Skip to content
Latchkey

Release Version workflow (bytedance/xgplayer)

The Release Version workflow from bytedance/xgplayer, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: bytedance/xgplayer.github/workflows/publish.ymlLicense MITView source

What it does

This is the Release Version workflow from the bytedance/xgplayer repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release Version
# Publish npm packages based on git tags (v*)

on:
  push:
    tags: ["v*"]

jobs:
  build:
    if: github.repository == 'bytedance/xgplayer'
    runs-on: ubuntu-latest
    environment: release
    permissions:
      contents: read
      id-token: write
    outputs:
      tag: ${{ steps.extract_tag.outputs.result }}
      is_stable: ${{ steps.release_meta.outputs.is_stable }}
    steps:
      - name: Extract tag
        id: extract_tag
        uses: actions/github-script@v7
        with:
          script: |
            const prefix = 'refs/tags/';
            const ref = context.ref;
            if (!ref.startsWith(prefix)) {
              throw new Error('Invalid ref: not a tag');
            }
            return ref.substring(prefix.length);
          result-encoding: string

      - name: Determine release mode
        id: release_meta
        uses: actions/github-script@v7
        env:
          TAG: ${{ steps.extract_tag.outputs.result }}
        with:
          script: |
            const isStable = /^v\d+\.\d+\.\d+$/.test(process.env.TAG);
            core.setOutput('is_stable', String(isStable));
            core.notice(`Release mode for ${process.env.TAG}: ${isStable ? 'stable' : 'prerelease'}`);

      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env

      - name: Set package version
        run: |
          zx scripts/workflow/set-package-version.mjs
        env:
          TAG: ${{ steps.extract_tag.outputs.result }}

      - name: Build packages
        run: |
          yarn build:all

      - name: Upload build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build
          path: |
            packages/*/dist/**
            packages/*/es/**
            packages/*/package.json
            package.json
          retention-days: 7
  release_npm:
    if: github.repository == 'bytedance/xgplayer'
    permissions:
      id-token: write
      
    needs: [build]
    environment: release
    runs-on: ubuntu-latest

    steps:
      - name: Checkout tag
        uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}

      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
        with:
          registry-url: 'https://registry.npmjs.org'

      - name: Download build artifacts
        uses: actions/download-artifact@v4
        with:
          name: build

      - name: Publish to npm
        run: |
          zx scripts/workflow/npm-publish.mjs
        env:
          NPM_CONFIG_PROVENANCE: true

  release_github:
    if: github.repository == 'bytedance/xgplayer'
    permissions:
      contents: write
    needs: [build, release_npm]
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Create GitHub Release
        uses: actions/github-script@v7
        env:
          TAG: ${{ needs.build.outputs.tag }}
          IS_STABLE: ${{ needs.build.outputs.is_stable }}
        with:
          script: |
            const createGitHubRelease = require('./scripts/workflow/create-github-release');
            await createGitHubRelease({
              github,
              context,
              core,
              tag: process.env.TAG,
              isStable: process.env.IS_STABLE === 'true'
            });

  commit_to_main:
    permissions:
      contents: write
    if: github.repository == 'bytedance/xgplayer' && needs.build.outputs.is_stable == 'true'
    needs: [build, release_npm, release_github]
    runs-on: ubuntu-latest

    steps:
      - name: Checkout main branch
        uses: actions/checkout@v4
        with:
          ref: main
          fetch-depth: 0

      - name: Cache node_modules
        uses: actions/cache@v4
        with:
          path: node_modules
          key: ${{ runner.os }}-deps-${{ hashFiles('**/package.json', '**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-deps-
            ${{ runner.os }}-

      - name: Setup Git
        run: |
          git config --global user.name "${{ github.actor }}"
          git config --global user.email "${{ github.actor }}@users.noreply.github.com"

      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env

      - name: Apply version changes
        run: |
          zx scripts/workflow/set-package-version.mjs
        env:
          TAG: ${{ needs.build.outputs.tag }}

      - name: Commit and push to main
        uses: EndBug/add-and-commit@v9
        with:
          add: "."
          default_author: github_actor
          fetch: true
          push: 'origin HEAD:main'
          message: 'chore(release): release version ${{ needs.build.outputs.tag }}'

  release_summary:
    if: always() && github.repository == 'bytedance/xgplayer'
    needs: [build, release_npm, release_github, commit_to_main]
    runs-on: ubuntu-latest

    steps:
      - name: Generate release summary
        run: |
          VERSION="${{ needs.build.outputs.tag }}"
          IS_STABLE="${{ needs.build.outputs.is_stable }}"
          BUILD_STATUS="${{ needs.build.result }}"
          RELEASE_STATUS="${{ needs.release_npm.result }}"
          GITHUB_RELEASE_STATUS="${{ needs.release_github.result }}"
          MAIN_COMMIT_STATUS="${{ needs.commit_to_main.result }}"
          
          BUILD_BADGE=$([ "$BUILD_STATUS" = "success" ] && echo "✅" || echo "❌")
          RELEASE_BADGE=$([ "$RELEASE_STATUS" = "success" ] && echo "✅" || echo "❌")
          GITHUB_RELEASE_BADGE=$([ "$GITHUB_RELEASE_STATUS" = "success" ] && echo "✅" || echo "❌")
          if [ "$MAIN_COMMIT_STATUS" = "success" ]; then
            MAIN_COMMIT_BADGE="✅"
          elif [ "$MAIN_COMMIT_STATUS" = "skipped" ]; then
            MAIN_COMMIT_BADGE="⏭️"
          else
            MAIN_COMMIT_BADGE="❌"
          fi
          RELEASE_MODE=$([ "$IS_STABLE" = "true" ] && echo "stable" || echo "prerelease")
          
          {
            echo "# 🎉 Release Summary"
            echo ""
            echo "## Version Information"
            echo "| Field | Value |"
            echo "|-------|-------|"
            echo "| Version | \`$VERSION\` |"
            echo "| Tag | \`${{ github.ref }}\` |"
            echo "| Release Mode | \`$RELEASE_MODE\` |"
            echo "| Commit | [\`${{ github.sha }}\`](https://github.com/${{ github.repository }}/commit/${{ github.sha }}) |"
            echo ""
            echo "## Workflow Status"
            echo "| Step | Status |"
            echo "|------|--------|"
            echo "| Build | $BUILD_BADGE $BUILD_STATUS |"
            echo "| NPM Release | $RELEASE_BADGE $RELEASE_STATUS |"
            echo "| GitHub Release | $GITHUB_RELEASE_BADGE $GITHUB_RELEASE_STATUS |"
            echo "| Commit To Main | $MAIN_COMMIT_BADGE $MAIN_COMMIT_STATUS |"
            echo ""
            echo "## Links"
            echo "- 📦 [View on NPM](https://www.npmjs.com/search?q=%40xgplayer)"
            echo "- 🏷️ [View GitHub Release](https://github.com/${{ github.repository }}/releases/tag/$VERSION)"
            echo "- 🔗 [Workflow Run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
            echo ""
            echo "*Auto-generated by GitHub Actions*"
          } >> $GITHUB_STEP_SUMMARY

          if [ "$BUILD_STATUS" != "success" ] || [ "$RELEASE_STATUS" != "success" ] || [ "$GITHUB_RELEASE_STATUS" != "success" ]; then
            exit 1
          fi

          if [ "$IS_STABLE" = "true" ] && [ "$MAIN_COMMIT_STATUS" != "success" ]; then
            exit 1
          fi

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Release Version
# Publish npm packages based on git tags (v*)
 
on:
  push:
    tags: ["v*"]
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    if: github.repository == 'bytedance/xgplayer'
    runs-on: latchkey-small
    environment: release
    permissions:
      contents: read
      id-token: write
    outputs:
      tag: ${{ steps.extract_tag.outputs.result }}
      is_stable: ${{ steps.release_meta.outputs.is_stable }}
    steps:
      - name: Extract tag
        id: extract_tag
        uses: actions/github-script@v7
        with:
          script: |
            const prefix = 'refs/tags/';
            const ref = context.ref;
            if (!ref.startsWith(prefix)) {
              throw new Error('Invalid ref: not a tag');
            }
            return ref.substring(prefix.length);
          result-encoding: string
 
      - name: Determine release mode
        id: release_meta
        uses: actions/github-script@v7
        env:
          TAG: ${{ steps.extract_tag.outputs.result }}
        with:
          script: |
            const isStable = /^v\d+\.\d+\.\d+$/.test(process.env.TAG);
            core.setOutput('is_stable', String(isStable));
            core.notice(`Release mode for ${process.env.TAG}: ${isStable ? 'stable' : 'prerelease'}`);
 
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
 
      - name: Set package version
        run: |
          zx scripts/workflow/set-package-version.mjs
        env:
          TAG: ${{ steps.extract_tag.outputs.result }}
 
      - name: Build packages
        run: |
          yarn build:all
 
      - name: Upload build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build
          path: |
            packages/*/dist/**
            packages/*/es/**
            packages/*/package.json
            package.json
          retention-days: 7
  release_npm:
    timeout-minutes: 30
    if: github.repository == 'bytedance/xgplayer'
    permissions:
      id-token: write
      
    needs: [build]
    environment: release
    runs-on: latchkey-small
 
    steps:
      - name: Checkout tag
        uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}
 
      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
        with:
          registry-url: 'https://registry.npmjs.org'
 
      - name: Download build artifacts
        uses: actions/download-artifact@v4
        with:
          name: build
 
      - name: Publish to npm
        run: |
          zx scripts/workflow/npm-publish.mjs
        env:
          NPM_CONFIG_PROVENANCE: true
 
  release_github:
    timeout-minutes: 30
    if: github.repository == 'bytedance/xgplayer'
    permissions:
      contents: write
    needs: [build, release_npm]
    runs-on: latchkey-small
 
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
 
      - name: Create GitHub Release
        uses: actions/github-script@v7
        env:
          TAG: ${{ needs.build.outputs.tag }}
          IS_STABLE: ${{ needs.build.outputs.is_stable }}
        with:
          script: |
            const createGitHubRelease = require('./scripts/workflow/create-github-release');
            await createGitHubRelease({
              github,
              context,
              core,
              tag: process.env.TAG,
              isStable: process.env.IS_STABLE === 'true'
            });
 
  commit_to_main:
    timeout-minutes: 30
    permissions:
      contents: write
    if: github.repository == 'bytedance/xgplayer' && needs.build.outputs.is_stable == 'true'
    needs: [build, release_npm, release_github]
    runs-on: latchkey-small
 
    steps:
      - name: Checkout main branch
        uses: actions/checkout@v4
        with:
          ref: main
          fetch-depth: 0
 
      - name: Cache node_modules
        uses: actions/cache@v4
        with:
          path: node_modules
          key: ${{ runner.os }}-deps-${{ hashFiles('**/package.json', '**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-deps-
            ${{ runner.os }}-
 
      - name: Setup Git
        run: |
          git config --global user.name "${{ github.actor }}"
          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
 
      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
 
      - name: Apply version changes
        run: |
          zx scripts/workflow/set-package-version.mjs
        env:
          TAG: ${{ needs.build.outputs.tag }}
 
      - name: Commit and push to main
        uses: EndBug/add-and-commit@v9
        with:
          add: "."
          default_author: github_actor
          fetch: true
          push: 'origin HEAD:main'
          message: 'chore(release): release version ${{ needs.build.outputs.tag }}'
 
  release_summary:
    timeout-minutes: 30
    if: always() && github.repository == 'bytedance/xgplayer'
    needs: [build, release_npm, release_github, commit_to_main]
    runs-on: latchkey-small
 
    steps:
      - name: Generate release summary
        run: |
          VERSION="${{ needs.build.outputs.tag }}"
          IS_STABLE="${{ needs.build.outputs.is_stable }}"
          BUILD_STATUS="${{ needs.build.result }}"
          RELEASE_STATUS="${{ needs.release_npm.result }}"
          GITHUB_RELEASE_STATUS="${{ needs.release_github.result }}"
          MAIN_COMMIT_STATUS="${{ needs.commit_to_main.result }}"
          
          BUILD_BADGE=$([ "$BUILD_STATUS" = "success" ] && echo "✅" || echo "❌")
          RELEASE_BADGE=$([ "$RELEASE_STATUS" = "success" ] && echo "✅" || echo "❌")
          GITHUB_RELEASE_BADGE=$([ "$GITHUB_RELEASE_STATUS" = "success" ] && echo "✅" || echo "❌")
          if [ "$MAIN_COMMIT_STATUS" = "success" ]; then
            MAIN_COMMIT_BADGE="✅"
          elif [ "$MAIN_COMMIT_STATUS" = "skipped" ]; then
            MAIN_COMMIT_BADGE="⏭️"
          else
            MAIN_COMMIT_BADGE="❌"
          fi
          RELEASE_MODE=$([ "$IS_STABLE" = "true" ] && echo "stable" || echo "prerelease")
          
          {
            echo "# 🎉 Release Summary"
            echo ""
            echo "## Version Information"
            echo "| Field | Value |"
            echo "|-------|-------|"
            echo "| Version | \`$VERSION\` |"
            echo "| Tag | \`${{ github.ref }}\` |"
            echo "| Release Mode | \`$RELEASE_MODE\` |"
            echo "| Commit | [\`${{ github.sha }}\`](https://github.com/${{ github.repository }}/commit/${{ github.sha }}) |"
            echo ""
            echo "## Workflow Status"
            echo "| Step | Status |"
            echo "|------|--------|"
            echo "| Build | $BUILD_BADGE $BUILD_STATUS |"
            echo "| NPM Release | $RELEASE_BADGE $RELEASE_STATUS |"
            echo "| GitHub Release | $GITHUB_RELEASE_BADGE $GITHUB_RELEASE_STATUS |"
            echo "| Commit To Main | $MAIN_COMMIT_BADGE $MAIN_COMMIT_STATUS |"
            echo ""
            echo "## Links"
            echo "- 📦 [View on NPM](https://www.npmjs.com/search?q=%40xgplayer)"
            echo "- 🏷️ [View GitHub Release](https://github.com/${{ github.repository }}/releases/tag/$VERSION)"
            echo "- 🔗 [Workflow Run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
            echo ""
            echo "*Auto-generated by GitHub Actions*"
          } >> $GITHUB_STEP_SUMMARY
 
          if [ "$BUILD_STATUS" != "success" ] || [ "$RELEASE_STATUS" != "success" ] || [ "$GITHUB_RELEASE_STATUS" != "success" ]; then
            exit 1
          fi
 
          if [ "$IS_STABLE" = "true" ] && [ "$MAIN_COMMIT_STATUS" != "success" ]; then
            exit 1
          fi
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 5 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow