Skip to content
Latchkey

goreleaser workflow (rs/curlie)

The goreleaser workflow from rs/curlie, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: rs/curlie.github/workflows/release.ymlLicense MITView source

What it does

This is the goreleaser workflow from the rs/curlie repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: goreleaser

on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
    tags:
      - "*"

concurrency:
  group: ${{ github.ref_name }}-goreleaser
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: stable

      - name: Test
        run: go test ./...

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3
        if: github.ref_type == 'tag'

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          version: latest
          args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: goreleaser
 
on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
    tags:
      - "*"
 
concurrency:
  group: ${{ github.ref_name }}-goreleaser
  cancel-in-progress: true
 
permissions:
  contents: read
 
jobs:
  goreleaser:
    timeout-minutes: 30
    runs-on: latchkey-small
    permissions:
      contents: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: stable
 
      - name: Test
        run: go test ./...
 
      - name: Install Cosign
        uses: sigstore/cosign-installer@v3
        if: github.ref_type == 'tag'
 
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          version: latest
          args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow