ci: move lightweight notification/bookkeeping jobs to self-hosted runners

[arealmaas]

What

Moves 7 non-gating reusable workflows from ubuntu-latest → self-hosted, continuing the migration started in #4116:

Workflow	What it does
workflow-send-ci-cd-status-slack-message.yml	Slack CI/CD status notification
workflow-send-deployment-lag-slack-message.yml	Slack deployment-lag notification
workflow-swarmia-deployment.yml	Swarmia deployment ping (HTTP)
workflow-store-github-env-variable.yml	Stores a GitHub environment variable (gh)
workflow-tag-issues-with-environment.yml	Tags PRs/issues with the environment (gh)
workflow-get-latest-deployed-version-info-from-github.yml	Reads GitHub variables (gh)
workflow-delete-deployments.yml	Deletes GitHub deployments on PR cleanup (gh)

Each change is a single-line runs-on flip.

Why these (lowest risk)

• Non-gating — none block a PR merge or a deployment. A runner hiccup degrades a notification or bookkeeping step at worst; nothing rolls back or fails a gate.
• No Docker / minimal tooling — pure gh / az / curl / Node steps. The self-hosted runners are ephemeral Azure Container App Jobs with no Docker daemon and a minimal image (Azure CLI, Node 24, gh, jq, make), so these jobs run unchanged.
• The PR pipeline already depends on self-hosted runners for check-for-changes, so this adds no new critical-path dependency.

⚠️ Caveats

• Shared across all environments — these are reusable workflows called by the test/staging/yt01/prod pipelines, so the change applies everywhere at once.
• Concurrency ceiling unverified — max parallel runners (maxExecutions) is set in the external Altinn/altinn-modules Terraform module (v1.2.3), not in the runner-config repo. If the pool is small, higher-volume use could queue. Worth confirming with the platform team before moving busier jobs.
• Ephemeral = cold caches — each job gets a fresh runner (no local NuGet/npm/Docker-layer reuse). Negligible for these lightweight jobs.
• Smaller runners — 4 vCPU / 8 GiB vs 16 GB on ubuntu-latest. Fine here; relevant for heavier jobs later.
• Public-repo + self-hosted security — flagged in altinn-platform RFC 0002. Mitigated by ephemeral, repo-scoped runners and secrets not flowing to fork PRs; confirm "require approval for outside collaborators" is enabled.

🚫 Blocked — cannot move (need a Docker daemon / missing tooling)

Out of scope here; staying on ubuntu-latest:

• workflow-build-and-test.yml — integration tests use Testcontainers.PostgreSql (needs Docker).
• workflow-publish-docker-images.yml — docker/setup-buildx + build-push (needs Docker).
• workflow-run-k6-tests.yml — grafana/k6-action runs k6 via Docker.
• workflow-deploy-infra.yml — uses shell: pwsh, which isn't in the runner image.

Next candidates (future PRs, once this is proven stable)

Docker-free but gating/heavier, so deferred until the pool's reliability and concurrency are confirmed: PR checks validate-schema and vulnerabilities-introduced, and the E2E test workflows (run-webapi-e2e-tests, run-graphql-e2e-tests, run-k6-performance, which runs k6 in AKS rather than on the runner).

Rollback

Revert the single commit — every change is a one-line runs-on flip.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ef40c4fc-62f0-488d-8ed9-d3602edcb2cd

📥 Commits

Reviewing files that changed from the base of the PR and between 6f44aa9 and b5e2a8f.

📒 Files selected for processing (7)

• .github/workflows/workflow-delete-deployments.yml
• .github/workflows/workflow-get-latest-deployed-version-info-from-github.yml
• .github/workflows/workflow-send-ci-cd-status-slack-message.yml
• .github/workflows/workflow-send-deployment-lag-slack-message.yml
• .github/workflows/workflow-store-github-env-variable.yml
• .github/workflows/workflow-swarmia-deployment.yml
• .github/workflows/workflow-tag-issues-with-environment.yml

---

📝 Walkthrough

Walkthrough

Seven GitHub Actions workflow files are updated to run their respective jobs on self-hosted runners instead of ubuntu-latest. Each change is a single-line edit to the runs-on field; no job steps, logic, inputs, outputs, or permissions are modified.

Changes

Runner Migration Across Utility Workflows

Layer / File(s)

Summary

Switch runs-on to self-hosted in all utility workflows .github/workflows/workflow-delete-deployments.yml, .github/workflows/workflow-get-latest-deployed-version-info-from-github.yml, .github/workflows/workflow-send-ci-cd-status-slack-message.yml, .github/workflows/workflow-send-deployment-lag-slack-message.yml, .github/workflows/workflow-store-github-env-variable.yml, .github/workflows/workflow-swarmia-deployment.yml, .github/workflows/workflow-tag-issues-with-environment.yml

The runs-on value is changed from ubuntu-latest to self-hosted for each job across all seven workflow files; no other workflow logic is altered.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Altinn/dialogporten#4116: Applies the same ubuntu-latest → self-hosted runner migration to GitHub Actions jobs in other workflow files.

Suggested labels

at23

Suggested reviewers

• oskogstad

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: moving 7 lightweight, non-gating CI/CD workflows to self-hosted runners, as confirmed by the file summaries.
Description check	✅ Passed	The description is comprehensive and well-structured, covering the what, why, caveats, and rollback plan. However, it diverges significantly from the required template sections (no explicit checklist completion, no 'Related Issue(s)' section reference).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch arealmaas/move-jobs-self-hosted-runners

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b5e2a8f0fb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".