Skip to content

Remove CodeBuild runner infrastructure#1959

Draft
whi-tw wants to merge 2 commits intowhi-tw/allow-github-hosted-runner-deploy-review-appsfrom
whi-tw/stop-using-self-hosted-runners
Draft

Remove CodeBuild runner infrastructure#1959
whi-tw wants to merge 2 commits intowhi-tw/allow-github-hosted-runner-deploy-review-appsfrom
whi-tw/stop-using-self-hosted-runners

Conversation

@whi-tw
Copy link
Member

@whi-tw whi-tw commented Jan 22, 2026

What problem does this pull request solve?

Trello card: https://trello.com/c/UIEQ97bl/792-stop-using-self-hosted-runners-on-github

Remove the CodeBuild-hosted GitHub Actions runner infrastructure now that review apps use GitHub-hosted runners with OIDC authentication.

The gha-runner module and CodeBuild resources are no longer needed. The data source and service-linked role for app autoscaling are retained in service_linked_roles.tf as they're still used by the review app deployments.

This should not be merged until we've migrated all the app repos, and rebased WIP branches (or at least informed developers of the change so they can rebase)

Things to consider when reviewing

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Has all relevant documentation been updated?

Reminders

If you've made changes to the deployer role (files in modules/deployer-access):

  • Remember to run make <environment> forms/account apply on the relevant environments (dev, staging, user-research, and/or prod)
  • Check the #govuk-forms-deployment-notifications Slack channel to ensure the apply-forms-terraform-<environment> pipelines have run successfully

@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from e120964 to 7d50b62 Compare January 22, 2026 11:14
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runners branch from c42672a to 6b71efd Compare January 22, 2026 11:15
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from 7d50b62 to 5928f55 Compare January 22, 2026 11:17
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runners branch from 6b71efd to 2fd54c2 Compare January 22, 2026 11:17
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from 5928f55 to 039a9ad Compare January 22, 2026 11:54
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runners branch from 2fd54c2 to b77f2b3 Compare January 22, 2026 12:15
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from 039a9ad to 7c4ad50 Compare January 23, 2026 11:46
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runners branch from b77f2b3 to 54ca9c3 Compare January 23, 2026 11:49
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch 2 times, most recently from 3d65d7b to f8f2138 Compare January 23, 2026 15:57
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runners branch 2 times, most recently from aa0eb1c to 889dd66 Compare January 23, 2026 16:25
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from f8f2138 to cff1352 Compare January 23, 2026 16:29
@whi-tw
Refactor OIDC review apps deployment w/ CodeBuild
1436189 
Instead of giving GitHub Actions direct access to deploy review apps to
ECS, we set up CodeBuild projects that GitHub Actions can trigger via
OIDC. This reduces the permissions granted to GitHub Actions, as they no
longer need direct access to ECS, ECR, and other resources.
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from cff1352 to 1436189 Compare March 9, 2026 09:41
@whi-tw
Remove CodeBuild runner infrastructure
752c11c 
Remove the CodeBuild-hosted GitHub Actions runner infrastructure now
that review apps use GitHub-hosted runners with OIDC authentication.

The gha-runner module and CodeBuild resources are no longer needed.
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runners branch from 889dd66 to 752c11c Compare March 9, 2026 09:42
sarahseewhy
sarahseewhy approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@sarahseewhy sarahseewhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from 1436189 to ee2195e Compare March 12, 2026 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarahseewhy sarahseewhy sarahseewhy approved these changes

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@whi-tw @sarahseewhy