Skip to content
Latchkey

Release workflow (sinatra/sinatra)

The Release workflow from sinatra/sinatra, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: sinatra/sinatra.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the sinatra/sinatra repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release

on:
  push:
    tags:
      - v*
  workflow_dispatch:

jobs:
  release:
    if: github.repository == 'sinatra/sinatra'
    runs-on: ubuntu-latest
    permissions:
      id-token: write # for trusted publishing
    steps:
      - uses: actions/checkout@v4
      - uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
          ruby-version: ruby
      - uses: rubygems/configure-rubygems-credentials@v1.0.0
      # ensure gems can be built and installed
      - run: bundle exec rake install:rack-protection
      - run: bundle exec rake install:sinatra
      - run: bundle exec rake install:sinatra-contrib
      # push gems to rubygems.org
      - run: bundle exec rake release:rack-protection
      - run: bundle exec rake release:sinatra
      - run: bundle exec rake release:sinatra-contrib

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Release
 
on:
  push:
    tags:
      - v*
  workflow_dispatch:
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  release:
    timeout-minutes: 30
    if: github.repository == 'sinatra/sinatra'
    runs-on: latchkey-small
    permissions:
      id-token: write # for trusted publishing
    steps:
      - uses: actions/checkout@v4
      - uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
          ruby-version: ruby
      - uses: rubygems/configure-rubygems-credentials@v1.0.0
      # ensure gems can be built and installed
      - run: bundle exec rake install:rack-protection
      - run: bundle exec rake install:sinatra
      - run: bundle exec rake install:sinatra-contrib
      # push gems to rubygems.org
      - run: bundle exec rake release:rack-protection
      - run: bundle exec rake release:sinatra
      - run: bundle exec rake release:sinatra-contrib
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow