chore(ci): implement tiered GitHub Actions runner strategy (#4937)

Signed-off-by: James Rich <2199651+jamesarich@users.noreply.github.com>
2026-04-20 22:23:37 +00:00 · 2026-03-26 13:18:03 -05:00 · 2026-03-26 13:18:03 -05:00 · 1c1c208d48
commit 1c1c208d48
parent e106badec7
24 changed files with 94 additions and 33 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -28,7 +28,7 @@ jobs:
    #   - https://gh.io/supported-runners-and-hardware-resources
    #   - https://gh.io/using-larger-runners (GitHub.com only)
    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-24.04' }}
    if: github.repository == 'meshtastic/Meshtastic-Android'
    permissions:
      # required for all workflows
--- a/.github/workflows/create-or-promote-release.yml
+++ b/.github/workflows/create-or-promote-release.yml
@ -29,7 +29,7 @@ permissions:

 jobs:
  determine-tags:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    outputs:
      tag_to_process: ${{ steps.calculate_tags.outputs.tag_to_process }}
      release_name: ${{ steps.calculate_tags.outputs.release_name }}
@ -142,7 +142,7 @@ jobs:
  cleanup-on-failure:
    needs: [determine-tags, call-release-workflow]
    if: ${{ (failure() || cancelled()) && !inputs.dry_run && inputs.channel == 'internal' }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
--- a/.github/workflows/dependency-submission.yml
+++ b/.github/workflows/dependency-submission.yml
@ -10,7 +10,7 @@ permissions:

 jobs:
  dependency-submission:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    if: github.repository == 'meshtastic/Meshtastic-Android'

    steps:
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@ -38,7 +38,7 @@ concurrency:
 jobs:
  build-docs:
    if: github.repository == 'meshtastic/Meshtastic-Android'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
@ -70,7 +70,7 @@ jobs:
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    needs: build-docs
    steps:
      - name: Deploy to GitHub Pages
--- a/.github/workflows/main-push-changelog.yml
+++ b/.github/workflows/main-push-changelog.yml
@ -16,7 +16,7 @@ concurrency:
 jobs:
  main-push-changelog:
    name: Generate main push changelog
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
--- a/.github/workflows/merge-queue.yml
+++ b/.github/workflows/merge-queue.yml
@ -25,7 +25,7 @@ jobs:

  check-workflow-status:
    name: Check Workflow Status
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    permissions: {}
    needs:
      - android-check
--- a/.github/workflows/models_issue_triage.yml
+++ b/.github/workflows/models_issue_triage.yml
@ -15,7 +15,7 @@ concurrency:
 jobs:
  triage:
    if: ${{ github.repository == 'meshtastic/firmware' && github.event.issue.user.type != 'Bot' }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
      # ─────────────────────────────────────────────────────────────────────────
      # Step 1: Quality check (spam/AI-slop detection) - runs first, exits early if spam
--- a/.github/workflows/models_pr_triage.yml
+++ b/.github/workflows/models_pr_triage.yml
@ -16,7 +16,7 @@ concurrency:
 jobs:
  triage:
    if: ${{ github.repository == 'meshtastic/firmware' && github.event.pull_request.user.type != 'Bot' }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
      # ─────────────────────────────────────────────────────────────────────────
      # Step 1: Check if PR already has automation/type labels (skip if so)
--- a/.github/workflows/moderate.yml
+++ b/.github/workflows/moderate.yml
@ -9,7 +9,7 @@ on:

 jobs:
  spam-detection:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    permissions:
      issues: write
      pull-requests: write
--- a/.github/workflows/post-release-cleanup.yml
+++ b/.github/workflows/post-release-cleanup.yml
@ -18,7 +18,7 @@ permissions:

 jobs:
  cleanup_prereleases:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    environment: Release
    steps:
      - name: Checkout code
--- a/.github/workflows/pr_enforce_labels.yml
+++ b/.github/workflows/pr_enforce_labels.yml
@ -10,7 +10,7 @@ permissions:

 jobs:
 check-label:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
      - name: Check for PR labels
        uses: actions/github-script@v8
--- a/.github/workflows/promote.yml
+++ b/.github/workflows/promote.yml
@ -65,7 +65,7 @@ permissions:

 jobs:
  prepare-build-info:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    outputs:
      APP_VERSION_NAME: ${{ steps.prep_version.outputs.APP_VERSION_NAME }}
      APP_VERSION_CODE: ${{ steps.calculate_version_code.outputs.versionCode }}
@ -102,7 +102,7 @@ jobs:
        shell: bash

  promote-release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    environment: Release
    needs: [ prepare-build-info ]
    steps:
@ -116,7 +116,7 @@ jobs:
          user-fraction: ${{ (inputs.channel == 'production' && '0.1') || (inputs.channel == 'open' && '0.5') || '1.0' }}

  update-github-release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    needs: [ prepare-build-info, promote-release ]
    steps:
      - name: Checkout code
--- a/.github/workflows/publish-core.yml
+++ b/.github/workflows/publish-core.yml
@ -12,7 +12,7 @@ on:

 jobs:
  publish:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    permissions:
      contents: read
      packages: write
--- a/.github/workflows/pull-request-target.yml
+++ b/.github/workflows/pull-request-target.yml
@ -9,7 +9,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
    - id: label-the-PR
      uses: actions/labeler@v6
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@ -19,7 +19,7 @@ jobs:
  # 1. CHANGE DETECTION: Prevents unnecessary builds
  check-changes:
    if: github.repository == 'meshtastic/Meshtastic-Android' && !( github.head_ref == 'scheduled-updates' || github.head_ref == 'l10n_main' )
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    outputs:
      android: ${{ steps.filter.outputs.android }}
    steps:
@ -57,7 +57,7 @@ jobs:
  # 1b. FILTER DRIFT CHECK: Ensures check-changes stays aligned with module roots
  verify-check-changes-filter:
    if: github.repository == 'meshtastic/Meshtastic-Android' && !( github.head_ref == 'scheduled-updates' || github.head_ref == 'l10n_main' )
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    steps:
      - uses: actions/checkout@v6
      - name: Verify module roots are represented in check-changes filter
@ -115,7 +115,7 @@ jobs:
  # 3. WORKFLOW STATUS: Ensures required checks are satisfied
  check-workflow-status:
    name: Check Workflow Status
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    permissions: {}
    needs: [check-changes, verify-check-changes-filter, validate-and-build]
    if: always()
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -61,7 +61,7 @@ permissions:

 jobs:
  prepare-build-info:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    outputs:
      APP_VERSION_NAME: ${{ steps.prep_version.outputs.APP_VERSION_NAME }}
      APP_VERSION_CODE: ${{ steps.calculate_version_code.outputs.versionCode }}
@ -101,13 +101,18 @@ jobs:
        shell: bash

  release-google:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    needs: [prepare-build-info]
    environment: Release
    env:
      GRADLE_CACHE_URL: ${{ secrets.GRADLE_CACHE_URL }}
      GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
      GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
+      GRADLE_OPTS: >-
+        -Dorg.gradle.jvmargs=-Xmx4g -XX:+UseParallelGC -XX:MaxMetaspaceSize=1g -Dfile.encoding=UTF-8
+        -Dorg.gradle.vfs.watch=false
+        -Dorg.gradle.workers.max=4
+        -Dkotlin.daemon.jvm.options=-Xmx2g -XX:+UseParallelGC
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
@ -193,13 +198,18 @@ jobs:
          subject-path: app/build/outputs/apk/google/release/*.apk

  release-fdroid:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    needs: [prepare-build-info]
    environment: Release
    env:
      GRADLE_CACHE_URL: ${{ secrets.GRADLE_CACHE_URL }}
      GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
      GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
+      GRADLE_OPTS: >-
+        -Dorg.gradle.jvmargs=-Xmx4g -XX:+UseParallelGC -XX:MaxMetaspaceSize=1g -Dfile.encoding=UTF-8
+        -Dorg.gradle.vfs.watch=false
+        -Dorg.gradle.workers.max=4
+        -Dkotlin.daemon.jvm.options=-Xmx2g -XX:+UseParallelGC
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
@ -266,7 +276,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        os: [macos-latest, windows-latest, ubuntu-22.04, ubuntu-22.04-arm]
+        os: [macos-latest, windows-latest, ubuntu-24.04, ubuntu-24.04-arm]
    env:
      GRADLE_CACHE_URL: ${{ secrets.GRADLE_CACHE_URL }}
      GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
@ -324,7 +334,7 @@ jobs:
          if-no-files-found: ignore

  github-release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    needs: [prepare-build-info, release-google, release-fdroid, release-desktop]
    env:
      INTERNAL_BUILDS_HOST: ${{ secrets.INTERNAL_BUILDS_HOST }}
--- a/.github/workflows/reusable-check.yml
+++ b/.github/workflows/reusable-check.yml
@ -44,10 +44,17 @@ env:
  GRADLE_CACHE_URL: ${{ secrets.GRADLE_CACHE_URL }}
  GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
  GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
+  # CI JVM tuning: override gradle.properties values (8g heap + 4g Kotlin daemon)
+  # that exceed the 7GB RAM on ubuntu-24.04 standard runners.
+  GRADLE_OPTS: >-
+    -Dorg.gradle.jvmargs=-Xmx4g -XX:+UseParallelGC -XX:MaxMetaspaceSize=1g -Dfile.encoding=UTF-8
+    -Dorg.gradle.vfs.watch=false
+    -Dorg.gradle.workers.max=4
+    -Dkotlin.daemon.jvm.options=-Xmx2g -XX:+UseParallelGC

 jobs:
  host-check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    permissions:
      contents: read
    timeout-minutes: 60
@ -93,7 +100,7 @@ jobs:
        run: ./gradlew test koverXmlReport app:koverXmlReportFdroidDebug app:koverXmlReportGoogleDebug core:api:koverXmlReportDebug core:barcode:koverXmlReportFdroidDebug core:barcode:koverXmlReportGoogleDebug mesh_service_example:koverXmlReportDebug desktop:koverXmlReport -Pci=true --continue --scan

      - name: KMP Smoke Compile
-        run: ./gradlew :core:proto:compileKotlinJvm :core:common:compileKotlinJvm :core:model:compileKotlinJvm :core:repository:compileKotlinJvm :core:di:compileKotlinJvm :core:navigation:compileKotlinJvm :core:resources:compileKotlinJvm :core:datastore:compileKotlinJvm :core:database:compileKotlinJvm :core:domain:compileKotlinJvm :core:prefs:compileKotlinJvm :core:network:compileKotlinJvm :core:data:compileKotlinJvm :core:ble:compileKotlinJvm :core:nfc:compileKotlinJvm :core:service:compileKotlinJvm :core:testing:compileKotlinJvm :core:ui:compileKotlinJvm :feature:intro:compileKotlinJvm :feature:messaging:compileKotlinJvm :feature:connections:compileKotlinJvm :feature:map:compileKotlinJvm :feature:node:compileKotlinJvm :feature:settings:compileKotlinJvm :feature:firmware:compileKotlinJvm :core:proto:compileKotlinIosSimulatorArm64 :core:common:compileKotlinIosSimulatorArm64 :core:model:compileKotlinIosSimulatorArm64 :core:repository:compileKotlinIosSimulatorArm64 :core:di:compileKotlinIosSimulatorArm64 :core:navigation:compileKotlinIosSimulatorArm64 :core:resources:compileKotlinIosSimulatorArm64 :core:datastore:compileKotlinIosSimulatorArm64 :core:database:compileKotlinIosSimulatorArm64 :core:domain:compileKotlinIosSimulatorArm64 :core:prefs:compileKotlinIosSimulatorArm64 :core:network:compileKotlinIosSimulatorArm64 :core:data:compileKotlinIosSimulatorArm64 :core:ble:compileKotlinIosSimulatorArm64 :core:nfc:compileKotlinIosSimulatorArm64 :core:service:compileKotlinIosSimulatorArm64 :core:testing:compileKotlinIosSimulatorArm64 :core:ui:compileKotlinIosSimulatorArm64 :feature:intro:compileKotlinIosSimulatorArm64 :feature:messaging:compileKotlinIosSimulatorArm64 :feature:connections:compileKotlinIosSimulatorArm64 :feature:map:compileKotlinIosSimulatorArm64 :feature:node:compileKotlinIosSimulatorArm64 :feature:settings:compileKotlinIosSimulatorArm64 :feature:firmware:compileKotlinIosSimulatorArm64 -Pci=true --continue --scan
+        run: ./gradlew kmpSmokeCompile -Pci=true --continue --scan

      - name: Upload coverage results to Codecov
        if: ${{ !cancelled() && inputs.run_unit_tests }}
@ -127,7 +134,7 @@ jobs:
          retention-days: 7

  android-check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    permissions:
      contents: read
    timeout-minutes: 60
--- a/.github/workflows/scheduled-updates.yml
+++ b/.github/workflows/scheduled-updates.yml
@ -7,7 +7,7 @@ on:

 jobs:
  update_assets:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    if: github.repository == 'meshtastic/Meshtastic-Android'
    permissions:
      contents: write      # To commit files and push branches
@ -142,7 +142,7 @@ jobs:

  check-workflow-status:
    name: Check Workflow Status
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    permissions: {}
    needs:
        - update_assets
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -12,7 +12,7 @@ permissions:
 jobs:
  stale_issues:
    name: Close Stale Issues
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
    if: github.repository == 'meshtastic/Meshtastic-Android'

    steps: