Skip to content
Latchkey

PR workflow (you-dont-need/You-Dont-Need-Lodash-Underscore)

The PR workflow from you-dont-need/You-Dont-Need-Lodash-Underscore, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: you-dont-need/You-Dont-Need-Lodash-Underscore.github/workflows/pr.ymlLicense MITView source

What it does

This is the PR workflow from the you-dont-need/You-Dont-Need-Lodash-Underscore repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: PR

on:
  pull_request:
    types:
      - opened
      - edited
      - synchronize

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# Sets the GITHUB_TOKEN permissions to allow deployment to GitHub Pages
permissions:
  contents: write
  pages: write
  id-token: write
  pull-requests: write

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    environment: testing
    steps:
      - name: πŸ‘ŒπŸ» Checkout
        uses: actions/checkout@v3
      - name: Install Dependencies
        run: npm ci
      - name: πŸ”Ž Run tests
        run: npm run test
      - name: Run unit tests
        run: npm run test:unit

  set-automerge:
    name: Approve and automerge (only dependanbot PRs)
    runs-on: ubuntu-latest
    environment: testing
    needs: [test]
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Dependabot metadata
        id: dependabot-metadata
        uses: dependabot/fetch-metadata@v1
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve a PR
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Enable auto-merge for Dependabot PRs
        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: PR
 
on:
  pull_request:
    types:
      - opened
      - edited
      - synchronize
 
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
 
# Sets the GITHUB_TOKEN permissions to allow deployment to GitHub Pages
permissions:
  contents: write
  pages: write
  id-token: write
  pull-requests: write
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  test:
    timeout-minutes: 30
    name: Test
    runs-on: latchkey-small
    environment: testing
    steps:
      - name: πŸ‘ŒπŸ» Checkout
        uses: actions/checkout@v3
      - name: Install Dependencies
        run: npm ci
      - name: πŸ”Ž Run tests
        run: npm run test
      - name: Run unit tests
        run: npm run test:unit
 
  set-automerge:
    timeout-minutes: 30
    name: Approve and automerge (only dependanbot PRs)
    runs-on: latchkey-small
    environment: testing
    needs: [test]
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Dependabot metadata
        id: dependabot-metadata
        uses: dependabot/fetch-metadata@v1
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve a PR
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Enable auto-merge for Dependabot PRs
        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow