chore: remove gce-github-runner, use GitHub-hosted runners (PDE-229)

Remove self-hosted GCE runner infrastructure in favor of GitHub-hosted
runners. This eliminates the security risk from shared service accounts
mounted into workflows.

Changes:
- Remove create-runner and delete-runner jobs
- Switch to ubuntu-latest runners
- GCP auth via Workload Identity Federation remains unchanged

Co-authored-by: Ona <no-reply@ona.com>

Author: corneliusludmann

.github/workflows/pull-request.yml

@@ -3,18 +3,8 @@ on:
   pull_request:
 
 jobs:
-  create-runner:
-    uses: gitpod-io/gce-github-runner/.github/workflows/create-vm.yml@main
-    secrets:
-      runner_token: ${{ secrets.SELF_HOSTED_GITHUB_RUNNER_TOKEN }}
-      gcp_credentials: ${{ secrets.SELF_HOSTED_GITHUB_RUNNER_GCP_CREDENTIALS }}
-    concurrency:
-      group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-create-runner
-      cancel-in-progress: false
-
   build:
-    runs-on: ${{ needs.create-runner.outputs.label }}
-    needs: create-runner
+    runs-on: ubuntu-latest
     concurrency:
       group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-build
       cancel-in-progress: true
@@ -76,15 +66,3 @@ jobs:
       - name: 🖇️ Dazzle combine
         run: |
           dazzle combine localhost:5000/workspace-base-images --all
-
-  delete-runner:
-    if: always()
-    needs:
-      - create-runner
-      - build
-    uses: gitpod-io/gce-github-runner/.github/workflows/delete-vm.yml@main
-    secrets:
-      gcp_credentials: ${{ secrets.SELF_HOSTED_GITHUB_RUNNER_GCP_CREDENTIALS }}
-    with:
-      runner-label: ${{ needs.create-runner.outputs.label }}
-      machine-zone: ${{ needs.create-runner.outputs.machine-zone }}

.github/workflows/push-main.yml

@@ -6,24 +6,14 @@ on:
       - main
 
 jobs:
-  create-runner:
-    uses: gitpod-io/gce-github-runner/.github/workflows/create-vm.yml@main
-    secrets:
-      runner_token: ${{ secrets.SELF_HOSTED_GITHUB_RUNNER_TOKEN }}
-      gcp_credentials: ${{ secrets.SELF_HOSTED_GITHUB_RUNNER_GCP_CREDENTIALS }}
-    concurrency:
-      group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-create-runner
-      cancel-in-progress: false
-
   # Build images using artifactory as image registry.
   # To implement manual approvals, the workflow uses an Environment.
   #
   # From your GitHub repo click Settings. In the left menu, click Environments.
   # Click New environment, set the name production, and click Configure environment.
   # Check the "Required reviewers" box and enter at least one user or team name.
   sync:
-    runs-on: ${{ needs.create-runner.outputs.label }}
-    needs: create-runner
+    runs-on: ubuntu-latest
     concurrency:
       group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-sync
       cancel-in-progress: true
@@ -199,15 +189,3 @@ jobs:
             --keep-going \
             --dest docker \
             /.github/promote-images.yml "${DH_IMAGE_REGISTRY}/gitpod"
-
-  delete-runner:
-    if: always()
-    needs:
-      - create-runner
-      - sync
-    uses: gitpod-io/gce-github-runner/.github/workflows/delete-vm.yml@main
-    secrets:
-      gcp_credentials: ${{ secrets.SELF_HOSTED_GITHUB_RUNNER_GCP_CREDENTIALS }}
-    with:
-      runner-label: ${{ needs.create-runner.outputs.label }}
-      machine-zone: ${{ needs.create-runner.outputs.machine-zone }}

chunks/tool-vnc/gp-vncsession

@@ -52,7 +52,7 @@ if test ! -e /tmp/.X0-lock; then {
 	# Start vncserver
 	log::info "Starting tigerVNC server on port $VNC_PORT"
 	# vncserver -kill "${DISPLAY}"
-	start_service "$(command -v vncserver)" -geometry "${TIGERVNC_GEOMETRY:-1920x1080}" -SecurityTypes None $DISPLAY
+	start_service "$(command -v vncserver)" -geometry "${TIGERVNC_GEOMETRY:-1920x1080}" -SecurityTypes None "$DISPLAY"
 
 	# Wait
 	log::info "Waiting for the desktop to be fully loaded ..."