Release workflow (python-poetry/poetry-core)
The Release workflow from python-poetry/poetry-core, explained and optimized by Latchkey.
A
CI health: A - excellent
Point runs-on at Latchkey and get job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Release workflow from the python-poetry/poetry-core repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
workflow (.yml)
name: Release
on:
release:
types: [published]
permissions: {}
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- run: pipx run build
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: distfiles
path: dist/
if-no-files-found: error
upload-github:
name: Upload (GitHub)
runs-on: ubuntu-latest
permissions:
contents: write
needs: build
steps:
# We need to be in a git repo for gh to work.
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: distfiles
path: dist/
- run: gh release upload "${TAG_NAME}" dist/*.{tar.gz,whl}
env:
GH_TOKEN: ${{ github.token }}
TAG_NAME: ${{ github.event.release.tag_name }}
upload-pypi:
name: Upload (PyPI)
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/project/poetry-core/
permissions:
id-token: write
needs: build
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: distfiles
path: dist/
- uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
print-hash: true
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Release on: release: types: [published] permissions: {} jobs: build: timeout-minutes: 30 name: Build runs-on: latchkey-small steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - run: pipx run build - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: distfiles path: dist/ if-no-files-found: error upload-github: timeout-minutes: 30 name: Upload (GitHub) runs-on: latchkey-small permissions: contents: write needs: build steps: # We need to be in a git repo for gh to work. - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: distfiles path: dist/ - run: gh release upload "${TAG_NAME}" dist/*.{tar.gz,whl} env: GH_TOKEN: ${{ github.token }} TAG_NAME: ${{ github.event.release.tag_name }} upload-pypi: timeout-minutes: 30 name: Upload (PyPI) runs-on: latchkey-small environment: name: pypi url: https://pypi.org/project/poetry-core/ permissions: id-token: write needs: build steps: - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: distfiles path: dist/ - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: print-hash: true
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
This workflow runs 3 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.