Skip to content
Latchkey

Build and upload to PyPI workflow (sovrasov/flops-counter.pytorch)

The Build and upload to PyPI workflow from sovrasov/flops-counter.pytorch, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: sovrasov/flops-counter.pytorch.github/workflows/publish.yamlLicense MITView source

What it does

This is the Build and upload to PyPI workflow from the sovrasov/flops-counter.pytorch repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Build and upload to PyPI

on:
  workflow_dispatch: # run on request (no need for PR)
  release:
    types: [published]

permissions: {} # No permissions by default on workflow level

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Python 3.10
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.10"
      - name: Install pypa/build
        run: |
          python -m pip install --upgrade build
      - name: Build sdist
        run: |
          python -m build --sdist ./
      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: artifact-sdist
          path: dist/*.tar.gz
      - name: Build wheel
        run: |
          python -m build --wheel ./
      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: artifact-wheel
          path: dist/*.whl

  publish_package:
    name: Publish package
    needs: [build]
    environment: pypi
    runs-on: ubuntu-latest
    permissions:
      contents: write # required by svenstaro/upload-release-action
      id-token: write # required by trusted publisher
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v4
        with:
          path: distr
          pattern: artifact-*
          merge-multiple: true
      - name: Upload package distributions to github
        uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: distr/*
          tag: ${{ github.ref }}
          overwrite: true
          file_glob: true
      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
        with:
          packages-dir: distr/

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Build and upload to PyPI
 
on:
  workflow_dispatch: # run on request (no need for PR)
  release:
    types: [published]
 
permissions: {} # No permissions by default on workflow level
 
jobs:
  build:
    timeout-minutes: 30
    name: Build
    runs-on: latchkey-small
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Python 3.10
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          cache: 'pip'
          python-version: "3.10"
      - name: Install pypa/build
        run: |
          python -m pip install --upgrade build
      - name: Build sdist
        run: |
          python -m build --sdist ./
      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: artifact-sdist
          path: dist/*.tar.gz
      - name: Build wheel
        run: |
          python -m build --wheel ./
      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: artifact-wheel
          path: dist/*.whl
 
  publish_package:
    timeout-minutes: 30
    name: Publish package
    needs: [build]
    environment: pypi
    runs-on: latchkey-small
    permissions:
      contents: write # required by svenstaro/upload-release-action
      id-token: write # required by trusted publisher
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v4
        with:
          path: distr
          pattern: artifact-*
          merge-multiple: true
      - name: Upload package distributions to github
        uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: distr/*
          tag: ${{ github.ref }}
          overwrite: true
          file_glob: true
      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
        with:
          packages-dir: distr/
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow