Upload Python Package workflow (viser-project/viser)
The Upload Python Package workflow from viser-project/viser, explained and optimized by Latchkey.
CI health: B - good
Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Upload Python Package workflow from the viser-project/viser repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
# This workflows will upload a Python Package using uv when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
name: Upload Python Package
on:
release:
types: [created]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
# Restore the shared client build (built by the e2e workflow on the same
# commit, or built here on a cache miss). Needed both to run the e2e tests
# below and to bundle into the PyPI package.
- uses: ./.github/actions/build-client
- uses: ./.github/actions/setup-e2e
with:
python-version: "3.12"
- name: Make sure tests pass
run: uv run --extra dev --python 3.12 pytest
- name: Strip unsupported tags in README
run: |
sed -i '/<!-- pypi-strip -->/,/<!-- \/pypi-strip -->/d' README.md
- name: Only bundle client build for PyPI release
run: |
# This should delete everything in src/viser/client except for the
# build folder + original source files. We don't want to package
# .nodeenv, node_modules, etc in the release.
mv src/viser/client/build ./__built_client
rm -rf src/viser/client/*
git checkout src/viser/client
mv ./__built_client src/viser/client/build
- name: Build and publish
env:
UV_PUBLISH_USERNAME: ${{ secrets.PYPI_USERNAME }}
UV_PUBLISH_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
run: |
uv build
uv publish
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
# This workflows will upload a Python Package using uv when a release is created # For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries name: Upload Python Package on: release: types: [created] workflow_dispatch: jobs: deploy: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@v4 - name: Install uv uses: astral-sh/setup-uv@v5 # Restore the shared client build (built by the e2e workflow on the same # commit, or built here on a cache miss). Needed both to run the e2e tests # below and to bundle into the PyPI package. - uses: ./.github/actions/build-client - uses: ./.github/actions/setup-e2e with: python-version: "3.12" - name: Make sure tests pass run: uv run --extra dev --python 3.12 pytest - name: Strip unsupported tags in README run: | sed -i '/<!-- pypi-strip -->/,/<!-- \/pypi-strip -->/d' README.md - name: Only bundle client build for PyPI release run: | # This should delete everything in src/viser/client except for the # build folder + original source files. We don't want to package # .nodeenv, node_modules, etc in the release. mv src/viser/client/build ./__built_client rm -rf src/viser/client/* git checkout src/viser/client mv ./__built_client src/viser/client/build - name: Build and publish env: UV_PUBLISH_USERNAME: ${{ secrets.PYPI_USERNAME }} UV_PUBLISH_PASSWORD: ${{ secrets.PYPI_PASSWORD }} run: | uv build uv publish
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- End-to-end and browser tests
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.