Use GitHub-hosted Docker builders

[rajpandya737]

Summary

• switch Docker build jobs from Blacksmith runners to GitHub-hosted Ubuntu runners
• replace Blacksmith Docker builder/action usage with Docker's official Buildx/build-push actions
• use the default Docker builder for the PR Docker image build check

Verification

• grep confirmed no Blacksmith references remain in .github/workflows
• git diff --check
• uv run ruff check

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

1. Unpinned check runner 🐞 Bug ☼ Reliability

Description

Both docker-build-check.yml and build-and-deploy.yml run on ubuntu-latest, which can introduce
nondeterministic PR gate failures and unexpected production build/push breakages when GitHub updates
the default runner image. Pinning the runner (and keeping it aligned between PR checks and
build/deploy) makes the pipelines stable, reproducible, and comparable.

Code

.github/workflows/docker-build-check.yml[7]

+    runs-on: ubuntu-latest

Evidence

The cited workflow definitions show the relevant jobs are configured with runs-on: ubuntu-latest:
the PR Docker build check job in docker-build-check.yml uses the floating runner label, and the
production image build job in build-and-deploy.yml also targets ubuntu-latest. Because
ubuntu-latest can change independently of the repo, these configurations directly support the risk
of runner-image drift causing CI failures or pipeline breakages without any PR changes.

.github/workflows/docker-build-check.yml[5-12]
.github/workflows/build-and-deploy.yml[21-29]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Both the PR Docker build check and the production build/deploy workflow use `runs-on: ubuntu-latest`, which is a moving target and can change without a PR, leading to nondeterministic PR gate failures and unexpected Docker build/push breakages.

## Issue Context
The Docker build check workflow gates PRs, so runner drift can cause flaky failures that block merges; the production build workflow can similarly break CI/CD without code changes if the underlying runner image updates.

## Fix Focus Areas
- .github/workflows/docker-build-check.yml[5-12]
- .github/workflows/build-and-deploy.yml[22-29]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[qodo-code-review]

Review Summary by Qodo

Migrate Docker builds to GitHub-hosted runners

✨ Enhancement

Walkthroughs

Description

• Replace Blacksmith runners with GitHub-hosted Ubuntu runners
• Switch Docker build actions to official Docker Buildx
• Simplify PR Docker build check workflow

Diagram

flowchart LR
  A["Blacksmith Runners"] -->|"Replace with"| B["ubuntu-latest"]
  C["Blacksmith Docker Builder"] -->|"Replace with"| D["docker/setup-buildx-action"]
  E["useblacksmith/build-push-action"] -->|"Replace with"| F["docker/build-push-action"]

Loading

File Changes

1. .github/workflows/build-and-deploy.yml ⚙️ Configuration changes +4/-4

Migrate to GitHub-hosted runners and Docker Buildx

• Changed runner from blacksmith-4vcpu-ubuntu-2404 to ubuntu-latest
• Replaced useblacksmith/setup-docker-builder@v1 with docker/setup-buildx-action@v3
• Updated build action from useblacksmith/build-push-action@v2 to docker/build-push-action@v6

.github/workflows/build-and-deploy.yml

---

2. .github/workflows/docker-build-check.yml ⚙️ Configuration changes +1/-3

Simplify PR Docker build check workflow

• Changed runner from blacksmith-4vcpu-ubuntu-2404 to ubuntu-latest
• Removed Blacksmith Docker builder setup step
• Simplified workflow to use default Docker builder

.github/workflows/docker-build-check.yml

---