Skip to content
Latchkey

Release workflow (tailwindlabs/heroicons)

The Release workflow from tailwindlabs/heroicons, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: tailwindlabs/heroicons.github/workflows/release.ymlLicense MITView source

What it does

This is the Release workflow from the tailwindlabs/heroicons repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Release

on:
  push:
    branches: [master]
  release:
    types: [published]

permissions:
  contents: read
  id-token: write

env:
  CI: true

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [24]

    steps:
      - uses: actions/checkout@v3

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          registry-url: 'https://registry.npmjs.org'

      - name: Use cached node_modules
        id: cache
        uses: actions/cache@v3
        with:
          path: node_modules
          key: nodeModules-${{ hashFiles('**/package-lock.json') }}-${{ matrix.node-version }}
          restore-keys: |
            nodeModules-

      - name: Install dependencies
        if: steps.cache.outputs.cache-hit != 'true'
        run: npm install

      - name: Resolve release metadata
        run: |
          if [ "${{ github.event_name }}" = "release" ]; then
            echo "RELEASE_KIND=release" >> $GITHUB_ENV
            echo "RELEASE_CHANNEL=$(npm run release-channel --silent)" >> $GITHUB_ENV
          else
            echo "RELEASE_KIND=insiders" >> $GITHUB_ENV
            echo "INSIDERS_VERSION=0.0.0-insiders.$(git rev-parse --short HEAD)" >> $GITHUB_ENV
            echo "RELEASE_CHANNEL=insiders" >> $GITHUB_ENV
          fi

      - name: Version `heroicons` based on commit
        if: env.RELEASE_KIND == 'insiders'
        run: npm version "$INSIDERS_VERSION" --force --no-git-tag-version

      - name: Version `@heroicons/react` based on commit
        if: env.RELEASE_KIND == 'insiders'
        run: npm version "$INSIDERS_VERSION" --force --no-git-tag-version --prefix react

      - name: Version `@heroicons/vue` based on commit
        if: env.RELEASE_KIND == 'insiders'
        run: npm version "$INSIDERS_VERSION" --force --no-git-tag-version --prefix vue

      - name: Publish `heroicons`
        run: npm publish --provenance --tag "$RELEASE_CHANNEL"

      - name: Publish `@heroicons/react`
        run: npm publish ./react --provenance --tag "$RELEASE_CHANNEL"

      - name: Publish `@heroicons/vue`
        run: npm publish ./vue --provenance --tag "$RELEASE_CHANNEL"

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Release
 
on:
  push:
    branches: [master]
  release:
    types: [published]
 
permissions:
  contents: read
  id-token: write
 
env:
  CI: true
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    runs-on: latchkey-small
 
    strategy:
      matrix:
        node-version: [24]
 
    steps:
      - uses: actions/checkout@v3
 
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          cache: 'npm'
          node-version: ${{ matrix.node-version }}
          registry-url: 'https://registry.npmjs.org'
 
      - name: Use cached node_modules
        id: cache
        uses: actions/cache@v3
        with:
          path: node_modules
          key: nodeModules-${{ hashFiles('**/package-lock.json') }}-${{ matrix.node-version }}
          restore-keys: |
            nodeModules-
 
      - name: Install dependencies
        if: steps.cache.outputs.cache-hit != 'true'
        run: npm install
 
      - name: Resolve release metadata
        run: |
          if [ "${{ github.event_name }}" = "release" ]; then
            echo "RELEASE_KIND=release" >> $GITHUB_ENV
            echo "RELEASE_CHANNEL=$(npm run release-channel --silent)" >> $GITHUB_ENV
          else
            echo "RELEASE_KIND=insiders" >> $GITHUB_ENV
            echo "INSIDERS_VERSION=0.0.0-insiders.$(git rev-parse --short HEAD)" >> $GITHUB_ENV
            echo "RELEASE_CHANNEL=insiders" >> $GITHUB_ENV
          fi
 
      - name: Version `heroicons` based on commit
        if: env.RELEASE_KIND == 'insiders'
        run: npm version "$INSIDERS_VERSION" --force --no-git-tag-version
 
      - name: Version `@heroicons/react` based on commit
        if: env.RELEASE_KIND == 'insiders'
        run: npm version "$INSIDERS_VERSION" --force --no-git-tag-version --prefix react
 
      - name: Version `@heroicons/vue` based on commit
        if: env.RELEASE_KIND == 'insiders'
        run: npm version "$INSIDERS_VERSION" --force --no-git-tag-version --prefix vue
 
      - name: Publish `heroicons`
        run: npm publish --provenance --tag "$RELEASE_CHANNEL"
 
      - name: Publish `@heroicons/react`
        run: npm publish ./react --provenance --tag "$RELEASE_CHANNEL"
 
      - name: Publish `@heroicons/vue`
        run: npm publish ./vue --provenance --tag "$RELEASE_CHANNEL"
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow