From 457282ff2c1eae8ae8ec0986230f205baba8fe3a Mon Sep 17 00:00:00 2001 From: argenis de la rosa Date: Thu, 5 Mar 2026 10:24:39 -0500 Subject: [PATCH] ci(runners): remove aws-india and hetzner labels --- .github/actionlint.yaml | 2 -- .github/workflows/ci-auto-main-release.yml | 2 +- .github/workflows/ci-cd-security.yml | 12 +++++----- .github/workflows/ci-run.yml | 28 +++++++++++----------- .github/workflows/pub-docker-img.yml | 4 ++-- .github/workflows/pub-release.yml | 22 ++++++++--------- .github/workflows/sec-audit.yml | 14 +++++------ .github/workflows/sec-codeql.yml | 6 ++--- .github/workflows/test-coverage.yml | 2 +- .github/workflows/test-e2e.yml | 2 +- 10 files changed, 46 insertions(+), 48 deletions(-) diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index 3c46a6f3e..d5cf051c1 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -1,7 +1,5 @@ self-hosted-runner: labels: - blacksmith-2vcpu-ubuntu-2404 - - aws-india - - hetzner - Linux - X64 diff --git a/.github/workflows/ci-auto-main-release.yml b/.github/workflows/ci-auto-main-release.yml index 5b222bdb2..9b2f7002a 100644 --- a/.github/workflows/ci-auto-main-release.yml +++ b/.github/workflows/ci-auto-main-release.yml @@ -20,7 +20,7 @@ env: jobs: tag-and-bump: name: Tag current main + prepare next patch version - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] timeout-minutes: 20 steps: - name: Checkout diff --git a/.github/workflows/ci-cd-security.yml b/.github/workflows/ci-cd-security.yml index 970654bd6..65a4fe3be 100644 --- a/.github/workflows/ci-cd-security.yml +++ b/.github/workflows/ci-cd-security.yml @@ -29,7 +29,7 @@ env: jobs: authorize-main-build: name: Access and Execution Gate - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] outputs: run_pipeline: ${{ steps.gate.outputs.run_pipeline }} steps: @@ -79,7 +79,7 @@ jobs: build-and-test: needs: authorize-main-build if: needs.authorize-main-build.outputs.run_pipeline == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 90 steps: - name: Checkout code @@ -126,7 +126,7 @@ jobs: run: cargo fmt -- --check security-scans: - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 60 needs: build-and-test permissions: @@ -190,7 +190,7 @@ jobs: config: auto fuzz-testing: - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 90 needs: build-and-test strategy: @@ -230,7 +230,7 @@ jobs: cargo +nightly fuzz run ${{ matrix.target }} -- -max_total_time=300 -max_len=4096 container-build-and-scan: - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 45 needs: security-scans steps: @@ -261,7 +261,7 @@ jobs: ghcr.io/${{ github.repository }}:ci-security publish: - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 60 if: github.event_name == 'release' needs: diff --git a/.github/workflows/ci-run.yml b/.github/workflows/ci-run.yml index e4baa46b5..c6a2afb62 100644 --- a/.github/workflows/ci-run.yml +++ b/.github/workflows/ci-run.yml @@ -24,7 +24,7 @@ env: jobs: changes: name: Detect Change Scope - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] outputs: docs_only: ${{ steps.scope.outputs.docs_only }} docs_changed: ${{ steps.scope.outputs.docs_changed }} @@ -50,7 +50,7 @@ jobs: name: Lint Gate (Format + Clippy + Strict Delta) needs: [changes] if: needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 75 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -107,7 +107,7 @@ jobs: name: Workspace Check needs: [changes] if: needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 45 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 @@ -128,7 +128,7 @@ jobs: name: Package Check (${{ matrix.package }}) needs: [changes] if: needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 25 strategy: fail-fast: false @@ -153,7 +153,7 @@ jobs: name: Test needs: [changes] if: needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 120 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -255,7 +255,7 @@ jobs: name: Restricted Hermetic Validation needs: [changes] if: needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 45 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -281,7 +281,7 @@ jobs: name: Build (Smoke) needs: [changes] if: needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 90 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -342,7 +342,7 @@ jobs: name: Binary Size Regression (PR) needs: [changes] if: github.event_name == 'pull_request' && needs.changes.outputs.rust_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 120 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -514,7 +514,7 @@ jobs: name: Docs-Only Fast Path needs: [changes] if: needs.changes.outputs.docs_only == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] steps: - name: Skip heavy jobs for docs-only change run: echo "Docs-only change detected. Rust lint/test/build skipped." @@ -523,7 +523,7 @@ jobs: name: Non-Rust Fast Path needs: [changes] if: needs.changes.outputs.docs_only != 'true' && needs.changes.outputs.rust_changed != 'true' - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] steps: - name: Skip Rust jobs for non-Rust change scope run: echo "No Rust-impacting files changed. Rust lint/test/build skipped." @@ -532,7 +532,7 @@ jobs: name: Docs Quality needs: [changes] if: needs.changes.outputs.docs_changed == 'true' - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] timeout-minutes: 15 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 @@ -591,7 +591,7 @@ jobs: name: Lint Feedback if: github.event_name == 'pull_request' needs: [changes, lint, docs-quality] - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] permissions: contents: read pull-requests: write @@ -617,7 +617,7 @@ jobs: name: License File Owner Guard needs: [changes] if: github.event_name == 'pull_request' - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] permissions: contents: read pull-requests: read @@ -635,7 +635,7 @@ jobs: name: CI Required Gate if: always() needs: [changes, lint, workspace-check, package-check, test, restricted-hermetic, build, binary-size-regression, cross-platform-vm, linux-distro-container, docker-smoke, docs-only, non-rust, docs-quality, lint-feedback, license-file-owner-guard] - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] steps: - name: Enforce required status shell: bash diff --git a/.github/workflows/pub-docker-img.yml b/.github/workflows/pub-docker-img.yml index 937321772..8267c9e4c 100644 --- a/.github/workflows/pub-docker-img.yml +++ b/.github/workflows/pub-docker-img.yml @@ -39,7 +39,7 @@ jobs: pr-smoke: name: PR Docker Smoke if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) || (github.event_name == 'workflow_dispatch' && inputs.release_tag == '') - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 25 permissions: contents: read @@ -93,7 +93,7 @@ jobs: publish: name: Build and Push Docker Image if: github.repository == 'zeroclaw-labs/zeroclaw' && ((github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) || (github.event_name == 'workflow_dispatch' && inputs.release_tag != '')) - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 90 permissions: contents: read diff --git a/.github/workflows/pub-release.yml b/.github/workflows/pub-release.yml index e184d58bb..afa4b54f5 100644 --- a/.github/workflows/pub-release.yml +++ b/.github/workflows/pub-release.yml @@ -45,7 +45,7 @@ jobs: prepare: name: Prepare Release Context if: github.event_name != 'push' || !contains(github.ref_name, '-') - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] outputs: release_ref: ${{ steps.vars.outputs.release_ref }} release_tag: ${{ steps.vars.outputs.release_tag }} @@ -202,14 +202,14 @@ jobs: include: # Keep GNU Linux release artifacts on Ubuntu 22.04 to preserve # a broadly compatible GLIBC baseline for user distributions. - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: x86_64-unknown-linux-gnu artifact: zeroclaw archive_ext: tar.gz cross_compiler: "" linker_env: "" linker: "" - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: x86_64-unknown-linux-musl artifact: zeroclaw archive_ext: tar.gz @@ -217,14 +217,14 @@ jobs: linker_env: "" linker: "" use_cross: true - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: aarch64-unknown-linux-gnu artifact: zeroclaw archive_ext: tar.gz cross_compiler: gcc-aarch64-linux-gnu linker_env: CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER linker: aarch64-linux-gnu-gcc - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: aarch64-unknown-linux-musl artifact: zeroclaw archive_ext: tar.gz @@ -232,14 +232,14 @@ jobs: linker_env: "" linker: "" use_cross: true - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: armv7-unknown-linux-gnueabihf artifact: zeroclaw archive_ext: tar.gz cross_compiler: gcc-arm-linux-gnueabihf linker_env: CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER linker: arm-linux-gnueabihf-gcc - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: armv7-linux-androideabi artifact: zeroclaw archive_ext: tar.gz @@ -248,7 +248,7 @@ jobs: linker: "" android_ndk: true android_api: 21 - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: aarch64-linux-android artifact: zeroclaw archive_ext: tar.gz @@ -257,7 +257,7 @@ jobs: linker: "" android_ndk: true android_api: 21 - - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + - os: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] target: x86_64-unknown-freebsd artifact: zeroclaw archive_ext: tar.gz @@ -499,7 +499,7 @@ jobs: verify-artifacts: name: Verify Artifact Set needs: [prepare, build-release] - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: @@ -560,7 +560,7 @@ jobs: name: Publish Release if: needs.prepare.outputs.publish_release == 'true' needs: [prepare, verify-artifacts] - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 45 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 diff --git a/.github/workflows/sec-audit.yml b/.github/workflows/sec-audit.yml index 3ba0d050f..f1cf9f198 100644 --- a/.github/workflows/sec-audit.yml +++ b/.github/workflows/sec-audit.yml @@ -72,7 +72,7 @@ env: jobs: audit: name: Security Audit - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 45 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -107,7 +107,7 @@ jobs: deny: name: License & Supply Chain - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 20 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -216,7 +216,7 @@ jobs: security-regressions: name: Security Regression Tests - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 30 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo @@ -251,7 +251,7 @@ jobs: secrets: name: Secrets Governance (Gitleaks) - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] timeout-minutes: 20 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 @@ -446,7 +446,7 @@ jobs: sbom: name: SBOM Snapshot - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] timeout-minutes: 20 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 @@ -511,7 +511,7 @@ jobs: unsafe-debt: name: Unsafe Debt Audit - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] timeout-minutes: 20 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 @@ -656,7 +656,7 @@ jobs: name: Security Required Gate if: always() && (github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group') needs: [audit, deny, security-regressions, secrets, sbom, unsafe-debt] - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] steps: - name: Enforce security gate shell: bash diff --git a/.github/workflows/sec-codeql.yml b/.github/workflows/sec-codeql.yml index 01bec0567..a92bd8355 100644 --- a/.github/workflows/sec-codeql.yml +++ b/.github/workflows/sec-codeql.yml @@ -51,7 +51,7 @@ env: jobs: select-runner: name: Select CodeQL Runner Lane - runs-on: [self-hosted, Linux, X64, aws-india, light, cpu40] + runs-on: [self-hosted, Linux, X64, light, cpu40] outputs: labels: ${{ steps.lane.outputs.labels }} lane: ${{ steps.lane.outputs.lane }} @@ -63,10 +63,10 @@ jobs: set -euo pipefail branch="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" if [[ "$branch" == release/* ]]; then - echo 'labels=["self-hosted","Linux","X64","hetzner","codeql"]' >> "$GITHUB_OUTPUT" + echo 'labels=["self-hosted","Linux","X64","codeql"]' >> "$GITHUB_OUTPUT" echo 'lane=release' >> "$GITHUB_OUTPUT" else - echo 'labels=["self-hosted","Linux","X64","hetzner","codeql","codeql-general"]' >> "$GITHUB_OUTPUT" + echo 'labels=["self-hosted","Linux","X64","codeql","codeql-general"]' >> "$GITHUB_OUTPUT" echo 'lane=general' >> "$GITHUB_OUTPUT" fi diff --git a/.github/workflows/test-coverage.yml b/.github/workflows/test-coverage.yml index d7c899636..0c87b5617 100644 --- a/.github/workflows/test-coverage.yml +++ b/.github/workflows/test-coverage.yml @@ -37,7 +37,7 @@ env: jobs: coverage: name: Coverage (non-blocking) - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 90 env: CARGO_HOME: ${{ github.workspace }}/.ci-rust/${{ github.run_id }}-${{ github.run_attempt }}-${{ github.job }}/cargo diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 595e97e1f..7f62c9c72 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -30,7 +30,7 @@ env: jobs: integration-tests: name: Integration / E2E Tests - runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] + runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404] timeout-minutes: 30 steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4