feat(reusable-workflows): add runner_label input for RunsOn opt-in#319
Merged
Conversation
Threads an optional `runner_label` input (default `ubuntu-latest`) through every reusable workflow under .github/workflows/_*.yml so calling repos can opt into self-hosted RunsOn runners by passing a v3 label string without changing the reusable workflow itself. Workflows touched: - _ci-gate.yml (changes / watchdog / gate + forwards to children) - _markdown-lint.yml - _file-size.yml - _osv-scan.yml - _python-security.yml - _release-please.yml - _release-please-auto-merge.yml - _gh-aw-pin-refresh.yml - _cribl-pack-validate.yml - _retrigger-pr-checks.yml Already had the input: _nix-validate.yml (#296). Intentionally skipped: - _nix-build.yml — runs on macos-latest; RunsOn EC2 Mac costs more than github-hosted for short jobs (24h minimum allocation). - _copilot-setup-steps.yml — deprecated, `if: false`, never runs. Backward compatible: default stays `ubuntu-latest`, so every existing caller keeps behaving identically. Opt-in per repo by passing `runner_label: "runs-on=${{ github.run_id }}/runner=2cpu-linux-x64"` in the consumer workflow. Companion to terraform-runs-on/docs/migration-guide.md and the self-hosted-runners skill in JacobPEvans/claude-code-plugins. Assisted-by: Claude <noreply@anthropic.com>
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
This was referenced May 15, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR standardizes an opt-in runner_label input across the reusable workflows under .github/workflows/_*.yml so downstream callers can route jobs to RunsOn/self-hosted runners while preserving the existing default behavior (ubuntu-latest).
Changes:
- Added
workflow_call.inputs.runner_label(defaultubuntu-latest) to multiple reusable workflows and updated their jobs to useruns-on: ${{ inputs.runner_label }}. - Updated
_ci-gate.ymlto forwardrunner_labelinto child reusable workflows (e.g., markdown-lint, file-size, python-security). - Converted
_osv-scan.ymlfromworkflow_call: {}to a fullworkflow_callblock to support inputs.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/_retrigger-pr-checks.yml | Adds runner_label input and uses it for the job runner selection. |
| .github/workflows/_release-please.yml | Adds runner_label input and uses it for the release job runner selection. |
| .github/workflows/_release-please-auto-merge.yml | Adds runner_label input and uses it for the auto-merge job runner selection. |
| .github/workflows/_python-security.yml | Adds runner_label input and uses it for the pip-audit job runner selection. |
| .github/workflows/_osv-scan.yml | Adds workflow_call.inputs.runner_label and uses it for the scanner job runner selection. |
| .github/workflows/_markdown-lint.yml | Adds runner_label input and uses it for the lint job runner selection. |
| .github/workflows/_gh-aw-pin-refresh.yml | Adds runner_label input and uses it for the refresh job runner selection. |
| .github/workflows/_file-size.yml | Adds runner_label input and uses it for the file-size job runner selection. |
| .github/workflows/_cribl-pack-validate.yml | Adds runner_label input and uses it for the validation job runner selection. |
| .github/workflows/_ci-gate.yml | Switches runs-on to inputs.runner_label and forwards runner_label to child reusable workflows. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The previous commit changed `runs-on: ubuntu-latest` to
`runs-on: \${{ inputs.runner_label }}` in three jobs (changes, watchdog,
gate) and added `runner_label: \${{ inputs.runner_label }}` to four
child uses (_nix-validate, _markdown-lint, _file-size, _python-security)
— but the `runner_label` input declaration itself never landed in the
`on.workflow_call.inputs` block. An undeclared input resolves to empty,
which would have broken job scheduling on every caller using its
default \`ubuntu-latest\`.
Adds the missing input declaration with the same shape as every other
\_*.yml in this PR. Caught by github-copilot review on PR #319.
Assisted-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
runner_labelinput (defaultubuntu-latest) through every reusable workflow under.github/workflows/_*.yml.ubuntu-latest._ci-gate.yml(also forwards to its children),_markdown-lint.yml,_file-size.yml,_osv-scan.yml,_python-security.yml,_release-please.yml,_release-please-auto-merge.yml,_gh-aw-pin-refresh.yml,_cribl-pack-validate.yml,_retrigger-pr-checks.yml._nix-validate.yml([health-audit] Daily Health Audit - 2026-05-11 #296)._nix-build.yml(macos-latest),_copilot-setup-steps.yml(deprecated,if: false).Companion PRs in flight:
runner_label.Test plan
ubuntu-latest).runner_labelactually routes the job to RunsOn (look forRUNS_ON_VERSION=v3.x.xin theSet up runnergroup).