verkada · nickvines · Jun 13, 2025 · Jun 13, 2025
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -17,7 +17,7 @@ jobs:
     if: ${{ needs.generate-matrix.outputs.pythonbuild_changed == 'true' || needs.generate-matrix.outputs.any_builds == 'true' || github.ref == 'refs/heads/main' }}
     needs:
       - generate-matrix
-    runs-on: depot-ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Install System Dependencies
         run: |
@@ -49,7 +49,7 @@ jobs:
           path: target/release/pythonbuild
 
   image:
-    if: ${{ needs.generate-matrix.outputs.any_builds == 'true' }}
+    if: ${{ needs.generate-matrix.outputs.pythonbuild_changed == 'true' || needs.generate-matrix.outputs.any_builds == 'true' || github.ref == 'refs/heads/main' }}
     needs:
       - generate-matrix
     strategy:
@@ -61,7 +61,7 @@ jobs:
           - build.cross-riscv64
           - gcc
     name: ${{ matrix.image }}
-    runs-on: depot-ubuntu-22.04
+    runs-on: ubuntu-latest
     permissions:
       packages: write
     steps:
@@ -125,7 +125,6 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       matrix-0: ${{ steps.set-matrix.outputs.matrix-0 }}
-      matrix-1: ${{ steps.set-matrix.outputs.matrix-1 }}
       any_builds: ${{ steps.set-matrix.outputs.any_builds }}
       pythonbuild_changed: ${{ steps.check-pythonbuild.outputs.changed }}
     steps:
@@ -149,16 +148,16 @@ jobs:
           uv run ci-matrix.py \
             --platform linux \
             --labels '${{ steps.get-labels.outputs.labels }}' \
-            --max-shards 2 \
+            --free-runners \
             > matrix.json
 
-          echo "matrix-0=$(jq -c '.["0"]' matrix.json)" >> $GITHUB_OUTPUT
-          echo "matrix-1=$(jq -c '.["1"]' matrix.json)" >> $GITHUB_OUTPUT
+
+          echo "matrix-0=$(cat matrix.json)" >> $GITHUB_OUTPUT
 
           # Display the matrix for debugging too
           cat matrix.json | jq
 
-          if jq -e '.["0"].include | length > 0' matrix.json > /dev/null; then
+          if jq -e '.include | length > 0' matrix.json > /dev/null; then
             # Build matrix has entries
             echo "any_builds=true" >> $GITHUB_OUTPUT
           else
@@ -277,103 +276,3 @@ jobs:
         with:
           name: cpython-${{ matrix.python }}-${{ matrix.target_triple }}-${{ matrix.build_options }}
           path: dist/*
-
-  build-1:
-    needs:
-      - generate-matrix
-      - pythonbuild
-      - image
-    # Permissions used for actions/attest-build-provenance
-    permissions:
-      id-token: write
-      attestations: write
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix-1) }}
-      fail-fast: false
-    name: ${{ matrix.target_triple }} / ${{ matrix.python }} / ${{ matrix.build_options }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Install Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Download pythonbuild
-        uses: actions/download-artifact@v4
-        with:
-          name: pythonbuild
-          path: build
-
-      - name: Download images
-        uses: actions/download-artifact@v4
-        with:
-          pattern: image-*
-          path: build
-          merge-multiple: true
-
-      - name: Cache downloads
-        uses: actions/cache@v4
-        with:
-          path: build/downloads
-          key: ${{ matrix.target_triple }}-${{ hashFiles('pythonbuild/downloads.py')}}
-          restore-keys: |
-            ${{ matrix.target_triple }}-${{ hashFiles('pythonbuild/downloads.py')}}
-            ${{ matrix.target_triple }}-
-
-      - name: Load Docker Images
-        run: |
-          for f in build/image-*.tar.zst; do
-            echo "decompressing $f"
-            zstd -d --rm ${f}
-          done
-
-          for f in build/image-*.tar; do
-            echo "loading $f"
-            docker load --input $f
-          done
-
-      - name: Build
-        if: ${{ ! matrix.dry-run }}
-        run: |
-          # Do empty target so all generated files are touched.
-          ./build-linux.py --make-target empty
-
-          # Touch mtimes of all images so they are newer than autogenerated files above.
-          touch build/image-*
-
-          ./build-linux.py --target-triple ${{ matrix.target_triple }} --python cpython-${{ matrix.python }} --options ${{ matrix.build_options }}
-
-      - name: Validate Distribution
-        if: ${{ ! matrix.dry-run }}
-        run: |
-          chmod +x build/pythonbuild
-
-          if [ "${{ matrix.run }}" == "true" ]; then
-            if [ "${{ matrix.libc }}" == "musl" ]; then
-              sudo apt install musl-dev
-
-              # GitHub's setup-python action sets `LD_LIBRARY_PATH` which overrides `RPATH`
-              # as used in the musl builds.
-              unset LD_LIBRARY_PATH
-            fi
-            EXTRA_ARGS="--run"
-          fi
-
-          build/pythonbuild validate-distribution ${EXTRA_ARGS} dist/*.tar.zst
-
-      - name: Generate attestations
-        uses: actions/attest-build-provenance@v2
-        if: ${{ github.ref == 'refs/heads/main' }}
-        with:
-          subject-path: dist/*
-
-      - name: Upload Distribution
-        if: ${{ ! matrix.dry-run }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: cpython-${{ matrix.python }}-${{ matrix.target_triple }}-${{ matrix.build_options }}
-          path: dist/*
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
@@ -17,7 +17,7 @@ jobs:
     if: ${{ needs.generate-matrix.outputs.pythonbuild_changed == 'true' || needs.generate-matrix.outputs.any_builds == 'true' || github.ref == 'refs/heads/main' }}
     needs:
       - generate-matrix
-    runs-on: depot-macos-latest
+    runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
 
@@ -67,7 +67,14 @@ jobs:
       - name: Generate build matrix
         id: set-matrix
         run: |
-          uv run ci-matrix.py --platform darwin --labels '${{ steps.get-labels.outputs.labels }}' > matrix.json && echo "matrix=$(cat matrix.json)" >> $GITHUB_OUTPUT
+          uv run ci-matrix.py \
+            --platform darwin \
+            --labels '${{ steps.get-labels.outputs.labels }}' \
+            --free-runners \
+            > matrix.json
+
+          echo "matrix=$(cat matrix.json)" >> $GITHUB_OUTPUT
+
           # Display the matrix for debugging too
           cat matrix.json | jq
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,7 +29,7 @@ jobs:
   release:
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: github-ubuntu-24.04-x86_64-16
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -1,9 +1,7 @@
 name: windows
 
 on:
-  push:
-    branches: [main]
-  pull_request:
+  workflow_dispatch:  # Only run manually
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }}
@@ -17,7 +15,7 @@ jobs:
     if: ${{ needs.generate-matrix.outputs.pythonbuild_changed == 'true' || needs.generate-matrix.outputs.any_builds == 'true' || github.ref == 'refs/heads/main' }}
     needs:
       - generate-matrix
-    runs-on: 'windows-2022'
+    runs-on: 'windows-latest'
     steps:
       - uses: actions/checkout@v4
 

diff --git a/Justfile b/Justfile
@@ -28,15 +28,15 @@ cat-python-json archive:
 # Download release artifacts from GitHub Actions
 release-download-distributions token commit:
   mkdir -p dist
-  cargo run --release -- fetch-release-distributions --token {{token}} --commit {{commit}} --dest dist
+  cargo run --release -- fetch-release-distributions --org verkada --token {{token}} --commit {{commit}} --dest dist
 
 # Upload release artifacts to a GitHub release.
 release-upload-distributions token datetime tag:
-  cargo run --release -- upload-release-distributions --token {{token}} --datetime {{datetime}} --tag {{tag}} --dist dist
+  cargo run --release -- upload-release-distributions --org verkada --token {{token}} --datetime {{datetime}} --tag {{tag}} --dist dist
 
 # "Upload" release artifacts to a GitHub release in dry-run mode (skip upload).
 release-upload-distributions-dry-run token datetime tag:
-  cargo run --release -- upload-release-distributions --token {{token}} --datetime {{datetime}} --tag {{tag}} --dist dist -n
+  cargo run --release -- upload-release-distributions --org verkada --token {{token}} --datetime {{datetime}} --tag {{tag}} --dist dist -n
 
 # Promote a tag to "latest" by pushing to the `latest-release` branch.
 release-set-latest-release tag: