migrate to runs-on runners

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-17 08:23:15 +01:00 · 2025-11-07 17:49:39 -05:00 · 2025-11-07 17:49:39 -05:00 · 178d38bc73
commit 178d38bc73
parent 78a4ab8ced
13 changed files with 43 additions and 31 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -20,7 +20,8 @@ permissions:
 jobs:
  analyze:
    name: Analyze
-    runs-on: ubuntu-22.04-4core-16gb
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    if: github.repository == 'anchore/syft' # only run for main repo
    permissions:
      security-events: write
--- a/.github/workflows/dependabot-automation.yaml
+++ b/.github/workflows/dependabot-automation.yaml
@ -7,4 +7,5 @@ permissions:

 jobs:
  run:
+    # Runner definition: workflows/.github/runs-on.yml
    uses: anchore/workflows/.github/workflows/dependabot-automation.yaml@main
--- a/.github/workflows/detect-schema-changes.yaml
+++ b/.github/workflows/detect-schema-changes.yaml
@ -27,7 +27,8 @@ env:
 jobs:
  label:
    name: "Label changes"
-    runs-on: ubuntu-22.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/oss-project-board-add.yaml
+++ b/.github/workflows/oss-project-board-add.yaml
@ -13,6 +13,7 @@ on:

 jobs:
  run:
+    # Runner definition: workflows/.github/runs-on.yml
    uses: "anchore/workflows/.github/workflows/oss-project-board-add.yaml@main"
    secrets:
      token: ${{ secrets.OSS_PROJECT_GH_TOKEN }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -13,7 +13,8 @@ on:
 jobs:
  quality-gate:
    environment: release
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=tiny
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -119,7 +120,8 @@ jobs:

  release:
    needs: [quality-gate]
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=release
    permissions:
      contents: write
      packages: write
@ -190,6 +192,7 @@ jobs:
  release-install-script:
    needs: [release]
    if: ${{ needs.release.result == 'success' }}
+    # Runner definition: workflows/.github/runs-on.yml
    uses: "anchore/workflows/.github/workflows/release-install-script.yaml@main"
    with:
      tag: ${{ github.event.inputs.version }}
--- a/.github/workflows/remove-awaiting-response-label.yaml
+++ b/.github/workflows/remove-awaiting-response-label.yaml
@ -10,6 +10,7 @@ jobs:
      contents: read
      issues: write
      pull-requests: write
+    # Runner definition: workflows/.github/runs-on.yml
    uses: "anchore/workflows/.github/workflows/remove-awaiting-response-label.yaml@main"
    secrets:
      token: ${{ secrets.OSS_PROJECT_GH_TOKEN }}
--- a/.github/workflows/test-fixture-cache-publish.yaml
+++ b/.github/workflows/test-fixture-cache-publish.yaml
@ -14,7 +14,8 @@ jobs:
  Publish:
    name: "Publish test fixture image cache"
    # we use this runner to get enough storage space for docker images and fixture cache
-    runs-on: ubuntu-22.04-4core-16gb
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=release
    if: github.repository == 'anchore/syft' # only run for main repo
    permissions:
      packages: write
--- a/.github/workflows/update-anchore-dependencies.yml
+++ b/.github/workflows/update-anchore-dependencies.yml
@ -12,7 +12,8 @@ permissions:

 jobs:
  update:
-    runs-on: ubuntu-latest
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    if: github.repository_owner == 'anchore' # only run for main repo (not forks)
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
--- a/.github/workflows/update-bootstrap-tools.yml
+++ b/.github/workflows/update-bootstrap-tools.yml
@ -10,7 +10,8 @@ permissions:

 jobs:
  update-bootstrap-tools:
-    runs-on: ubuntu-latest
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small
    if: github.repository == 'anchore/syft' # only run for main repo
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
--- a/.github/workflows/update-cpe-dictionary-index.yml
+++ b/.github/workflows/update-cpe-dictionary-index.yml
@ -13,7 +13,8 @@ env:

 jobs:
  upgrade-cpe-dictionary-index:
-    runs-on: ubuntu-latest
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    permissions:
      contents: read
      packages: write
--- a/.github/workflows/update-spdx-license-list.yaml
+++ b/.github/workflows/update-spdx-license-list.yaml
@ -13,7 +13,8 @@ env:

 jobs:
  upgrade-spdx-license-list:
-    runs-on: ubuntu-latest
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    if: github.repository == 'anchore/syft' # only run for main repo
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
--- a/.github/workflows/validate-github-actions.yaml
+++ b/.github/workflows/validate-github-actions.yaml
@ -18,7 +18,8 @@ permissions:
 jobs:
  zizmor:
    name: "Lint"
-    runs-on: ubuntu-latest
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    permissions:
      contents: read
      security-events: write  # for uploading SARIF results
--- a/.github/workflows/validations.yaml
+++ b/.github/workflows/validations.yaml
@ -11,11 +11,11 @@ permissions:
  contents: read

 jobs:
-
  Static-Analysis:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Static analysis"
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -27,12 +27,12 @@ jobs:
      - name: Run static analysis
        run: make static-analysis

-
  Unit-Test:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Unit tests"
    # we need more storage than what's on the default runner
-    runs-on: ubuntu-22.04-4core-16gb
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -46,11 +46,11 @@ jobs:
      - name: Run unit tests
        run: make unit

-
  Integration-Test:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Integration tests"
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -67,10 +67,10 @@ jobs:
      - name: Run integration tests
        run: make integration

-
  Build-Snapshot-Artifacts:
    name: "Build snapshot artifacts"
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=build
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -100,12 +100,11 @@ jobs:
            .task
          key: snapshot-build-${{ github.run_id }}

-
  Upload-Snapshot-Artifacts:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Upload snapshot artifacts"
    needs: [Build-Snapshot-Artifacts]
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest-arm
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -162,7 +161,8 @@ jobs:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Acceptance tests (Linux)"
    needs: [Build-Snapshot-Artifacts]
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -202,7 +202,6 @@ jobs:
        if: steps.install-test-image-cache.outputs.cache-hit != 'true'
        run: make install-test-cache-save

-
  Acceptance-Mac:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "Acceptance tests (Mac)"
@ -244,12 +243,12 @@ jobs:
      - name: Run install.sh tests (Mac)
        run: make install-test-ci-mac

-
  Cli-Linux:
    # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
    name: "CLI tests (Linux)"
    needs: [Build-Snapshot-Artifacts]
-    runs-on: ubuntu-24.04
+    # Runner definition: workflows/.github/runs-on.yml
+    runs-on: runs-on=${{ github.run_id }}/runner=small-arm
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
@ -278,11 +277,10 @@ jobs:
      - name: Run CLI Tests (Linux)
        run: make cli

-
  Cleanup-Cache:
    name: "Cleanup snapshot cache"
    if: github.event.pull_request.head.repo.full_name == github.repository
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest-arm
    permissions:
      actions: write
    needs: