Skip to content
Latchkey

Publish to PyPI workflow (plexe-ai/plexe)

The Publish to PyPI workflow from plexe-ai/plexe, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: plexe-ai/plexe.github/workflows/publish.ymlLicense Apache-2.0View source

What it does

This is the Publish to PyPI workflow from the plexe-ai/plexe repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Publish to PyPI

on:
  release:
    types: [published]
  workflow_dispatch:

jobs:
  publish:
    runs-on: ubuntu-latest
    environment: release
    permissions:
      contents: read
    
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.12'

      - name: Validate version matches release tag
        if: github.event_name == 'release'
        run: |
          # Extract version from pyproject.toml
          PYPROJECT_VERSION=$(python3 -c "
          import tomllib
          import sys
          with open('pyproject.toml', 'rb') as f:
              data = tomllib.load(f)
          # Try old Poetry format first, then new PEP 621 format
          if 'tool' in data and 'poetry' in data['tool'] and 'version' in data['tool']['poetry']:
              print(data['tool']['poetry']['version'])
          elif 'project' in data and 'version' in data['project']:
              print(data['project']['version'])
          else:
              print('❌ Error: Could not find version in pyproject.toml', file=sys.stderr)
              print('Expected tool.poetry.version or project.version', file=sys.stderr)
              sys.exit(1)
          ")

          # Extract tag from release (strip 'v' prefix if present)
          RELEASE_TAG="${{ github.event.release.tag_name }}"
          RELEASE_VERSION="${RELEASE_TAG#v}"

          echo "pyproject.toml version: $PYPROJECT_VERSION"
          echo "Release tag: $RELEASE_TAG"
          echo "Release version (normalized): $RELEASE_VERSION"

          # Compare versions
          if [ "$PYPROJECT_VERSION" != "$RELEASE_VERSION" ]; then
            echo "❌ ERROR: Version mismatch!"
            echo "   pyproject.toml version: $PYPROJECT_VERSION"
            echo "   Release tag version: $RELEASE_VERSION"
            echo ""
            echo "Please ensure the release tag matches the version in pyproject.toml"
            echo "Expected tag: v$PYPROJECT_VERSION or $PYPROJECT_VERSION"
            exit 1
          fi

          echo "✅ Version validation passed: $PYPROJECT_VERSION"

      - name: Install Poetry
        run: |
          python -m pip install --upgrade pip
          pip install poetry

      - name: Build Package
        run: poetry build

      - name: Configure PyPI Token
        run: poetry config pypi-token.pypi ${{ secrets.PYPI_TOKEN }}

      - name: Publish to PyPI
        if: github.event_name == 'release'
        run: poetry publish

      - name: List Build Output (for testing)
        if: github.event_name == 'workflow_dispatch'
        run: ls -l dist/

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Publish to PyPI
 
on:
  release:
    types: [published]
  workflow_dispatch:
 
jobs:
  publish:
    timeout-minutes: 30
    runs-on: latchkey-small
    environment: release
    permissions:
      contents: read
    
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
 
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          cache: 'pip'
          python-version: '3.12'
 
      - name: Validate version matches release tag
        if: github.event_name == 'release'
        run: |
          # Extract version from pyproject.toml
          PYPROJECT_VERSION=$(python3 -c "
          import tomllib
          import sys
          with open('pyproject.toml', 'rb') as f:
              data = tomllib.load(f)
          # Try old Poetry format first, then new PEP 621 format
          if 'tool' in data and 'poetry' in data['tool'] and 'version' in data['tool']['poetry']:
              print(data['tool']['poetry']['version'])
          elif 'project' in data and 'version' in data['project']:
              print(data['project']['version'])
          else:
              print('❌ Error: Could not find version in pyproject.toml', file=sys.stderr)
              print('Expected tool.poetry.version or project.version', file=sys.stderr)
              sys.exit(1)
          ")
 
          # Extract tag from release (strip 'v' prefix if present)
          RELEASE_TAG="${{ github.event.release.tag_name }}"
          RELEASE_VERSION="${RELEASE_TAG#v}"
 
          echo "pyproject.toml version: $PYPROJECT_VERSION"
          echo "Release tag: $RELEASE_TAG"
          echo "Release version (normalized): $RELEASE_VERSION"
 
          # Compare versions
          if [ "$PYPROJECT_VERSION" != "$RELEASE_VERSION" ]; then
            echo "❌ ERROR: Version mismatch!"
            echo "   pyproject.toml version: $PYPROJECT_VERSION"
            echo "   Release tag version: $RELEASE_VERSION"
            echo ""
            echo "Please ensure the release tag matches the version in pyproject.toml"
            echo "Expected tag: v$PYPROJECT_VERSION or $PYPROJECT_VERSION"
            exit 1
          fi
 
          echo "✅ Version validation passed: $PYPROJECT_VERSION"
 
      - name: Install Poetry
        run: |
          python -m pip install --upgrade pip
          pip install poetry
 
      - name: Build Package
        run: poetry build
 
      - name: Configure PyPI Token
        run: poetry config pypi-token.pypi ${{ secrets.PYPI_TOKEN }}
 
      - name: Publish to PyPI
        if: github.event_name == 'release'
        run: poetry publish
 
      - name: List Build Output (for testing)
        if: github.event_name == 'workflow_dispatch'
        run: ls -l dist/

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow