Change CI runner from ubuntu-latest to self-hosted

[vsilent]

No description provided.

[Copilot]

Pull request overview

Updates the GitHub Actions CI workflow to run key jobs on self-hosted runners instead of GitHub-hosted ubuntu-latest, presumably to use internal infrastructure and/or reduce hosted runner usage.

Changes:

• Switch build-and-test job runner from ubuntu-latest to self-hosted.
• Switch build-release-binaries job runner from ubuntu-latest to self-hosted.
• Switch docker-build job runner from ubuntu-latest to self-hosted.

[Copilot]

Keeping the old runs-on line commented out adds noise and can drift from reality. If you want to preserve the previous value, consider removing the commented line and capturing the reasoning in a short comment (or in PR description/docs) instead.

Suggested change

	#runs-on: ubuntu-latest
	# Run on self-hosted runner (requires project-specific environment, e.g. Docker)

[Copilot]

This workflow runs on pull_request, so switching build-and-test to a self-hosted runner will execute untrusted PR code on your own runner machine. Consider using GitHub-hosted runners for PRs (or gating self-hosted runs to trusted events/branches only) to avoid runner compromise and secret exfiltration risks.

Suggested change

	#runs-on: ubuntu-latest
	runs-on: self-hosted
	runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'self-hosted' }}

[Copilot]

runs-on: self-hosted is very broad; these steps assume a Linux/Ubuntu-like environment (bash conditionals, apt-get, strip). Use runner labels (e.g., runs-on: [self-hosted, linux, x64] and/or a custom label for your prepared image) so the job can’t land on an incompatible self-hosted runner.

[Copilot]

PR title indicates all jobs should move off ubuntu-latest, but create-release still uses ubuntu-latest in this workflow. Either update the title/scope to reflect the partial migration, or move create-release to the intended runner type as well (keeping in mind any permissions/security requirements).