Release workflow (Cloxl/xhshow)
The Release workflow from Cloxl/xhshow, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Release workflow from the Cloxl/xhshow repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Release
on:
push:
tags:
# Only publish stable releases (v1.2.3 format, not v1.2.3-dev1)
- v[0-9]+.[0-9]+.[0-9]+
jobs:
github-release:
name: Create GitHub Release
runs-on: ubuntu-latest
environment:
name: release
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate release notes
id: release_notes
run: |
VERSION="${{ github.ref_name }}"
VERSION_NO_V="${VERSION#v}"
# Get previous tag
PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
# Generate changelog
echo "CHANGELOG<<CHANGELOG_EOF" >> $GITHUB_OUTPUT
if [ -n "$PREV_TAG" ]; then
echo "## What's Changed" >> $GITHUB_OUTPUT
echo "" >> $GITHUB_OUTPUT
git log ${PREV_TAG}..HEAD --pretty=format:"- %s (%h)" --no-merges >> $GITHUB_OUTPUT
echo "" >> $GITHUB_OUTPUT
echo "" >> $GITHUB_OUTPUT
echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREV_TAG}...${VERSION}" >> $GITHUB_OUTPUT
else
echo "Initial release" >> $GITHUB_OUTPUT
fi
echo "CHANGELOG_EOF" >> $GITHUB_OUTPUT
echo "VERSION_NO_V=${VERSION_NO_V}" >> $GITHUB_OUTPUT
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
name: Release ${{ github.ref_name }}
draft: false
prerelease: false
generate_release_notes: true
body: |
${{ steps.release_notes.outputs.CHANGELOG }}
## Installation
```bash
pip install xhshow==${{ steps.release_notes.outputs.VERSION_NO_V }}
```
Or upgrade from previous version:
```bash
pip install --upgrade xhshow
```
## Quick Start
```python
from xhshow import Xhshow, SessionManager
# Basic usage
client = Xhshow()
# GET request signature
signature = client.sign_xs_get(
uri="/api/sns/web/v1/user_posted",
a1_value="your_a1_cookie_value",
params={"num": "30", "user_id": "123"}
)
# POST request signature
signature = client.sign_xs_post(
uri="/api/sns/web/v1/comment/post",
a1_value="your_a1_cookie_value",
payload={"note_id": "123", "content": "Great!"}
)
# Generate complete headers with session management
session = SessionManager()
headers = client.sign_headers_get(
uri="/api/sns/web/v1/homefeed",
cookies={"a1": "your_a1_value", "web_session": "..."},
params={"page": "1"},
session=session
)
```
## Documentation
- [GitHub Repository](https://github.com/${{ github.repository }})
- [PyPI Package](https://pypi.org/project/xhshow/${{ steps.release_notes.outputs.VERSION_NO_V }}/)
## Supported Python Versions
- Python 3.10+
- Python 3.11
- Python 3.12
pypi:
name: Publish to PyPI
runs-on: ubuntu-latest
needs: github-release
# Environment and permissions trusted publishing.
environment:
# Create this environment in the GitHub repository under Settings -> Environments
name: release
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v4
- name: Build package
run: uv build
# Check that basic features work and we didn't miss to include crucial files
- name: Smoke test (wheel)
run: |
WHEEL_FILE=$(find dist -name "*.whl" -type f)
uv run --isolated --no-project -p 3.12 --with "$WHEEL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Wheel package works'); print('Xhshow module:', client.__class__.__module__)"
- name: Smoke test (source distribution)
run: |
TARBALL_FILE=$(find dist -name "*.tar.gz" -type f)
uv run --isolated --no-project -p 3.12 --with "$TARBALL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Source distribution works'); print('Xhshow module:', client.__class__.__module__)"
- name: Check if version exists on PyPI
run: |
VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//')
if pip index versions xhshow | grep -q "$VERSION"; then
echo "Version $VERSION already exists on PyPI, skipping upload"
echo "SKIP_PYPI=true" >> $GITHUB_ENV
else
echo "Version $VERSION not found on PyPI, proceeding with upload"
echo "SKIP_PYPI=false" >> $GITHUB_ENV
fi
- name: Publish to PyPI
if: env.SKIP_PYPI == 'false'
run: uv publish --trusted-publishing alwaysThe same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Release on: push: tags: # Only publish stable releases (v1.2.3 format, not v1.2.3-dev1) - v[0-9]+.[0-9]+.[0-9]+ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: github-release: timeout-minutes: 30 name: Create GitHub Release runs-on: latchkey-small environment: name: release permissions: contents: write steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Generate release notes id: release_notes run: | VERSION="${{ github.ref_name }}" VERSION_NO_V="${VERSION#v}" # Get previous tag PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "") # Generate changelog echo "CHANGELOG<<CHANGELOG_EOF" >> $GITHUB_OUTPUT if [ -n "$PREV_TAG" ]; then echo "## What's Changed" >> $GITHUB_OUTPUT echo "" >> $GITHUB_OUTPUT git log ${PREV_TAG}..HEAD --pretty=format:"- %s (%h)" --no-merges >> $GITHUB_OUTPUT echo "" >> $GITHUB_OUTPUT echo "" >> $GITHUB_OUTPUT echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREV_TAG}...${VERSION}" >> $GITHUB_OUTPUT else echo "Initial release" >> $GITHUB_OUTPUT fi echo "CHANGELOG_EOF" >> $GITHUB_OUTPUT echo "VERSION_NO_V=${VERSION_NO_V}" >> $GITHUB_OUTPUT - name: Create GitHub Release uses: softprops/action-gh-release@v2 with: tag_name: ${{ github.ref_name }} name: Release ${{ github.ref_name }} draft: false prerelease: false generate_release_notes: true body: | ${{ steps.release_notes.outputs.CHANGELOG }} ## Installation ```bash pip install xhshow==${{ steps.release_notes.outputs.VERSION_NO_V }} ``` Or upgrade from previous version: ```bash pip install --upgrade xhshow ``` ## Quick Start ```python from xhshow import Xhshow, SessionManager # Basic usage client = Xhshow() # GET request signature signature = client.sign_xs_get( uri="/api/sns/web/v1/user_posted", a1_value="your_a1_cookie_value", params={"num": "30", "user_id": "123"} ) # POST request signature signature = client.sign_xs_post( uri="/api/sns/web/v1/comment/post", a1_value="your_a1_cookie_value", payload={"note_id": "123", "content": "Great!"} ) # Generate complete headers with session management session = SessionManager() headers = client.sign_headers_get( uri="/api/sns/web/v1/homefeed", cookies={"a1": "your_a1_value", "web_session": "..."}, params={"page": "1"}, session=session ) ``` ## Documentation - [GitHub Repository](https://github.com/${{ github.repository }}) - [PyPI Package](https://pypi.org/project/xhshow/${{ steps.release_notes.outputs.VERSION_NO_V }}/) ## Supported Python Versions - Python 3.10+ - Python 3.11 - Python 3.12 pypi: timeout-minutes: 30 name: Publish to PyPI runs-on: latchkey-small needs: github-release # Environment and permissions trusted publishing. environment: # Create this environment in the GitHub repository under Settings -> Environments name: release permissions: id-token: write steps: - uses: actions/checkout@v4 - uses: astral-sh/setup-uv@v4 - name: Build package run: uv build # Check that basic features work and we didn't miss to include crucial files - name: Smoke test (wheel) run: | WHEEL_FILE=$(find dist -name "*.whl" -type f) uv run --isolated --no-project -p 3.12 --with "$WHEEL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Wheel package works'); print('Xhshow module:', client.__class__.__module__)" - name: Smoke test (source distribution) run: | TARBALL_FILE=$(find dist -name "*.tar.gz" -type f) uv run --isolated --no-project -p 3.12 --with "$TARBALL_FILE" -- python -c "from xhshow import Xhshow, CryptoProcessor; client = Xhshow(); print('Source distribution works'); print('Xhshow module:', client.__class__.__module__)" - name: Check if version exists on PyPI run: | VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//') if pip index versions xhshow | grep -q "$VERSION"; then echo "Version $VERSION already exists on PyPI, skipping upload" echo "SKIP_PYPI=true" >> $GITHUB_ENV else echo "Version $VERSION not found on PyPI, proceeding with upload" echo "SKIP_PYPI=false" >> $GITHUB_ENV fi - name: Publish to PyPI if: env.SKIP_PYPI == 'false' run: uv publish --trusted-publishing always
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.