tagged-release workflow (digitalocean/doctl)
The tagged-release workflow from digitalocean/doctl, explained and optimized by Latchkey.
CI health: C - fair
Run this on Latchkey for self-healing, caching, and up to 58% lower cost.
Grade your own workflow free or run it on Latchkey →What it does
This is the tagged-release workflow from the digitalocean/doctl repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: tagged-release
on:
push:
tags:
- 'v[1-9].[0-9]+.[0-9]+'
jobs:
integration-tests:
name: 'Integration Tests'
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: 1.24.x
- name: Run integration tests
run: make test_integration
github-release:
name: 'GitHub Release'
needs: integration-tests
runs-on: 'ubuntu-latest'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# https://github.com/marketplace/actions/goreleaser-action#usage
# note the fetch-depth: 0 input in Checkout step. It is required for
# the changelog to work correctly
fetch-depth: 0
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: 1.24.x
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: "~> v2"
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
snapcraft-stable:
name: 'Snapcraft: Stable Release'
needs: integration-tests
runs-on: 'ubuntu-latest'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# fetch-depth: 0 fetches all history for all branches and tags
fetch-depth: 0
- name: Build snap
uses: snapcore/action-build@v1
id: build
- uses: snapcore/action-publish@master
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_TOKEN }}
with:
snap: ${{ steps.build.outputs.snap }}
release: stable
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: tagged-release on: push: tags: - 'v[1-9].[0-9]+.[0-9]+' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: integration-tests: timeout-minutes: 30 name: 'Integration Tests' strategy: matrix: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Go uses: actions/setup-go@v4 with: go-version: 1.24.x - name: Run integration tests run: make test_integration github-release: timeout-minutes: 30 name: 'GitHub Release' needs: integration-tests runs-on: 'ubuntu-latest' steps: - name: Checkout code uses: actions/checkout@v4 with: # https://github.com/marketplace/actions/goreleaser-action#usage # note the fetch-depth: 0 input in Checkout step. It is required for # the changelog to work correctly fetch-depth: 0 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Install Go uses: actions/setup-go@v4 with: go-version: 1.24.x - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: "~> v2" args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} snapcraft-stable: timeout-minutes: 30 name: 'Snapcraft: Stable Release' needs: integration-tests runs-on: 'ubuntu-latest' steps: - name: Checkout code uses: actions/checkout@v4 with: # fetch-depth: 0 fetches all history for all branches and tags fetch-depth: 0 - name: Build snap uses: snapcore/action-build@v1 id: build - uses: snapcore/action-publish@master env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_TOKEN }} with: snap: ${{ steps.build.outputs.snap }} release: stable
What changed
- Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
4 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 3 jobs (4 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.