Skip to content
Latchkey

Plan Release workflow (shipshapecode/tether)

The Plan Release workflow from shipshapecode/tether, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: shipshapecode/tether.github/workflows/plan-release.ymlLicense MITView source

What it does

This is the Plan Release workflow from the shipshapecode/tether repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Plan Release
on:
  workflow_dispatch:
  push:
    branches:
      - main
      - master
  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
    types:
      - labeled
      - unlabeled

concurrency:
  group: plan-release # only the latest one of these should ever be running
  cancel-in-progress: true

jobs:
  should-run-release-plan-prepare:
    name: Should we run release-plan prepare?
    runs-on: ubuntu-latest
    outputs:
      should-prepare: ${{ steps.should-prepare.outputs.should-prepare }}
    steps:
      - uses: release-plan/actions/should-prepare-release@v1
        with:
          ref: 'master'
        id: should-prepare

  create-prepare-release-pr:
    name: Create Prepare Release PR
    runs-on: ubuntu-latest
    timeout-minutes: 5
    needs: should-run-release-plan-prepare
    permissions:
      contents: write
      issues: read
      pull-requests: write
    if: needs.should-run-release-plan-prepare.outputs.should-prepare == 'true'    
    steps:
      - uses: release-plan/actions/prepare@v1
        name: Run release-plan prepare
        with:
          ref: 'master'
        env:
          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
        id: explanation

      - uses: peter-evans/create-pull-request@v7
        name: Create Prepare Release PR
        with:
          commit-message: "Prepare Release ${{ steps.explanation.outputs.new-version}} using 'release-plan'"
          labels: "internal"
          sign-commits: true
          branch: release-preview
          title: Prepare Release ${{ steps.explanation.outputs.new-version }}
          body: |
            This PR is a preview of the release that [release-plan](https://github.com/embroider-build/release-plan) has prepared. To release you should just merge this PR 👍

            -----------------------------------------

            ${{ steps.explanation.outputs.text }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Plan Release
on:
  workflow_dispatch:
  push:
    branches:
      - main
      - master
  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
    types:
      - labeled
      - unlabeled
 
concurrency:
  group: plan-release # only the latest one of these should ever be running
  cancel-in-progress: true
 
jobs:
  should-run-release-plan-prepare:
    timeout-minutes: 30
    name: Should we run release-plan prepare?
    runs-on: latchkey-small
    outputs:
      should-prepare: ${{ steps.should-prepare.outputs.should-prepare }}
    steps:
      - uses: release-plan/actions/should-prepare-release@v1
        with:
          ref: 'master'
        id: should-prepare
 
  create-prepare-release-pr:
    name: Create Prepare Release PR
    runs-on: latchkey-small
    timeout-minutes: 5
    needs: should-run-release-plan-prepare
    permissions:
      contents: write
      issues: read
      pull-requests: write
    if: needs.should-run-release-plan-prepare.outputs.should-prepare == 'true'    
    steps:
      - uses: release-plan/actions/prepare@v1
        name: Run release-plan prepare
        with:
          ref: 'master'
        env:
          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
        id: explanation
 
      - uses: peter-evans/create-pull-request@v7
        name: Create Prepare Release PR
        with:
          commit-message: "Prepare Release ${{ steps.explanation.outputs.new-version}} using 'release-plan'"
          labels: "internal"
          sign-commits: true
          branch: release-preview
          title: Prepare Release ${{ steps.explanation.outputs.new-version }}
          body: |
            This PR is a preview of the release that [release-plan](https://github.com/embroider-build/release-plan) has prepared. To release you should just merge this PR 👍
 
            -----------------------------------------
 
            ${{ steps.explanation.outputs.text }}
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow