From ca1be95ac301f1935330efd6132761980f7a1919 Mon Sep 17 00:00:00 2001 From: Ralf Anton Beier Date: Sun, 3 May 2026 19:48:35 +0200 Subject: [PATCH] ci: migrate 15 of 20 ci.yml jobs to smithy self-hosted runners rust-cpu coverage, multi-version-testing, validate-framework-fast, stdio-integration-tests, python-sdk-compatibility, external-validator-integration, benchmark-validation, validate-release, quick-validation, validation-specific-tests, compatibility-check, validate-external-servers light changes, pr-report, update-compatibility-matrix Stays on ubuntu-latest: - build-validation-image docker buildx + GHCR push, podman-docker shim untested - validate-in-container pulls + runs container image - validate-framework matrix spans macOS + Windows - security-validation cargo audit; smithy's pinned cargo-audit (0.21.x) rejects CVSS 4.0 - cross-platform-validation matrix spans macOS + Windows Workaround applied: Two jobs (quick-validation, coverage) had a "Free up disk space" step that runs `sudo rm -rf` on hosted-only paths (/usr/share/dotnet, etc.). Smithy redirects TMPDIR to a 500 G volume so the cleanup is unnecessary and would fail (no sudo). Gated with `if: runner.environment == 'github-hosted'` so the step still runs when CI falls back to hosted. --- .github/workflows/code-coverage.yml | 4 +++- .github/workflows/docker-validation.yml | 4 +++- .github/workflows/external-validation.yml | 13 ++++++++----- .github/workflows/pr-validation.yml | 12 +++++++----- .github/workflows/release-validation.yml | 3 ++- .github/workflows/scheduled-validation.yml | 4 ++-- 6 files changed, 25 insertions(+), 15 deletions(-) diff --git a/.github/workflows/code-coverage.yml b/.github/workflows/code-coverage.yml index 4c6def2c..988813d1 100644 --- a/.github/workflows/code-coverage.yml +++ b/.github/workflows/code-coverage.yml @@ -23,7 +23,7 @@ env: jobs: coverage: name: Code Coverage - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] permissions: contents: read pull-requests: write @@ -49,6 +49,8 @@ jobs: uses: taiki-e/install-action@cargo-llvm-cov - name: Free up disk space + # Only needed on github-hosted; smithy redirects TMPDIR to a 500G volume. + if: runner.environment == 'github-hosted' run: | # Remove unnecessary tools and files to free up ~10GB sudo rm -rf /usr/share/dotnet diff --git a/.github/workflows/docker-validation.yml b/.github/workflows/docker-validation.yml index 318c4d3b..4288c667 100644 --- a/.github/workflows/docker-validation.yml +++ b/.github/workflows/docker-validation.yml @@ -14,6 +14,7 @@ env: jobs: build-validation-image: name: Build Validation Docker Image + # Stays on ubuntu-latest: docker buildx + GHCR push; smithy's podman-docker shim is untested for this. runs-on: ubuntu-latest permissions: contents: read @@ -68,6 +69,7 @@ jobs: validate-in-container: name: Run Validation in Container needs: build-validation-image + # Stays on ubuntu-latest: pulls + runs a container image; smithy podman-docker shim is untested. runs-on: ubuntu-latest if: success() @@ -102,7 +104,7 @@ jobs: multi-version-testing: name: Multi-Version Protocol Testing - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] strategy: matrix: protocol_version: ["2024-11-05", "2025-03-26"] diff --git a/.github/workflows/external-validation.yml b/.github/workflows/external-validation.yml index c59cbfc9..3b788764 100644 --- a/.github/workflows/external-validation.yml +++ b/.github/workflows/external-validation.yml @@ -33,7 +33,7 @@ jobs: # Fast validation for PRs - Ubuntu only validate-framework-fast: name: Fast Framework Validation - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] timeout-minutes: 25 if: github.event_name == 'pull_request' @@ -86,6 +86,7 @@ jobs: # Full cross-platform validation for main branch and scheduled runs validate-framework: name: Full Framework Validation + # Stays on ubuntu-latest/macos-latest/windows-latest: matrix spans macOS + Windows; smithy is Linux-only. runs-on: ${{ matrix.os }} timeout-minutes: 35 if: github.event_name != 'pull_request' @@ -270,7 +271,7 @@ jobs: stdio-integration-tests: name: Stdio + Inspector Integration Tests - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] timeout-minutes: 20 if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' @@ -354,7 +355,7 @@ jobs: python-sdk-compatibility: name: Python SDK Compatibility - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] timeout-minutes: 15 if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main' @@ -392,7 +393,7 @@ jobs: external-validator-integration: name: External Validator Integration - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] timeout-minutes: 20 if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' @@ -432,6 +433,8 @@ jobs: security-validation: name: Security Validation + # Stays on ubuntu-latest: runs cargo audit; smithy's pinned cargo-audit (0.21.x) rejects CVSS 4.0 + # advisories (e.g. RUSTSEC-2026-0037). Move once smithy bumps cargo-audit to >=0.22.1. runs-on: ubuntu-latest timeout-minutes: 15 if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main' @@ -461,7 +464,7 @@ jobs: benchmark-validation: name: Performance Benchmarks - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] timeout-minutes: 25 if: github.event_name == 'push' && github.ref == 'refs/heads/main' diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 011708ed..0a0f0f84 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -21,7 +21,7 @@ env: jobs: changes: name: Detect Changes - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] outputs: validation: ${{ steps.filter.outputs.validation }} core: ${{ steps.filter.outputs.core }} @@ -40,7 +40,7 @@ jobs: quick-validation: name: Quick PR Validation - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] needs: changes steps: @@ -62,6 +62,8 @@ jobs: echo "Rustfmt version: $(cargo fmt --version)" - name: Free up disk space + # Only needed on github-hosted; smithy redirects TMPDIR to a 500G volume. + if: runner.environment == 'github-hosted' run: | # Remove unnecessary tools and files to free up ~10GB sudo rm -rf /usr/share/dotnet @@ -142,7 +144,7 @@ jobs: validation-specific-tests: name: Validation Framework Tests - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] needs: changes if: needs.changes.outputs.validation == 'true' @@ -180,7 +182,7 @@ jobs: compatibility-check: name: Compatibility Check - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] needs: changes if: needs.changes.outputs.core == 'true' @@ -205,7 +207,7 @@ jobs: pr-report: name: Generate PR Report - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] needs: [quick-validation, validation-specific-tests, compatibility-check] if: always() diff --git a/.github/workflows/release-validation.yml b/.github/workflows/release-validation.yml index ccf85d91..62093871 100644 --- a/.github/workflows/release-validation.yml +++ b/.github/workflows/release-validation.yml @@ -20,7 +20,7 @@ permissions: jobs: validate-release: name: Validate Release - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] steps: - name: Checkout code @@ -118,6 +118,7 @@ jobs: cross-platform-validation: name: Cross-Platform Release Validation + # Stays on ubuntu-latest/macos-latest/windows-latest: matrix spans macOS + Windows; smithy is Linux-only. runs-on: ${{ matrix.os }} strategy: matrix: diff --git a/.github/workflows/scheduled-validation.yml b/.github/workflows/scheduled-validation.yml index 34dd7fd1..bc9d4ed2 100644 --- a/.github/workflows/scheduled-validation.yml +++ b/.github/workflows/scheduled-validation.yml @@ -26,7 +26,7 @@ permissions: jobs: validate-external-servers: name: Validate External MCP Servers - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, rust-cpu] steps: - name: Checkout code @@ -148,7 +148,7 @@ jobs: update-compatibility-matrix: name: Update Compatibility Matrix - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64, light] needs: validate-external-servers steps: