Skip to content
Latchkey

Pip package workflow (cashubtc/nutshell)

The Pip package workflow from cashubtc/nutshell, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: cashubtc/nutshell.github/workflows/pypi.yamlLicense MITView source

What it does

This is the Pip package workflow from the cashubtc/nutshell repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Pip package

on:
  push:
  release:
    types: [released]

permissions:
  contents: read

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    strategy:
        matrix:
          python-version: ["3.11"]
          poetry-version: ["2.3.2"]
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - uses: ./.github/actions/prepare
        with:
          python-version: ${{ matrix.python-version }}
          poetry-version: ${{ matrix.poetry-version }}

      - name: Verify Versions
        if: github.event_name == 'release'
        run: |
          python3 scripts/check_version.py "${{ github.event.release.tag_name }}"

      - name: Build package
        run: |
          poetry build

      - name: Install package
        run: |
          pip install --upgrade dist/*.whl

      - name: Upload to PyPI on release
        if: github.event_name == 'release' && github.event.action == 'released'
        run: |
          poetry publish -u __token__ -p ${{ secrets.PYPI_API_TOKEN }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Pip package
 
on:
  push:
  release:
    types: [released]
 
permissions:
  contents: read
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build-and-push:
    timeout-minutes: 30
    runs-on: latchkey-small
    strategy:
        matrix:
          python-version: ["3.11"]
          poetry-version: ["2.3.2"]
    steps:
      - name: Checkout
        uses: actions/checkout@v6
 
      - uses: ./.github/actions/prepare
        with:
          python-version: ${{ matrix.python-version }}
          poetry-version: ${{ matrix.poetry-version }}
 
      - name: Verify Versions
        if: github.event_name == 'release'
        run: |
          python3 scripts/check_version.py "${{ github.event.release.tag_name }}"
 
      - name: Build package
        run: |
          poetry build
 
      - name: Install package
        run: |
          pip install --upgrade dist/*.whl
 
      - name: Upload to PyPI on release
        if: github.event_name == 'release' && github.event.action == 'released'
        run: |
          poetry publish -u __token__ -p ${{ secrets.PYPI_API_TOKEN }}
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow