mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 05:50:43 +00:00
ci: right-size codeql quality runners
Run CodeQL Critical Quality on 4 vCPU Blacksmith runners.
This commit is contained in:
Vincent Koc
1
.github/actionlint.yaml
vendored
1
.github/actionlint.yaml
vendored
@@ -4,6 +4,7 @@
|
||||
self-hosted-runner:
|
||||
labels:
|
||||
# Blacksmith CI runners
|
||||
- blacksmith-4vcpu-ubuntu-2404
|
||||
- blacksmith-8vcpu-ubuntu-2404
|
||||
- blacksmith-8vcpu-windows-2025
|
||||
- blacksmith-16vcpu-ubuntu-2404
|
||||
|
||||
12
.github/workflows/codeql-critical-quality.yml
vendored
12
.github/workflows/codeql-critical-quality.yml
vendored
@@ -20,7 +20,7 @@ permissions:
|
||||
jobs:
|
||||
javascript-typescript:
|
||||
name: Critical Quality (javascript-typescript)
|
||||
runs-on: blacksmith-8vcpu-ubuntu-2404
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -41,7 +41,7 @@ jobs:
|
||||
|
||||
config-boundary:
|
||||
name: Critical Quality (config-boundary)
|
||||
runs-on: blacksmith-8vcpu-ubuntu-2404
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -62,7 +62,7 @@ jobs:
|
||||
|
||||
gateway-runtime-boundary:
|
||||
name: Critical Quality (gateway-runtime-boundary)
|
||||
runs-on: blacksmith-8vcpu-ubuntu-2404
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -83,7 +83,7 @@ jobs:
|
||||
|
||||
channel-runtime-boundary:
|
||||
name: Critical Quality (channel-runtime-boundary)
|
||||
runs-on: blacksmith-8vcpu-ubuntu-2404
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -104,7 +104,7 @@ jobs:
|
||||
|
||||
agent-runtime-boundary:
|
||||
name: Critical Quality (agent-runtime-boundary)
|
||||
runs-on: blacksmith-8vcpu-ubuntu-2404
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -125,7 +125,7 @@ jobs:
|
||||
|
||||
plugin-boundary:
|
||||
name: Critical Quality (plugin-boundary)
|
||||
runs-on: blacksmith-8vcpu-ubuntu-2404
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
||||
@@ -250,8 +250,9 @@ default workflow because the macOS build dominates runtime even when clean.
|
||||
|
||||
The `CodeQL Critical Quality` workflow is the matching non-security shard. It
|
||||
runs only error-severity, non-security JavaScript/TypeScript quality queries
|
||||
over narrow high-value surfaces. Its baseline job scans the same auth, secrets,
|
||||
sandbox, cron, and gateway surface as the security workflow. The config-boundary
|
||||
over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its
|
||||
baseline job scans the same auth, secrets, sandbox, cron, and gateway surface
|
||||
as the security workflow. The config-boundary
|
||||
job scans config schema, migration, normalization, and IO contracts under the
|
||||
separate `/codeql-critical-quality/config-boundary` category. The
|
||||
gateway-runtime-boundary job scans gateway protocol schemas and server method
|
||||
@@ -393,6 +394,7 @@ The automatic CI concurrency key is versioned (`CI-v7-*`) so a GitHub-side zombi
|
||||
| Runner | Jobs |
|
||||
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `ubuntu-24.04` | `preflight`, fast security jobs and aggregates (`security-scm-fast`, `security-dependency-audit`, `security-fast`), fast protocol/contract/bundled checks, sharded channel contract checks, `check` shards except lint, `check-additional` shards and aggregates, Node test aggregate verifiers, docs checks, Python skills, workflow-sanity, labeler, auto-response; install-smoke preflight also uses GitHub-hosted Ubuntu so the Blacksmith matrix can queue earlier |
|
||||
| `blacksmith-4vcpu-ubuntu-2404` | `CodeQL Critical Quality`, lower-weight extension shards, `checks-fast-core`, `checks-node-compat-node22`, `check-prod-types`, and `check-test-types` |
|
||||
| `blacksmith-8vcpu-ubuntu-2404` | `build-artifacts`, build-smoke, Linux Node test shards, bundled plugin test shards, `android` |
|
||||
| `blacksmith-16vcpu-ubuntu-2404` | `check-lint`, which remains CPU-sensitive enough that 8 vCPU cost more than it saved; install-smoke Docker builds, where 32-vCPU queue time cost more than it saved |
|
||||
| `blacksmith-16vcpu-windows-2025` | `checks-windows` |
|
||||
|
||||
Reference in New Issue
Block a user