triggerdotdev · carderne · Jun 29, 2026 · Jun 29, 2026 · Jun 29, 2026 · Jun 29, 2026
diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
@@ -0,0 +1,9 @@
+# Configuration for actionlint.
+#
+# Blacksmith runners are self-hosted runners from GitHub Actions' perspective, so
+# actionlint needs to be told that these custom runner labels are valid.
+self-hosted-runner:
+  labels:
+    - blacksmith-*-ubuntu-*
+    - blacksmith-*-windows-*
+    - blacksmith-*-macos-*
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   code-quality:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
 
     steps:
       - name: ⬇️ Checkout repo

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -20,7 +20,7 @@ permissions:
 
 jobs:
   check-broken-links:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     defaults:
       run:
         working-directory: ./docs

diff --git a/.github/workflows/e2e-webapp-auth-full.yml b/.github/workflows/e2e-webapp-auth-full.yml
@@ -37,7 +37,7 @@ on:
 jobs:
   e2eAuthFull:
     name: "🛡️ E2E Auth Tests (full)"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     timeout-minutes: 30
     env:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}

diff --git a/.github/workflows/e2e-webapp.yml b/.github/workflows/e2e-webapp.yml
@@ -14,7 +14,7 @@ on:
 jobs:
   e2eTests:
     name: "🧪 E2E Tests: Webapp"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     timeout-minutes: 20
     env:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os: [blacksmith-4vcpu-ubuntu-2404, blacksmith-4vcpu-windows-2025]
         package-manager: ["npm", "pnpm"]
     steps:
       - name: ⬇️ Checkout repo

diff --git a/.github/workflows/helm-prerelease.yml b/.github/workflows/helm-prerelease.yml
@@ -28,7 +28,7 @@ env:
 
 jobs:
   lint-and-test:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     permissions:
       contents: read
     steps:
@@ -77,7 +77,7 @@ jobs:
       ((github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
       github.event_name == 'push' ||
       github.event_name == 'workflow_dispatch')
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     permissions:
       contents: read
       packages: write

diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml
@@ -48,6 +48,7 @@ jobs:
             typecheck_self:
               - '.github/workflows/pr_checks.yml'
               - '.github/workflows/typecheck.yml'
+              - '.github/workflows/code-quality.yml'
             webapp:
               - 'apps/webapp/**'
               - 'packages/**'
@@ -103,8 +104,6 @@ jobs:
               - 'turbo.json'
 
   code-quality:
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
     uses: ./.github/workflows/code-quality.yml
 
   typecheck:

diff --git a/.github/workflows/sdk-compat.yml b/.github/workflows/sdk-compat.yml
@@ -13,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest]
+        os: [blacksmith-4vcpu-ubuntu-2404]
         node: ["20.20", "22.12"]
 
     steps:
@@ -54,7 +54,7 @@ jobs:
 
   bun-compat:
     name: "Bun Runtime"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -96,7 +96,7 @@ jobs:
 
   deno-compat:
     name: "Deno Runtime"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -142,7 +142,7 @@ jobs:
 
   cloudflare-compat:
     name: "Cloudflare Workers"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   typecheck:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-8vcpu-ubuntu-2404
 
     steps:
       - name: ⬇️ Checkout repo

diff --git a/.github/workflows/unit-tests-internal.yml b/.github/workflows/unit-tests-internal.yml
@@ -14,7 +14,7 @@ on:
 jobs:
   unitTests:
     name: "🧪 Unit Tests: Internal"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     strategy:
       # one flaky shard shouldn't cancel its siblings - lets us re-run only the failed shard
       fail-fast: false
@@ -130,7 +130,7 @@ jobs:
     name: "📊 Merge Reports"
     if: ${{ !cancelled() }}
     needs: [unitTests]
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

diff --git a/.github/workflows/unit-tests-packages.yml b/.github/workflows/unit-tests-packages.yml
@@ -14,7 +14,7 @@ on:
 jobs:
   unitTests:
     name: "🧪 Unit Tests: Packages"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     strategy:
       # one flaky shard shouldn't cancel its siblings - lets us re-run only the failed shard
       fail-fast: false
@@ -130,7 +130,7 @@ jobs:
     name: "📊 Merge Reports"
     if: ${{ !cancelled() }}
     needs: [unitTests]
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

diff --git a/.github/workflows/unit-tests-webapp.yml b/.github/workflows/unit-tests-webapp.yml
@@ -14,7 +14,7 @@ on:
 jobs:
   unitTests:
     name: "🧪 Unit Tests: Webapp"
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     strategy:
       # one flaky shard shouldn't cancel its siblings - lets us re-run only the failed shard
       fail-fast: false
@@ -139,7 +139,7 @@ jobs:
     name: "📊 Merge Reports"
     if: ${{ !cancelled() }}
     needs: [unitTests]
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

diff --git a/.github/workflows/workflow-checks.yml b/.github/workflows/workflow-checks.yml
@@ -7,11 +7,13 @@ on:
       - ".github/workflows/**"
       - ".github/actions/**"
       - ".github/zizmor.yml"
+      - ".github/actionlint.yaml"
   pull_request:
     paths:
       - ".github/workflows/**"
       - ".github/actions/**"
       - ".github/zizmor.yml"
+      - ".github/actionlint.yaml"
 
 permissions: {}
 
@@ -22,7 +24,7 @@ concurrency:
 jobs:
   actionlint:
     name: Actionlint
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     permissions:
       contents: read
     steps:
@@ -41,7 +43,7 @@ jobs:
     # variable to 'false' to skip this job where code scanning isn't available;
     # leave it unset (the default) to run the scan.
     if: ${{ vars.ENABLE_WORKFLOW_SECURITY_SCAN != 'false' }}
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     permissions:
       security-events: write # Upload SARIF to GitHub Security tab
       contents: read # Read workflow files for analysis