From a860679fd31ad34ddb0115d116872a3017f92e99 Mon Sep 17 00:00:00 2001 From: Ralf Anton Beier Date: Sun, 3 May 2026 20:02:29 +0200 Subject: [PATCH] ci: migrate 5 of 22 jobs to smithy self-hosted runners light ci.yml::release integration-examples.yml::trigger-integration production-readiness.yml::security-validation production-readiness.yml::production-readiness release.yml::create_release weekly-checksum-update.yml::notify Stays on ubuntu-latest: - ci.yml::lint Bazel (buildifier) not on smithy - ci.yml::hermiticity-check Bazel - ci.yml::test-linux Bazel + service container (registry:2) - ci.yml::test-macos macOS only - ci.yml::test-windows Windows only - ci.yml::bcr-docker-test docker run against vendor BCR image - ci.yml::integration Bazel + sudo apt-get - bcr-compatibility.yml::bcr-hermetic-test docker run against vendor BCR image - bcr-compatibility.yml::bcr-toolchain-validation docker run vendor BCR image - bcr-compatibility.yml::bcr-multi-platform-test multi-OS matrix + Bazel - bcr-compatibility.yml::bcr-incompatible-flags-test Bazel - bcr-compatibility.yml::bcr-metadata-validation keeping co-located with BCR suite - bcr-compatibility.yml::bcr-test-module-validation Bazel - bcr-compatibility.yml::bcr-summary keeping co-located with BCR suite - docs-deploy.yml::bazel-build-and-deploy Bazel - integration-examples.yml::direct-integration-test Bazel + sudo mv - production-readiness.yml::smoke-tests Bazel + macOS matrix - production-readiness.yml::performance-benchmark Bazel - production-readiness.yml::compatibility-matrix Bazel + macOS matrix - weekly-checksum-update.yml::checksum-update Bazel + sudo apt-get install The repo is a Bazel rules project for WebAssembly components, so the overwhelming majority of jobs depend on Bazel which is not yet on the smithy toolchains role. The five migrated jobs are pure shell/Node tasks (release archive creation, integration test dispatch, checksum greps, status summaries) that have no Bazel/sudo/apt-get/container dependencies and run comfortably on the 'light' (4G) class. publish.yml and publish-to-bcr.yml only call the bazel-contrib reusable workflow and have no own runs-on, so nothing to migrate there. --- .github/workflows/bcr-compatibility.yml | 7 +++++++ .github/workflows/ci.yml | 9 ++++++++- .github/workflows/docs-deploy.yml | 1 + .github/workflows/integration-examples.yml | 3 ++- .github/workflows/production-readiness.yml | 7 +++++-- .github/workflows/release.yml | 2 +- .github/workflows/weekly-checksum-update.yml | 3 ++- 7 files changed, 26 insertions(+), 6 deletions(-) diff --git a/.github/workflows/bcr-compatibility.yml b/.github/workflows/bcr-compatibility.yml index 00014543..a312f019 100644 --- a/.github/workflows/bcr-compatibility.yml +++ b/.github/workflows/bcr-compatibility.yml @@ -26,6 +26,7 @@ env: jobs: bcr-hermetic-test: name: BCR Hermetic Build Test + # Stays on ubuntu-latest: docker run against vendor BCR image (gcr.io/bazel-public/ubuntu2204) untested on smithy podman shim. runs-on: ubuntu-latest timeout-minutes: 30 @@ -130,6 +131,7 @@ jobs: bcr-toolchain-validation: name: BCR Toolchain Validation + # Stays on ubuntu-latest: docker run against vendor BCR image (gcr.io/bazel-public/ubuntu2204) untested on smithy podman shim. runs-on: ubuntu-latest timeout-minutes: 20 @@ -184,6 +186,7 @@ jobs: bcr-multi-platform-test: name: BCR Multi-Platform Test + # Stays on ${{ matrix.os }}: matrix is multi-OS (Linux/macOS/Windows) + Bazel; smithy fleet is Linux-only without Bazel. runs-on: ${{ matrix.os }} timeout-minutes: 25 # Run on all PRs and main branch to catch Windows issues early @@ -241,6 +244,7 @@ jobs: bcr-incompatible-flags-test: name: BCR Incompatible Flags Test + # Stays on ubuntu-latest: Bazel not installed on smithy fleet. runs-on: ubuntu-latest timeout-minutes: 20 # Only run on main branch and manual dispatch @@ -287,6 +291,7 @@ jobs: bcr-metadata-validation: name: BCR Metadata Validation + # Stays on ubuntu-latest: bundled with the BCR test suite; keeping co-located with related Bazel jobs. runs-on: ubuntu-latest timeout-minutes: 10 @@ -348,6 +353,7 @@ jobs: bcr-test-module-validation: name: BCR Test Module Validation + # Stays on ubuntu-latest: Bazel not installed on smithy fleet. runs-on: ubuntu-latest timeout-minutes: 15 @@ -393,6 +399,7 @@ jobs: bcr-summary: name: BCR Test Summary + # Stays on ubuntu-latest: bundled summary job for the BCR test suite, keeping co-located. runs-on: ubuntu-latest needs: [bcr-hermetic-test, bcr-toolchain-validation] if: always() diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e1b9ebd..12566293 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,7 @@ env: jobs: lint: name: Lint and Format Check + # Stays on ubuntu-latest: Bazel (buildifier) not installed on smithy fleet. runs-on: ubuntu-latest steps: @@ -38,6 +39,7 @@ jobs: hermiticity-check: name: Hermiticity Check + # Stays on ubuntu-latest: Bazel not installed on smithy fleet. runs-on: ubuntu-latest needs: lint @@ -80,6 +82,7 @@ jobs: test-linux: name: Test on ubuntu-latest + # Stays on ubuntu-latest: Bazel + service container (registry:2) not supported on smithy fleet. runs-on: ubuntu-latest needs: [lint, hermiticity-check] @@ -194,6 +197,7 @@ jobs: test-macos: name: Test on macos-latest + # Stays on macos-latest: smithy fleet is Linux-only. runs-on: macos-latest needs: [lint, hermiticity-check] @@ -307,6 +311,7 @@ jobs: test-windows: name: Test on windows-latest + # Stays on windows-latest: smithy fleet is Linux-only. runs-on: windows-latest needs: [lint] # Windows CI is currently experimental - failures don't block merges @@ -363,6 +368,7 @@ jobs: bcr-docker-test: name: BCR Docker Environment Test + # Stays on ubuntu-latest: docker run against vendor BCR image (gcr.io/bazel-public/ubuntu2204) untested on smithy podman shim. runs-on: ubuntu-latest needs: [lint, hermiticity-check] @@ -443,6 +449,7 @@ jobs: integration: name: Integration Tests + # Stays on ubuntu-latest: Bazel + sudo apt-get install not supported on smithy fleet. runs-on: ubuntu-latest needs: [test-linux, test-macos] @@ -535,7 +542,7 @@ jobs: release: name: Release - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] needs: [test-linux, test-macos, integration, bcr-docker-test, hermiticity-check] if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 9965ca70..4a4e8c4b 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -16,6 +16,7 @@ on: jobs: bazel-build-and-deploy: + # Stays on ubuntu-latest: Bazel not installed on smithy fleet. runs-on: ubuntu-latest # Only run on main branch to prevent accidental deployments if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/integration-examples.yml b/.github/workflows/integration-examples.yml index a5e284e0..e4993bd8 100644 --- a/.github/workflows/integration-examples.yml +++ b/.github/workflows/integration-examples.yml @@ -49,7 +49,7 @@ env: jobs: trigger-integration: name: Trigger Integration Tests - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] # This job requires a PAT with repo scope stored as INTEGRATION_TEST_TOKEN # If the secret is not configured, the job will be skipped gracefully @@ -97,6 +97,7 @@ jobs: # This doesn't require cross-repo dispatch but duplicates the test logic direct-integration-test: name: Direct Integration Test + # Stays on ubuntu-latest: Bazel + sudo mv install steps not supported on smithy fleet. runs-on: ubuntu-latest # Only run if we don't have the dispatch token # This provides a fallback for forks and repos without the secret diff --git a/.github/workflows/production-readiness.yml b/.github/workflows/production-readiness.yml index d0a40e50..9c038809 100644 --- a/.github/workflows/production-readiness.yml +++ b/.github/workflows/production-readiness.yml @@ -12,6 +12,7 @@ on: jobs: smoke-tests: name: Smoke Tests + # Stays on ${{ matrix.os }}: Bazel matrix (Linux + macOS); smithy fleet is Linux-only without Bazel. runs-on: ${{ matrix.os }} strategy: matrix: @@ -40,7 +41,7 @@ jobs: security-validation: name: Security Validation - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] steps: - uses: actions/checkout@v6 @@ -72,6 +73,7 @@ jobs: performance-benchmark: name: Performance Benchmark + # Stays on ubuntu-latest: Bazel not installed on smithy fleet. runs-on: ubuntu-latest steps: @@ -114,6 +116,7 @@ jobs: compatibility-matrix: name: Compatibility Tests + # Stays on ${{ matrix.os }}: Bazel matrix (Linux + macOS); smithy fleet is Linux-only without Bazel. runs-on: ${{ matrix.os }} strategy: matrix: @@ -132,7 +135,7 @@ jobs: production-readiness: name: Production Ready ✅ - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] needs: [ smoke-tests, diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7ead2704..7077ef9e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ permissions: jobs: create_release: name: Create Release - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] outputs: tag_name: ${{ steps.get_tag.outputs.tag_name }} release_archive: ${{ steps.create_archive.outputs.archive_name }} diff --git a/.github/workflows/weekly-checksum-update.yml b/.github/workflows/weekly-checksum-update.yml index c584f327..5c2f2620 100644 --- a/.github/workflows/weekly-checksum-update.yml +++ b/.github/workflows/weekly-checksum-update.yml @@ -34,6 +34,7 @@ env: jobs: checksum-update: + # Stays on ubuntu-latest: Bazel + sudo apt-get install not supported on smithy fleet. runs-on: ubuntu-latest timeout-minutes: 45 @@ -430,7 +431,7 @@ jobs: # Separate job for notification and cleanup notify: needs: checksum-update - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] if: always() steps: