Skip to content
Latchkey

Release workflow (bitcart/bitcart)

The Release workflow from bitcart/bitcart, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: bitcart/bitcart.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the bitcart/bitcart repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release

on:
  release:
    types: [created]

concurrency:
  group: ${{ github.workflow_ref }}-${{ github.event.release.tag_name }}
  cancel-in-progress: false

permissions:
  contents: read

jobs:
  generate-matrix:
    runs-on: ubuntu-latest
    name: generate-matrix
    outputs:
      matrix: ${{ steps.matrix.outputs.matrix }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Validate release tag
        env:
          TAG: ${{ github.event.release.tag_name }}
        run: |
          if ! printf '%s' "$TAG" | grep -Eq '^[A-Za-z0-9._+][A-Za-z0-9._+-]*$'; then
            echo "Invalid release tag: $TAG" >&2
            exit 1
          fi

      - id: matrix
        run: |
          matrix=$(jq -c '[to_entries[] | {target: .key, dockerfile: .value.dockerfile}]' .github/images.json)
          echo "matrix=$matrix" >> $GITHUB_OUTPUT

  build:
    needs: generate-matrix
    strategy:
      fail-fast: false
      matrix:
        include: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
    name: build-${{ matrix.target }}
    uses: bitcart/bitcart-actions/.github/workflows/build-docker-image.yml@master
    permissions:
      contents: read
      packages: write # publishing to GHCR
      id-token: write # OIDC for provenance
      attestations: write # github attestations
      artifact-metadata: write # artifact storage metadata (recommended by actions/attest)
    with:
      dockerfile: bitcart-docker/compose/${{ matrix.dockerfile }}
      context: bitcart-docker/compose
      image-name: ${{ vars.DOCKERHUB_USER }}/${{ matrix.target }}
      prefix: ${{ matrix.target }}
      tags: |
        type=raw,value=${{ github.event.release.tag_name }}
        type=raw,value=stable
      dockerhub-user: ${{ vars.DOCKERHUB_USER }}
      pre-build-script: |
        git clone https://github.com/bitcart/bitcart-docker
        cd bitcart-docker
        ./dev-setup.sh ${{ github.event.release.tag_name }}
    secrets:
      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Release
 
on:
  release:
    types: [created]
 
concurrency:
  group: ${{ github.workflow_ref }}-${{ github.event.release.tag_name }}
  cancel-in-progress: false
 
permissions:
  contents: read
 
jobs:
  generate-matrix:
    timeout-minutes: 30
    runs-on: latchkey-small
    name: generate-matrix
    outputs:
      matrix: ${{ steps.matrix.outputs.matrix }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
 
      - name: Validate release tag
        env:
          TAG: ${{ github.event.release.tag_name }}
        run: |
          if ! printf '%s' "$TAG" | grep -Eq '^[A-Za-z0-9._+][A-Za-z0-9._+-]*$'; then
            echo "Invalid release tag: $TAG" >&2
            exit 1
          fi
 
      - id: matrix
        run: |
          matrix=$(jq -c '[to_entries[] | {target: .key, dockerfile: .value.dockerfile}]' .github/images.json)
          echo "matrix=$matrix" >> $GITHUB_OUTPUT
 
  build:
    timeout-minutes: 30
    needs: generate-matrix
    strategy:
      fail-fast: false
      matrix:
        include: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
    name: build-${{ matrix.target }}
    uses: bitcart/bitcart-actions/.github/workflows/build-docker-image.yml@master
    permissions:
      contents: read
      packages: write # publishing to GHCR
      id-token: write # OIDC for provenance
      attestations: write # github attestations
      artifact-metadata: write # artifact storage metadata (recommended by actions/attest)
    with:
      dockerfile: bitcart-docker/compose/${{ matrix.dockerfile }}
      context: bitcart-docker/compose
      image-name: ${{ vars.DOCKERHUB_USER }}/${{ matrix.target }}
      prefix: ${{ matrix.target }}
      tags: |
        type=raw,value=${{ github.event.release.tag_name }}
        type=raw,value=stable
      dockerhub-user: ${{ vars.DOCKERHUB_USER }}
      pre-build-script: |
        git clone https://github.com/bitcart/bitcart-docker
        cd bitcart-docker
        ./dev-setup.sh ${{ github.event.release.tag_name }}
    secrets:
      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow