Skip to content
Latchkey

Release workflow (Cloxl/xhshow)

The Release workflow from Cloxl/xhshow, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: Cloxl/xhshow.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the Cloxl/xhshow repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release

on:
  push:
    tags:
      # Only publish stable releases (v1.2.3 format, not v1.2.3-dev1)
      - v[0-9]+.[0-9]+.[0-9]+

jobs:
  github-release:
    name: Create GitHub Release
    runs-on: ubuntu-latest
    environment:
      name: release
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Generate release notes
        id: release_notes
        run: |
          VERSION="${{ github.ref_name }}"
          VERSION_NO_V="${VERSION#v}"

          # Get previous tag
          PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")

          # Generate changelog
          echo "CHANGELOG<<CHANGELOG_EOF" >> $GITHUB_OUTPUT
          if [ -n "$PREV_TAG" ]; then
            echo "## What's Changed" >> $GITHUB_OUTPUT
            echo "" >> $GITHUB_OUTPUT
            git log ${PREV_TAG}..HEAD --pretty=format:"- %s (%h)" --no-merges >> $GITHUB_OUTPUT
            echo "" >> $GITHUB_OUTPUT
            echo "" >> $GITHUB_OUTPUT
            echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREV_TAG}...${VERSION}" >> $GITHUB_OUTPUT
          else
            echo "Initial release" >> $GITHUB_OUTPUT
          fi
          echo "CHANGELOG_EOF" >> $GITHUB_OUTPUT

          echo "VERSION_NO_V=${VERSION_NO_V}" >> $GITHUB_OUTPUT

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref_name }}
          name: Release ${{ github.ref_name }}
          draft: false
          prerelease: false
          generate_release_notes: true
          body: |
            ${{ steps.release_notes.outputs.CHANGELOG }}

            ## Installation

            ```bash
            pip install xhshow==${{ steps.release_notes.outputs.VERSION_NO_V }}
            ```

            Or upgrade from previous version:

            ```bash
            pip install --upgrade xhshow
            ```

            ## Quick Start

            ```python
            from xhshow import Xhshow, SessionManager

            # Basic usage
            client = Xhshow()

            # GET request signature
            signature = client.sign_xs_get(
                uri="/api/sns/web/v1/user_posted",
                a1_value="your_a1_cookie_value",
                params={"num": "30", "user_id": "123"}
            )

            # POST request signature
            signature = client.sign_xs_post(
                uri="/api/sns/web/v1/comment/post",
                a1_value="your_a1_cookie_value",
                payload={"note_id": "123", "content": "Great!"}
            )

            # Generate complete headers with session management
            session = SessionManager()
            headers = client.sign_headers_get(
                uri="/api/sns/web/v1/homefeed",
                cookies={"a1": "your_a1_value", "web_session": "..."},
                params={"page": "1"},
                session=session
            )
            ```

            ## Documentation

            - [GitHub Repository](https://github.com/${{ github.repository }})
            - [PyPI Package](https://pypi.org/project/xhshow/${{ steps.release_notes.outputs.VERSION_NO_V }}/)

            ## Supported Python Versions

            - Python 3.10+
            - Python 3.11
            - Python 3.12

  pypi:
    name: Publish to PyPI
    runs-on: ubuntu-latest
    needs: github-release
    # Environment and permissions trusted publishing.
    environment:
      # Create this environment in the GitHub repository under Settings -> Environments
      name: release
    permissions:
      id-token: write
    steps:
      - uses: actions/checkout@v4
      - uses: astral-sh/setup-uv@v4
      
      - name: Build package
        run: uv build
      
      # Check that basic features work and we didn't miss to include crucial files
      - name: Smoke test (wheel)
        run: |
          WHEEL_FILE=$(find dist -name "*.whl" -type f)
          uv run --isolated --no-project -p 3.12 --with "$WHEEL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Wheel package works'); print('Xhshow module:', client.__class__.__module__)"
      
      - name: Smoke test (source distribution)
        run: |
          TARBALL_FILE=$(find dist -name "*.tar.gz" -type f)
          uv run --isolated --no-project -p 3.12 --with "$TARBALL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Source distribution works'); print('Xhshow module:', client.__class__.__module__)"
      
      - name: Check if version exists on PyPI
        run: |
          VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//')
          if pip index versions xhshow | grep -q "$VERSION"; then
            echo "Version $VERSION already exists on PyPI, skipping upload"
            echo "SKIP_PYPI=true" >> $GITHUB_ENV
          else
            echo "Version $VERSION not found on PyPI, proceeding with upload"
            echo "SKIP_PYPI=false" >> $GITHUB_ENV
          fi
      
      - name: Publish to PyPI
        if: env.SKIP_PYPI == 'false'
        run: uv publish --trusted-publishing always

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Release
 
on:
  push:
    tags:
      # Only publish stable releases (v1.2.3 format, not v1.2.3-dev1)
      - v[0-9]+.[0-9]+.[0-9]+
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  github-release:
    timeout-minutes: 30
    name: Create GitHub Release
    runs-on: latchkey-small
    environment:
      name: release
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Generate release notes
        id: release_notes
        run: |
          VERSION="${{ github.ref_name }}"
          VERSION_NO_V="${VERSION#v}"
 
          # Get previous tag
          PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
 
          # Generate changelog
          echo "CHANGELOG<<CHANGELOG_EOF" >> $GITHUB_OUTPUT
          if [ -n "$PREV_TAG" ]; then
            echo "## What's Changed" >> $GITHUB_OUTPUT
            echo "" >> $GITHUB_OUTPUT
            git log ${PREV_TAG}..HEAD --pretty=format:"- %s (%h)" --no-merges >> $GITHUB_OUTPUT
            echo "" >> $GITHUB_OUTPUT
            echo "" >> $GITHUB_OUTPUT
            echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREV_TAG}...${VERSION}" >> $GITHUB_OUTPUT
          else
            echo "Initial release" >> $GITHUB_OUTPUT
          fi
          echo "CHANGELOG_EOF" >> $GITHUB_OUTPUT
 
          echo "VERSION_NO_V=${VERSION_NO_V}" >> $GITHUB_OUTPUT
 
      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref_name }}
          name: Release ${{ github.ref_name }}
          draft: false
          prerelease: false
          generate_release_notes: true
          body: |
            ${{ steps.release_notes.outputs.CHANGELOG }}
 
            ## Installation
 
            ```bash
            pip install xhshow==${{ steps.release_notes.outputs.VERSION_NO_V }}
            ```
 
            Or upgrade from previous version:
 
            ```bash
            pip install --upgrade xhshow
            ```
 
            ## Quick Start
 
            ```python
            from xhshow import Xhshow, SessionManager
 
            # Basic usage
            client = Xhshow()
 
            # GET request signature
            signature = client.sign_xs_get(
                uri="/api/sns/web/v1/user_posted",
                a1_value="your_a1_cookie_value",
                params={"num": "30", "user_id": "123"}
            )
 
            # POST request signature
            signature = client.sign_xs_post(
                uri="/api/sns/web/v1/comment/post",
                a1_value="your_a1_cookie_value",
                payload={"note_id": "123", "content": "Great!"}
            )
 
            # Generate complete headers with session management
            session = SessionManager()
            headers = client.sign_headers_get(
                uri="/api/sns/web/v1/homefeed",
                cookies={"a1": "your_a1_value", "web_session": "..."},
                params={"page": "1"},
                session=session
            )
            ```
 
            ## Documentation
 
            - [GitHub Repository](https://github.com/${{ github.repository }})
            - [PyPI Package](https://pypi.org/project/xhshow/${{ steps.release_notes.outputs.VERSION_NO_V }}/)
 
            ## Supported Python Versions
 
            - Python 3.10+
            - Python 3.11
            - Python 3.12
 
  pypi:
    timeout-minutes: 30
    name: Publish to PyPI
    runs-on: latchkey-small
    needs: github-release
    # Environment and permissions trusted publishing.
    environment:
      # Create this environment in the GitHub repository under Settings -> Environments
      name: release
    permissions:
      id-token: write
    steps:
      - uses: actions/checkout@v4
      - uses: astral-sh/setup-uv@v4
      
      - name: Build package
        run: uv build
      
      # Check that basic features work and we didn't miss to include crucial files
      - name: Smoke test (wheel)
        run: |
          WHEEL_FILE=$(find dist -name "*.whl" -type f)
          uv run --isolated --no-project -p 3.12 --with "$WHEEL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Wheel package works'); print('Xhshow module:', client.__class__.__module__)"
      
      - name: Smoke test (source distribution)
        run: |
          TARBALL_FILE=$(find dist -name "*.tar.gz" -type f)
          uv run --isolated --no-project -p 3.12 --with "$TARBALL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Source distribution works'); print('Xhshow module:', client.__class__.__module__)"
      
      - name: Check if version exists on PyPI
        run: |
          VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//')
          if pip index versions xhshow | grep -q "$VERSION"; then
            echo "Version $VERSION already exists on PyPI, skipping upload"
            echo "SKIP_PYPI=true" >> $GITHUB_ENV
          else
            echo "Version $VERSION not found on PyPI, proceeding with upload"
            echo "SKIP_PYPI=false" >> $GITHUB_ENV
          fi
      
      - name: Publish to PyPI
        if: env.SKIP_PYPI == 'false'
        run: uv publish --trusted-publishing always

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow