From 91d05955d107921a2e86c67aae0d561f6ab705e4 Mon Sep 17 00:00:00 2001
From: Jonathan Flatt <jonflatt@gmail.com>
Date: Sun, 25 May 2025 16:41:53 -0500
Subject: [PATCH] Optimize runner distribution: move security scans and E2E to
 GitHub
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Security scans run faster on GitHub runners than self-hosted
- E2E tests are minimal (1 scenario) so GitHub runners are sufficient
- Only keep Docker builds on self-hosted since they're resource intensive
- Results in faster CI execution and better cost efficiency

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/ci.yml             | 12 ++++--------
 .github/workflows/security-audit.yml |  2 +-
 .github/workflows/security.yml       |  6 +++---
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e3a458c..8259593 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -91,12 +91,10 @@ jobs:
         GITHUB_WEBHOOK_SECRET: 'test-secret'
         GITHUB_TOKEN: 'test-token'
 
-  # E2E tests - most complex, run on self-hosted for better performance
+  # E2E tests - only 1 scenario, run on GitHub for simplicity
   test-e2e:
     name: E2E Tests
-    runs-on: [self-hosted, Linux, X64]
-    # Security: Only run on self-hosted for trusted sources
-    if: github.event.pull_request.head.repo.owner.login == 'intelligence-assist' || github.event_name != 'pull_request'
+    runs-on: ubuntu-latest
     
     steps:
     - name: Checkout code
@@ -156,12 +154,10 @@ jobs:
         name: codecov-umbrella
         fail_ci_if_error: false
 
-  # Security scans - run in parallel with tests
+  # Security scans - run on GitHub for faster execution
   security:
     name: Security Scan
-    runs-on: [self-hosted, Linux, X64]
-    # Security: Only run on self-hosted for trusted sources
-    if: github.event.pull_request.head.repo.owner.login == 'intelligence-assist' || github.event_name != 'pull_request'
+    runs-on: ubuntu-latest
     
     steps:
     - name: Checkout code
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index 7f9a0e9..5023b0d 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -11,7 +11,7 @@ on:
 
 jobs:
   security-audit:
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     name: Security Audit
     
     steps:
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 8d3032b..86f0859 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -12,7 +12,7 @@ on:
 jobs:
   dependency-scan:
     name: Dependency Security Scan
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     
     steps:
     - name: Checkout code
@@ -36,7 +36,7 @@ jobs:
 
   secret-scan:
     name: Secret Scanning
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     
     steps:
     - name: Checkout code
@@ -54,7 +54,7 @@ jobs:
 
   codeql:
     name: CodeQL Analysis
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read