Skip to content
Latchkey

Release workflow (alvarofpp/validate-docbr)

The Release workflow from alvarofpp/validate-docbr, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: alvarofpp/validate-docbr.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the alvarofpp/validate-docbr repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
---
name: Release

on:
  push:
    branches:
      - main

jobs:
  check-version:
    runs-on: ubuntu-latest
    outputs:
      should_release: ${{ steps.check.outputs.should_release }}
      version: ${{ steps.check.outputs.version }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Verifica se precisa de release
        id: check
        run: |
          VERSION=$(grep -m1 '^version' pyproject.toml \
            | sed 's/.*"\(.*\)"/\1/')
          TAG="v${VERSION}"
          echo "version=$VERSION tag=$TAG"
          if git rev-parse "$TAG" >/dev/null 2>&1; then
            echo "Tag $TAG já existe"
            echo "should_release=false" >> "$GITHUB_OUTPUT"
          else
            echo "Tag $TAG não existe"
            echo "should_release=true" >> "$GITHUB_OUTPUT"
            echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          fi

  release:
    needs: check-version
    if: needs.check-version.outputs.should_release == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
      - uses: actions/checkout@v4

      - uses: astral-sh/setup-uv@v7

      - name: Cria release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          VERSION: ${{ needs.check-version.outputs.version }}
        run: |
          gh release create "v${VERSION}" \
            --title "v${VERSION}" \
            --generate-notes

      - name: Build
        run: uv build

      - name: Publish
        run: uv publish --trusted-publishing always

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

---
name: Release
 
on:
  push:
    branches:
      - main
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  check-version:
    timeout-minutes: 30
    runs-on: latchkey-small
    outputs:
      should_release: ${{ steps.check.outputs.should_release }}
      version: ${{ steps.check.outputs.version }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Verifica se precisa de release
        id: check
        run: |
          VERSION=$(grep -m1 '^version' pyproject.toml \
            | sed 's/.*"\(.*\)"/\1/')
          TAG="v${VERSION}"
          echo "version=$VERSION tag=$TAG"
          if git rev-parse "$TAG" >/dev/null 2>&1; then
            echo "Tag $TAG já existe"
            echo "should_release=false" >> "$GITHUB_OUTPUT"
          else
            echo "Tag $TAG não existe"
            echo "should_release=true" >> "$GITHUB_OUTPUT"
            echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          fi
 
  release:
    timeout-minutes: 30
    needs: check-version
    if: needs.check-version.outputs.should_release == 'true'
    runs-on: latchkey-small
    permissions:
      contents: write
      id-token: write
    steps:
      - uses: actions/checkout@v4
 
      - uses: astral-sh/setup-uv@v7
 
      - name: Cria release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          VERSION: ${{ needs.check-version.outputs.version }}
        run: |
          gh release create "v${VERSION}" \
            --title "v${VERSION}" \
            --generate-notes
 
      - name: Build
        run: uv build
 
      - name: Publish
        run: uv publish --trusted-publishing always
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow