Skip to content
Latchkey

Build and publish macOS Installer workflow (containers/ramalama)

The Build and publish macOS Installer workflow from containers/ramalama, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: containers/ramalama.github/workflows/build-macos-installer.ymlLicense MITView source

What it does

This is the Build and publish macOS Installer workflow from the containers/ramalama repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Build and publish macOS Installer

on:
  push:
    branches:
      - main
    tags:
      - "v*"
  pull_request:
    branches:
      - main
  release:
    types:
      - published
  workflow_dispatch:
    inputs:
      ref:
        description: 'Git ref to checkout (branch, tag, or commit SHA)'
        required: false
        type: string
        default: 'main'
      tag_name:
        description: 'Tag name for release upload (e.g., v0.1.0)'
        required: false
        type: string
        default: ''
      upload_to_release:
        description: 'Upload to specified release tag'
        required: false
        type: boolean
        default: false

jobs:
  build-macos-pkg:
    name: Build macOS installer
    runs-on: macos-latest
    environment: macos-installer
    outputs:
      version: ${{ steps.get_version.outputs.version }}
      pkg_name: ${{ steps.build.pkg_name }}
      sha256: ${{ steps.build.sha256 }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v7
        with:
          ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref || '' }}

      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: '3.14'

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: 'stable'

      - name: Install dependencies
        run: |
          python3 -m pip install --upgrade pip
          pip3 install pyinstaller
          pip3 install .

      - name: Get version
        id: get_version
        run: |
          VERSION=$(cd ramalama && python3 -c "import version; print(version.version())")
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "RamaLama version: $VERSION"

      - name: Build macOS package
        id: build
        run: |
          make -C docs install-tools
          make docs-manpages
          ./scripts/build_macos_pkg.sh
          PKG_FILE="build/macos-pkg/RamaLama-${{ steps.get_version.outputs.version }}-macOS-Installer.pkg"
          PKG_NAME="$(basename $PKG_FILE)"
          echo "pkg_file=$PKG_FILE" >> $GITHUB_OUTPUT
          echo "pkg_name=$PKG_NAME" >> $GITHUB_OUTPUT
          SHA256=$(shasum -a 256 "$PKG_FILE" | cut -d' ' -f1)
          echo "sha256=$SHA256" >> $GITHUB_OUTPUT
          echo "SHA256: $SHA256"
          echo "$SHA256  $PKG_NAME" > "$PKG_FILE.sha256"

      - name: Upload artifact
        uses: actions/upload-artifact@v7
        with:
          name: macos-installer
          path: |
            ${{ steps.build.outputs.pkg_file }}
            ${{ steps.build.outputs.pkg_file }}.sha256
          retention-days: 30

      - name: Summary
        run: |
          echo "## macOS Installer Build Complete! πŸŽ‰" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "- **Version**: ${{ steps.get_version.outputs.version }}" >> $GITHUB_STEP_SUMMARY
          echo "- **Package**: ${{ steps.build.outputs.pkg_name }}" >> $GITHUB_STEP_SUMMARY
          echo "- **SHA256**: ${{ steps.build.outputs.sha256 }}" >> $GITHUB_STEP_SUMMARY

  publish-installer-to-release:
    name: Publish macOS installer to Github release
    if: |
      github.repository_owner == 'containers' && (
        github.event.action == 'published' || (
          github.event_name == 'workflow_dispatch' && github.event.inputs.upload_to_release == 'true'
        )
      )
    permissions:
      contents: write
    runs-on: ubuntu-latest
    needs: build-macos-pkg
    steps:
      - name: Fetch build artifacts
        uses: actions/download-artifact@v8
        with:
          name: macos-installer
          path: macos

      - name: Upload artifacts to Github release
        env:
          GITHUB_TOKEN: ${{ github.token }}
          RELEASE_NAME: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.tag_name }}
          REPOSITORY: ${{ github.repository }}
        run: >-
          gh release upload "$RELEASE_NAME" macos/* --repo "$REPOSITORY"

      - name: Summary
        env:
          VERSION: ${{ needs.build-macos-pkg.outputs.version }}
          PKG_NAME: ${{ needs.build-macos-pkg.outputs.pkg_name }}
          SHA256: ${{ needs.build-macos-pkg.outputs.sha256 }}
        run: |
          echo "## macOS Installer Release Complete! πŸŽ‰" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "- **Version**: $VERSION" >> $GITHUB_STEP_SUMMARY
          echo "- **Package**: $PKG_NAME" >> $GITHUB_STEP_SUMMARY
          echo "- **SHA256**: $SHA256" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Installation" >> $GITHUB_STEP_SUMMARY
          echo '```bash' >> $GITHUB_STEP_SUMMARY
          echo "# Download and install" >> $GITHUB_STEP_SUMMARY
          echo "curl -LO https://github.com/${{ github.repository }}/releases/download/v$VERSION/$PKG_NAME" >> $GITHUB_STEP_SUMMARY
          echo "sudo installer -pkg $PKG_NAME -target /" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Build and publish macOS Installer
 
on:
  push:
    branches:
      - main
    tags:
      - "v*"
  pull_request:
    branches:
      - main
  release:
    types:
      - published
  workflow_dispatch:
    inputs:
      ref:
        description: 'Git ref to checkout (branch, tag, or commit SHA)'
        required: false
        type: string
        default: 'main'
      tag_name:
        description: 'Tag name for release upload (e.g., v0.1.0)'
        required: false
        type: string
        default: ''
      upload_to_release:
        description: 'Upload to specified release tag'
        required: false
        type: boolean
        default: false
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build-macos-pkg:
    timeout-minutes: 30
    name: Build macOS installer
    runs-on: macos-latest
    environment: macos-installer
    outputs:
      version: ${{ steps.get_version.outputs.version }}
      pkg_name: ${{ steps.build.pkg_name }}
      sha256: ${{ steps.build.sha256 }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v7
        with:
          ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref || '' }}
 
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: '3.14'
 
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: 'stable'
 
      - name: Install dependencies
        run: |
          python3 -m pip install --upgrade pip
          pip3 install pyinstaller
          pip3 install .
 
      - name: Get version
        id: get_version
        run: |
          VERSION=$(cd ramalama && python3 -c "import version; print(version.version())")
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "RamaLama version: $VERSION"
 
      - name: Build macOS package
        id: build
        run: |
          make -C docs install-tools
          make docs-manpages
          ./scripts/build_macos_pkg.sh
          PKG_FILE="build/macos-pkg/RamaLama-${{ steps.get_version.outputs.version }}-macOS-Installer.pkg"
          PKG_NAME="$(basename $PKG_FILE)"
          echo "pkg_file=$PKG_FILE" >> $GITHUB_OUTPUT
          echo "pkg_name=$PKG_NAME" >> $GITHUB_OUTPUT
          SHA256=$(shasum -a 256 "$PKG_FILE" | cut -d' ' -f1)
          echo "sha256=$SHA256" >> $GITHUB_OUTPUT
          echo "SHA256: $SHA256"
          echo "$SHA256  $PKG_NAME" > "$PKG_FILE.sha256"
 
      - name: Upload artifact
        uses: actions/upload-artifact@v7
        with:
          name: macos-installer
          path: |
            ${{ steps.build.outputs.pkg_file }}
            ${{ steps.build.outputs.pkg_file }}.sha256
          retention-days: 30
 
      - name: Summary
        run: |
          echo "## macOS Installer Build Complete! πŸŽ‰" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "- **Version**: ${{ steps.get_version.outputs.version }}" >> $GITHUB_STEP_SUMMARY
          echo "- **Package**: ${{ steps.build.outputs.pkg_name }}" >> $GITHUB_STEP_SUMMARY
          echo "- **SHA256**: ${{ steps.build.outputs.sha256 }}" >> $GITHUB_STEP_SUMMARY
 
  publish-installer-to-release:
    timeout-minutes: 30
    name: Publish macOS installer to Github release
    if: |
      github.repository_owner == 'containers' && (
        github.event.action == 'published' || (
          github.event_name == 'workflow_dispatch' && github.event.inputs.upload_to_release == 'true'
        )
      )
    permissions:
      contents: write
    runs-on: latchkey-small
    needs: build-macos-pkg
    steps:
      - name: Fetch build artifacts
        uses: actions/download-artifact@v8
        with:
          name: macos-installer
          path: macos
 
      - name: Upload artifacts to Github release
        env:
          GITHUB_TOKEN: ${{ github.token }}
          RELEASE_NAME: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.tag_name }}
          REPOSITORY: ${{ github.repository }}
        run: >-
          gh release upload "$RELEASE_NAME" macos/* --repo "$REPOSITORY"
 
      - name: Summary
        env:
          VERSION: ${{ needs.build-macos-pkg.outputs.version }}
          PKG_NAME: ${{ needs.build-macos-pkg.outputs.pkg_name }}
          SHA256: ${{ needs.build-macos-pkg.outputs.sha256 }}
        run: |
          echo "## macOS Installer Release Complete! πŸŽ‰" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "- **Version**: $VERSION" >> $GITHUB_STEP_SUMMARY
          echo "- **Package**: $PKG_NAME" >> $GITHUB_STEP_SUMMARY
          echo "- **SHA256**: $SHA256" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Installation" >> $GITHUB_STEP_SUMMARY
          echo '```bash' >> $GITHUB_STEP_SUMMARY
          echo "# Download and install" >> $GITHUB_STEP_SUMMARY
          echo "curl -LO https://github.com/${{ github.repository }}/releases/download/v$VERSION/$PKG_NAME" >> $GITHUB_STEP_SUMMARY
          echo "sudo installer -pkg $PKG_NAME -target /" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow