chore(ci): migrate all workflows to self-hosted k3s runners

mohsin-wiser · claude · mohsin-wiser · commit ac74a1e3c2c4 · 2026-02-03T01:31:05.000-05:00
Update all GitHub Actions workflows to use k3s-simpleaccounts-runners
instead of ubuntu-latest for improved performance and cost efficiency.

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -21,7 +21,7 @@ env:
 jobs:
   lint-format:
     name: Lint and Format
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 15
     permissions:
       contents: read
@@ -85,7 +85,7 @@ jobs:
   # Stage 1: Lint and Unit Tests (fail-fast)
   test-backend:
     name: Backend Tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 25
     permissions:
       contents: read
@@ -128,7 +128,7 @@ jobs:
 
   test-frontend-unit:
     name: Frontend Unit Tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 25
     permissions:
       contents: read
@@ -175,7 +175,7 @@ jobs:
   build-frontend:
     name: Build Frontend
     needs: test-frontend-unit
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 25
     permissions:
       contents: read
@@ -220,7 +220,7 @@ jobs:
   build-backend:
     name: Build Backend
     needs: test-backend
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 25
     permissions:
       contents: read
@@ -257,7 +257,7 @@ jobs:
   test-e2e:
     name: E2E Tests
     needs: [build-frontend, build-backend]
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     if: github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/master'
     timeout-minutes: 45
     permissions:
diff --git a/.github/workflows/coder-template-push.yml b/.github/workflows/coder-template-push.yml
@@ -16,7 +16,7 @@ permissions:
 jobs:
   deploy-template:
     name: Push Template to Coder
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
 
     steps:
       - name: Checkout code
diff --git a/.github/workflows/devcontainer-prebuild.yml b/.github/workflows/devcontainer-prebuild.yml
@@ -23,7 +23,7 @@ env:
 
 jobs:
   build-and-push:
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
       packages: write
diff --git a/.github/workflows/flaky-test-tracker.yml b/.github/workflows/flaky-test-tracker.yml
@@ -13,7 +13,7 @@ on:
 jobs:
   analyze-flakiness:
     name: Analyze Test Flakiness
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
       issues: write
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -20,7 +20,7 @@ permissions:
 jobs:
   gitleaks:
     name: Gitleaks
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 10
 
     steps:
diff --git a/.github/workflows/matrix-tests.yml b/.github/workflows/matrix-tests.yml
@@ -33,7 +33,7 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
+          - os: k3s-simpleaccounts-runners
             java: '21'
             experimental: false
           - os: windows-latest
@@ -65,7 +65,7 @@ jobs:
 
   frontend:
     name: Frontend Unit Tests (Matrix)
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 40
     continue-on-error: ${{ matrix.experimental }}
     strategy:
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -28,7 +28,7 @@ jobs:
   # Stage 1: Unit Tests (quick validation)
   unit-tests:
     name: Unit Tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
     outputs:
@@ -94,7 +94,7 @@ jobs:
   e2e-tests:
     name: E2E Tests (Full Suite)
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
 
@@ -139,7 +139,7 @@ jobs:
   visual-regression:
     name: Visual Regression
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
 
@@ -180,7 +180,7 @@ jobs:
   contract-tests:
     name: Contract Tests
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
 
@@ -211,7 +211,7 @@ jobs:
   mutation-testing:
     name: Mutation Testing
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
     timeout-minutes: 60
@@ -244,7 +244,7 @@ jobs:
   performance-tests:
     name: Performance Tests (k6)
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     if: ${{ !inputs.skip_perf }}
     permissions:
       contents: read
@@ -281,7 +281,7 @@ jobs:
   security-scan:
     name: Security Scan (OWASP)
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     if: ${{ !inputs.skip_security }}
     permissions:
       contents: read
@@ -322,7 +322,7 @@ jobs:
   accessibility-tests:
     name: Accessibility Tests
     needs: unit-tests
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     permissions:
       contents: read
 
@@ -371,7 +371,7 @@ jobs:
         security-scan,
         accessibility-tests,
       ]
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     if: always()
     permissions:
       contents: read
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -24,7 +24,7 @@ permissions:
 jobs:
   scan-dockerfile:
     name: Scan Dockerfile
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -56,7 +56,7 @@ jobs:
 
   scan-docker-image:
     name: Scan Docker Image
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     steps:
       - name: Free Disk Space (Ubuntu)
         uses: jlumbroso/free-disk-space@main
@@ -124,7 +124,7 @@ jobs:
 
   scan-dependencies:
     name: Scan Dependencies
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -161,7 +161,7 @@ jobs:
 
   scan-published-image:
     name: Scan Published Image
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
     steps:
       - name: Run Trivy vulnerability scanner on published image
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   codeql:
     name: CodeQL Analysis
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 60
     # Skip fork PRs: CodeQL upload requires elevated permissions not granted to forks.
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
@@ -69,7 +69,7 @@ jobs:
 
   dependency-review:
     name: Dependency Review
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 10
     if: github.event_name == 'pull_request'
     permissions:
diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
@@ -32,7 +32,7 @@ env:
 jobs:
   sonarqube:
     name: Build and Analyze
-    runs-on: ubuntu-latest
+    runs-on: k3s-simpleaccounts-runners
     timeout-minutes: 45
     permissions:
       contents: read
