From 423f22c07cfbfdca284d53aaedeb84a32b506a70 Mon Sep 17 00:00:00 2001
From: GeiserX <drumsergio@gmail.com>
Date: Tue, 23 Jun 2026 10:43:31 +0200
Subject: [PATCH] ci: use GitHub-hosted ubuntu-latest runners

Public repos get free, unlimited standard GitHub-hosted runners. Move
self-hosted Linux CI jobs to ubuntu-latest: frees the home-lab servers,
runs PR code in throwaway isolated VMs (removing the fork-PR attack
surface), and costs nothing on public repos. The previous self-hosted
fork-guard is removed as it is no longer needed.
---
 .github/workflows/docker-publish.yml        | 2 +-
 .github/workflows/dockerhub-description.yml | 2 +-
 .github/workflows/stale.yml                 | 2 +-
 .github/workflows/tests.yml                 | 6 +-----
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index da1918f..487d326 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -19,7 +19,7 @@ env:
 
 jobs:
   build-and-push:
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml
index fac8077..8d9c476 100644
--- a/.github/workflows/dockerhub-description.yml
+++ b/.github/workflows/dockerhub-description.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   update-description:
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
 
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 7e12c10..65aadeb 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   stale:
-    runs-on: [self-hosted, Linux, X64]
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v10
         with:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 3daf9cc..c17a211 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,11 +9,7 @@ on:
 
 jobs:
   test:
-    runs-on: [self-hosted, Linux, X64]
-    # Do not run untrusted fork PR code on the self-hosted runner.
-    if: >-
-      github.event_name != 'pull_request' ||
-      github.event.pull_request.head.repo.full_name == github.repository
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6