Skip to content
Latchkey

Upload Python Package workflow (viser-project/viser)

The Upload Python Package workflow from viser-project/viser, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: viser-project/viser.github/workflows/publish.ymlLicense Apache-2.0View source

What it does

This is the Upload Python Package workflow from the viser-project/viser repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
# This workflows will upload a Python Package using uv when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries

name: Upload Python Package

on:
  release:
    types: [created]
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      - name: Install uv
        uses: astral-sh/setup-uv@v5
      # Restore the shared client build (built by the e2e workflow on the same
      # commit, or built here on a cache miss). Needed both to run the e2e tests
      # below and to bundle into the PyPI package.
      - uses: ./.github/actions/build-client
      - uses: ./.github/actions/setup-e2e
        with:
          python-version: "3.12"
      - name: Make sure tests pass
        run: uv run --extra dev --python 3.12 pytest
      - name: Strip unsupported tags in README
        run: |
          sed -i '/<!-- pypi-strip -->/,/<!-- \/pypi-strip -->/d' README.md
      - name: Only bundle client build for PyPI release
        run: |
          # This should delete everything in src/viser/client except for the
          # build folder + original source files. We don't want to package
          # .nodeenv, node_modules, etc in the release.
          mv src/viser/client/build ./__built_client
          rm -rf src/viser/client/*
          git checkout src/viser/client
          mv ./__built_client src/viser/client/build
      - name: Build and publish
        env:
          UV_PUBLISH_USERNAME: ${{ secrets.PYPI_USERNAME }}
          UV_PUBLISH_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
        run: |
          uv build
          uv publish

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

# This workflows will upload a Python Package using uv when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
 
name: Upload Python Package
 
on:
  release:
    types: [created]
  workflow_dispatch:
 
jobs:
  deploy:
    timeout-minutes: 30
    runs-on: latchkey-small
 
    steps:
      - uses: actions/checkout@v4
      - name: Install uv
        uses: astral-sh/setup-uv@v5
      # Restore the shared client build (built by the e2e workflow on the same
      # commit, or built here on a cache miss). Needed both to run the e2e tests
      # below and to bundle into the PyPI package.
      - uses: ./.github/actions/build-client
      - uses: ./.github/actions/setup-e2e
        with:
          python-version: "3.12"
      - name: Make sure tests pass
        run: uv run --extra dev --python 3.12 pytest
      - name: Strip unsupported tags in README
        run: |
          sed -i '/<!-- pypi-strip -->/,/<!-- \/pypi-strip -->/d' README.md
      - name: Only bundle client build for PyPI release
        run: |
          # This should delete everything in src/viser/client except for the
          # build folder + original source files. We don't want to package
          # .nodeenv, node_modules, etc in the release.
          mv src/viser/client/build ./__built_client
          rm -rf src/viser/client/*
          git checkout src/viser/client
          mv ./__built_client src/viser/client/build
      - name: Build and publish
        env:
          UV_PUBLISH_USERNAME: ${{ secrets.PYPI_USERNAME }}
          UV_PUBLISH_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
        run: |
          uv build
          uv publish
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow