From 2ce7afc86f5b276e1481064d82ac3623f73e43c4 Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 11:22:16 +0100 Subject: [PATCH 1/9] chore(ci): switch code quality to blacksmith --- .github/workflows/code-quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 6fd2f73b4ab..2e6fc8ab38e 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -8,7 +8,7 @@ permissions: jobs: code-quality: - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo From 181fc110fe54fe1b8013b3b4dccb24a65190e8e9 Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 11:34:14 +0100 Subject: [PATCH 2/9] add blacksmith to actionlint --- .github/actionlint.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/actionlint.yaml diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 00000000000..b014e60948b --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,9 @@ +# Configuration for actionlint. +# +# Blacksmith runners are self-hosted runners from GitHub Actions' perspective, so +# actionlint needs to be told that these custom runner labels are valid. +self-hosted-runner: + labels: + - blacksmith-*-ubuntu-* + - blacksmith-*-windows-* + - blacksmith-*-macos-* From 2a5a8f465c12477ee5867ca07bbd65abfe629611 Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 11:36:50 +0100 Subject: [PATCH 3/9] small change --- .github/workflows/pr_checks.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index 1fb3a47a45c..fbebfb0f3f8 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -48,6 +48,7 @@ jobs: typecheck_self: - '.github/workflows/pr_checks.yml' - '.github/workflows/typecheck.yml' + - '.github/workflows/code-quality.yml' webapp: - 'apps/webapp/**' - 'packages/**' From d7dae6d22ed15bf623fc2561f98a33ddfed61fdf Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 11:39:52 +0100 Subject: [PATCH 4/9] always code quality --- .github/workflows/pr_checks.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index fbebfb0f3f8..4dce7311e9d 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -104,8 +104,6 @@ jobs: - 'turbo.json' code-quality: - needs: changes - if: needs.changes.outputs.code == 'true' uses: ./.github/workflows/code-quality.yml typecheck: From 3c51bcc4f08e9f66d46e9fe298d97ac7de01087f Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 11:47:03 +0100 Subject: [PATCH 5/9] more on blacksmith --- .github/workflows/e2e-webapp.yml | 2 +- .github/workflows/e2e.yml | 2 +- .github/workflows/pr_checks.yml | 4 ++-- .github/workflows/sdk-compat.yml | 8 ++++---- .github/workflows/typecheck.yml | 2 +- .github/workflows/unit-tests-internal.yml | 4 ++-- .github/workflows/unit-tests-packages.yml | 4 ++-- .github/workflows/unit-tests-webapp.yml | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/e2e-webapp.yml b/.github/workflows/e2e-webapp.yml index f306a86cd28..f5eafe5e380 100644 --- a/.github/workflows/e2e-webapp.yml +++ b/.github/workflows/e2e-webapp.yml @@ -14,7 +14,7 @@ on: jobs: e2eTests: name: "🧪 E2E Tests: Webapp" - runs-on: ubuntu-latest + runs-on: blacksmith-8vcpu-ubuntu-2404 timeout-minutes: 20 env: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index a70f0400e0a..95ee9368d9c 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest] + os: [blacksmith-4vcpu-ubuntu-2404, blacksmith-4vcpu-windows-2025] package-manager: ["npm", "pnpm"] steps: - name: ⬇️ Checkout repo diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index 4dce7311e9d..be0f0773d29 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -15,7 +15,7 @@ permissions: jobs: changes: name: Detect changes - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 outputs: code: ${{ steps.code_filter.outputs.code }} typecheck_self: ${{ steps.filter.outputs.typecheck_self }} @@ -168,7 +168,7 @@ jobs: - e2e - sdk-compat if: always() - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: Verify all checks run: | diff --git a/.github/workflows/sdk-compat.yml b/.github/workflows/sdk-compat.yml index 1510af23181..e8cd6659d66 100644 --- a/.github/workflows/sdk-compat.yml +++ b/.github/workflows/sdk-compat.yml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest] + os: [blacksmith-4vcpu-ubuntu-2404] node: ["20.20", "22.12"] steps: @@ -54,7 +54,7 @@ jobs: bun-compat: name: "Bun Runtime" - runs-on: ubuntu-latest + runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -96,7 +96,7 @@ jobs: deno-compat: name: "Deno Runtime" - runs-on: ubuntu-latest + runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -142,7 +142,7 @@ jobs: cloudflare-compat: name: "Cloudflare Workers" - runs-on: ubuntu-latest + runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml index 91ec46f3a9a..63a9144bac9 100644 --- a/.github/workflows/typecheck.yml +++ b/.github/workflows/typecheck.yml @@ -8,7 +8,7 @@ permissions: jobs: typecheck: - runs-on: ubuntu-latest + runs-on: blacksmith-8vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo diff --git a/.github/workflows/unit-tests-internal.yml b/.github/workflows/unit-tests-internal.yml index 5a0e5622159..b31cc08ba06 100644 --- a/.github/workflows/unit-tests-internal.yml +++ b/.github/workflows/unit-tests-internal.yml @@ -14,7 +14,7 @@ on: jobs: unitTests: name: "🧪 Unit Tests: Internal" - runs-on: ubuntu-latest + runs-on: blacksmith-8vcpu-ubuntu-2404 strategy: # one flaky shard shouldn't cancel its siblings - lets us re-run only the failed shard fail-fast: false @@ -130,7 +130,7 @@ jobs: name: "📊 Merge Reports" if: ${{ !cancelled() }} needs: [unitTests] - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/unit-tests-packages.yml b/.github/workflows/unit-tests-packages.yml index 1102864c454..8ffb72af237 100644 --- a/.github/workflows/unit-tests-packages.yml +++ b/.github/workflows/unit-tests-packages.yml @@ -14,7 +14,7 @@ on: jobs: unitTests: name: "🧪 Unit Tests: Packages" - runs-on: ubuntu-latest + runs-on: blacksmith-4vcpu-ubuntu-2404 strategy: # one flaky shard shouldn't cancel its siblings - lets us re-run only the failed shard fail-fast: false @@ -130,7 +130,7 @@ jobs: name: "📊 Merge Reports" if: ${{ !cancelled() }} needs: [unitTests] - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/unit-tests-webapp.yml b/.github/workflows/unit-tests-webapp.yml index 8566014c49d..b0e9b0fb4dc 100644 --- a/.github/workflows/unit-tests-webapp.yml +++ b/.github/workflows/unit-tests-webapp.yml @@ -14,7 +14,7 @@ on: jobs: unitTests: name: "🧪 Unit Tests: Webapp" - runs-on: ubuntu-latest + runs-on: blacksmith-8vcpu-ubuntu-2404 strategy: # one flaky shard shouldn't cancel its siblings - lets us re-run only the failed shard fail-fast: false @@ -139,7 +139,7 @@ jobs: name: "📊 Merge Reports" if: ${{ !cancelled() }} needs: [unitTests] - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: ⬇️ Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From e4abf486c1e30421b5cbb0cfdb25e0536c4bbbd2 Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 12:25:09 +0100 Subject: [PATCH 6/9] add more blacksmith --- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-webapp-auth-full.yml | 2 +- .github/workflows/helm-prerelease.yml | 4 ++-- .github/workflows/pr_checks.yml | 4 ++-- .github/workflows/workflow-checks.yml | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 0cac7c8595f..a150833d508 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ permissions: jobs: check-broken-links: - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 defaults: run: working-directory: ./docs diff --git a/.github/workflows/e2e-webapp-auth-full.yml b/.github/workflows/e2e-webapp-auth-full.yml index de9d66c07e9..f92d6a78865 100644 --- a/.github/workflows/e2e-webapp-auth-full.yml +++ b/.github/workflows/e2e-webapp-auth-full.yml @@ -37,7 +37,7 @@ on: jobs: e2eAuthFull: name: "🛡️ E2E Auth Tests (full)" - runs-on: ubuntu-latest + runs-on: blacksmith-8vcpu-ubuntu-2404 timeout-minutes: 30 env: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} diff --git a/.github/workflows/helm-prerelease.yml b/.github/workflows/helm-prerelease.yml index afdb26fb6a2..b806d9396e5 100644 --- a/.github/workflows/helm-prerelease.yml +++ b/.github/workflows/helm-prerelease.yml @@ -28,7 +28,7 @@ env: jobs: lint-and-test: - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 permissions: contents: read steps: @@ -77,7 +77,7 @@ jobs: ((github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) || github.event_name == 'push' || github.event_name == 'workflow_dispatch') - runs-on: ubuntu-latest + runs-on: blacksmith-4vcpu-ubuntu-2404 permissions: contents: read packages: write diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index be0f0773d29..4dce7311e9d 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -15,7 +15,7 @@ permissions: jobs: changes: name: Detect changes - runs-on: blacksmith-2vcpu-ubuntu-2404 + runs-on: ubuntu-latest outputs: code: ${{ steps.code_filter.outputs.code }} typecheck_self: ${{ steps.filter.outputs.typecheck_self }} @@ -168,7 +168,7 @@ jobs: - e2e - sdk-compat if: always() - runs-on: blacksmith-2vcpu-ubuntu-2404 + runs-on: ubuntu-latest steps: - name: Verify all checks run: | diff --git a/.github/workflows/workflow-checks.yml b/.github/workflows/workflow-checks.yml index 62406671fc5..cacd74ad304 100644 --- a/.github/workflows/workflow-checks.yml +++ b/.github/workflows/workflow-checks.yml @@ -22,7 +22,7 @@ concurrency: jobs: actionlint: name: Actionlint - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 permissions: contents: read steps: @@ -41,7 +41,7 @@ jobs: # variable to 'false' to skip this job where code scanning isn't available; # leave it unset (the default) to run the scan. if: ${{ vars.ENABLE_WORKFLOW_SECURITY_SCAN != 'false' }} - runs-on: ubuntu-latest + runs-on: blacksmith-2vcpu-ubuntu-2404 permissions: security-events: write # Upload SARIF to GitHub Security tab contents: read # Read workflow files for analysis From 9fc324caa7f5a75b0259b72df63b6917ce4c114e Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 12:25:17 +0100 Subject: [PATCH 7/9] revert these: trigger more ci --- docs/.blacksmith-ci-test | 0 hosting/k8s/helm/.blacksmith-ci-test | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/.blacksmith-ci-test create mode 100644 hosting/k8s/helm/.blacksmith-ci-test diff --git a/docs/.blacksmith-ci-test b/docs/.blacksmith-ci-test new file mode 100644 index 00000000000..e69de29bb2d diff --git a/hosting/k8s/helm/.blacksmith-ci-test b/hosting/k8s/helm/.blacksmith-ci-test new file mode 100644 index 00000000000..e69de29bb2d From d2b2507b03c459581b17c2274ed6adc134f89c70 Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 12:28:24 +0100 Subject: [PATCH 8/9] Revert "revert these: trigger more ci" This reverts commit 9fc324caa7f5a75b0259b72df63b6917ce4c114e. --- docs/.blacksmith-ci-test | 0 hosting/k8s/helm/.blacksmith-ci-test | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 docs/.blacksmith-ci-test delete mode 100644 hosting/k8s/helm/.blacksmith-ci-test diff --git a/docs/.blacksmith-ci-test b/docs/.blacksmith-ci-test deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/hosting/k8s/helm/.blacksmith-ci-test b/hosting/k8s/helm/.blacksmith-ci-test deleted file mode 100644 index e69de29bb2d..00000000000 From 04f4a82339f5cff6ef7b53cfe86e8dea3993e581 Mon Sep 17 00:00:00 2001 From: Chris Arderne Date: Mon, 29 Jun 2026 12:34:55 +0100 Subject: [PATCH 9/9] add actionlint to workflow-checks.yml --- .github/workflows/workflow-checks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/workflow-checks.yml b/.github/workflows/workflow-checks.yml index cacd74ad304..ebd963497ce 100644 --- a/.github/workflows/workflow-checks.yml +++ b/.github/workflows/workflow-checks.yml @@ -7,11 +7,13 @@ on: - ".github/workflows/**" - ".github/actions/**" - ".github/zizmor.yml" + - ".github/actionlint.yaml" pull_request: paths: - ".github/workflows/**" - ".github/actions/**" - ".github/zizmor.yml" + - ".github/actionlint.yaml" permissions: {}