Skip to content
Latchkey

Go workflow (esrrhs/pingtunnel)

The Go workflow from esrrhs/pingtunnel, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: esrrhs/pingtunnel.github/workflows/go.ymlLicense MITView source

What it does

This is the Go workflow from the esrrhs/pingtunnel repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go

name: Go

on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.25

      - name: Build
        run: |
          go mod tidy
          go build -v ./...

      - name: Test
        run: go test -v ./...

  release:
    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.25

      - name: Set up Android SDK
        uses: android-actions/setup-android@v3

      - name: Install Android NDK
        run: |
          set -euo pipefail
          # sdkmanager exits after consuming enough input; `yes` then gets SIGPIPE.
          # Temporarily disable pipefail so the pipeline status reflects sdkmanager.
          set +o pipefail
          yes | sdkmanager --licenses >/dev/null
          set -o pipefail
          sdkmanager --install "ndk;27.1.12297006"
          echo "ANDROID_NDK_HOME=${ANDROID_SDK_ROOT}/ndk/27.1.12297006" >> "${GITHUB_ENV}"
          echo "ANDROID_API_LEVEL=21" >> "${GITHUB_ENV}"

      - name: Build release artifacts
        run: ./pack.sh

      - name: Prepare release metadata
        id: release_meta
        env:
          BEFORE_SHA: ${{ github.event.before }}
          AFTER_SHA: ${{ github.sha }}
          RUN_NUMBER: ${{ github.run_number }}
        run: |
          set -euo pipefail

          TAG_NAME="master-${AFTER_SHA}"
          RELEASE_NAME="master build ${RUN_NUMBER}"

          if [ "${BEFORE_SHA}" = "0000000000000000000000000000000000000000" ] || ! git cat-file -e "${BEFORE_SHA}^{commit}" 2>/dev/null; then
            COMMIT_LINES="$(git log --pretty='- %h %s' "${AFTER_SHA}")"
          else
            COMMIT_LINES="$(git log --pretty='- %h %s' "${BEFORE_SHA}..${AFTER_SHA}")"
          fi

          if [ -z "${COMMIT_LINES}" ]; then
            COMMIT_LINES="- ${AFTER_SHA:0:7} no commit messages found"
          fi

          {
            echo "tag_name=${TAG_NAME}"
            echo "release_name=${RELEASE_NAME}"
            echo "body<<EOF"
            echo "Automated release for commit ${AFTER_SHA} on master."
            echo ""
            echo "## Commits in this push"
            echo "${COMMIT_LINES}"
            echo "EOF"
          } >> "${GITHUB_OUTPUT}"

      - name: Create release and upload artifacts
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ steps.release_meta.outputs.tag_name }}
          name: ${{ steps.release_meta.outputs.release_name }}
          body: ${{ steps.release_meta.outputs.body }}
          files: |
            cmd/pack.zip
            cmd/pack/*.zip
          fail_on_unmatched_files: true

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
 
name: Go
 
on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v4
 
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.25
 
      - name: Build
        run: |
          go mod tidy
          go build -v ./...
 
      - name: Test
        run: go test -v ./...
 
  release:
    timeout-minutes: 30
    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    needs: build
    runs-on: latchkey-small
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.25
 
      - name: Set up Android SDK
        uses: android-actions/setup-android@v3
 
      - name: Install Android NDK
        run: |
          set -euo pipefail
          # sdkmanager exits after consuming enough input; `yes` then gets SIGPIPE.
          # Temporarily disable pipefail so the pipeline status reflects sdkmanager.
          set +o pipefail
          yes | sdkmanager --licenses >/dev/null
          set -o pipefail
          sdkmanager --install "ndk;27.1.12297006"
          echo "ANDROID_NDK_HOME=${ANDROID_SDK_ROOT}/ndk/27.1.12297006" >> "${GITHUB_ENV}"
          echo "ANDROID_API_LEVEL=21" >> "${GITHUB_ENV}"
 
      - name: Build release artifacts
        run: ./pack.sh
 
      - name: Prepare release metadata
        id: release_meta
        env:
          BEFORE_SHA: ${{ github.event.before }}
          AFTER_SHA: ${{ github.sha }}
          RUN_NUMBER: ${{ github.run_number }}
        run: |
          set -euo pipefail
 
          TAG_NAME="master-${AFTER_SHA}"
          RELEASE_NAME="master build ${RUN_NUMBER}"
 
          if [ "${BEFORE_SHA}" = "0000000000000000000000000000000000000000" ] || ! git cat-file -e "${BEFORE_SHA}^{commit}" 2>/dev/null; then
            COMMIT_LINES="$(git log --pretty='- %h %s' "${AFTER_SHA}")"
          else
            COMMIT_LINES="$(git log --pretty='- %h %s' "${BEFORE_SHA}..${AFTER_SHA}")"
          fi
 
          if [ -z "${COMMIT_LINES}" ]; then
            COMMIT_LINES="- ${AFTER_SHA:0:7} no commit messages found"
          fi
 
          {
            echo "tag_name=${TAG_NAME}"
            echo "release_name=${RELEASE_NAME}"
            echo "body<<EOF"
            echo "Automated release for commit ${AFTER_SHA} on master."
            echo ""
            echo "## Commits in this push"
            echo "${COMMIT_LINES}"
            echo "EOF"
          } >> "${GITHUB_OUTPUT}"
 
      - name: Create release and upload artifacts
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ steps.release_meta.outputs.tag_name }}
          name: ${{ steps.release_meta.outputs.release_name }}
          body: ${{ steps.release_meta.outputs.body }}
          files: |
            cmd/pack.zip
            cmd/pack/*.zip
          fail_on_unmatched_files: true
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow