From eea4d4279eb8358261f544d26f0f97e5ae0c4a2e Mon Sep 17 00:00:00 2001
From: Pieter Noordhuis <pieter.noordhuis@databricks.com>
Date: Mon, 6 Jan 2025 10:55:16 +0100
Subject: [PATCH 1/2] Update workflows that need write access to use hosted
 runners

---
 .github/workflows/close-stale-issues.yml  | 8 ++++++--
 .github/workflows/external-message.yml    | 5 ++++-
 .github/workflows/integration-approve.yml | 4 +++-
 .github/workflows/integration-main.yml    | 5 ++++-
 .github/workflows/integration-pr.yml      | 5 ++++-
 5 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/close-stale-issues.yml b/.github/workflows/close-stale-issues.yml
index ffe5501324..6b02def04a 100644
--- a/.github/workflows/close-stale-issues.yml
+++ b/.github/workflows/close-stale-issues.yml
@@ -7,12 +7,16 @@ on:
 
 jobs:
   cleanup:
+    name: Stale issue job
+    runs-on:
+      group: databricks-protected-runner-group
+      labels: linux-ubuntu-latest
+
     permissions:
       issues: write
       contents: read
       pull-requests: write
-    runs-on: ubuntu-latest
-    name: Stale issue job
+
     steps:
       - uses: actions/stale@v9
         with:
diff --git a/.github/workflows/external-message.yml b/.github/workflows/external-message.yml
index 28e61503cc..2e72da5484 100644
--- a/.github/workflows/external-message.yml
+++ b/.github/workflows/external-message.yml
@@ -13,7 +13,10 @@ on:
 
 jobs:
   comment-on-pr:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: databricks-protected-runner-group
+      labels: linux-ubuntu-latest
+
     permissions:
       pull-requests: write
 
diff --git a/.github/workflows/integration-approve.yml b/.github/workflows/integration-approve.yml
index 4bdeb62a3a..12f53669cd 100644
--- a/.github/workflows/integration-approve.yml
+++ b/.github/workflows/integration-approve.yml
@@ -17,7 +17,9 @@ jobs:
   #   * Avoid running integration tests twice, since it was already run at the tip of the branch before squashing.
   #
   trigger:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: databricks-protected-runner-group
+      labels: linux-ubuntu-latest
 
     steps:
       - name: Auto-approve squashed commit
diff --git a/.github/workflows/integration-main.yml b/.github/workflows/integration-main.yml
index 064e439cf7..670582f223 100644
--- a/.github/workflows/integration-main.yml
+++ b/.github/workflows/integration-main.yml
@@ -11,7 +11,10 @@ jobs:
   # This workflow triggers the integration test workflow in a different repository.
   # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users.
   trigger:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: databricks-protected-runner-group
+      labels: linux-ubuntu-latest
+
     environment: "test-trigger-is"
 
     steps:
diff --git a/.github/workflows/integration-pr.yml b/.github/workflows/integration-pr.yml
index c1e3a9a298..d938df0b3b 100644
--- a/.github/workflows/integration-pr.yml
+++ b/.github/workflows/integration-pr.yml
@@ -10,7 +10,10 @@ jobs:
   # This workflow triggers the integration test workflow in a different repository.
   # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users.
   trigger:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: databricks-protected-runner-group
+      labels: linux-ubuntu-latest
+
     environment: "test-trigger-is"
 
     # Only run this job for PRs from branches on the main repository and not from forks.

From b8206ae6f7d3036442cb25c663425bd07fdcf26f Mon Sep 17 00:00:00 2001
From: Pieter Noordhuis <pieter.noordhuis@databricks.com>
Date: Mon, 6 Jan 2025 16:24:33 +0100
Subject: [PATCH 2/2] Update to new runner group and label

---
 .github/workflows/close-stale-issues.yml  | 4 ++--
 .github/workflows/external-message.yml    | 4 ++--
 .github/workflows/integration-approve.yml | 4 ++--
 .github/workflows/integration-main.yml    | 4 ++--
 .github/workflows/integration-pr.yml      | 4 ++--
 .github/workflows/release-snapshot.yml    | 5 ++++-
 .github/workflows/release.yml             | 6 +++++-
 7 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/close-stale-issues.yml b/.github/workflows/close-stale-issues.yml
index 6b02def04a..273b89a9c2 100644
--- a/.github/workflows/close-stale-issues.yml
+++ b/.github/workflows/close-stale-issues.yml
@@ -9,8 +9,8 @@ jobs:
   cleanup:
     name: Stale issue job
     runs-on:
-      group: databricks-protected-runner-group
-      labels: linux-ubuntu-latest
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
 
     permissions:
       issues: write
diff --git a/.github/workflows/external-message.yml b/.github/workflows/external-message.yml
index 2e72da5484..f06d81a47f 100644
--- a/.github/workflows/external-message.yml
+++ b/.github/workflows/external-message.yml
@@ -14,8 +14,8 @@ on:
 jobs:
   comment-on-pr:
     runs-on:
-      group: databricks-protected-runner-group
-      labels: linux-ubuntu-latest
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
 
     permissions:
       pull-requests: write
diff --git a/.github/workflows/integration-approve.yml b/.github/workflows/integration-approve.yml
index 12f53669cd..293d31a2a4 100644
--- a/.github/workflows/integration-approve.yml
+++ b/.github/workflows/integration-approve.yml
@@ -18,8 +18,8 @@ jobs:
   #
   trigger:
     runs-on:
-      group: databricks-protected-runner-group
-      labels: linux-ubuntu-latest
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
 
     steps:
       - name: Auto-approve squashed commit
diff --git a/.github/workflows/integration-main.yml b/.github/workflows/integration-main.yml
index 670582f223..0b6032d501 100644
--- a/.github/workflows/integration-main.yml
+++ b/.github/workflows/integration-main.yml
@@ -12,8 +12,8 @@ jobs:
   # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users.
   trigger:
     runs-on:
-      group: databricks-protected-runner-group
-      labels: linux-ubuntu-latest
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
 
     environment: "test-trigger-is"
 
diff --git a/.github/workflows/integration-pr.yml b/.github/workflows/integration-pr.yml
index d938df0b3b..0f9c4797a6 100644
--- a/.github/workflows/integration-pr.yml
+++ b/.github/workflows/integration-pr.yml
@@ -11,8 +11,8 @@ jobs:
   # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users.
   trigger:
     runs-on:
-      group: databricks-protected-runner-group
-      labels: linux-ubuntu-latest
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
 
     environment: "test-trigger-is"
 
diff --git a/.github/workflows/release-snapshot.yml b/.github/workflows/release-snapshot.yml
index 7ef8b43c94..5c56a294ee 100644
--- a/.github/workflows/release-snapshot.yml
+++ b/.github/workflows/release-snapshot.yml
@@ -20,7 +20,10 @@ on:
 
 jobs:
   goreleaser:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
+
     steps:
       - name: Checkout repository and submodules
         uses: actions/checkout@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e4a2535310..88e338a8c9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,9 +9,13 @@ on:
 
 jobs:
   goreleaser:
+    runs-on:
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
+
     outputs:
       artifacts: ${{ steps.releaser.outputs.artifacts }}
-    runs-on: ubuntu-latest
+
     steps:
       - name: Checkout repository and submodules
         uses: actions/checkout@v4