Validations workflow (wagoodman/dive)
The Validations workflow from wagoodman/dive, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Validations workflow from the wagoodman/dive repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: "Validations"
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
jobs:
Static-Analysis:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Static analysis"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Run static analysis
run: make static-analysis
Unit-Test:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Unit tests"
strategy:
matrix:
platform:
- ubuntu-latest
# - macos-latest # todo: mac runners are expensive minute-wise
# - windows-latest # todo: support windows
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Run unit tests
run: make unit
Build-Snapshot-Artifacts:
name: "Build snapshot artifacts"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build snapshot artifacts
run: make snapshot
- run: docker images wagoodman/dive
# todo: compare against known json output in shared volume
- name: Test production image
run: make ci-test-docker-image
# why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach).
# see https://github.com/actions/upload-artifact/issues/199 for more info
- name: Upload snapshot artifacts
uses: actions/cache/save@v4
with:
path: snapshot
key: snapshot-build-${{ github.run_id }}
# ... however the cache trick doesn't work on windows :(
- uses: actions/upload-artifact@v4
with:
name: windows-artifacts
path: snapshot/dive_windows_amd64_v1/dive.exe
Acceptance-Linux:
name: "Acceptance tests (Linux)"
needs: [Build-Snapshot-Artifacts]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Download snapshot build
uses: actions/cache/restore@v4
with:
path: snapshot
key: snapshot-build-${{ github.run_id }}
- name: Test linux run
run: make ci-test-linux-run
- name: Test DEB package installation
run: make ci-test-deb-package-install
- name: Test RPM package installation
run: make ci-test-rpm-package-install
Acceptance-Mac:
name: "Acceptance tests (Mac)"
needs: [Build-Snapshot-Artifacts]
runs-on: macos-latest
steps:
- uses: actions/checkout@master
- name: Download snapshot build
uses: actions/cache/restore@v4
with:
path: snapshot
key: snapshot-build-${{ github.run_id }}
- name: Test darwin run
run: make ci-test-mac-run
Acceptance-Windows:
name: "Acceptance tests (Windows)"
needs: [Build-Snapshot-Artifacts]
runs-on: windows-latest
steps:
- uses: actions/checkout@master
- uses: actions/download-artifact@v4
with:
name: windows-artifacts
- name: Test windows run
run: make ci-test-windows-run
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: "Validations" on: workflow_dispatch: push: branches: - main pull_request: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: Static-Analysis: timeout-minutes: 30 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Static analysis" runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Run static analysis run: make static-analysis Unit-Test: timeout-minutes: 30 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Unit tests" strategy: matrix: platform: - ubuntu-latest # - macos-latest # todo: mac runners are expensive minute-wise # - windows-latest # todo: support windows runs-on: ${{ matrix.platform }} steps: - uses: actions/checkout@v4 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Run unit tests run: make unit Build-Snapshot-Artifacts: timeout-minutes: 30 name: "Build snapshot artifacts" runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build snapshot artifacts run: make snapshot - run: docker images wagoodman/dive # todo: compare against known json output in shared volume - name: Test production image run: make ci-test-docker-image # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach). # see https://github.com/actions/upload-artifact/issues/199 for more info - name: Upload snapshot artifacts uses: actions/cache/save@v4 with: path: snapshot key: snapshot-build-${{ github.run_id }} # ... however the cache trick doesn't work on windows :( - uses: actions/upload-artifact@v4 with: name: windows-artifacts path: snapshot/dive_windows_amd64_v1/dive.exe Acceptance-Linux: timeout-minutes: 30 name: "Acceptance tests (Linux)" needs: [Build-Snapshot-Artifacts] runs-on: latchkey-small steps: - uses: actions/checkout@master - name: Download snapshot build uses: actions/cache/restore@v4 with: path: snapshot key: snapshot-build-${{ github.run_id }} - name: Test linux run run: make ci-test-linux-run - name: Test DEB package installation run: make ci-test-deb-package-install - name: Test RPM package installation run: make ci-test-rpm-package-install Acceptance-Mac: timeout-minutes: 30 name: "Acceptance tests (Mac)" needs: [Build-Snapshot-Artifacts] runs-on: macos-latest steps: - uses: actions/checkout@master - name: Download snapshot build uses: actions/cache/restore@v4 with: path: snapshot key: snapshot-build-${{ github.run_id }} - name: Test darwin run run: make ci-test-mac-run Acceptance-Windows: timeout-minutes: 30 name: "Acceptance tests (Windows)" needs: [Build-Snapshot-Artifacts] runs-on: windows-latest steps: - uses: actions/checkout@master - uses: actions/download-artifact@v4 with: name: windows-artifacts - name: Test windows run run: make ci-test-windows-run
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Container pulls and builds
This workflow runs 6 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.