From d7a02bda37e31e2c34a5aa44b4748c4b03d95ca6 Mon Sep 17 00:00:00 2001 From: Zeke Foppa Date: Thu, 14 May 2026 11:20:07 -0700 Subject: [PATCH] [bfops/gh-envs]: CI - Use GitHub environments --- .github/workflows/attach-artifacts.yml | 2 +- .github/workflows/benchmarks.yml | 2 ++ .github/workflows/ci.yml | 3 +++ .github/workflows/discord-posts.yml | 2 ++ .github/workflows/docker.yml | 2 ++ .github/workflows/docs-publish.yaml | 1 + .github/workflows/docs-update-llms.yaml | 1 + .github/workflows/llm-benchmark-periodic.yml | 1 + .github/workflows/package.yml | 1 + .github/workflows/tag-release.yml | 1 + 10 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/attach-artifacts.yml b/.github/workflows/attach-artifacts.yml index 23ad34343de..1b8417b18ea 100644 --- a/.github/workflows/attach-artifacts.yml +++ b/.github/workflows/attach-artifacts.yml @@ -10,6 +10,7 @@ on: jobs: upload-assets: runs-on: spacetimedb-new-runner-2 + environment: release permissions: contents: write # needed to modify releases @@ -60,4 +61,3 @@ jobs: gh release upload "$RELEASE_TAG" ./* \ --repo "$GITHUB_REPOSITORY" \ --clobber - diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 2785a84d95a..471921fc78c 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -24,6 +24,7 @@ jobs: benchmark: name: run criterion benchmarks runs-on: benchmarks-runner + environment: benchmarks # filter for a comment containing 'benchmarks please' if: ${{ github.event_name != 'issue_comment' || (github.event.issue.pull_request && contains(github.event.comment.body, 'benchmarks please')) }} env: @@ -181,6 +182,7 @@ jobs: # about other stuff running on the machine! # runs-on: benchmarks-runner runs-on: ubuntu-latest + environment: benchmarks timeout-minutes: 20 # on a successful run, runs in 8 minutes container: image: rust:1.93.0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 313421c9ba2..b562dfb175b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -379,6 +379,7 @@ jobs: # This can't go on e.g. ubuntu-latest because that runner runs out of disk space. ChatGPT suggested that the general solution tends to be to use # a custom runner. runs-on: spacetimedb-new-runner-2 + environment: licensed-ci # Disable the tests because they are very flaky at the moment. # TODO: Remove this line and re-enable the `if` line just below here. if: false @@ -567,6 +568,7 @@ jobs: contents: read checks: write runs-on: spacetimedb-unity-runner + environment: licensed-ci timeout-minutes: 30 env: CARGO_TARGET_DIR: ${{ github.workspace }}/target @@ -837,6 +839,7 @@ jobs: permissions: contents: read runs-on: ubuntu-latest + environment: coordination env: TARGET_OWNER: clockworklabs TARGET_REPO: SpacetimeDBPrivate diff --git a/.github/workflows/discord-posts.yml b/.github/workflows/discord-posts.yml index 1e53262971e..b90734772e6 100644 --- a/.github/workflows/discord-posts.yml +++ b/.github/workflows/discord-posts.yml @@ -7,6 +7,7 @@ on: jobs: discordNotification: runs-on: ubuntu-latest + environment: coordination if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master' env: @@ -73,6 +74,7 @@ jobs: invokePrivate: runs-on: ubuntu-latest + environment: coordination if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master' permissions: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c603fa598d6..f8288daa39b 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -12,6 +12,7 @@ on: jobs: docker-amd64: runs-on: ubuntu-latest + environment: release name: Build DockerHub AMD64 Container steps: - name: Checkout @@ -69,6 +70,7 @@ jobs: docker-arm64: runs-on: arm-runner + environment: release name: Build DockerHub ARM64 Container steps: - name: Install jq diff --git a/.github/workflows/docs-publish.yaml b/.github/workflows/docs-publish.yaml index 4b068d00bc3..2f0f4172ceb 100644 --- a/.github/workflows/docs-publish.yaml +++ b/.github/workflows/docs-publish.yaml @@ -11,6 +11,7 @@ on: jobs: build: runs-on: spacetimedb-new-runner-2 + environment: release steps: - name: Checkout repository uses: actions/checkout@v3 diff --git a/.github/workflows/docs-update-llms.yaml b/.github/workflows/docs-update-llms.yaml index d7d2751cd68..607a06512df 100644 --- a/.github/workflows/docs-update-llms.yaml +++ b/.github/workflows/docs-update-llms.yaml @@ -15,6 +15,7 @@ on: jobs: update-llms: runs-on: spacetimedb-new-runner-2 + environment: release steps: - name: Checkout repository uses: actions/checkout@v3 diff --git a/.github/workflows/llm-benchmark-periodic.yml b/.github/workflows/llm-benchmark-periodic.yml index c043611a49a..c2050e184e6 100644 --- a/.github/workflows/llm-benchmark-periodic.yml +++ b/.github/workflows/llm-benchmark-periodic.yml @@ -30,6 +30,7 @@ concurrency: jobs: run-benchmarks: runs-on: spacetimedb-new-runner + environment: llm-benchmark-update container: image: localhost:5000/spacetimedb-ci:latest options: >- diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index 38632014506..2c04592e4e0 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -29,6 +29,7 @@ jobs: name: Build CLI for ${{ matrix.name }} runs-on: ${{ matrix.runner }} + environment: release steps: - name: Checkout diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index cddeb64ab24..7c19e7bf0bf 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -6,6 +6,7 @@ jobs: on-release: name: Re-tag latest runs-on: ubuntu-latest + environment: release steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2