From d9b882846f1da7aa5f0cb6848904b5a8e395404a Mon Sep 17 00:00:00 2001 From: Jonathan Flatt Date: Mon, 26 May 2025 00:21:18 +0000 Subject: [PATCH] Remove self-hosted runners from CI/CD workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace all self-hosted runners with ubuntu-latest - Docker builds now only run on main branch or version tags, not on PRs - Reduces stress on self-hosted infrastructure 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .github/workflows/ci.yml | 6 +++--- .github/workflows/deploy.yml | 10 +++++----- .github/workflows/docker-publish.yml | 10 ++++------ 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27860fa..775ba81 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -183,9 +183,9 @@ jobs: # Docker builds - only when relevant files change docker: name: Docker Build & Test - runs-on: [self-hosted, Linux, X64] - # Security: Only run on self-hosted for trusted sources - if: (github.event.pull_request.head.repo.owner.login == 'intelligence-assist' || github.event_name != 'pull_request') && (needs.changes.outputs.docker == 'true' || needs.changes.outputs.src == 'true') + runs-on: ubuntu-latest + # Only run on main branch or version tags, not on PRs + if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && github.event_name != 'pull_request' && (needs.changes.outputs.docker == 'true' || needs.changes.outputs.src == 'true') # Only need unit tests to pass for Docker builds needs: [test-unit, lint, changes] diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 51dbc82..5eea038 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -75,9 +75,9 @@ jobs: build: name: Build Docker Image - runs-on: [self-hosted, Linux, X64] - # Security: Only run on self-hosted for trusted sources AND when files changed - if: (github.event.pull_request.head.repo.owner.login == 'intelligence-assist' || github.event_name != 'pull_request') && (needs.changes.outputs.docker == 'true' || needs.changes.outputs.src == 'true') + runs-on: ubuntu-latest + # Only build when files changed + if: needs.changes.outputs.docker == 'true' || needs.changes.outputs.src == 'true' needs: [test, changes] outputs: @@ -164,7 +164,7 @@ jobs: name: Deploy to Staging if: github.ref == 'refs/heads/main' && github.event_name == 'push' needs: [build, security-scan] - runs-on: [self-hosted, Linux, X64] + runs-on: ubuntu-latest environment: staging steps: @@ -217,7 +217,7 @@ jobs: name: Deploy to Production if: startsWith(github.ref, 'refs/tags/v') needs: [build, security-scan] - runs-on: [self-hosted, Linux, X64] + runs-on: ubuntu-latest environment: name: production url: https://webhook.yourdomain.com diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ccac576..e61b6e6 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -33,9 +33,7 @@ env: jobs: build: - runs-on: [self-hosted, Linux, X64] - # Security: Only run on self-hosted for trusted sources - if: github.event.pull_request.head.repo.owner.login == 'intelligence-assist' || github.event_name != 'pull_request' + runs-on: ubuntu-latest permissions: contents: read packages: write @@ -100,9 +98,9 @@ jobs: # Additional job to build and push the Claude Code container build-claudecode: - runs-on: [self-hosted, Linux, X64] - # Security: Only run on self-hosted for trusted sources + not on PRs - if: (github.event.pull_request.head.repo.owner.login == 'intelligence-assist' || github.event_name != 'pull_request') && github.event_name != 'pull_request' + runs-on: ubuntu-latest + # Only run when not a pull request + if: github.event_name != 'pull_request' permissions: contents: read packages: write