Skip to content

ci: migrate safe jobs to self-hosted runner#21

Closed
jfreed-dev wants to merge 1 commit into
mainfrom
chore/self-hosted-runner
Closed

ci: migrate safe jobs to self-hosted runner#21
jfreed-dev wants to merge 1 commit into
mainfrom
chore/self-hosted-runner

Conversation

@jfreed-dev

Copy link
Copy Markdown
Member

Summary

  • 4 safe jobs flipped from ubuntu-latestself-hosted.
  • 3 jobs kept on cloud (Docker action + Trivy binary smoke-test pending).

Migrated

  • validate.yml validate — terraform fmt/validate/tflint matrix (8 modules)
  • security.yml verify-signatures + dependency-review
  • dependabot-auto-merge.yml auto-merge

Kept on cloud

  • docs.yml docsterraform-docs/gh-actions is docker:// — won't run on self-hosted Mac runner
  • security.yml trivy + validate.yml security — Trivy CLI ships darwin binaries but the install path needs smoke-testing on Cerebrum first; flipping later is trivial

Test plan

  • CI runs green on this PR (especially the validate.yml matrix)
  • Spot-check Actions tab after merge

Flips 4 safe jobs from ubuntu-latest to self-hosted (Cerebrum runner).
Three jobs intentionally kept on cloud due to Docker actions or Linux-
specific tooling.

Migrated to self-hosted:
- validate.yml validate (terraform fmt/validate, tflint — JS actions, matrix over 8 modules)
- security.yml verify-signatures (git verify-commit)
- security.yml dependency-review (JS action)
- dependabot-auto-merge.yml auto-merge (gh CLI)

Kept on ubuntu-latest:
- docs.yml docs (terraform-docs/gh-actions is a docker:// action)
- security.yml trivy (binary install path needs darwin-arm64 smoke test first)
- validate.yml security (Trivy IaC scan, same caveat)

README badges already point to freed-dev-llc/, no fix needed.
@jfreed-dev

Copy link
Copy Markdown
Member Author

Superseded by direct push to default branch: all workflows now use self-hosted runner.

@jfreed-dev jfreed-dev closed this May 16, 2026
@jfreed-dev jfreed-dev deleted the chore/self-hosted-runner branch May 16, 2026 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant