Release Python Package workflow (ericmjl/nxviz)
The Release Python Package workflow from ericmjl/nxviz, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Release Python Package workflow from the ericmjl/nxviz repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Release Python Package
on:
workflow_dispatch:
inputs:
version_name:
description: "One of major, minor, or patch"
required: true
type: choice
options:
- major
- minor
- patch
default: patch
pull_request:
branches:
- '**'
env:
UV_SYSTEM_PYTHON: 1
DEFAULT_VERSION_NAME: patch
jobs:
deploy-package:
runs-on: ubuntu-latest
name: ${{ github.event_name == 'pull_request' && '(Dry Run) ' || '' }}Publish Python Package to PyPI
permissions:
id-token: write
contents: write
defaults:
run:
shell: bash -l {0}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Install uv
uses: astral-sh/setup-uv@v3
- name: Setup Pixi Environment
uses: prefix-dev/setup-pixi@v0.8.1
with:
pixi-version: latest
cache: true
cache-write: ${{ github.event_name == 'push' }}
- name: Set version name
run: echo "VERSION_NAME=${{ github.event.inputs.version_name || env.DEFAULT_VERSION_NAME }}" >> $GITHUB_ENV
- name: Dry run version bump
run: uv version --dry-run --bump ${{ env.VERSION_NAME }}
- name: Store new version number
run: echo "version_number=$(uv version --dry-run --bump ${{ env.VERSION_NAME }} | awk '{print $4}')" >> $GITHUB_ENV
- name: Display new version number
run: |
echo "version_name: ${{ env.VERSION_NAME }}"
echo "version_number: v${{ env.version_number }}"
- name: Ensure repo status is clean
run: git status
- name: Configure Git
run: |
git config user.name github-actions
git config user.email github-actions@github.com
- name: Bump version
run: uv version --bump ${{ env.VERSION_NAME }}
- name: Write release notes
if: github.event_name != 'pull_request'
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
run: |
uv tool install "llamabot[web,cli]" --python 3.12 --python-preference only-managed --force
llamabot configure default-model --model-name="${{ secrets.DEFAULT_LANGUAGE_MODEL }}"
llamabot git write-release-notes
- name: Commit version bump and release notes
if: github.event_name != 'pull_request'
run: |
uv tool install pre-commit
pre-commit run --all-files || pre-commit run --all-files
git add .
git commit -m "Release v${{ env.version_number }}"
- name: Create tag
if: github.event_name != 'pull_request'
run: git tag v${{ env.version_number }}
- name: Build package
run: uv build --sdist --wheel
- name: Publish package
if: github.event_name != 'pull_request'
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Push changes with tags
if: github.event_name != 'pull_request'
run: |
git push && git push --tags
- name: Create release in GitHub repo
if: github.event_name != 'pull_request'
uses: ncipollo/release-action@v1
with:
bodyFile: "docs/releases/v${{ env.version_number }}.md"
token: ${{ secrets.GITHUB_TOKEN }}
tag: v${{ env.version_number }}
- name: Ensure complete
if: github.event_name != 'pull_request'
run: echo "Auto-release complete!"
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Release Python Package on: workflow_dispatch: inputs: version_name: description: "One of major, minor, or patch" required: true type: choice options: - major - minor - patch default: patch pull_request: branches: - '**' env: UV_SYSTEM_PYTHON: 1 DEFAULT_VERSION_NAME: patch concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: deploy-package: timeout-minutes: 30 runs-on: latchkey-small name: ${{ github.event_name == 'pull_request' && '(Dry Run) ' || '' }}Publish Python Package to PyPI permissions: id-token: write contents: write defaults: run: shell: bash -l {0} steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 fetch-tags: true - name: Install uv uses: astral-sh/setup-uv@v3 - name: Setup Pixi Environment uses: prefix-dev/setup-pixi@v0.8.1 with: pixi-version: latest cache: true cache-write: ${{ github.event_name == 'push' }} - name: Set version name run: echo "VERSION_NAME=${{ github.event.inputs.version_name || env.DEFAULT_VERSION_NAME }}" >> $GITHUB_ENV - name: Dry run version bump run: uv version --dry-run --bump ${{ env.VERSION_NAME }} - name: Store new version number run: echo "version_number=$(uv version --dry-run --bump ${{ env.VERSION_NAME }} | awk '{print $4}')" >> $GITHUB_ENV - name: Display new version number run: | echo "version_name: ${{ env.VERSION_NAME }}" echo "version_number: v${{ env.version_number }}" - name: Ensure repo status is clean run: git status - name: Configure Git run: | git config user.name github-actions git config user.email github-actions@github.com - name: Bump version run: uv version --bump ${{ env.VERSION_NAME }} - name: Write release notes if: github.event_name != 'pull_request' env: OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} run: | uv tool install "llamabot[web,cli]" --python 3.12 --python-preference only-managed --force llamabot configure default-model --model-name="${{ secrets.DEFAULT_LANGUAGE_MODEL }}" llamabot git write-release-notes - name: Commit version bump and release notes if: github.event_name != 'pull_request' run: | uv tool install pre-commit pre-commit run --all-files || pre-commit run --all-files git add . git commit -m "Release v${{ env.version_number }}" - name: Create tag if: github.event_name != 'pull_request' run: git tag v${{ env.version_number }} - name: Build package run: uv build --sdist --wheel - name: Publish package if: github.event_name != 'pull_request' uses: pypa/gh-action-pypi-publish@release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }} - name: Push changes with tags if: github.event_name != 'pull_request' run: | git push && git push --tags - name: Create release in GitHub repo if: github.event_name != 'pull_request' uses: ncipollo/release-action@v1 with: bodyFile: "docs/releases/v${{ env.version_number }}.md" token: ${{ secrets.GITHUB_TOKEN }} tag: v${{ env.version_number }} - name: Ensure complete if: github.event_name != 'pull_request' run: echo "Auto-release complete!"
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
4 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.