From 46a597bc762247aa58913803aae47065cc02ff3a Mon Sep 17 00:00:00 2001
From: Josh Wolf <josh@wolfs.io>
Date: Wed, 13 Mar 2024 16:04:00 -0400
Subject: [PATCH] use GH hosted runners

---
 .github/workflows/.build.yaml | 51 ++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/.build.yaml b/.github/workflows/.build.yaml
index f15c264b..4e4f3bff 100644
--- a/.github/workflows/.build.yaml
+++ b/.github/workflows/.build.yaml
@@ -9,39 +9,46 @@ on:
       melange-config:
         required: false
         type: string
-        default: ''
+        default: ""
       registry:
         required: false
         type: string
-        default: ''
+        default: ""
 
 jobs:
   build:
-    runs-on:
-      group: wolfi-builder-${{ matrix.arch }}
+    runs-on: ${{ matrix.runner }}
     if: inputs.melange-config != ''
     strategy:
-      fail-fast: true
       matrix:
         arch: ["x86_64", "aarch64"]
+        include:
+          - arch: x86_64
+            runner: ubuntu-latest-16-cores
+            oci: amd64
+          - arch: aarch64
+            runner: ubuntu-arm-16-cores
+            oci: arm64
+      fail-fast: true
+
+    container:
+      image: "ghcr.io/wolfi-dev/sdk@sha256:a0e34ba48bd86bfb7bf276b1f9e60cbbeb54b36f1f9f111dcd3b12f196c54a7d"
+      options: |
+        --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
+
     steps:
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - name: Build the package
+        run: |
+          cd images/${{ inputs.image }}
 
-      # TODO: Replace this with custom wolfi image
-      - run: |
-          sudo apt update -y && \
-          sudo apt install unzip curl cmake pkg-config -y
-
-      - id: melange
-        uses: chainguard-dev/actions/melange-build@main
-        with:
-          multi-config: ${{ inputs.melange-config }}
-          empty-workspace: false
-          workdir: images/${{ inputs.image }}
-          sign-with-temporary-key: true
-          archs: ${{ matrix.arch }}
+          melange keygen local-melange.rsa
+          melange build ${{ inputs.melange-config }} \
+            --arch ${{ matrix.arch }} \
+            --signing-key local-melange.rsa \
+            --out-dir ../../packages/
 
-      - name: 'Upload built packages archive to Github Artifacts'
+      - name: "Upload built packages archive to Github Artifacts"
         uses: actions/upload-artifact@v3
         with:
           name: ${{ inputs.image }}-${{ matrix.arch }}
@@ -63,7 +70,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: '1.5.*'
+          terraform_version: "1.5.*"
           terraform_wrapper: false
 
       # Setup melange
@@ -71,14 +78,14 @@ jobs:
         if: inputs.melange-config != ''
 
       # Fetch the build stages back down
-      - name: 'Download package archives'
+      - name: "Download package archives"
         if: inputs.melange-config != ''
         uses: actions/download-artifact@v3
         with:
           name: ${{ inputs.image }}-aarch64
           path: ./packages
 
-      - name: 'Download package archives'
+      - name: "Download package archives"
         if: inputs.melange-config != ''
         uses: actions/download-artifact@v3
         with: