harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

chore(workflows): complete migration to Blacksmith cloud runners (#435)

Browse source 
* chore(workflows): complete migration to Blacksmith cloud runners

Migrate remaining workflows from self-hosted axecap runners to Blacksmith:
- docker.yml: publish job
- release.yml: publish job
- security.yml: audit and deny jobs (conditional on push events)

This completes the transition away from self-hosted infrastructure.
Axecap runner registrations (IDs 21, 22) have been removed.

All workflows now use blacksmith-2vcpu-ubuntu-2404 label for consistency.

* Merge branch 'main' into selfhost-blacksmith
This commit is contained in:
Will Sarg 2026-02-16 16:40:13 -05:00 committed by GitHub
parent 98bf7593f5
commit 73763f9864
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 97 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/docker.yml vendored
View file

@ -61,7 +61,7 @@ jobs:
publish:
name: Build and Push Docker Image
if: github.event_name == 'push'
runs-on: [self-hosted, Linux, X64, lxc-ci]
runs-on: blacksmith-2vcpu-ubuntu-2404
timeout-minutes: 25
permissions:
contents: read

188
.github/workflows/release.yml vendored
View file

@ -1,117 +1,117 @@
name: Release
on:
push:
tags: ["v*"]
push:
tags: ["v*"]
permissions:
contents: write
id-token: write # Required for cosign keyless signing via OIDC
contents: write
id-token: write # Required for cosign keyless signing via OIDC
env:
CARGO_TERM_COLOR: always
CARGO_TERM_COLOR: always
jobs:
build-release:
name: Build ${{ matrix.target }}
runs-on: ${{ matrix.os }}
timeout-minutes: 40
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
target: blacksmith-2vcpu-ubuntu-2404
artifact: zeroclaw
- os: macos-latest
target: x86_64-apple-darwin
artifact: zeroclaw
- os: macos-latest
target: aarch64-apple-darwin
artifact: zeroclaw
- os: windows-latest
target: x86_64-pc-windows-msvc
artifact: zeroclaw.exe
build-release:
name: Build ${{ matrix.target }}
runs-on: ${{ matrix.os }}
timeout-minutes: 40
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
target: blacksmith-2vcpu-ubuntu-2404
artifact: zeroclaw
- os: macos-latest
target: x86_64-apple-darwin
artifact: zeroclaw
- os: macos-latest
target: aarch64-apple-darwin
artifact: zeroclaw
- os: windows-latest
target: x86_64-pc-windows-msvc
artifact: zeroclaw.exe
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
with:
targets: ${{ matrix.target }}
- uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- name: Build release
run: cargo build --release --locked --target ${{ matrix.target }}
- name: Build release
run: cargo build --release --locked --target ${{ matrix.target }}
- name: Check binary size (Unix)
if: runner.os != 'Windows'
run: |
SIZE=$(stat -f%z target/${{ matrix.target }}/release/${{ matrix.artifact }} 2>/dev/null || stat -c%s target/${{ matrix.target }}/release/${{ matrix.artifact }})
echo "Binary size: $((SIZE / 1024 / 1024))MB ($SIZE bytes)"
if [ "$SIZE" -gt 5242880 ]; then
echo "::warning::Binary exceeds 5MB target"
fi
- name: Check binary size (Unix)
if: runner.os != 'Windows'
run: |
SIZE=$(stat -f%z target/${{ matrix.target }}/release/${{ matrix.artifact }} 2>/dev/null || stat -c%s target/${{ matrix.target }}/release/${{ matrix.artifact }})
echo "Binary size: $((SIZE / 1024 / 1024))MB ($SIZE bytes)"
if [ "$SIZE" -gt 5242880 ]; then
echo "::warning::Binary exceeds 5MB target"
fi
- name: Package (Unix)
if: runner.os != 'Windows'
run: |
cd target/${{ matrix.target }}/release
tar czf ../../../zeroclaw-${{ matrix.target }}.tar.gz ${{ matrix.artifact }}
- name: Package (Unix)
if: runner.os != 'Windows'
run: |
cd target/${{ matrix.target }}/release
tar czf ../../../zeroclaw-${{ matrix.target }}.tar.gz ${{ matrix.artifact }}
- name: Package (Windows)
if: runner.os == 'Windows'
run: |
cd target/${{ matrix.target }}/release
7z a ../../../zeroclaw-${{ matrix.target }}.zip ${{ matrix.artifact }}
- name: Package (Windows)
if: runner.os == 'Windows'
run: |
cd target/${{ matrix.target }}/release
7z a ../../../zeroclaw-${{ matrix.target }}.zip ${{ matrix.artifact }}
- name: Upload artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: zeroclaw-${{ matrix.target }}
path: zeroclaw-${{ matrix.target }}.*
- name: Upload artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: zeroclaw-${{ matrix.target }}
path: zeroclaw-${{ matrix.target }}.*
publish:
name: Publish Release
needs: build-release
runs-on: [self-hosted, Linux, X64, lxc-ci]
timeout-minutes: 15
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
publish:
name: Publish Release
needs: build-release
runs-on: blacksmith-2vcpu-ubuntu-2404
timeout-minutes: 15
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Download all artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
path: artifacts
- name: Download all artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
path: artifacts
- name: Generate SHA256 checksums
run: |
cd artifacts
find . -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + | sed 's| \./[^/]*/| |' > SHA256SUMS
echo "Generated checksums:"
cat SHA256SUMS
- name: Generate SHA256 checksums
run: |
cd artifacts
find . -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + | sed 's| \./[^/]*/| |' > SHA256SUMS
echo "Generated checksums:"
cat SHA256SUMS
- name: Install cosign
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: Install cosign
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: Sign artifacts with cosign (keyless)
run: |
for file in artifacts/**/*; do
[ -f "$file" ] || continue
cosign sign-blob --yes \
--oidc-issuer=https://token.actions.githubusercontent.com \
--output-signature="${file}.sig" \
--output-certificate="${file}.pem" \
"$file"
done
- name: Sign artifacts with cosign (keyless)
run: |
for file in artifacts/**/*; do
[ -f "$file" ] || continue
cosign sign-blob --yes \
--oidc-issuer=https://token.actions.githubusercontent.com \
--output-signature="${file}.sig" \
--output-certificate="${file}.pem" \
"$file"
done
- name: Create GitHub Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
with:
generate_release_notes: true
files: |
artifacts/**/*
artifacts/SHA256SUMS
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create GitHub Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
with:
generate_release_notes: true
files: |
artifacts/**/*
artifacts/SHA256SUMS
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

4
.github/workflows/security.yml vendored
View file

@ -21,7 +21,7 @@ env:
jobs:
audit:
name: Security Audit
runs-on: ${{ github.event_name != 'pull_request' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }}
runs-on: ${{ github.event_name != 'pull_request' && 'blacksmith-2vcpu-ubuntu-2404' || 'ubuntu-latest' }}
timeout-minutes: 20
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
@ -37,7 +37,7 @@ jobs:
deny:
name: License & Supply Chain
runs-on: ${{ github.event_name != 'pull_request' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }}
runs-on: ${{ github.event_name != 'pull_request' && 'blacksmith-2vcpu-ubuntu-2404' || 'ubuntu-latest' }}
timeout-minutes: 20
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4