clockworklabs · jdetter · Jan 14, 2026 · Jan 15, 2026 · Jan 15, 2026
diff --git a/.github/workflows/attach-artifacts.yml b/.github/workflows/attach-artifacts.yml
@@ -9,11 +9,7 @@ on:
 
 jobs:
   upload-assets:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: ubuntu-latest
     permissions:
       contents: write  # needed to modify releases
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -23,13 +23,10 @@ jobs:
     name: Smoketests
     strategy:
       matrix:
-        runner: [spacetimedb-new-runner, windows-latest]
+        runner: [spacetimedb-new-runner-2, windows-latest]
         include:
-          - runner: spacetimedb-new-runner
+          - runner: spacetimedb-new-runner-2
             smoketest_args: --docker
-            container:
-              image: localhost:5000/spacetimedb-ci:latest
-              options: --privileged
           - runner: windows-latest
             smoketest_args: --no-build-cli
             container: null
@@ -123,11 +120,7 @@ jobs:
   test:
     needs: [lints, llm_ci_check]
     name: Test Suite
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -180,11 +173,7 @@ jobs:
 
   lints:
     name: Lints
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -212,11 +201,7 @@ jobs:
 
   wasm_bindings:
     name: Build and test wasm bindings
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -239,11 +224,7 @@ jobs:
 
   publish_checks:
     name: Check that packages are publishable
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: ubuntu-latest
     permissions: read-all
     steps:
       - uses: actions/checkout@v3
@@ -272,11 +253,8 @@ jobs:
     strategy:
       matrix:
         include:
-          - runner: spacetimedb-new-runner
+          - runner: spacetimedb-new-runner-2
             target: x86_64-unknown-linux-gnu
-            container:
-              image: localhost:5000/spacetimedb-ci:latest
-              options: --privileged
           - { target: aarch64-unknown-linux-gnu, runner: arm-runner }
           - { target: aarch64-apple-darwin, runner: macos-latest }
           - { target: x86_64-pc-windows-msvc, runner: windows-latest }
@@ -324,7 +302,7 @@ jobs:
     name: Unreal Engine Tests
     # This can't go on e.g. ubuntu-latest because that runner runs out of disk space. ChatGPT suggested that the general solution tends to be to use
     # a custom runner.
-    runs-on: spacetimedb-new-runner
+    runs-on: spacetimedb-new-runner-2
     # Disable the tests because they are very flaky at the moment.
     # TODO: Remove this line and re-enable the `if` line just below here.
     if: false
@@ -439,11 +417,7 @@ jobs:
   cli_docs:
     name: Check CLI docs
     permissions: read-all
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -524,12 +498,7 @@ jobs:
     permissions:
       contents: read
       checks: write
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
-        --cgroupns=host
+    runs-on: spacetimedb-unity-runner
     timeout-minutes: 30
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
@@ -649,12 +618,7 @@ jobs:
 
   csharp-testsuite:
     needs: [lints, llm_ci_check]
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
-        --cgroupns=host
+    runs-on: spacetimedb-new-runner-2
     timeout-minutes: 30
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -11,63 +11,63 @@
 
 jobs:
   docker-amd64:
-    runs-on: ubuntu-latest
+    runs-on: spacetimedb-new-runner-2
     name: Build DockerHub AMD64 Container
     steps:
       - name: Checkout
        uses: actions/checkout@v3
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: |
            clockworklabs/spacetimedb
          tags: |
            type=ref,event=tag
            type=sha,prefix=commit-,suffix=-amd64
          flavor: |
            latest=false
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Cache Docker layers
        uses: actions/cache@v4
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          file: crates/standalone/Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
          platforms: linux/amd64

      - name: Merge images
        run: |
          ./tools/merge-docker-images.sh clockworklabs/spacetimedb "commit-${GITHUB_SHA:0:7}" "${GITHUB_SHA:0:7}-full"

        # This ugly bit is necessary if you don't want your cache to grow forever
        # until it hits GitHub's limit of 5GB.
        # Temp fix
        # https://github.com/docker/build-push-action/issues/252
        # https://github.com/moby/buildkit/issues/1896
      - name: Move cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

  docker-arm64:
    runs-on: arm-runner
    name: Build DockerHub ARM64 Container
    steps:

diff --git a/.github/workflows/docs-publish.yaml b/.github/workflows/docs-publish.yaml
@@ -10,11 +10,7 @@ on:
 
 jobs:
   build:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

diff --git a/.github/workflows/docs-test.yaml b/.github/workflows/docs-test.yaml
@@ -7,11 +7,7 @@ on:
 
 jobs:
   build:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -16,11 +16,7 @@ jobs:
         include:
           - name: x86_64 Linux
             target: x86_64-unknown-linux-gnu
-            runner: spacetimedb-new-runner
-            container:
-              image: localhost:5000/spacetimedb-ci:latest
-              options: >-
-                --privileged
+            runner: spacetimedb-new-runner-2
           - { name: aarch64 Linux, target: aarch64-unknown-linux-gnu, runner: arm-runner }
           # Disabled because musl builds weren't working and we didn't want to investigate. See https://github.com/clockworklabs/SpacetimeDB/pull/2964.
           # - { name: x86_64 Linux musl, target: x86_64-unknown-linux-musl, runner: bare-metal, container: alpine }

diff --git a/.github/workflows/typescript-lint.yml b/.github/workflows/typescript-lint.yml
@@ -9,37 +9,32 @@
 
 jobs:
   build:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: --privileged
-
-
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 18

      - uses: pnpm/action-setup@v4
        with:
          run_install: true

      - name: Get pnpm store directory
        shell: bash
        run: |
          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV

      - uses: actions/cache@v4
        name: Setup pnpm cache
        with:
          path: ${{ env.STORE_PATH }}
          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
          restore-keys: |
            ${{ runner.os }}-pnpm-store-

      - name: Lint
        run: pnpm lint
diff --git a/.github/workflows/typescript-test.yml b/.github/workflows/typescript-test.yml
@@ -13,135 +13,132 @@
 
 jobs:
   build-and-test:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
 
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 18

      - uses: pnpm/action-setup@v4
        with:
          run_install: true

      - name: Get pnpm store directory
        shell: bash
        working-directory: crates/bindings-typescript
        run: |
          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV

      - uses: actions/cache@v4
        name: Setup pnpm cache
        with:
          path: ${{ env.STORE_PATH }}
          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
          restore-keys: |
            ${{ runner.os }}-pnpm-store-

      - name: Build module library and SDK
        working-directory: crates/bindings-typescript
        run: pnpm build

      - name: Run module library and SDK tests
        working-directory: crates/bindings-typescript 
        run: pnpm test

      # - name: Extract SpacetimeDB branch name from file
      #   id: extract-branch
      #   run: |
      #     # Define the path to the branch file
      #     BRANCH_FILE=".github/spacetimedb-branch.txt"

      #     # Default to master if file doesn't exist
      #     if [ ! -f "$BRANCH_FILE" ]; then
      #       echo "::notice::No SpacetimeDB branch file found, using 'master'"
      #       echo "branch=master" >> $GITHUB_OUTPUT
      #       exit 0
      #     fi

      #     # Read and trim whitespace from the file
      #     branch=$(cat "$BRANCH_FILE" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')

      #     # Fallback to master if empty
      #     if [ -z "$branch" ]; then
      #       echo "::warning::SpacetimeDB branch file is empty, using 'master'"
      #       branch="master"
      #     fi

      #     echo "branch=$branch" >> $GITHUB_OUTPUT
      #     echo "Using SpacetimeDB branch from file: $branch"

      - name: Install Rust toolchain
        uses: dsherret/rust-toolchain-file@v1

      - name: Cache Rust dependencies
        uses: Swatinem/rust-cache@v2
        with:
          workspaces: ${{ github.workspace }}
          shared-key: spacetimedb
          # Let the main CI job save the cache since it builds the most things
          save-if: false
          prefix-key: v1

      - name: Install SpacetimeDB CLI from the local checkout
        run: |
          cargo install --force --path crates/cli --locked --message-format=short
          cargo install --force --path crates/standalone --locked --message-format=short
          # Add a handy alias using the old binary name, so that we don't have to rewrite all scripts (incl. in submodules).
          rm -f $CARGO_HOME/bin/spacetime
          ln -s $CARGO_HOME/bin/spacetimedb-cli $CARGO_HOME/bin/spacetime
          # Clear any existing information
          spacetime server clear -y

      - name: Generate client bindings
        working-directory: templates/quickstart-chat-typescript/spacetimedb
        run: |
          spacetime generate --lang typescript --out-dir ../src/module_bindings
          cd ../../../crates/bindings-typescript
          pnpm format

      - name: Check for changes
        working-directory: templates/quickstart-chat-typescript
        run: |
          "${GITHUB_WORKSPACE}"/tools/check-diff.sh src/module_bindings || {
            echo "Error: Bindings are dirty. Please generate bindings again and commit them to this branch."
            exit 1
          }

      # - name: Start SpacetimeDB
      #   run: |
      #     spacetime start &
      #     disown

      # - name: Publish module to SpacetimeDB
      #   working-directory: SpacetimeDB/templates/quickstart-chat-typescript/spacetimedb
      #   run: |
      #     spacetime logout && spacetime login --server-issued-login local
      #     spacetime publish -s local quickstart-chat -c -y

      # - name: Publish module to SpacetimeDB
      #   working-directory: SpacetimeDB/templates/quickstart-chat-typescript/spacetimedb
      #   run: |
      #     spacetime logs quickstart-chat

      - name: Check that quickstart-chat builds
        working-directory: templates/quickstart-chat-typescript
        run: pnpm build

      # - name: Run quickstart-chat tests
      #   working-directory: examples/quickstart-chat
      #   run: pnpm test
      #
      # # Run this step always, even if the previous steps fail
      # - name: Print rows in the user table
      #   if: always()
      #   run: spacetime sql quickstart-chat "SELECT * FROM user"
diff --git a/.github/workflows/upgrade-version-check.yml b/.github/workflows/upgrade-version-check.yml
@@ -8,10 +8,7 @@ permissions: read-all
 
 jobs:
   version_upgrade_check:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: --privileged
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout
         uses: actions/checkout@v3