PR workflow (you-dont-need/You-Dont-Need-Lodash-Underscore)
The PR workflow from you-dont-need/You-Dont-Need-Lodash-Underscore, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the PR workflow from the you-dont-need/You-Dont-Need-Lodash-Underscore repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: PR
on:
pull_request:
types:
- opened
- edited
- synchronize
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Sets the GITHUB_TOKEN permissions to allow deployment to GitHub Pages
permissions:
contents: write
pages: write
id-token: write
pull-requests: write
jobs:
test:
name: Test
runs-on: ubuntu-latest
environment: testing
steps:
- name: ππ» Checkout
uses: actions/checkout@v3
- name: Install Dependencies
run: npm ci
- name: π Run tests
run: npm run test
- name: Run unit tests
run: npm run test:unit
set-automerge:
name: Approve and automerge (only dependanbot PRs)
runs-on: ubuntu-latest
environment: testing
needs: [test]
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Enable auto-merge for Dependabot PRs
if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: PR on: pull_request: types: - opened - edited - synchronize # Allows you to run this workflow manually from the Actions tab workflow_dispatch: # Sets the GITHUB_TOKEN permissions to allow deployment to GitHub Pages permissions: contents: write pages: write id-token: write pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: test: timeout-minutes: 30 name: Test runs-on: latchkey-small environment: testing steps: - name: ππ» Checkout uses: actions/checkout@v3 - name: Install Dependencies run: npm ci - name: π Run tests run: npm run test - name: Run unit tests run: npm run test:unit set-automerge: timeout-minutes: 30 name: Approve and automerge (only dependanbot PRs) runs-on: latchkey-small environment: testing needs: [test] if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Checkout uses: actions/checkout@v3 - name: Dependabot metadata id: dependabot-metadata uses: dependabot/fetch-metadata@v1 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Approve a PR run: gh pr review --approve "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Enable auto-merge for Dependabot PRs if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.