Skip to content
Latchkey

Create Release Pull Request workflow (simple-icons/simple-icons)

The Create Release Pull Request workflow from simple-icons/simple-icons, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: simple-icons/simple-icons.github/workflows/create-release.ymlLicense CC0-1.0View source

What it does

This is the Create Release Pull Request workflow from the simple-icons/simple-icons repository, a real project running GitHub Actions. It is shown here with attribution under its CC0-1.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Create Release Pull Request
on:
  # THIS WORKFLOW SHOULD NEVER BE TRIGGERED ON A PUSH EVENT. IF TRIGGERED ON A
  # PUSH EVENT IT MAY CREATE AN ENDLESS STREAM OF 'version bump' COMMITS.
  workflow_dispatch:
  schedule:
    # "At 00:00 on Sunday" (https://crontab.guru/once-a-week)
    - cron: '0 0 * * 0'

# This Workflow can be triggered manually through the GitHub UI or API. For the
# API use the following request:
#   curl -X POST \
#        -H "Authorization: Bearer <token>" \
#        -d '{"ref":"develop"}' \
#        https://api.github.com/repos/simple-icons/simple-icons/actions/workflows/create-release.yml/dispatches
# Replacing <token> by a personal access token with scope `public_repo`

jobs:
  check-is-fork:
    name: Check if running in a fork
    runs-on: ubuntu-latest
    permissions: {}
    outputs:
      is-fork: ${{ steps.check.outputs.is-fork }}
    steps:
      - uses: actions/checkout@v6
      - uses: ./.github/actions/check-is-fork
        id: check
        with:
          in-fork-message: 'Create Release Pull Request workflow only can run in the main repository, skipping.'
  release-pr:
    runs-on: ubuntu-latest
    needs: check-is-fork
    permissions:
      contents: read
      pull-requests: write
      issues: write
    if: |
      github.event_name != 'push' &&
      needs.check-is-fork.outputs.is-fork != 'true'
    outputs:
      did-create-pr: ${{ steps.release.outputs.did-create-pr }}
      new-version: ${{ steps.release.outputs.new-version }}
    steps:
      - uses: actions/create-github-app-token@v3
        id: app-token
        with:
          client-id: ${{ secrets.BOT_CLIENT_ID }}
          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
      - uses: simple-icons/release-action@v3
        id: release
        with:
          repo-token: ${{ steps.app-token.outputs.token }}
  version-bump:
    runs-on: ubuntu-latest
    needs: release-pr
    permissions:
      contents: write
    if: |
      github.event_name != 'push' &&
      needs.release-pr.outputs.did-create-pr == 'true'
    steps:
      - uses: actions/create-github-app-token@v3
        id: app-token
        with:
          client-id: ${{ secrets.BOT_CLIENT_ID }}
          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
      - name: Checkout
        uses: actions/checkout@v6
        with:
          # Ensure the commit can be pushed regardless of branch protections (must belong to an admin of this repo)
          token: ${{ steps.app-token.outputs.token }}
          # Ensure we are checked out on the develop branch
          ref: develop
      - name: Use Node.js
        uses: actions/setup-node@v6
        with:
          node-version-file: .node-version
          cache: npm
          cache-dependency-path: '**/package-lock.json'
      - name: Bump version
        run: |
          npm version --no-commit-hooks --no-git-tag-version \
            "${{ needs.release-pr.outputs.new-version }}"
      - name: Install dependencies
        run: npm ci --no-audit --no-fund
      - name: Update major version in CDN URLs
        run: node scripts/release/update-cdn-urls.js
      - name: Update SVGs count milestone
        run: node scripts/release/update-svgs-count.js
      - name: Update slugs table
        run: node scripts/release/update-slugs-table.js
      - name: Update SDK Typescript definitions
        run: node scripts/release/update-sdk-ts-defs.js
      - name: Commit version bump
        uses: stefanzweifel/git-auto-commit-action@v7
        with:
          commit_message: Bump version to ${{ needs.release-pr.outputs.new-version }}
          commit_user_name: 'simple-icons[bot]'
          commit_user_email: 'simple-icons[bot]@users.noreply.github.com'
          commit_author: 'simple-icons[bot] <simple-icons[bot]@users.noreply.github.com>'

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Create Release Pull Request
on:
  # THIS WORKFLOW SHOULD NEVER BE TRIGGERED ON A PUSH EVENT. IF TRIGGERED ON A
  # PUSH EVENT IT MAY CREATE AN ENDLESS STREAM OF 'version bump' COMMITS.
  workflow_dispatch:
  schedule:
    # "At 00:00 on Sunday" (https://crontab.guru/once-a-week)
    - cron: '0 0 * * 0'
 
# This Workflow can be triggered manually through the GitHub UI or API. For the
# API use the following request:
#   curl -X POST \
#        -H "Authorization: Bearer <token>" \
#        -d '{"ref":"develop"}' \
#        https://api.github.com/repos/simple-icons/simple-icons/actions/workflows/create-release.yml/dispatches
# Replacing <token> by a personal access token with scope `public_repo`
 
jobs:
  check-is-fork:
    timeout-minutes: 30
    name: Check if running in a fork
    runs-on: latchkey-small
    permissions: {}
    outputs:
      is-fork: ${{ steps.check.outputs.is-fork }}
    steps:
      - uses: actions/checkout@v6
      - uses: ./.github/actions/check-is-fork
        id: check
        with:
          in-fork-message: 'Create Release Pull Request workflow only can run in the main repository, skipping.'
  release-pr:
    timeout-minutes: 30
    runs-on: latchkey-small
    needs: check-is-fork
    permissions:
      contents: read
      pull-requests: write
      issues: write
    if: |
      github.event_name != 'push' &&
      needs.check-is-fork.outputs.is-fork != 'true'
    outputs:
      did-create-pr: ${{ steps.release.outputs.did-create-pr }}
      new-version: ${{ steps.release.outputs.new-version }}
    steps:
      - uses: actions/create-github-app-token@v3
        id: app-token
        with:
          client-id: ${{ secrets.BOT_CLIENT_ID }}
          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
      - uses: simple-icons/release-action@v3
        id: release
        with:
          repo-token: ${{ steps.app-token.outputs.token }}
  version-bump:
    timeout-minutes: 30
    runs-on: latchkey-small
    needs: release-pr
    permissions:
      contents: write
    if: |
      github.event_name != 'push' &&
      needs.release-pr.outputs.did-create-pr == 'true'
    steps:
      - uses: actions/create-github-app-token@v3
        id: app-token
        with:
          client-id: ${{ secrets.BOT_CLIENT_ID }}
          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
      - name: Checkout
        uses: actions/checkout@v6
        with:
          # Ensure the commit can be pushed regardless of branch protections (must belong to an admin of this repo)
          token: ${{ steps.app-token.outputs.token }}
          # Ensure we are checked out on the develop branch
          ref: develop
      - name: Use Node.js
        uses: actions/setup-node@v6
        with:
          node-version-file: .node-version
          cache: npm
          cache-dependency-path: '**/package-lock.json'
      - name: Bump version
        run: |
          npm version --no-commit-hooks --no-git-tag-version \
            "${{ needs.release-pr.outputs.new-version }}"
      - name: Install dependencies
        run: npm ci --no-audit --no-fund
      - name: Update major version in CDN URLs
        run: node scripts/release/update-cdn-urls.js
      - name: Update SVGs count milestone
        run: node scripts/release/update-svgs-count.js
      - name: Update slugs table
        run: node scripts/release/update-slugs-table.js
      - name: Update SDK Typescript definitions
        run: node scripts/release/update-sdk-ts-defs.js
      - name: Commit version bump
        uses: stefanzweifel/git-auto-commit-action@v7
        with:
          commit_message: Bump version to ${{ needs.release-pr.outputs.new-version }}
          commit_user_name: 'simple-icons[bot]'
          commit_user_email: 'simple-icons[bot]@users.noreply.github.com'
          commit_author: 'simple-icons[bot] <simple-icons[bot]@users.noreply.github.com>'
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 3 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow