Skip to content
Latchkey

Upload Python Package workflow (derisk-ai/OpenDerisk)

The Upload Python Package workflow from derisk-ai/OpenDerisk, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: derisk-ai/OpenDerisk.github/workflows/python-publish.ymlLicense MITView source

What it does

This is the Upload Python Package workflow from the derisk-ai/OpenDerisk repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, data_privacy policy, and support
# documentation.

name: Upload Python Package

on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      version:
        description: 'Package version (e.g. 0.6.3rc2)'
        required: true
        type: string
permissions:
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    
    - name: Set up Python
      uses: actions/setup-python@v3
      with:
        python-version: '3.x'
    
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install wheel setuptools
    
    - name: Build package using Make
      run: |
        if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
          DERISK_VERSION=${{ inputs.version }} make package
        else
          make package
        fi

    - name: Upload wheel as artifact
      uses: actions/upload-artifact@v3
      with:
        name: dist-packages
        path: dist/*
        retention-days: 7 

    - name: Publish package
      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
      with:
        password: ${{ secrets.PYPI_API_TOKEN }}

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
 
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, data_privacy policy, and support
# documentation.
 
name: Upload Python Package
 
on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      version:
        description: 'Package version (e.g. 0.6.3rc2)'
        required: true
        type: string
permissions:
  contents: read
 
jobs:
  deploy:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
    - uses: actions/checkout@v3
    
    - name: Set up Python
      uses: actions/setup-python@v3
      with:
        cache: 'pip'
        python-version: '3.x'
    
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install wheel setuptools
    
    - name: Build package using Make
      run: |
        if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
          DERISK_VERSION=${{ inputs.version }} make package
        else
          make package
        fi
 
    - name: Upload wheel as artifact
      uses: actions/upload-artifact@v3
      with:
        name: dist-packages
        path: dist/*
        retention-days: 7 
 
    - name: Publish package
      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
      with:
        password: ${{ secrets.PYPI_API_TOKEN }}

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow