From abb2b16c03974126d8225aa01762430b42bb3c7a Mon Sep 17 00:00:00 2001
From: Alec Scott <scott112@llnl.gov>
Date: Mon, 3 Nov 2025 15:08:37 -0800
Subject: [PATCH 1/2] ci: only push containers on main branch not PRs

---
 .github/workflows/containers.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml
index 7f6b3a5..5fe6593 100644
--- a/.github/workflows/containers.yml
+++ b/.github/workflows/containers.yml
@@ -72,7 +72,7 @@ jobs:
         with:
           file: Dockerfiles/${{ matrix.dockerfile[1] }}
           platforms: ${{ matrix.dockerfile[2] }}
-          push: true
+          push: ${{ github.ref == 'refs/heads/main' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: |
@@ -84,8 +84,8 @@ jobs:
           secrets: |
             "bootstrap_gcc_key=${{ secrets.BOOTSTRAP_GCC_KEY }}"
 
-# Note this artifact is useful only for manual verification of the manual upload
-# of the bootstrap cache.
+  # Note this artifact is useful only for manual verification of the manual upload
+  # of the bootstrap cache.
   upload-gcc-buildcache:
     timeout-minutes: 60
     runs-on: self-hosted

From 6885b01035f2bb2143a6df5a6998aabbcd733e99 Mon Sep 17 00:00:00 2001
From: Alec Scott <scott112@llnl.gov>
Date: Mon, 3 Nov 2025 15:18:18 -0800
Subject: [PATCH 2/2] Swap to GitHub hosted runners

---
 .github/workflows/containers.yml | 64 ++++++++++++++++----------------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml
index 5fe6593..3c70897 100644
--- a/.github/workflows/containers.yml
+++ b/.github/workflows/containers.yml
@@ -22,7 +22,7 @@ concurrency:
 jobs:
   deploy-images:
     timeout-minutes: 1200
-    runs-on: self-hosted
+    runs-on: ubuntu-latest
     permissions:
       packages: write
     strategy:
@@ -86,35 +86,35 @@ jobs:
 
   # Note this artifact is useful only for manual verification of the manual upload
   # of the bootstrap cache.
-  upload-gcc-buildcache:
-    timeout-minutes: 60
-    runs-on: self-hosted
-    permissions:
-      packages: write
-    needs: [ deploy-images ]
-    env:
-      CONTAINER_NAME: 'ghcr.io/spack/pcluster-amazonlinux-2'
-      KEY_FINGERPRINT: '5195AD463E705FC2014BFF08FE8754F9EEC75620'
-    steps:
-      - name: Get Container Tag
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.CONTAINER_NAME }}
-      - name: Checkout Container
-        uses: actions/checkout@v4
-      - name: Copy from container to local disk
-        env:
-          CONTAINER_TAG: ${{ steps.meta.outputs.tags }}
-        run: |
-          id=$(docker create --platform linux/amd64 ${CONTAINER_TAG})
-          docker cp $id:/bootstrap-gcc-cache/v3/manifests/key/${KEY_FINGERPRINT}.key.manifest.json ${KEY_FINGERPRINT}.key.manifest.json
-          blobpath=$(awk -F\" '/checksumAlgorithm/ {alg=$4} /checksum[^\w]/ { checksum=$4 } END {printf("%s/%s/%s\n",alg,substr(checksum,1,2),checksum) }' ${KEY_FINGERPRINT}.key.manifest.json)
-          docker cp $id:/bootstrap-gcc-cache/blobs/$blobpath ${KEY_FINGERPRINT}.pub
-          docker rm -v $id
+  # upload-gcc-buildcache:
+  #   timeout-minutes: 60
+  #   runs-on: self-hosted
+  #   permissions:
+  #     packages: write
+  #   needs: [ deploy-images ]
+  #   env:
+  #     CONTAINER_NAME: 'ghcr.io/spack/pcluster-amazonlinux-2'
+  #     KEY_FINGERPRINT: '5195AD463E705FC2014BFF08FE8754F9EEC75620'
+  #   steps:
+  #     - name: Get Container Tag
+  #       id: meta
+  #       uses: docker/metadata-action@v5
+  #       with:
+  #         images: ${{ env.CONTAINER_NAME }}
+  #     - name: Checkout Container
+  #       uses: actions/checkout@v4
+  #     - name: Copy from container to local disk
+  #       env:
+  #         CONTAINER_TAG: ${{ steps.meta.outputs.tags }}
+  #       run: |
+  #         id=$(docker create --platform linux/amd64 ${CONTAINER_TAG})
+  #         docker cp $id:/bootstrap-gcc-cache/v3/manifests/key/${KEY_FINGERPRINT}.key.manifest.json ${KEY_FINGERPRINT}.key.manifest.json
+  #         blobpath=$(awk -F\" '/checksumAlgorithm/ {alg=$4} /checksum[^\w]/ { checksum=$4 } END {printf("%s/%s/%s\n",alg,substr(checksum,1,2),checksum) }' ${KEY_FINGERPRINT}.key.manifest.json)
+  #         docker cp $id:/bootstrap-gcc-cache/blobs/$blobpath ${KEY_FINGERPRINT}.pub
+  #         docker rm -v $id
 
-      - name: Upload public key to Github artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ env.KEY_FINGERPRINT }}.pub
-          path: ${{ env.KEY_FINGERPRINT }}.pub
+  #     - name: Upload public key to Github artifacts
+  #       uses: actions/upload-artifact@v4
+  #       with:
+  #         name: ${{ env.KEY_FINGERPRINT }}.pub
+  #         path: ${{ env.KEY_FINGERPRINT }}.pub