Skip to content
Latchkey

Build and Push Fedora Images workflow (kyl191/ansible-role-openvpn)

The Build and Push Fedora Images workflow from kyl191/ansible-role-openvpn, explained and optimized by Latchkey.

B

CI health: B - good

Point runs-on at Latchkey and get job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: kyl191/ansible-role-openvpn.github/workflows/publish-fedora.ymlLicense MITView source

What it does

This is the Build and Push Fedora Images workflow from the kyl191/ansible-role-openvpn repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Build and Push Fedora Images

on:
  schedule:
    # Arbitrary time to spread load, 3:17am on Sunday
    - cron: "17 3 * * 0"
  workflow_dispatch: # Allows manual triggering

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository_owner }}/ansible-images

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    strategy:
      matrix:
        fedora_version: ["42", "43"]

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Log in to the Container registry
        uses: redhat-actions/podman-login@v1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build Image
        id: build-image
        uses: redhat-actions/buildah-build@v2
        with:
          image: ${{ env.IMAGE_NAME }}
          tags: fedora-${{ matrix.fedora_version }}
          containerfiles: |
            ./tests/fedora.Dockerfile
          build-args: |
            VERSION=${{ matrix.fedora_version }}
          # Recommended for linking the package to the repo
          labels: |
            org.opencontainers.image.source=https://github.com/${{ github.repository }}

      - name: Push to GHCR
        uses: redhat-actions/push-to-registry@v2
        with:
          image: ${{ steps.build-image.outputs.image }}
          tags: ${{ steps.build-image.outputs.tags }}
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Build and Push Fedora Images
 
on:
  schedule:
    # Arbitrary time to spread load, 3:17am on Sunday
    - cron: "17 3 * * 0"
  workflow_dispatch: # Allows manual triggering
 
env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository_owner }}/ansible-images
 
jobs:
  build-and-push:
    timeout-minutes: 30
    runs-on: latchkey-small
    permissions:
      contents: read
      packages: write
 
    strategy:
      matrix:
        fedora_version: ["42", "43"]
 
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
 
      - name: Log in to the Container registry
        uses: redhat-actions/podman-login@v1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
 
      - name: Build Image
        id: build-image
        uses: redhat-actions/buildah-build@v2
        with:
          image: ${{ env.IMAGE_NAME }}
          tags: fedora-${{ matrix.fedora_version }}
          containerfiles: |
            ./tests/fedora.Dockerfile
          build-args: |
            VERSION=${{ matrix.fedora_version }}
          # Recommended for linking the package to the repo
          labels: |
            org.opencontainers.image.source=https://github.com/${{ github.repository }}
 
      - name: Push to GHCR
        uses: redhat-actions/push-to-registry@v2
        with:
          image: ${{ steps.build-image.outputs.image }}
          tags: ${{ steps.build-image.outputs.tags }}
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
 

What changed

3 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job (2 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow