Skip to content
Latchkey

Release workflow (jazzband/django-fsm-log)

The Release workflow from jazzband/django-fsm-log, explained and optimized by Latchkey.

F

CI health: F - at risk

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: jazzband/django-fsm-log.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the jazzband/django-fsm-log repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release
on:
  push:
    tags:
      - "*"

jobs:
  build:
    if: github.repository == 'jazzband/django-fsm-log'
    runs-on: ubuntu-latest
    environment: pypi
    permissions:
      id-token: write

    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.13"

      - name: Install uv
        uses: astral-sh/setup-uv@v7
        with:
          enable-cache: true

      - name: Build package
        run: |
          uv build
          uvx twine check dist/*

      - name: Upload packages to Pypi
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
        uses: pypa/gh-action-pypi-publish@release/v1

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Release
on:
  push:
    tags:
      - "*"
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    if: github.repository == 'jazzband/django-fsm-log'
    runs-on: latchkey-small
    environment: pypi
    permissions:
      id-token: write
 
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
 
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: "3.13"
 
      - name: Install uv
        uses: astral-sh/setup-uv@v7
        with:
          enable-cache: true
 
      - name: Build package
        run: |
          uv build
          uvx twine check dist/*
 
      - name: Upload packages to Pypi
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
        uses: pypa/gh-action-pypi-publish@release/v1
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow