Skip to content
Latchkey

Release workflow (spencermountain/compromise)

The Release workflow from spencermountain/compromise, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: spencermountain/compromise.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the spencermountain/compromise repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release

on:
  release:
    types: [created]
# on:
#   push:
#     branches:
#       - master

jobs:
  release:
    runs-on: ubuntu-latest
    
    permissions:
      id-token: write
      contents: read

    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false

      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with: 
          node-version: 'lts/*'
          package-manager-cache: false
          registry-url: 'https://registry.npmjs.org'

      - name: install
        run: |
          npm ci
          npm run plugins:ci

      - name: static checks
        run: |
          npm run lint

      - name: build
        run: |
          npm run build
          npm run plugins:build

      - name: test
        run: |
          npm run test:smoke
          npm run test
          npm run testb

      - name: publish
        run: |
          echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc
          npm publish --access public --provenance
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Release
 
on:
  release:
    types: [created]
# on:
#   push:
#     branches:
#       - master
 
jobs:
  release:
    timeout-minutes: 30
    runs-on: latchkey-small
    
    permissions:
      id-token: write
      contents: read
 
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
 
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with: 
          cache: 'npm'
          node-version: 'lts/*'
          package-manager-cache: false
          registry-url: 'https://registry.npmjs.org'
 
      - name: install
        run: |
          npm ci
          npm run plugins:ci
 
      - name: static checks
        run: |
          npm run lint
 
      - name: build
        run: |
          npm run build
          npm run plugins:build
 
      - name: test
        run: |
          npm run test:smoke
          npm run test
          npm run testb
 
      - name: publish
        run: |
          echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc
          npm publish --access public --provenance
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow