Skip to content
Latchkey

containers workflow (square/okhttp)

The containers workflow from square/okhttp, explained and optimized by Latchkey.

F

CI health: F - at risk

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: square/okhttp.github/workflows/containers.ymlLicense Apache-2.0View source

What it does

This is the containers workflow from the square/okhttp repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: containers

on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, labeled, unlabeled, synchronize]

permissions:
  contents: read

env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"

jobs:
  test_containers:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'containers')

    steps:
      - name: Checkout
        uses: actions/checkout@v7

      - name: Configure JDK
        uses: actions/setup-java@v5
        with:
          distribution: 'temurin'
          java-version: 21

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v5

      - name: Run Container Tests
        run: ./gradlew container-tests:test -PcontainerTests=true

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: containers
 
on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, labeled, unlabeled, synchronize]
 
permissions:
  contents: read
 
env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  test_containers:
    timeout-minutes: 30
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: latchkey-small
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'containers')
 
    steps:
      - name: Checkout
        uses: actions/checkout@v7
 
      - name: Configure JDK
        uses: actions/setup-java@v5
        with:
          cache: 'maven'
          distribution: 'temurin'
          java-version: 21
 
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v5
 
      - name: Run Container Tests
        run: ./gradlew container-tests:test -PcontainerTests=true
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow