Skip to content
Latchkey

Publish changed packages workflow (thinkjs/thinkjs)

The Publish changed packages workflow from thinkjs/thinkjs, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: thinkjs/thinkjs.github/workflows/publish-packages.ymlLicense MITView source

What it does

This is the Publish changed packages workflow from the thinkjs/thinkjs repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Publish changed packages

on:
  push:
    branches:
      - master
    paths:
      - 'packages/*/package.json'

jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 2

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20.x
          registry-url: https://registry.npmjs.org

      - name: Find packages with version changes
        id: changed_packages
        shell: bash
        run: |
          set -euo pipefail

          before_sha="${{ github.event.before }}"
          if [ "$before_sha" = "0000000000000000000000000000000000000000" ]; then
            before_sha="$(git rev-parse HEAD^)"
          fi

          changed_files=$(git diff --name-only "$before_sha" "$GITHUB_SHA" -- 'packages/*/package.json' || true)
          packages=""

          for file in $changed_files; do
            old_version=$(git show "$before_sha:$file" 2>/dev/null | node -p "try { JSON.parse(require('fs').readFileSync(0, 'utf8')).version || '' } catch { '' }")
            new_version=$(node -p "try { require('./$file').version || '' } catch { '' }")

            if [ -n "$new_version" ] && [ "$old_version" != "$new_version" ]; then
              pkg_dir=$(dirname "$file")
              packages="${packages}${pkg_dir}"$'\n'
            fi
          done

          packages=$(printf "%s" "$packages" | sed '/^$/d' | sort -u || true)
          {
            echo "packages<<EOF"
            echo "$packages"
            echo "EOF"
          } >> "$GITHUB_OUTPUT"

      - name: Publish changed packages
        if: ${{ steps.changed_packages.outputs.packages != '' }}
        shell: bash
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          set -euo pipefail
          while IFS= read -r pkg; do
            [ -z "$pkg" ] && continue
            echo "Publishing $pkg"
            (cd "$pkg" && npm publish --provenance)
          done <<< "${{ steps.changed_packages.outputs.packages }}"

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Publish changed packages
 
on:
  push:
    branches:
      - master
    paths:
      - 'packages/*/package.json'
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  publish:
    timeout-minutes: 30
    runs-on: latchkey-small
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 2
 
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          cache: 'npm'
          node-version: 20.x
          registry-url: https://registry.npmjs.org
 
      - name: Find packages with version changes
        id: changed_packages
        shell: bash
        run: |
          set -euo pipefail
 
          before_sha="${{ github.event.before }}"
          if [ "$before_sha" = "0000000000000000000000000000000000000000" ]; then
            before_sha="$(git rev-parse HEAD^)"
          fi
 
          changed_files=$(git diff --name-only "$before_sha" "$GITHUB_SHA" -- 'packages/*/package.json' || true)
          packages=""
 
          for file in $changed_files; do
            old_version=$(git show "$before_sha:$file" 2>/dev/null | node -p "try { JSON.parse(require('fs').readFileSync(0, 'utf8')).version || '' } catch { '' }")
            new_version=$(node -p "try { require('./$file').version || '' } catch { '' }")
 
            if [ -n "$new_version" ] && [ "$old_version" != "$new_version" ]; then
              pkg_dir=$(dirname "$file")
              packages="${packages}${pkg_dir}"$'\n'
            fi
          done
 
          packages=$(printf "%s" "$packages" | sed '/^$/d' | sort -u || true)
          {
            echo "packages<<EOF"
            echo "$packages"
            echo "EOF"
          } >> "$GITHUB_OUTPUT"
 
      - name: Publish changed packages
        if: ${{ steps.changed_packages.outputs.packages != '' }}
        shell: bash
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          set -euo pipefail
          while IFS= read -r pkg; do
            [ -z "$pkg" ] && continue
            echo "Publishing $pkg"
            (cd "$pkg" && npm publish --provenance)
          done <<< "${{ steps.changed_packages.outputs.packages }}"
 

What changed

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow