Skip to content
Latchkey

Validations workflow (wagoodman/dive)

The Validations workflow from wagoodman/dive, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: wagoodman/dive.github/workflows/validations.yamlLicense MITView source

What it does

This is the Validations workflow from the wagoodman/dive repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: "Validations"
on:
  workflow_dispatch:
  push:
    branches:
      - main
  pull_request:

jobs:
  Static-Analysis:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Static analysis"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap

      - name: Run static analysis
        run: make static-analysis

  Unit-Test:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Unit tests"
    strategy:
      matrix:
        platform:
          - ubuntu-latest
    #         - macos-latest # todo: mac runners are expensive minute-wise
    #         - windows-latest # todo: support windows

    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/checkout@v4

      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap

      - name: Run unit tests
        run: make unit

  Build-Snapshot-Artifacts:
    name: "Build snapshot artifacts"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build snapshot artifacts
        run: make snapshot

      - run: docker images wagoodman/dive

      # todo: compare against known json output in shared volume
      - name: Test production image
        run: make ci-test-docker-image

      # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach).
      # see https://github.com/actions/upload-artifact/issues/199 for more info
      - name: Upload snapshot artifacts
        uses: actions/cache/save@v4
        with:
          path: snapshot
          key: snapshot-build-${{ github.run_id }}

      # ... however the cache trick doesn't work on windows :(
      - uses: actions/upload-artifact@v4
        with:
          name: windows-artifacts
          path: snapshot/dive_windows_amd64_v1/dive.exe

  Acceptance-Linux:
    name: "Acceptance tests (Linux)"
    needs: [Build-Snapshot-Artifacts]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master

      - name: Download snapshot build
        uses: actions/cache/restore@v4
        with:
          path: snapshot
          key: snapshot-build-${{ github.run_id }}

      - name: Test linux run
        run: make ci-test-linux-run

      - name: Test DEB package installation
        run: make ci-test-deb-package-install

      - name: Test RPM package installation
        run: make ci-test-rpm-package-install

  Acceptance-Mac:
    name: "Acceptance tests (Mac)"
    needs: [Build-Snapshot-Artifacts]
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@master

      - name: Download snapshot build
        uses: actions/cache/restore@v4
        with:
          path: snapshot
          key: snapshot-build-${{ github.run_id }}

      - name: Test darwin run
        run: make ci-test-mac-run

  Acceptance-Windows:
    name: "Acceptance tests (Windows)"
    needs: [Build-Snapshot-Artifacts]
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@master

      - uses: actions/download-artifact@v4
        with:
          name: windows-artifacts

      - name: Test windows run
        run: make ci-test-windows-run

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: "Validations"
on:
  workflow_dispatch:
  push:
    branches:
      - main
  pull_request:
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  Static-Analysis:
    timeout-minutes: 30
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Static analysis"
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v4
 
      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap
 
      - name: Run static analysis
        run: make static-analysis
 
  Unit-Test:
    timeout-minutes: 30
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Unit tests"
    strategy:
      matrix:
        platform:
          - ubuntu-latest
    #         - macos-latest # todo: mac runners are expensive minute-wise
    #         - windows-latest # todo: support windows
 
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/checkout@v4
 
      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap
 
      - name: Run unit tests
        run: make unit
 
  Build-Snapshot-Artifacts:
    timeout-minutes: 30
    name: "Build snapshot artifacts"
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v4
 
      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap
 
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
 
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
 
      - name: Build snapshot artifacts
        run: make snapshot
 
      - run: docker images wagoodman/dive
 
      # todo: compare against known json output in shared volume
      - name: Test production image
        run: make ci-test-docker-image
 
      # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach).
      # see https://github.com/actions/upload-artifact/issues/199 for more info
      - name: Upload snapshot artifacts
        uses: actions/cache/save@v4
        with:
          path: snapshot
          key: snapshot-build-${{ github.run_id }}
 
      # ... however the cache trick doesn't work on windows :(
      - uses: actions/upload-artifact@v4
        with:
          name: windows-artifacts
          path: snapshot/dive_windows_amd64_v1/dive.exe
 
  Acceptance-Linux:
    timeout-minutes: 30
    name: "Acceptance tests (Linux)"
    needs: [Build-Snapshot-Artifacts]
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@master
 
      - name: Download snapshot build
        uses: actions/cache/restore@v4
        with:
          path: snapshot
          key: snapshot-build-${{ github.run_id }}
 
      - name: Test linux run
        run: make ci-test-linux-run
 
      - name: Test DEB package installation
        run: make ci-test-deb-package-install
 
      - name: Test RPM package installation
        run: make ci-test-rpm-package-install
 
  Acceptance-Mac:
    timeout-minutes: 30
    name: "Acceptance tests (Mac)"
    needs: [Build-Snapshot-Artifacts]
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@master
 
      - name: Download snapshot build
        uses: actions/cache/restore@v4
        with:
          path: snapshot
          key: snapshot-build-${{ github.run_id }}
 
      - name: Test darwin run
        run: make ci-test-mac-run
 
  Acceptance-Windows:
    timeout-minutes: 30
    name: "Acceptance tests (Windows)"
    needs: [Build-Snapshot-Artifacts]
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@master
 
      - uses: actions/download-artifact@v4
        with:
          name: windows-artifacts
 
      - name: Test windows run
        run: make ci-test-windows-run
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 6 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow