harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

chore(workflows): complete migration to Blacksmith cloud runners (#435)

Browse source 
* chore(workflows): complete migration to Blacksmith cloud runners

Migrate remaining workflows from self-hosted axecap runners to Blacksmith:
- docker.yml: publish job
- release.yml: publish job
- security.yml: audit and deny jobs (conditional on push events)

This completes the transition away from self-hosted infrastructure.
Axecap runner registrations (IDs 21, 22) have been removed.

All workflows now use blacksmith-2vcpu-ubuntu-2404 label for consistency.

* Merge branch 'main' into selfhost-blacksmith
This commit is contained in:
Will Sarg 2026-02-16 16:40:13 -05:00 committed by GitHub
parent 98bf7593f5
commit 73763f9864
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 97 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/docker.yml vendored
View file

@ -61,7 +61,7 @@ jobs:
publish: publish:
name: Build and Push Docker Image name: Build and Push Docker Image
if: github.event_name == 'push' if: github.event_name == 'push'
runs-on: [self-hosted, Linux, X64, lxc-ci] runs-on: blacksmith-2vcpu-ubuntu-2404
timeout-minutes: 25 timeout-minutes: 25
permissions: permissions:
contents: read contents: read

188
.github/workflows/release.yml vendored
View file

@ -1,117 +1,117 @@
name: Release name: Release
on: on:
push: push:
tags: ["v*"] tags: ["v*"]
permissions: permissions:
contents: write contents: write
id-token: write # Required for cosign keyless signing via OIDC id-token: write # Required for cosign keyless signing via OIDC
env: env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
jobs: jobs:
build-release: build-release:
name: Build ${{ matrix.target }} name: Build ${{ matrix.target }}
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
timeout-minutes: 40 timeout-minutes: 40
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
target: blacksmith-2vcpu-ubuntu-2404 target: blacksmith-2vcpu-ubuntu-2404
artifact: zeroclaw artifact: zeroclaw
- os: macos-latest - os: macos-latest
target: x86_64-apple-darwin target: x86_64-apple-darwin
artifact: zeroclaw artifact: zeroclaw
- os: macos-latest - os: macos-latest
target: aarch64-apple-darwin target: aarch64-apple-darwin
artifact: zeroclaw artifact: zeroclaw
- os: windows-latest - os: windows-latest
target: x86_64-pc-windows-msvc target: x86_64-pc-windows-msvc
artifact: zeroclaw.exe artifact: zeroclaw.exe
steps: steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
with: with:
targets: ${{ matrix.target }} targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- name: Build release - name: Build release
run: cargo build --release --locked --target ${{ matrix.target }} run: cargo build --release --locked --target ${{ matrix.target }}
- name: Check binary size (Unix) - name: Check binary size (Unix)
if: runner.os != 'Windows' if: runner.os != 'Windows'
run: | run: |
SIZE=$(stat -f%z target/${{ matrix.target }}/release/${{ matrix.artifact }} 2>/dev/null || stat -c%s target/${{ matrix.target }}/release/${{ matrix.artifact }}) SIZE=$(stat -f%z target/${{ matrix.target }}/release/${{ matrix.artifact }} 2>/dev/null || stat -c%s target/${{ matrix.target }}/release/${{ matrix.artifact }})
echo "Binary size: $((SIZE / 1024 / 1024))MB ($SIZE bytes)" echo "Binary size: $((SIZE / 1024 / 1024))MB ($SIZE bytes)"
if [ "$SIZE" -gt 5242880 ]; then if [ "$SIZE" -gt 5242880 ]; then
echo "::warning::Binary exceeds 5MB target" echo "::warning::Binary exceeds 5MB target"
fi fi
- name: Package (Unix) - name: Package (Unix)
if: runner.os != 'Windows' if: runner.os != 'Windows'
run: | run: |
cd target/${{ matrix.target }}/release cd target/${{ matrix.target }}/release
tar czf ../../../zeroclaw-${{ matrix.target }}.tar.gz ${{ matrix.artifact }} tar czf ../../../zeroclaw-${{ matrix.target }}.tar.gz ${{ matrix.artifact }}
- name: Package (Windows) - name: Package (Windows)
if: runner.os == 'Windows' if: runner.os == 'Windows'
run: | run: |
cd target/${{ matrix.target }}/release cd target/${{ matrix.target }}/release
7z a ../../../zeroclaw-${{ matrix.target }}.zip ${{ matrix.artifact }} 7z a ../../../zeroclaw-${{ matrix.target }}.zip ${{ matrix.artifact }}
- name: Upload artifact - name: Upload artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with: with:
name: zeroclaw-${{ matrix.target }} name: zeroclaw-${{ matrix.target }}
path: zeroclaw-${{ matrix.target }}.* path: zeroclaw-${{ matrix.target }}.*
publish: publish:
name: Publish Release name: Publish Release
needs: build-release needs: build-release
runs-on: [self-hosted, Linux, X64, lxc-ci] runs-on: blacksmith-2vcpu-ubuntu-2404
timeout-minutes: 15 timeout-minutes: 15
steps: steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Download all artifacts - name: Download all artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with: with:
path: artifacts path: artifacts
- name: Generate SHA256 checksums - name: Generate SHA256 checksums
run: | run: |
cd artifacts cd artifacts
find . -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + | sed 's| \./[^/]*/| |' > SHA256SUMS find . -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + | sed 's| \./[^/]*/| |' > SHA256SUMS
echo "Generated checksums:" echo "Generated checksums:"
cat SHA256SUMS cat SHA256SUMS
- name: Install cosign - name: Install cosign
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: Sign artifacts with cosign (keyless) - name: Sign artifacts with cosign (keyless)
run: | run: |
for file in artifacts/**/*; do for file in artifacts/**/*; do
[ -f "$file" ] || continue [ -f "$file" ] || continue
cosign sign-blob --yes \ cosign sign-blob --yes \
--oidc-issuer=https://token.actions.githubusercontent.com \ --oidc-issuer=https://token.actions.githubusercontent.com \
--output-signature="${file}.sig" \ --output-signature="${file}.sig" \
--output-certificate="${file}.pem" \ --output-certificate="${file}.pem" \
"$file" "$file"
done done
- name: Create GitHub Release - name: Create GitHub Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
with: with:
generate_release_notes: true generate_release_notes: true
files: | files: |
artifacts/**/* artifacts/**/*
artifacts/SHA256SUMS artifacts/SHA256SUMS
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

4
.github/workflows/security.yml vendored
View file

@ -21,7 +21,7 @@ env:
jobs: jobs:
audit: audit:
name: Security Audit name: Security Audit
runs-on: ${{ github.event_name != 'pull_request' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }} runs-on: ${{ github.event_name != 'pull_request' && 'blacksmith-2vcpu-ubuntu-2404' || 'ubuntu-latest' }}
timeout-minutes: 20 timeout-minutes: 20
steps: steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
@ -37,7 +37,7 @@ jobs:
deny: deny:
name: License & Supply Chain name: License & Supply Chain
runs-on: ${{ github.event_name != 'pull_request' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }} runs-on: ${{ github.event_name != 'pull_request' && 'blacksmith-2vcpu-ubuntu-2404' || 'ubuntu-latest' }}
timeout-minutes: 20 timeout-minutes: 20
steps: steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4