From 6bd78774044177bba4faa8b582d83e18b32378ce Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 11 Mar 2026 10:36:06 +0100 Subject: [PATCH 1/6] chore(ci): make cost-saving changes --- .github/workflows/build.yml | 17 +++++++++++++---- .github/workflows/bundle-compare.yml | 2 +- .github/workflows/chromatic.yml | 2 +- .github/workflows/create-release-post.yml | 2 +- .github/workflows/lighthouse.yml | 4 ++-- .github/workflows/lint-and-tests.yml | 4 ++-- .github/workflows/notify-on-push.yml | 3 ++- .../playwright-cloudflare-open-next.yml | 2 +- .github/workflows/playwright.yml | 4 ++-- .github/workflows/publish-packages.yml | 5 +++-- .github/workflows/pull-request-label.yml | 2 +- .github/workflows/request-codeowner-review.yml | 2 +- .github/workflows/sync-orama.yml | 2 +- .../tmp-cloudflare-open-next-deploy.yml | 2 +- .github/workflows/translations-pr-lint.yml | 2 +- .github/workflows/translations-sync.yml | 4 ++-- .github/workflows/translations-upload.yml | 3 ++- 17 files changed, 37 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2b329620067f8..5a8704abe5d0d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,8 +37,17 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest] - + os: [ubuntu-slim, windows-latest] + event-name: ${{ github.event_name }} + repo: ${{ github.repository }} + exclude: + - os: windows-latest + # Skipping the Windows build on the merge queue to speed it up + event-name: merge_group + - os: windows-latest + # Skipping the Windows build on the private repo to save on costs + repo: nodejs-private/nodejs.org-private + steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f with: @@ -68,10 +77,10 @@ jobs: # but in general this should never happen NODE_OPTIONS: '--max_old_space_size=4096' # See https://github.com/vercel/next.js/pull/81318 - TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-latest' }} + TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-slim' }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-slim' with: name: webpack-stats path: apps/site/.next/server/webpack-stats.json diff --git a/.github/workflows/bundle-compare.yml b/.github/workflows/bundle-compare.yml index 24e73ed288986..c3997507cb1ba 100644 --- a/.github/workflows/bundle-compare.yml +++ b/.github/workflows/bundle-compare.yml @@ -14,7 +14,7 @@ permissions: jobs: compare: name: Compare Bundle Stats - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.event.workflow_run.event == 'pull_request' steps: diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index facc4d2635757..f06b7393673d7 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -46,7 +46,7 @@ jobs: ) name: Chromatic - runs-on: ubuntu-latest + runs-on: ubuntu-slim environment: name: Storybook diff --git a/.github/workflows/create-release-post.yml b/.github/workflows/create-release-post.yml index fd3fa877a09cc..6a4340acdf8c0 100644 --- a/.github/workflows/create-release-post.yml +++ b/.github/workflows/create-release-post.yml @@ -25,7 +25,7 @@ permissions: jobs: create-post: - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index d8a27b8a0d7ae..be231750446ac 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -33,7 +33,7 @@ jobs: startsWith(github.event.pull_request.head.ref, 'dependabot/') == false && github.event.label.name == 'github_actions:pull-request' name: Get Vercel Preview - runs-on: ubuntu-latest + runs-on: ubuntu-slim outputs: deployment_found: ${{ steps.set_outputs.outputs.deployment_found }} url: ${{ steps.set_outputs.outputs.url }} @@ -61,7 +61,7 @@ jobs: needs: get-vercel-preview if: needs.get-vercel-preview.outputs.deployment_found == 'true' name: Lighthouse Report - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Harden Runner diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml index 7174a00bf82c8..0b6107de1c408 100644 --- a/.github/workflows/lint-and-tests.yml +++ b/.github/workflows/lint-and-tests.yml @@ -40,7 +40,7 @@ env: jobs: lint: name: Quality checks - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f @@ -97,7 +97,7 @@ jobs: tests: name: Tests - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f diff --git a/.github/workflows/notify-on-push.yml b/.github/workflows/notify-on-push.yml index bcec8d1cd0751..01f2d44751496 100644 --- a/.github/workflows/notify-on-push.yml +++ b/.github/workflows/notify-on-push.yml @@ -13,7 +13,8 @@ jobs: if: > github.repository == 'nodejs/nodejs.org' && github.actor != 'github-merge-queue[bot]' - runs-on: ubuntu-latest + # cannot use ubuntu-slim here because rtCamp/action-slack-notify is dockerized + runs-on: ubuntu-24.04-arm steps: - uses: nodejs/web-team/actions/notify-on-push@9f3c83af227d721768d9dbb63009a47ed4f4282f with: diff --git a/.github/workflows/playwright-cloudflare-open-next.yml b/.github/workflows/playwright-cloudflare-open-next.yml index f6b35ae40f7c8..b549161ac1a12 100644 --- a/.github/workflows/playwright-cloudflare-open-next.yml +++ b/.github/workflows/playwright-cloudflare-open-next.yml @@ -25,7 +25,7 @@ permissions: jobs: playwright: name: Playwright Tests - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index d4fe720108753..8955c7c7ef0b2 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -23,7 +23,7 @@ permissions: jobs: get-vercel-preview: name: Get Vercel Preview - runs-on: ubuntu-latest + runs-on: ubuntu-slim outputs: deployment_found: ${{ steps.set_outputs.outputs.deployment_found }} url: ${{ steps.set_outputs.outputs.url }} @@ -51,7 +51,7 @@ jobs: needs: get-vercel-preview if: needs.get-vercel-preview.outputs.deployment_found == 'true' name: Playwright Tests - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 3f14c14026281..46832f814a23b 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -25,7 +25,7 @@ env: jobs: prepare-packages: - runs-on: ubuntu-latest + runs-on: ubuntu-slim outputs: # Output the matrix of packages to publish for use in the publish job matrix: ${{ steps.generate-matrix.outputs.matrix }} @@ -96,7 +96,8 @@ jobs: publish: needs: prepare-packages - runs-on: ubuntu-latest + # cannot use ubuntu-slim here because rtCamp/action-slack-notify is dockerized + runs-on: ubuntu-24.04-arm # Skip if no packages need to be published if: fromJson(needs.prepare-packages.outputs.matrix).package[0] != null # Use the dynamic matrix from prepare-packages job to create parallel jobs for each package diff --git a/.github/workflows/pull-request-label.yml b/.github/workflows/pull-request-label.yml index a4891ebda8078..7efbfa8468d3c 100644 --- a/.github/workflows/pull-request-label.yml +++ b/.github/workflows/pull-request-label.yml @@ -28,7 +28,7 @@ jobs: # this Workflow again remove_pull_request_label: name: Remove Pull Request Label - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Harden Runner uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 diff --git a/.github/workflows/request-codeowner-review.yml b/.github/workflows/request-codeowner-review.yml index 261a992c1be36..cdfed51d30173 100644 --- a/.github/workflows/request-codeowner-review.yml +++ b/.github/workflows/request-codeowner-review.yml @@ -10,7 +10,7 @@ permissions: jobs: request-reviews: - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/sync-orama.yml b/.github/workflows/sync-orama.yml index 4e2b22d155dbd..cde5956d8ad1b 100644 --- a/.github/workflows/sync-orama.yml +++ b/.github/workflows/sync-orama.yml @@ -25,7 +25,7 @@ permissions: jobs: sync-orama-cloud: name: Sync Orama Cloud - runs-on: ubuntu-latest + runs-on: ubuntu-slim # This Job should run either on non-`pull_request_target` events, # or `pull_request_target` event with a `labeled` action with a label named `github_actions:pull-request` diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml index d8ed25a0893b9..d7cbe63ca5227 100644 --- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml +++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml @@ -26,7 +26,7 @@ permissions: jobs: deploy: name: Deploy Open-Next site - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Harden Runner diff --git a/.github/workflows/translations-pr-lint.yml b/.github/workflows/translations-pr-lint.yml index 54e7b7cc42368..72881d0bd707d 100644 --- a/.github/workflows/translations-pr-lint.yml +++ b/.github/workflows/translations-pr-lint.yml @@ -34,7 +34,7 @@ jobs: (github.event.pull_request.head.repo.full_name == 'nodejs/nodejs.org' && github.event.pull_request.head.ref != 'chore/crowdin') name: Comment on Translation PR - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: # This permission is required by `thollander/actions-comment-pull-request` diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index 6ef3302db12f6..e4d267a46de8e 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -23,7 +23,7 @@ env: jobs: synchronize-with-crowdin: - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Harden Runner uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 @@ -58,7 +58,7 @@ jobs: format_crowdin_pull_request: needs: synchronize-with-crowdin - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: # This permission is required by `stefanzweifel/git-auto-commit-action` diff --git a/.github/workflows/translations-upload.yml b/.github/workflows/translations-upload.yml index 33c7ec4057d66..5ca93a891e562 100644 --- a/.github/workflows/translations-upload.yml +++ b/.github/workflows/translations-upload.yml @@ -14,7 +14,8 @@ concurrency: jobs: upload-to-crowdin: - runs-on: ubuntu-latest + # cannot use ubuntu-slim here because crowdin/github-action is dockerized + runs-on: ubuntu-24.04-arm steps: - name: Harden Runner From f2ab9412a411f45f031a7e61c4eb3b36b75a70e7 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 11 Mar 2026 10:50:14 +0100 Subject: [PATCH 2/6] fixup! chore(ci): make cost-saving changes --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5a8704abe5d0d..4abf447ae40db 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -47,7 +47,7 @@ jobs: - os: windows-latest # Skipping the Windows build on the private repo to save on costs repo: nodejs-private/nodejs.org-private - + steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f with: From ac64b5994884581bce164bdd9db4b314a405a8ae Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 11 Mar 2026 12:54:01 +0100 Subject: [PATCH 3/6] fixup! chore(ci): make cost-saving changes --- .github/workflows/build.yml | 75 +++++++++++++++++++++++++------------ 1 file changed, 51 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4abf447ae40db..a84ae5086b44f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,23 +30,9 @@ env: TURBO_ARGS: --cache-dir=.turbo/cache jobs: - build: - name: Build on ${{ matrix.os }} - runs-on: ${{ matrix.os }} - - strategy: - fail-fast: false - matrix: - os: [ubuntu-slim, windows-latest] - event-name: ${{ github.event_name }} - repo: ${{ github.repository }} - exclude: - - os: windows-latest - # Skipping the Windows build on the merge queue to speed it up - event-name: merge_group - - os: windows-latest - # Skipping the Windows build on the private repo to save on costs - repo: nodejs-private/nodejs.org-private + build-linux: + name: Build on Linux + runs-on: ubuntu-slim steps: - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f @@ -56,12 +42,6 @@ jobs: # We only want to install required production packages install-flags: --prod - - name: Use GNU tar instead BSD tar - # This ensures that we use GNU `tar` which is more efficient for extracting caches's - if: matrix.os == 'windows-latest' - shell: cmd - run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%" - - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ github.workspace }}/apps/site/.next/cache @@ -80,7 +60,6 @@ jobs: TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-slim' }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 - if: matrix.os == 'ubuntu-slim' with: name: webpack-stats path: apps/site/.next/server/webpack-stats.json @@ -96,3 +75,51 @@ jobs: # We want to ensure that static exports for all locales do not occur on `pull_request` events # TODO: The output of this is too large, and it crashes the GitHub Runner NEXT_PUBLIC_STATIC_EXPORT_LOCALE: false # ${{ github.event_name == 'push' }} + + build-windows: + name: Build on windows + runs-on: windows-latest + + if: github.event_name != 'merge_group' || github.repository == 'nodejs/nodejs.org' + + steps: + - uses: nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f + with: + pnpm: true + use-version-file: true + # We only want to install required production packages + install-flags: --prod + + - name: Use GNU tar instead BSD tar + # This ensures that we use GNU `tar` which is more efficient for extracting caches's + shell: cmd + run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%" + + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + with: + path: ${{ github.workspace }}/apps/site/.next/cache + key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }} + restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}- + + - name: Build Next.js + # We want a ISR build on CI to ensure that regular Next.js builds work as expected. + run: node_modules/.bin/turbo build ${{ env.TURBO_ARGS }} + env: + # We want to ensure we have enough RAM allocated to the Node.js process + # this should be a last resort in case by any chances the build memory gets too high + # but in general this should never happen + NODE_OPTIONS: '--max_old_space_size=4096' + # See https://github.com/vercel/next.js/pull/81318 + TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-slim' }} + + - name: Build Next.js (Static Export) + # We want to generate a static build, as it is a requirement of our website. + run: node_modules/.bin/turbo deploy ${{ env.TURBO_ARGS }} + env: + # We want to ensure we have enough RAM allocated to the Node.js process + # this should be a last resort in case by any chances the build memory gets too high + # but in general this should never happen + NODE_OPTIONS: '--max_old_space_size=4096' + # We want to ensure that static exports for all locales do not occur on `pull_request` events + # TODO: The output of this is too large, and it crashes the GitHub Runner + NEXT_PUBLIC_STATIC_EXPORT_LOCALE: false # ${{ github.event_name == 'push' }} From 29f043189f9114533fc00de7bbac9d0b780063ba Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 11 Mar 2026 12:54:59 +0100 Subject: [PATCH 4/6] fixup! chore(ci): make cost-saving changes --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a84ae5086b44f..9a9ffed9c0a60 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -57,7 +57,7 @@ jobs: # but in general this should never happen NODE_OPTIONS: '--max_old_space_size=4096' # See https://github.com/vercel/next.js/pull/81318 - TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-slim' }} + TURBOPACK_STATS: true - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: @@ -110,7 +110,7 @@ jobs: # but in general this should never happen NODE_OPTIONS: '--max_old_space_size=4096' # See https://github.com/vercel/next.js/pull/81318 - TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-slim' }} + TURBOPACK_STATS: false - name: Build Next.js (Static Export) # We want to generate a static build, as it is a requirement of our website. From d1a9edbf9921b8febb700cd1f567e76f0961b5a7 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 11 Mar 2026 12:56:45 +0100 Subject: [PATCH 5/6] fixup! chore(ci): make cost-saving changes --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9a9ffed9c0a60..ab9ed03c666c5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,7 +31,7 @@ env: jobs: build-linux: - name: Build on Linux + name: Build on ubuntu-latest # Name must match the repo setting runs-on: ubuntu-slim steps: @@ -77,7 +77,7 @@ jobs: NEXT_PUBLIC_STATIC_EXPORT_LOCALE: false # ${{ github.event_name == 'push' }} build-windows: - name: Build on windows + name: Build on Windows runs-on: windows-latest if: github.event_name != 'merge_group' || github.repository == 'nodejs/nodejs.org' From 552ed8b7dbad21e1a67c5d5d16b1ebb01b3ce96a Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 11 Mar 2026 12:58:00 +0100 Subject: [PATCH 6/6] fixup! chore(ci): make cost-saving changes --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ab9ed03c666c5..0e296dc306f93 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -79,7 +79,7 @@ jobs: build-windows: name: Build on Windows runs-on: windows-latest - + if: github.event_name != 'merge_group' || github.repository == 'nodejs/nodejs.org' steps: