Release workflow (bitcart/bitcart)
The Release workflow from bitcart/bitcart, explained and optimized by Latchkey.
CI health: B - good
Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Release workflow from the bitcart/bitcart repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Release
on:
release:
types: [created]
concurrency:
group: ${{ github.workflow_ref }}-${{ github.event.release.tag_name }}
cancel-in-progress: false
permissions:
contents: read
jobs:
generate-matrix:
runs-on: ubuntu-latest
name: generate-matrix
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Validate release tag
env:
TAG: ${{ github.event.release.tag_name }}
run: |
if ! printf '%s' "$TAG" | grep -Eq '^[A-Za-z0-9._+][A-Za-z0-9._+-]*$'; then
echo "Invalid release tag: $TAG" >&2
exit 1
fi
- id: matrix
run: |
matrix=$(jq -c '[to_entries[] | {target: .key, dockerfile: .value.dockerfile}]' .github/images.json)
echo "matrix=$matrix" >> $GITHUB_OUTPUT
build:
needs: generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
name: build-${{ matrix.target }}
uses: bitcart/bitcart-actions/.github/workflows/build-docker-image.yml@master
permissions:
contents: read
packages: write # publishing to GHCR
id-token: write # OIDC for provenance
attestations: write # github attestations
artifact-metadata: write # artifact storage metadata (recommended by actions/attest)
with:
dockerfile: bitcart-docker/compose/${{ matrix.dockerfile }}
context: bitcart-docker/compose
image-name: ${{ vars.DOCKERHUB_USER }}/${{ matrix.target }}
prefix: ${{ matrix.target }}
tags: |
type=raw,value=${{ github.event.release.tag_name }}
type=raw,value=stable
dockerhub-user: ${{ vars.DOCKERHUB_USER }}
pre-build-script: |
git clone https://github.com/bitcart/bitcart-docker
cd bitcart-docker
./dev-setup.sh ${{ github.event.release.tag_name }}
secrets:
dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Release on: release: types: [created] concurrency: group: ${{ github.workflow_ref }}-${{ github.event.release.tag_name }} cancel-in-progress: false permissions: contents: read jobs: generate-matrix: timeout-minutes: 30 runs-on: latchkey-small name: generate-matrix outputs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Validate release tag env: TAG: ${{ github.event.release.tag_name }} run: | if ! printf '%s' "$TAG" | grep -Eq '^[A-Za-z0-9._+][A-Za-z0-9._+-]*$'; then echo "Invalid release tag: $TAG" >&2 exit 1 fi - id: matrix run: | matrix=$(jq -c '[to_entries[] | {target: .key, dockerfile: .value.dockerfile}]' .github/images.json) echo "matrix=$matrix" >> $GITHUB_OUTPUT build: timeout-minutes: 30 needs: generate-matrix strategy: fail-fast: false matrix: include: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} name: build-${{ matrix.target }} uses: bitcart/bitcart-actions/.github/workflows/build-docker-image.yml@master permissions: contents: read packages: write # publishing to GHCR id-token: write # OIDC for provenance attestations: write # github attestations artifact-metadata: write # artifact storage metadata (recommended by actions/attest) with: dockerfile: bitcart-docker/compose/${{ matrix.dockerfile }} context: bitcart-docker/compose image-name: ${{ vars.DOCKERHUB_USER }}/${{ matrix.target }} prefix: ${{ matrix.target }} tags: | type=raw,value=${{ github.event.release.tag_name }} type=raw,value=stable dockerhub-user: ${{ vars.DOCKERHUB_USER }} pre-build-script: | git clone https://github.com/bitcart/bitcart-docker cd bitcart-docker ./dev-setup.sh ${{ github.event.release.tag_name }} secrets: dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.