Skip to content
Latchkey

Github Release/Publish PyPi workflow (schireson/pytest-alembic)

The Github Release/Publish PyPi workflow from schireson/pytest-alembic, explained and optimized by Latchkey.

F

CI health: F - at risk

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: schireson/pytest-alembic.github/workflows/release.ymlLicense MITView source

What it does

This is the Github Release/Publish PyPi workflow from the schireson/pytest-alembic repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Github Release/Publish PyPi

on:
  push:
    tags:
      - "v*.*.*"

jobs:
  gh-release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Release
        uses: softprops/action-gh-release@v3
        with:
          generate_release_notes: true

  publish-pypi:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-python@v6
        with:
          python-version: "3.9"
      - name: Run image
        uses: abatilo/actions-poetry@v3.0.1
        with:
          poetry-version: 1.2.2

      - name: Publish
        env:
          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
        run: |
          poetry config pypi-token.pypi $PYPI_TOKEN
          poetry publish --build

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Github Release/Publish PyPi
 
on:
  push:
    tags:
      - "v*.*.*"
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  gh-release:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Release
        uses: softprops/action-gh-release@v3
        with:
          generate_release_notes: true
 
  publish-pypi:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-python@v6
        with:
          cache: 'pip'
          python-version: "3.9"
      - name: Run image
        uses: abatilo/actions-poetry@v3.0.1
        with:
          poetry-version: 1.2.2
 
      - name: Publish
        env:
          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
        run: |
          poetry config pypi-token.pypi $PYPI_TOKEN
          poetry publish --build
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow