Skip to content
Latchkey

Publish Python package to PyPI workflow (stanford-crfm/helm)

The Publish Python package to PyPI workflow from stanford-crfm/helm, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get caching, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: stanford-crfm/helm.github/workflows/publish-pypi.ymlLicense Apache-2.0View source

What it does

This is the Publish Python package to PyPI workflow from the stanford-crfm/helm repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries

name: Publish Python package to PyPI

on:
  release:
    types: [published]

permissions:
  contents: read

jobs:
  pypi-publish:
    name: Publish Python package to PyPI
    runs-on: ubuntu-latest
    environment:
      name: pypi
      url: https://pypi.org/p/crfm-helm
    permissions:
      id-token: write
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: "3.12"
    - name: Install uv
      uses: astral-sh/setup-uv@v6
      with:
        version: "0.9.4"
    - name: Build
      run: uv build
    - name: helm-run (wheel)
      run: uv run --isolated --no-project --with dist/*.whl helm-run --run-entries simple1:model=simple/model1 --max-eval-instances 10 --suite test
    - name: helm-summarize (wheel)
      run: uv run --isolated --no-project --with dist/*.whl helm-summarize --suite test
    - name: helm-server (wheel)
      run: uv run --isolated --no-project --with dist/*.whl helm-server --help
    - name: helm-run (source distribution)
      run: uv run --isolated --no-project --with dist/*.tar.gz helm-run --run-entries simple1:model=simple/model1 --max-eval-instances 10 --suite test
    - name: helm-summarize (source distribution)
      run: uv run --isolated --no-project --with dist/*.tar.gz helm-summarize --suite test
    - name: helm-server (source distribution)
      run: uv run --isolated --no-project --with dist/*.tar.gz helm-server --help
    - name: Publish package
      uses: pypa/gh-action-pypi-publish@release/v1

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
 
name: Publish Python package to PyPI
 
on:
  release:
    types: [published]
 
permissions:
  contents: read
 
jobs:
  pypi-publish:
    timeout-minutes: 30
    name: Publish Python package to PyPI
    runs-on: latchkey-small
    environment:
      name: pypi
      url: https://pypi.org/p/crfm-helm
    permissions:
      id-token: write
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        cache: 'pip'
        python-version: "3.12"
    - name: Install uv
      uses: astral-sh/setup-uv@v6
      with:
        version: "0.9.4"
    - name: Build
      run: uv build
    - name: helm-run (wheel)
      run: uv run --isolated --no-project --with dist/*.whl helm-run --run-entries simple1:model=simple/model1 --max-eval-instances 10 --suite test
    - name: helm-summarize (wheel)
      run: uv run --isolated --no-project --with dist/*.whl helm-summarize --suite test
    - name: helm-server (wheel)
      run: uv run --isolated --no-project --with dist/*.whl helm-server --help
    - name: helm-run (source distribution)
      run: uv run --isolated --no-project --with dist/*.tar.gz helm-run --run-entries simple1:model=simple/model1 --max-eval-instances 10 --suite test
    - name: helm-summarize (source distribution)
      run: uv run --isolated --no-project --with dist/*.tar.gz helm-summarize --suite test
    - name: helm-server (source distribution)
      run: uv run --isolated --no-project --with dist/*.tar.gz helm-server --help
    - name: Publish package
      uses: pypa/gh-action-pypi-publish@release/v1
 

What changed

2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow