Docker - learnGitBranching image workflow (pcottle/learnGitBranching)
The Docker - learnGitBranching image workflow from pcottle/learnGitBranching, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Docker - learnGitBranching image workflow from the pcottle/learnGitBranching repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Docker - learnGitBranching image
on:
workflow_dispatch:
push:
branches:
- main # Trigger CI on main branch
- bmcclure/main
paths:
- '**/*'
- '.github/workflows/build-docker.yml'
pull_request:
branches:
- main # Trigger gated pipeline on PR to main
- bmcclure/main
paths:
- '**/*'
- '.github/workflows/build-docker.yml'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
tags: |
type=ref,event=pr
type=ref,event=branch
type=sha,format=long
type=raw,value=latest
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build Docker image (non main branch)
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
if: github.ref != 'refs/heads/bmcclure/main'
with:
context: .
load: true
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push Docker image (main branch)
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
if: github.ref == 'refs/heads/bmcclure/main'
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- id: lowercaseImageName
uses: ASzc/change-string-case-action@v2
with:
string: ${{ env.IMAGE_NAME }}
- name: Save Docker Image archive to local filesystem
run: "docker save --output learnGitBranching.tar ${{env.REGISTRY}}/${{ steps.lowercaseImageName.outputs.lowercase }}"
- name: Upload application's Docker Image as pipeline artifact
uses: actions/upload-artifact@v4
with:
path: learnGitBranching.tar
name: learnGitBranching.tar
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Docker - learnGitBranching image on: workflow_dispatch: push: branches: - main # Trigger CI on main branch - bmcclure/main paths: - '**/*' - '.github/workflows/build-docker.yml' pull_request: branches: - main # Trigger gated pipeline on PR to main - bmcclure/main paths: - '**/*' - '.github/workflows/build-docker.yml' env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: build-and-push-image: timeout-minutes: 30 runs-on: latchkey-small permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v3 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: tags: | type=ref,event=pr type=ref,event=branch type=sha,format=long type=raw,value=latest images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Build Docker image (non main branch) uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc if: github.ref != 'refs/heads/bmcclure/main' with: context: . load: true push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Build and push Docker image (main branch) uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc if: github.ref == 'refs/heads/bmcclure/main' with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - id: lowercaseImageName uses: ASzc/change-string-case-action@v2 with: string: ${{ env.IMAGE_NAME }} - name: Save Docker Image archive to local filesystem run: "docker save --output learnGitBranching.tar ${{env.REGISTRY}}/${{ steps.lowercaseImageName.outputs.lowercase }}" - name: Upload application's Docker Image as pipeline artifact uses: actions/upload-artifact@v4 with: path: learnGitBranching.tar name: learnGitBranching.tar
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Container pulls and builds
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.