Skip to content
Latchkey

Release workflow (iann0036/iamlive)

The Release workflow from iann0036/iamlive, explained and optimized by Latchkey.

C

CI health: C - fair

Run this on Latchkey for self-healing, caching, and up to 58% lower cost.

Grade your own workflow free or run it on Latchkey →
Source: iann0036/iamlive.github/workflows/release.yamlLicense MITView source

What it does

This is the Release workflow from the iann0036/iamlive repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release

on:
  push:
    tags:
      - '*'

jobs:
  goreleaser:
    runs-on: macos-14
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.23
      - name: Set up Gon
        run: brew install Bearer/tap/gon
      - name: Import Keychain Certs
        uses: apple-actions/import-codesign-certs@v1
        with: 
          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          version: "~> v2"
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
          MACOS_SIGN_P12: ${{ secrets.CERTIFICATES_P12 }}
          MACOS_SIGN_PASSWORD: ${{ secrets.CERTIFICATES_P12_PASSWORD }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Release
 
on:
  push:
    tags:
      - '*'
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  goreleaser:
    timeout-minutes: 30
    runs-on: macos-14
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.23
      - name: Set up Gon
        run: brew install Bearer/tap/gon
      - name: Import Keychain Certs
        uses: apple-actions/import-codesign-certs@v1
        with: 
          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          version: "~> v2"
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
          MACOS_SIGN_P12: ${{ secrets.CERTIFICATES_P12 }}
          MACOS_SIGN_PASSWORD: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
 
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow