Skip to content
Latchkey

Build and Push golang-test Image workflow (gardener/gardener)

The Build and Push golang-test Image workflow from gardener/gardener, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: gardener/gardener.github/workflows/golang-test-build.yamlLicense Apache-2.0View source

What it does

This is the Build and Push golang-test Image workflow from the gardener/gardener repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Build and Push golang-test Image

on:
  push:
    branches:
      - master
    paths:
      - .github/workflows/golang-test-build.yaml
      - .github/workflows/golang-test-images.yaml
      - hack/tools/image/**
      - hack/tools.mk
      - hack/tools/logcheck/**
      - go.mod

jobs:
  prepare-metadata:
    name: Prepare Metadata
    if: ${{ github.repository == 'gardener/gardener' }}
    runs-on: ubuntu-latest
    outputs:
      date: ${{ steps.date.outputs.date }}
      short-sha: ${{ steps.short-sha.outputs.short-sha }}
    permissions:
      contents: read
    steps:
      - name: Generate date
        id: date
        run: echo "date=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
      - name: Generate short-sha
        id: short-sha
        run: echo "short-sha=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT

  generate-matrix:
    name: Generate Matrix
    if: ${{ github.repository == 'gardener/gardener' }}
    permissions:
      contents: read
    uses: ./.github/workflows/golang-test-images.yaml

  oci-images:
    name: Build OCI-Images
    if: ${{ github.repository == 'gardener/gardener' }}
    needs:
      - prepare-metadata
      - generate-matrix
    permissions:
      contents: read
      packages: write
      id-token: write
    secrets: inherit
    uses: gardener/cc-utils/.github/workflows/oci-ocm.yaml@v1
    strategy:
      matrix: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }}
    with:
      name: golang-test
      version: ${{ matrix.images.version }}
      dockerfile: ./hack/tools/image/Dockerfile
      build-args: |
        image=${{ matrix.images.image }}
      target: golang-test
      commit-objects-artefact: ""
      oci-registry: europe-docker.pkg.dev/gardener-project/releases/ci-infra
      oci-repository: golang-test
      oci-platforms: linux/amd64,linux/arm64
      ocm-labels: ""
      extra-tags: v${{ needs.prepare-metadata.outputs.date }}-${{ needs.prepare-metadata.outputs.short-sha }}-${{ matrix.images.version }},latest-${{ matrix.images.version }}
      push: always

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Build and Push golang-test Image
 
on:
  push:
    branches:
      - master
    paths:
      - .github/workflows/golang-test-build.yaml
      - .github/workflows/golang-test-images.yaml
      - hack/tools/image/**
      - hack/tools.mk
      - hack/tools/logcheck/**
      - go.mod
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  prepare-metadata:
    timeout-minutes: 30
    name: Prepare Metadata
    if: ${{ github.repository == 'gardener/gardener' }}
    runs-on: latchkey-small
    outputs:
      date: ${{ steps.date.outputs.date }}
      short-sha: ${{ steps.short-sha.outputs.short-sha }}
    permissions:
      contents: read
    steps:
      - name: Generate date
        id: date
        run: echo "date=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
      - name: Generate short-sha
        id: short-sha
        run: echo "short-sha=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
 
  generate-matrix:
    timeout-minutes: 30
    name: Generate Matrix
    if: ${{ github.repository == 'gardener/gardener' }}
    permissions:
      contents: read
    uses: ./.github/workflows/golang-test-images.yaml
 
  oci-images:
    timeout-minutes: 30
    name: Build OCI-Images
    if: ${{ github.repository == 'gardener/gardener' }}
    needs:
      - prepare-metadata
      - generate-matrix
    permissions:
      contents: read
      packages: write
      id-token: write
    secrets: inherit
    uses: gardener/cc-utils/.github/workflows/oci-ocm.yaml@v1
    strategy:
      matrix: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }}
    with:
      name: golang-test
      version: ${{ matrix.images.version }}
      dockerfile: ./hack/tools/image/Dockerfile
      build-args: |
        image=${{ matrix.images.image }}
      target: golang-test
      commit-objects-artefact: ""
      oci-registry: europe-docker.pkg.dev/gardener-project/releases/ci-infra
      oci-repository: golang-test
      oci-platforms: linux/amd64,linux/arm64
      ocm-labels: ""
      extra-tags: v${{ needs.prepare-metadata.outputs.date }}-${{ needs.prepare-metadata.outputs.short-sha }}-${{ matrix.images.version }},latest-${{ matrix.images.version }}
      push: always
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 3 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.