Skip to content
Latchkey

tagged-release workflow (digitalocean/doctl)

The tagged-release workflow from digitalocean/doctl, explained and optimized by Latchkey.

C

CI health: C - fair

Run this on Latchkey for self-healing, caching, and up to 58% lower cost.

Grade your own workflow free or run it on Latchkey →
Source: digitalocean/doctl.github/workflows/release.ymlLicense Apache-2.0View source

What it does

This is the tagged-release workflow from the digitalocean/doctl repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: tagged-release

on:
  push:
    tags:
      - 'v[1-9].[0-9]+.[0-9]+'

jobs:
  integration-tests:
    name: 'Integration Tests'
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.24.x

      - name: Run integration tests
        run: make test_integration

  github-release:
    name: 'GitHub Release'
    needs: integration-tests
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          # https://github.com/marketplace/actions/goreleaser-action#usage
          # note the fetch-depth: 0 input in Checkout step. It is required for
          # the changelog to work correctly
          fetch-depth: 0

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.24.x

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser
          version: "~> v2"
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  snapcraft-stable:
    name: 'Snapcraft: Stable Release'
    needs: integration-tests
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          # fetch-depth: 0 fetches all history for all branches and tags
          fetch-depth: 0

      - name: Build snap
        uses: snapcore/action-build@v1
        id: build

      - uses: snapcore/action-publish@master
        env:
          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_TOKEN }}
        with:
          snap: ${{ steps.build.outputs.snap }}
          release: stable

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: tagged-release
 
on:
  push:
    tags:
      - 'v[1-9].[0-9]+.[0-9]+'
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  integration-tests:
    timeout-minutes: 30
    name: 'Integration Tests'
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.24.x
 
      - name: Run integration tests
        run: make test_integration
 
  github-release:
    timeout-minutes: 30
    name: 'GitHub Release'
    needs: integration-tests
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          # https://github.com/marketplace/actions/goreleaser-action#usage
          # note the fetch-depth: 0 input in Checkout step. It is required for
          # the changelog to work correctly
          fetch-depth: 0
 
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
 
      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.24.x
 
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser
          version: "~> v2"
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
  snapcraft-stable:
    timeout-minutes: 30
    name: 'Snapcraft: Stable Release'
    needs: integration-tests
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          # fetch-depth: 0 fetches all history for all branches and tags
          fetch-depth: 0
 
      - name: Build snap
        uses: snapcore/action-build@v1
        id: build
 
      - uses: snapcore/action-publish@master
        env:
          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_TOKEN }}
        with:
          snap: ${{ steps.build.outputs.snap }}
          release: stable
 

What changed

4 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 3 jobs (4 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow