diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml
index b1b6452d2c..dc2baa343b 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -67,6 +67,10 @@
     tags:
       - apply-appowners
     when: env == "staging"
+  - role: openshift/object
+    app: bodhi
+    file: pvc.yml
+    objectname: pvc.yml
   - role: openshift/keytab
     app: bodhi
     key: koji-keytab
@@ -132,6 +136,13 @@
     app: bodhi
     template: deploymentconfig.yml
     objectname: deploymentconfig.yml
+  - role: openshift/object
+    app: bodhi
+    template: critpathcron.yml
+    objectname: critpathcron.yml
+  - role: openshift/imagestream
+    app: bodhi
+    imagename: bodhi-critpathcron
   - role: openshift/rollout
     app: bodhi
     dcname: bodhi-web
@@ -165,3 +176,8 @@
     command: "oc -n bodhi annotate route bodhi-web --overwrite haproxy.router.openshift.io/timeout=180s"
     tags:
     - route-timeout
+  - name: trigger critpath cronjob
+    command: "oc -n bodhi create job critpathcron-manual-{{ lookup('pipe','date +%s') }} --from=cronjob/fedora-bodhi-critpathcron"
+    tags:
+    - never
+    - critpathcron
diff --git a/roles/openshift-apps/bodhi/files/pvc.yml b/roles/openshift-apps/bodhi/files/pvc.yml
new file mode 100644
index 0000000000..9768d26b8c
--- /dev/null
+++ b/roles/openshift-apps/bodhi/files/pvc.yml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bodhi-critpath-storage
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Mi
+  storageClassName: ocs-storagecluster-cephfs
diff --git a/roles/openshift-apps/bodhi/templates/buildconfig.yml b/roles/openshift-apps/bodhi/templates/buildconfig.yml
index 558d02c023..61c2f0a6d0 100644
--- a/roles/openshift-apps/bodhi/templates/buildconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/buildconfig.yml
@@ -25,5 +25,29 @@ items:
       to:
         kind: ImageStreamTag
         name: bodhi-base:latest
+- apiVersion: v1
+  kind: BuildConfig
+  metadata:
+    labels:
+      build: bodhi-critpathcron
+    name: bodhi-critpathcron
+  spec:
+    runPolicy: Serial
+    source:
+      dockerfile: |-
+        {{ load_file('dockerfile-critpathcron') | indent(8) }}
+      type: Dockerfile
+    strategy:
+      type: Docker
+      dockerStrategy:
+{% if env == "staging" %}
+        noCache: True
+{% else %}
+        noCache: False
+{% endif %}
+    output:
+      to:
+        kind: ImageStreamTag
+        name: bodhi-critpathcron:latest
 kind: List
 metadata: {}
diff --git a/roles/openshift-apps/bodhi/templates/critpathcron.yml b/roles/openshift-apps/bodhi/templates/critpathcron.yml
new file mode 100644
index 0000000000..a83fd81def
--- /dev/null
+++ b/roles/openshift-apps/bodhi/templates/critpathcron.yml
@@ -0,0 +1,42 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: fedora-bodhi-critpathcron
+spec:
+  concurrencyPolicy: Forbid
+  schedule: "10 3 * * *"
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  activeDeadlineSeconds: 900
+  startingDeadlineSeconds: 300
+  jobTemplate:
+    spec:
+      backoffLimit: 0
+      template:
+        metadata:
+          labels:
+            parent: "cronjobbuild"
+        spec:
+          containers:
+          - name: critpath
+            image: image-registry.openshift-image-registry.svc:5000/bodhi/bodhi-critpathcron:latest
+            command: ["/bin/bash", "-c"]
+            args:
+            - |
+              cd /tmp
+              git clone --depth 1 --single-branch https://pagure.io/releng.git
+              cd /bodhi-critpath
+              /tmp/releng/scripts/critpath.py all
+            env:
+            - name: BUILD_ENV
+              value: "{{ env_short }}"
+            volumeMounts:
+            - name: bodhi-critpath
+              mountPath: /bodhi-critpath
+              readOnly: false
+          restartPolicy: Never
+          startingDeadlineSeconds: 600
+          volumes:
+          - name: bodhi-critpath
+            persistentVolumeClaim:
+              claimName: bodhi-critpath-storage
diff --git a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
index cf60e2be63..d164aae430 100644
--- a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
@@ -53,6 +53,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -91,6 +94,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
@@ -164,6 +170,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -186,6 +195,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
@@ -257,6 +269,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -279,6 +294,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
@@ -352,6 +370,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -374,6 +395,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
diff --git a/roles/openshift-apps/bodhi/templates/dockerfile-critpathcron b/roles/openshift-apps/bodhi/templates/dockerfile-critpathcron
new file mode 100644
index 0000000000..c5c43b796f
--- /dev/null
+++ b/roles/openshift-apps/bodhi/templates/dockerfile-critpathcron
@@ -0,0 +1,16 @@
+{% if env == "staging" %}
+FROM fedora:37
+{% else %}
+FROM fedora:37
+{% endif %}
+LABEL \
+    name="bodhi-critpathcron" \
+    vendor="Fedora Infrastructure" \
+    license="MIT"
+{% if env == "staging" %}
+RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo
+RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags-stg.repo
+{% else %}
+RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo
+{% endif %}
+RUN dnf install -y python3-dnf git fedora-repos