ci: route trusted security and workflow checks to self-hosted (#370)

2026-02-16 10:58:45 -05:00 · 2026-02-16 10:58:45 -05:00 · a7d19b332e
commit a7d19b332e
parent 8e23cbc596
2 changed files with 4 additions and 4 deletions
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -21,7 +21,7 @@ env:
 jobs:
    audit:
        name: Security Audit
-        runs-on: ubuntu-latest
+        runs-on: ${{ github.event_name != 'pull_request' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }}
        timeout-minutes: 20
        steps:
            - uses: actions/checkout@v4
@ -37,7 +37,7 @@ jobs:
    deny:
        name: License & Supply Chain
-        runs-on: ubuntu-latest
+        runs-on: ${{ github.event_name != 'pull_request' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }}
        timeout-minutes: 20
        steps:
            - uses: actions/checkout@v4
--- a/.github/workflows/workflow-sanity.yml
+++ b/.github/workflows/workflow-sanity.yml
@ -22,7 +22,7 @@ permissions:
 jobs:
  no-tabs:
-    runs-on: ubuntu-latest
+    runs-on: ${{ github.event_name == 'push' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }}
    timeout-minutes: 10
    steps:
      - name: Checkout
@ -55,7 +55,7 @@ jobs:
          PY
  actionlint:
-    runs-on: ubuntu-latest
+    runs-on: ${{ github.event_name == 'push' && fromJSON('["self-hosted","Linux","X64","lxc-ci"]') || 'ubuntu-latest' }}
    timeout-minutes: 10
    steps:
      - name: Checkout