Skip to content
Latchkey

Build and upload to PyPI workflow (pyranges/pyranges0)

The Build and upload to PyPI workflow from pyranges/pyranges0, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: pyranges/pyranges0.github/workflows/build_and_upload_wheels.ymlLicense MITView source

What it does

This is the Build and upload to PyPI workflow from the pyranges/pyranges0 repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Build and upload to PyPI

# Source: https://raw.githubusercontent.com/pypa/cibuildwheel/main/examples/github-deploy.yml

env:
  CIBW_SKIP: "cp36-*"

on:
  workflow_dispatch:

jobs:
  build_and_upload_wheels:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Build SDist and wheel
        run: pipx run build

      - uses: actions/upload-artifact@v4
        with:
          name: python-package-dist
          path: dist/*

      - name: Check metadata
        run: pipx run twine check dist/*

      - uses: pypa/gh-action-pypi-publish@v1.8.14
        with:
          user: ${{ secrets.PYPI_USER }}
          password: ${{ secrets.PYPI_PROD_PASSWORD }}
          verbose: true
          # For testing purposes:
          # repository_url: https://test.pypi.org/legacy/

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Build and upload to PyPI
 
# Source: https://raw.githubusercontent.com/pypa/cibuildwheel/main/examples/github-deploy.yml
 
env:
  CIBW_SKIP: "cp36-*"
 
on:
  workflow_dispatch:
 
jobs:
  build_and_upload_wheels:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Build SDist and wheel
        run: pipx run build
 
      - uses: actions/upload-artifact@v4
        with:
          name: python-package-dist
          path: dist/*
 
      - name: Check metadata
        run: pipx run twine check dist/*
 
      - uses: pypa/gh-action-pypi-publish@v1.8.14
        with:
          user: ${{ secrets.PYPI_USER }}
          password: ${{ secrets.PYPI_PROD_PASSWORD }}
          verbose: true
          # For testing purposes:
          # repository_url: https://test.pypi.org/legacy/
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow