Skip to content
Latchkey

certs workflow (bojand/ghz)

The certs workflow from bojand/ghz, explained and optimized by Latchkey.

A

CI health: A - excellent

Point runs-on at Latchkey and get job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: bojand/ghz.github/workflows/certs.yamlLicense Apache-2.0View source

What it does

This is the certs workflow from the bojand/ghz repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: certs

on:
  schedule:
    - cron: '10 0 1 * *'
  workflow_dispatch:
    inputs:
      comment:
        description: 'comment on the workflow dispatch'
        required: false
        default: 'manual workflow dispatch' 
        type: string

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4
    - name: Refresh certificates
      run: openssl req -x509 -out testdata/localhost.crt -keyout testdata/localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
    - name: Commit to repository
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        COMMIT_MSG: Refresh certificates
      run: |
        git config user.email "dbojan@gmail.com"
        git config user.name "Bojan"
        # Update origin with token
        git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
        # Checkout the branch so we can push back to it
        git checkout master
        git add .
        # Only commit and push if we have changes
        git diff --quiet && git diff --staged --quiet || (git commit -m "${COMMIT_MSG}"; git push origin master)

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: certs
 
on:
  schedule:
    - cron: '10 0 1 * *'
  workflow_dispatch:
    inputs:
      comment:
        description: 'comment on the workflow dispatch'
        required: false
        default: 'manual workflow dispatch' 
        type: string
 
jobs:
  build:
    timeout-minutes: 30
    runs-on: latchkey-small
 
    steps:
    - uses: actions/checkout@v4
    - name: Refresh certificates
      run: openssl req -x509 -out testdata/localhost.crt -keyout testdata/localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
    - name: Commit to repository
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        COMMIT_MSG: Refresh certificates
      run: |
        git config user.email "dbojan@gmail.com"
        git config user.name "Bojan"
        # Update origin with token
        git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
        # Checkout the branch so we can push back to it
        git checkout master
        git add .
        # Only commit and push if we have changes
        git diff --quiet && git diff --staged --quiet || (git commit -m "${COMMIT_MSG}"; git push origin master)
 

What changed

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow