Skip to content
Latchkey

Release 🐍 distribution workflow (paulrobello/parllama)

The Release 🐍 distribution workflow from paulrobello/parllama, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: paulrobello/parllama.github/workflows/release.ymlLicense MITView source

What it does

This is the Release 🐍 distribution workflow from the paulrobello/parllama repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release 🐍 distribution

on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Version to release (optional - will auto-detect if not provided)'
        required: false
        type: string


jobs:
  build:
    name: Build distribution πŸ“¦
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.get_version.outputs.version }}
    steps:
      - uses: actions/checkout@v6

      - name: Setup Python with uv
        uses: ./.github/actions/setup-python-uv

      - name: Validate version
        id: get_version
        uses: ./.github/actions/validate-version
        with:
          version-override: ${{ inputs.version }}

      - name: Run tests and checks
        run: |
          make checkall

      - name: Build package
        run: make package

      - name: Store the distribution packages
        uses: actions/upload-artifact@v7
        with:
          name: python-package-distributions
          path: dist/

  github-release:
    name: Create GitHub Release
    runs-on: ubuntu-latest
    needs: build
    permissions:
      contents: write
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v6

      - name: Download all the dists
        uses: actions/download-artifact@v8
        with:
          name: python-package-distributions
          path: dist/

      - name: Sign the dists with Sigstore
        uses: sigstore/gh-action-sigstore-python@v3.3.0
        with:
          inputs: >-
            ./dist/*.tar.gz
            ./dist/*.whl

      - name: Create GitHub Release
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          tag="v${{ needs.build.outputs.version }}"
          echo "Creating release for tag: $tag"
          gh release create \
          "$tag" \
          --repo '${{ github.repository }}' \
          --generate-notes \
          --latest

      - name: Upload artifact signatures to GitHub Release
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          tag="v${{ needs.build.outputs.version }}"
          echo "Uploading artifacts to release: $tag"
          gh release upload \
          "$tag" dist/** \
          --repo '${{ github.repository }}'

      - name: Discord notification
        if: always() && needs.build.result == 'success'
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@0.4.0
        with:
          args: 'πŸŽ‰ New release v${{ needs.build.outputs.version }} has been created for ${{ github.repository }}! πŸš€'
        continue-on-error: true

      - name: Discord notification - failure
        if: failure()
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@0.4.0
        with:
          args: '❌ Failed to create release v${{ needs.build.outputs.version }} for ${{ github.repository }}. Check the workflow logs for details.'
        continue-on-error: true

  # Global failure notification for any job failure
  notify-failure:
    runs-on: ubuntu-latest
    needs: [build, github-release]
    if: always() && contains(needs.*.result, 'failure')
    steps:
      - name: Discord notification - Workflow failure
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@0.4.0
        with:
          args: 'πŸ’₯ GitHub Release workflow FAILED for ${{ github.repository }}. Check logs for details!'
        continue-on-error: true

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Release 🐍 distribution
 
on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Version to release (optional - will auto-detect if not provided)'
        required: false
        type: string
 
 
jobs:
  build:
    timeout-minutes: 30
    name: Build distribution πŸ“¦
    runs-on: latchkey-small
    outputs:
      version: ${{ steps.get_version.outputs.version }}
    steps:
      - uses: actions/checkout@v6
 
      - name: Setup Python with uv
        uses: ./.github/actions/setup-python-uv
 
      - name: Validate version
        id: get_version
        uses: ./.github/actions/validate-version
        with:
          version-override: ${{ inputs.version }}
 
      - name: Run tests and checks
        run: |
          make checkall
 
      - name: Build package
        run: make package
 
      - name: Store the distribution packages
        uses: actions/upload-artifact@v7
        with:
          name: python-package-distributions
          path: dist/
 
  github-release:
    timeout-minutes: 30
    name: Create GitHub Release
    runs-on: latchkey-small
    needs: build
    permissions:
      contents: write
      id-token: write
 
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
 
      - name: Download all the dists
        uses: actions/download-artifact@v8
        with:
          name: python-package-distributions
          path: dist/
 
      - name: Sign the dists with Sigstore
        uses: sigstore/gh-action-sigstore-python@v3.3.0
        with:
          inputs: >-
            ./dist/*.tar.gz
            ./dist/*.whl
 
      - name: Create GitHub Release
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          tag="v${{ needs.build.outputs.version }}"
          echo "Creating release for tag: $tag"
          gh release create \
          "$tag" \
          --repo '${{ github.repository }}' \
          --generate-notes \
          --latest
 
      - name: Upload artifact signatures to GitHub Release
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          tag="v${{ needs.build.outputs.version }}"
          echo "Uploading artifacts to release: $tag"
          gh release upload \
          "$tag" dist/** \
          --repo '${{ github.repository }}'
 
      - name: Discord notification
        if: always() && needs.build.result == 'success'
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@0.4.0
        with:
          args: 'πŸŽ‰ New release v${{ needs.build.outputs.version }} has been created for ${{ github.repository }}! πŸš€'
        continue-on-error: true
 
      - name: Discord notification - failure
        if: failure()
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@0.4.0
        with:
          args: '❌ Failed to create release v${{ needs.build.outputs.version }} for ${{ github.repository }}. Check the workflow logs for details.'
        continue-on-error: true
 
  # Global failure notification for any job failure
  notify-failure:
    timeout-minutes: 30
    runs-on: latchkey-small
    needs: [build, github-release]
    if: always() && contains(needs.*.result, 'failure')
    steps:
      - name: Discord notification - Workflow failure
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@0.4.0
        with:
          args: 'πŸ’₯ GitHub Release workflow FAILED for ${{ github.repository }}. Check logs for details!'
        continue-on-error: true
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 3 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow