Release workflow (Advai-X/advai-cli)
The Release workflow from Advai-X/advai-cli, explained and optimized by Latchkey.
CI health: D - needs work
Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Release workflow from the Advai-X/advai-cli repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Release
on:
push:
tags:
- "v*"
jobs:
validate:
name: Validate Release Metadata
runs-on: ubuntu-latest
outputs:
version: ${{ steps.meta.outputs.version }}
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Validate versions against the release tag
id: meta
run: |
python - <<'PY'
import json
import os
from pathlib import Path
root = Path.cwd()
tag = os.environ["GITHUB_REF_NAME"]
expected = tag[1:] if tag.startswith("v") else tag
pyproject = (root / "pyproject.toml").read_text(encoding="utf-8")
pyproject_version = next(
line.split('"')[1]
for line in pyproject.splitlines()
if line.startswith('version = "')
)
package_json = json.loads((root / "package.json").read_text(encoding="utf-8"))
init_version = (root / "advai" / "__init__.py").read_text(
encoding="utf-8"
).split('"')[1]
versions = {
"tag": expected,
"pyproject.toml": pyproject_version,
"package.json": package_json["version"],
"advai/__init__.py": init_version,
}
mismatched = {name: value for name, value in versions.items() if value != expected}
if mismatched:
details = ", ".join(f"{name}={value}" for name, value in mismatched.items())
raise SystemExit(f"Release version mismatch: expected {expected}; got {details}")
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as handle:
handle.write(f"version={expected}\n")
PY
- name: Install local package
run: |
python -m pip install --upgrade pip
python -m pip install .
- name: Run unit tests
run: python -m unittest discover -s tests -p "test_*.py" -v
- name: Verify npm package contents
run: npm pack --dry-run
- name: Run CLI smoke tests
shell: bash
run: |
export HOME="$(mktemp -d)"
advai --help > /dev/null
advai info
advai skill list
advai skill platform list > /dev/null
advai kb create release-wiki
advai kb doc add release-wiki README.md
advai kb search release-wiki "unified command-line interface"
publish-pypi:
name: Publish To PyPI
needs: validate
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Build distributions
run: |
python -m pip install --upgrade pip build twine
python -m build
python -m twine check dist/*
- name: Publish distributions to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
run: python -m twine upload dist/*
publish-npm:
name: Publish To npm
needs:
- validate
- publish-pypi
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
registry-url: "https://registry.npmjs.org"
- name: Publish package to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access public --provenance
update-homebrew-tap:
name: Update Homebrew Tap
needs:
- validate
- publish-pypi
runs-on: ubuntu-latest
steps:
- name: Check out tap repository
uses: actions/checkout@v4
with:
repository: Advai-X/homebrew-tap
token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
path: homebrew-tap
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Fetch PyPI source distribution metadata
id: pypi
env:
RELEASE_VERSION: ${{ needs.validate.outputs.version }}
run: |
python - <<'PY'
import json
import os
import urllib.request
version = os.environ["RELEASE_VERSION"]
with urllib.request.urlopen(
f"https://pypi.org/pypi/advai-cli/{version}/json", timeout=30
) as response:
payload = json.load(response)
sdist = next(item for item in payload["urls"] if item["packagetype"] == "sdist")
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as handle:
handle.write(f"url={sdist['url']}\n")
handle.write(f"sha256={sdist['digests']['sha256']}\n")
PY
- name: Update formula
env:
SDIST_URL: ${{ steps.pypi.outputs.url }}
SDIST_SHA256: ${{ steps.pypi.outputs.sha256 }}
run: |
python - <<'PY'
import os
from pathlib import Path
formula_path = Path("homebrew-tap/Formula/advai-cli.rb")
content = formula_path.read_text(encoding="utf-8")
content = content.replace(
next(line for line in content.splitlines() if line.strip().startswith('url "')),
f' url "{os.environ["SDIST_URL"]}"',
)
content = content.replace(
next(line for line in content.splitlines() if line.strip().startswith('sha256 "')),
f' sha256 "{os.environ["SDIST_SHA256"]}"',
)
formula_path.write_text(content, encoding="utf-8")
PY
- name: Commit and push formula update
run: |
cd homebrew-tap
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add Formula/advai-cli.rb
git commit -m "Release advai-cli ${{ needs.validate.outputs.version }}" || exit 0
git push
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Release on: push: tags: - "v*" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: validate: timeout-minutes: 30 name: Validate Release Metadata runs-on: latchkey-small outputs: version: ${{ steps.meta.outputs.version }} steps: - name: Check out repository uses: actions/checkout@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: cache: 'npm' node-version: "20" - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.12" - name: Validate versions against the release tag id: meta run: | python - <<'PY' import json import os from pathlib import Path root = Path.cwd() tag = os.environ["GITHUB_REF_NAME"] expected = tag[1:] if tag.startswith("v") else tag pyproject = (root / "pyproject.toml").read_text(encoding="utf-8") pyproject_version = next( line.split('"')[1] for line in pyproject.splitlines() if line.startswith('version = "') ) package_json = json.loads((root / "package.json").read_text(encoding="utf-8")) init_version = (root / "advai" / "__init__.py").read_text( encoding="utf-8" ).split('"')[1] versions = { "tag": expected, "pyproject.toml": pyproject_version, "package.json": package_json["version"], "advai/__init__.py": init_version, } mismatched = {name: value for name, value in versions.items() if value != expected} if mismatched: details = ", ".join(f"{name}={value}" for name, value in mismatched.items()) raise SystemExit(f"Release version mismatch: expected {expected}; got {details}") with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as handle: handle.write(f"version={expected}\n") PY - name: Install local package run: | python -m pip install --upgrade pip python -m pip install . - name: Run unit tests run: python -m unittest discover -s tests -p "test_*.py" -v - name: Verify npm package contents run: npm pack --dry-run - name: Run CLI smoke tests shell: bash run: | export HOME="$(mktemp -d)" advai --help > /dev/null advai info advai skill list advai skill platform list > /dev/null advai kb create release-wiki advai kb doc add release-wiki README.md advai kb search release-wiki "unified command-line interface" publish-pypi: timeout-minutes: 30 name: Publish To PyPI needs: validate runs-on: latchkey-small steps: - name: Check out repository uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.12" - name: Build distributions run: | python -m pip install --upgrade pip build twine python -m build python -m twine check dist/* - name: Publish distributions to PyPI env: TWINE_USERNAME: __token__ TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} run: python -m twine upload dist/* publish-npm: timeout-minutes: 30 name: Publish To npm needs: - validate - publish-pypi runs-on: latchkey-small permissions: contents: read id-token: write steps: - name: Check out repository uses: actions/checkout@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: cache: 'npm' node-version: "20" registry-url: "https://registry.npmjs.org" - name: Publish package to npm env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} run: npm publish --access public --provenance update-homebrew-tap: timeout-minutes: 30 name: Update Homebrew Tap needs: - validate - publish-pypi runs-on: latchkey-small steps: - name: Check out tap repository uses: actions/checkout@v4 with: repository: Advai-X/homebrew-tap token: ${{ secrets.HOMEBREW_TAP_TOKEN }} path: homebrew-tap - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.12" - name: Fetch PyPI source distribution metadata id: pypi env: RELEASE_VERSION: ${{ needs.validate.outputs.version }} run: | python - <<'PY' import json import os import urllib.request version = os.environ["RELEASE_VERSION"] with urllib.request.urlopen( f"https://pypi.org/pypi/advai-cli/{version}/json", timeout=30 ) as response: payload = json.load(response) sdist = next(item for item in payload["urls"] if item["packagetype"] == "sdist") with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as handle: handle.write(f"url={sdist['url']}\n") handle.write(f"sha256={sdist['digests']['sha256']}\n") PY - name: Update formula env: SDIST_URL: ${{ steps.pypi.outputs.url }} SDIST_SHA256: ${{ steps.pypi.outputs.sha256 }} run: | python - <<'PY' import os from pathlib import Path formula_path = Path("homebrew-tap/Formula/advai-cli.rb") content = formula_path.read_text(encoding="utf-8") content = content.replace( next(line for line in content.splitlines() if line.strip().startswith('url "')), f' url "{os.environ["SDIST_URL"]}"', ) content = content.replace( next(line for line in content.splitlines() if line.strip().startswith('sha256 "')), f' sha256 "{os.environ["SDIST_SHA256"]}"', ) formula_path.write_text(content, encoding="utf-8") PY - name: Commit and push formula update run: | cd homebrew-tap git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git add Formula/advai-cli.rb git commit -m "Release advai-cli ${{ needs.validate.outputs.version }}" || exit 0 git push
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 4 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.