
        with:
          cache: 'npm'
          node-version-file: 'package.json'
 
      - name: Install
        run: pnpm i
      - name: Test & Build
        run: |
          pnpm exec run-p ci build
          pnpm build:mv3
        env:
          SYNC_DROPBOX_CLIENT_ID: ${{ secrets.SYNC_DROPBOX_CLIENT_ID }}
          SYNC_GOOGLE_DESKTOP_ID: ${{ secrets.SYNC_GOOGLE_DESKTOP_ID }}
          SYNC_GOOGLE_DESKTOP_SECRET: ${{ secrets.SYNC_GOOGLE_DESKTOP_SECRET }}
          SYNC_ONEDRIVE_CLIENT_ID: ${{ secrets.SYNC_ONEDRIVE_CLIENT_ID }}
 
      - name: Get version and SHA
        run: node scripts/action-helper.js ci
      - name: Upload MV2 zip
        uses: actions/upload-artifact@v7
        continue-on-error: true
        with:
          name: 'Violentmonkey-test-webext-${{ env.GIT_DESCRIBE }}'
          path: 'dist/*'
          if-no-files-found: error
      - name: Upload MV3 zip
        uses: actions/upload-artifact@v7
        continue-on-error: true
        with:
          name: 'Violentmonkey-test-mv3-${{ env.GIT_DESCRIBE }}'
          path: 'dist-mv3/*'
          if-no-files-found: error
 
      - name: Upload to Transifex - check src
        if: github.event_name == 'push' || github.event.pull_request.merged == true
        uses: marceloprado/has-changed-path@v1.0.1
        id: changed-path-src
        with:
          paths: src
      - name: Upload to Transifex
        if: steps.changed-path-src.outputs.changed == 'true'
        run: node scripts/transifex.mjs update
        env:
          TRANSIFEX_TOKEN: ${{ secrets.TRANSIFEX_TOKEN }}
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow