Skip to content
Latchkey

Deployment πŸš€ workflow (minitap-ai/mobile-use)

The Deployment πŸš€ workflow from minitap-ai/mobile-use, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: minitap-ai/mobile-use.github/workflows/deployment.ymlLicense Apache-2.0View source

What it does

This is the Deployment πŸš€ workflow from the minitap-ai/mobile-use repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Deployment πŸš€

on:
  push:
    tags: [ "v*" ]

jobs:
  verify-tag:
    runs-on: ubuntu-latest
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5

      - name: Install uv
        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
      
      - name: Get package version
        run: |
          PACKAGE_VERSION="$(uv run python -c 'import tomllib; print(tomllib.load(open("pyproject.toml","rb"))["project"]["version"])')"
          echo "PACKAGE_VERSION=$PACKAGE_VERSION" >> $GITHUB_ENV

      - name: Check tag version
        uses: minitap-ai/devops-common/.github/actions/check-tag-version@v1
        with:
          expected-tag-version: ${{ env.PACKAGE_VERSION }}
  
  dockerhub:
    runs-on: ubuntu-latest
    needs: verify-tag
    permissions:
      contents: read
    environment:
      name: DockerHub
      url: https://hub.docker.com/r/minitap/mobile-use
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5

      - uses: minitap-ai/devops-common/.github/actions/dockerhub-build-push@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          image-name: minitap/${{ vars.IMAGE_NAME }}
          dockerfile: ${{ github.workspace }}/Dockerfile

  docker-gcp:
    runs-on: ubuntu-latest
    needs: verify-tag
    permissions:
      contents: read
    environment: GCP
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5

      - uses: minitap-ai/devops-common/.github/actions/gcp-docker-build-push@v1
        with:
          gcp-credentials: ${{ secrets.GCP_SA_KEY }}
          gcp-project-id: ${{ vars.GCP_PROJECT_ID }}
          gcp-region: ${{ vars.GCP_REGION }}
          gcp-artifact-repo: ${{ vars.GCP_ARTIFACT_REPO }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          image-name: ${{ vars.IMAGE_NAME }}-slim
          dockerfile: ${{ github.workspace }}/slim.Dockerfile
  
  pypi:
    runs-on: ubuntu-latest
    needs: verify-tag
    permissions:
      contents: read
      id-token: write
    environment:
      name: PyPI
      url: https://pypi.org/project/minitap-mobile-use/
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5

      - name: Install uv
        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true

      - name: Build package
        run: uv build

      - name: Publish package
        run: uv publish

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Deployment πŸš€
 
on:
  push:
    tags: [ "v*" ]
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  verify-tag:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5
 
      - name: Install uv
        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
      
      - name: Get package version
        run: |
          PACKAGE_VERSION="$(uv run python -c 'import tomllib; print(tomllib.load(open("pyproject.toml","rb"))["project"]["version"])')"
          echo "PACKAGE_VERSION=$PACKAGE_VERSION" >> $GITHUB_ENV
 
      - name: Check tag version
        uses: minitap-ai/devops-common/.github/actions/check-tag-version@v1
        with:
          expected-tag-version: ${{ env.PACKAGE_VERSION }}
  
  dockerhub:
    timeout-minutes: 30
    runs-on: latchkey-small
    needs: verify-tag
    permissions:
      contents: read
    environment:
      name: DockerHub
      url: https://hub.docker.com/r/minitap/mobile-use
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5
 
      - uses: minitap-ai/devops-common/.github/actions/dockerhub-build-push@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          image-name: minitap/${{ vars.IMAGE_NAME }}
          dockerfile: ${{ github.workspace }}/Dockerfile
 
  docker-gcp:
    timeout-minutes: 30
    runs-on: latchkey-small
    needs: verify-tag
    permissions:
      contents: read
    environment: GCP
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5
 
      - uses: minitap-ai/devops-common/.github/actions/gcp-docker-build-push@v1
        with:
          gcp-credentials: ${{ secrets.GCP_SA_KEY }}
          gcp-project-id: ${{ vars.GCP_PROJECT_ID }}
          gcp-region: ${{ vars.GCP_REGION }}
          gcp-artifact-repo: ${{ vars.GCP_ARTIFACT_REPO }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          image-name: ${{ vars.IMAGE_NAME }}-slim
          dockerfile: ${{ github.workspace }}/slim.Dockerfile
  
  pypi:
    timeout-minutes: 30
    runs-on: latchkey-small
    needs: verify-tag
    permissions:
      contents: read
      id-token: write
    environment:
      name: PyPI
      url: https://pypi.org/project/minitap-mobile-use/
    steps:
      - name: Clone the repository
        uses: actions/checkout@v5
 
      - name: Install uv
        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
 
      - name: Build package
        run: uv build
 
      - name: Publish package
        run: uv publish
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 4 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow