ci: namespace runner trial control plane

[jluque0101]

Description

INFRA-3592 Phase 0 — adds a runner_provider control input (current | namespace, default current) to the Phase 1-4 entry-point and reusable workflows, threads forwarding through every in-scope caller, and wraps each in-scope runs-on: in an additive ternary that selects between the existing runner and the matching namespace-profile-* label.

No job is migrated. No default is changed. With runner_provider: current (the default on every existing trigger) every ternary collapses to its prior literal/expression, so behavior is byte-identical to main. The namespace branch is reachable only via manual workflow_dispatch.

Branch is the long-lived working surface for Phases 1-4; do not merge.

Changelog

CHANGELOG entry: null

Related issues

Fixes: INFRA-3592 (parent epic INFRA-3511)

Manual testing steps

Feature: runner_provider trial control plane

  Scenario: dispatch on the current default — byte-identical
    Given the trial branch namespace-runner-trial
    When user runs `gh workflow run ci.yml --ref namespace-runner-trial -f runner_provider=current`
    Then every job runs on its existing GitHub-hosted / Cirrus runner
    And required-check context names match origin/main exactly

  Scenario: dispatch on namespace — plumbing reaches Namespace
    Given the trial branch and the MetaMask Actions allowlist already updated
    When user runs `gh workflow run ci.yml --ref namespace-runner-trial -f runner_provider=namespace`
    Then jobs are picked up by the namespace-profile-metamask-* runner that maps to each existing class
    And end-to-end success is not required at Phase 0 — composite-action assumptions land in Phase 2-4

Verification evidence (already executed)

Both scenarios above were dispatched against this branch — results recorded:

Scenario	Run	Result
runner_provider=namespace (Namespace path)	25319648133	Linux, iOS, Android jobs all picked up by the matching namespace-profile-metamask-* runner; secrets resolved end-to-end (secrets: inherit flowing); job names + required-check contexts unchanged
runner_provider=current (existing runners)	25320925061	0 Namespace instances spawned in the dispatch window; every job ran on its prior GitHub-hosted / Cirrus runner
Implicit current via PR-trigger (no input)	25174041735, 25162883313	Both pull_request runs on the branch completed successfully on existing runners — proves the byte-identical contract holds without a manual dispatch

Required-check parity verified statically against the 3 contexts on main's branch protection (check-template-and-add-labels, Check all jobs pass, CLABot) — none renamed in this diff. Detailed cross-reference in INFRA-3592 comment 417866 §5.

Screenshots/Recordings

N/A — CI infrastructure PR, no UI surface.

Notes for reviewers

• 6 commits, organised so each is independently reviewable: actionlint label registration → workflow_dispatch inputs → workflow_call inputs → caller forwarding → runs-on ternary → placeholder→canonical-label replacement.
• Phase 7 callers (runway-*, nightly-build, build-and-upload-to-testflight, push-eas-update, build-rc-auto) are intentionally not modified — they continue to call without forwarding, callees default to current.
• Composite actions are inventoried only — Phase 2/3/4/5/7 own their migration.
• actionlint -config-file .github/actionlint.yaml produces byte-identical output to origin/main (84 lines, exit 1 from pre-existing warnings only — no new findings introduced by this PR).
• Inventories captured (composite actions, caller graph, secrets/environments, concurrency groups, required-check contexts) — full tables in INFRA-3592 comment 417866.
• Branch was rebased onto current main after a conflict with #29431 (e2e label rename). Conflict resolution was mechanical — main's renamed jobs (swap-, stake-, money-) had runner_provider: re-applied; no semantic decision involved.

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (team-dev-ops, size-M)

Performance checks (if applicable)

N/A — workflow YAML only, no app code.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches many GitHub Actions workflows and runs-on expressions, so miswiring could break CI execution or route jobs to the wrong runner. Default behavior remains current, but the new namespace path changes execution environment when manually dispatched.

Overview
Introduces a new runner_provider input (default current, optional namespace) across in-scope entrypoint and reusable workflows, and forwards it through callers.

Updates runs-on in ci.yml, build.yml, setup-node-modules.yml, and E2E build/test workflows to conditionally select between existing GitHub-hosted/Cirrus runners and new namespace-profile-metamask-* runner labels.

Registers the new namespace-profile-* labels in .github/actionlint.yaml, and adds workflow_dispatch inputs to enable manual trial runs using the namespace provider.

^{Reviewed by Cursor Bugbot for commit fffcc88. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[jluque0101]

bugbot run

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 5a68282. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 08caa40. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 97%

click to see 🤖 AI reasoning details

E2E Test Selection:
All 12 changed files are purely CI/CD infrastructure changes with zero application code modifications. The PR adds a runner_provider input parameter (defaulting to current) to all GitHub Actions workflows, enabling conditional selection of Namespace runner profiles as an alternative to the existing Cirrus/GitHub-hosted runners. Key points:

1. No app code changes: No TypeScript, JavaScript, native code, or test code was modified.
2. Backward-compatible defaults: All new runner_provider inputs default to current, meaning normal PR-triggered runs are completely unaffected and use existing runners.
3. Pure infrastructure experiment: This is a trial to evaluate Namespace runners (INFRA-3592) as an alternative CI provider — it doesn't change what tests run or how the app behaves.
4. actionlint.yaml update: Simply registers new Namespace runner labels as known self-hosted runners to prevent linting false positives.

Since no application code, test logic, or user-facing functionality was changed, there is no need to run any E2E test tags. The CI pipeline itself will validate the workflow syntax via the existing check-workflows job.

Performance Test Selection:
No application code, UI components, state management, or performance-sensitive paths were modified. All changes are purely CI/CD workflow infrastructure (runner provider selection). Performance tests are not warranted.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud