Create & Publish Package workflow (awslabs/aws-cloudsaga)
The Create & Publish Package workflow from awslabs/aws-cloudsaga, explained and optimized by Latchkey.
CI health: D - needs work
Run this on Latchkey for self-healing, caching, and up to 58% lower cost.
Grade your own workflow free or run it on Latchkey →What it does
This is the Create & Publish Package workflow from the awslabs/aws-cloudsaga repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
on:
push:
tags:
- '*'
name: Create & Publish Package
jobs:
publish:
name: Create & Publish Package
runs-on: 'ubuntu-latest'
steps:
- name: Checkout Source
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.7'
- name: Cache Poetry
id: cache-poetry
uses: actions/cache@v2
with:
path: ~/.poetry
key: poetry
- name: Install Poetry
if: steps.cache-poetry.outputs.cache-hit != 'true'
run: |
curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py -O
python install-poetry.py --preview
- name: Add Poetry to $PATH
run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH
- name: Add versioning plugin
run: poetry plugin add poetry-version-plugin
- name: Poetry Version
run: poetry --version
- name: Add version to environment vars
run: echo "MODULE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Check if source version is up-to-date
run: |
TAG=$(git describe HEAD --tags --abbrev=0)
echo Current Tag: $TAG -- Current Module Version: $MODULE_VERSION
if [[ "$TAG" != "$MODULE_VERSION" ]]; then exit 1; fi
- name: Check pyproject.toml validity
run: poetry check --no-interaction
- name: Cache Dependencies
id: cache-deps
uses: actions/cache@v2
with:
path: ${{github.workspace}}/.venv
key: poetry-${{ hashFiles('**/poetry.lock') }}
restore-keys: poetry-
- name: Install deps
if: steps.cache-deps.cache-hit != 'true'
run: |
poetry config virtualenvs.in-project true
poetry install --no-interaction
- name: Build Package
run: poetry build
- name: Publish to PyPi
run: poetry publish -u __token__ -p $PYPI_TOKEN
env:
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
on: push: tags: - '*' name: Create & Publish Package concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: publish: timeout-minutes: 30 name: Create & Publish Package runs-on: 'ubuntu-latest' steps: - name: Checkout Source uses: actions/checkout@v2 with: fetch-depth: 0 - name: Setup Python uses: actions/setup-python@v2 with: cache: 'pip' python-version: '3.7' - name: Cache Poetry id: cache-poetry uses: actions/cache@v2 with: path: ~/.poetry key: poetry - name: Install Poetry if: steps.cache-poetry.outputs.cache-hit != 'true' run: | curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py -O python install-poetry.py --preview - name: Add Poetry to $PATH run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH - name: Add versioning plugin run: poetry plugin add poetry-version-plugin - name: Poetry Version run: poetry --version - name: Add version to environment vars run: echo "MODULE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - name: Check if source version is up-to-date run: | TAG=$(git describe HEAD --tags --abbrev=0) echo Current Tag: $TAG -- Current Module Version: $MODULE_VERSION if [[ "$TAG" != "$MODULE_VERSION" ]]; then exit 1; fi - name: Check pyproject.toml validity run: poetry check --no-interaction - name: Cache Dependencies id: cache-deps uses: actions/cache@v2 with: path: ${{github.workspace}}/.venv key: poetry-${{ hashFiles('**/poetry.lock') }} restore-keys: poetry- - name: Install deps if: steps.cache-deps.cache-hit != 'true' run: | poetry config virtualenvs.in-project true poetry install --no-interaction - name: Build Package run: poetry build - name: Publish to PyPi run: poetry publish -u __token__ -p $PYPI_TOKEN env: PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
What changed
- Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
- Network fetches
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.