From 4a5a6546b46eeb550d5d838cb1ffdf26366d8a59 Mon Sep 17 00:00:00 2001
From: yuriyryabikov <22548029+kurok@users.noreply.github.com>
Date: Tue, 21 Apr 2026 14:05:01 +0100
Subject: [PATCH] ci: rotate ec2-github-runner SHA to Phase 4 retry tip
 (non-root + --ephemeral)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

namecheap/ec2-github-runner#26 merged. Phase 4 retry lands all
requirements from the original issue #10, with the .sha256 sidecar
404 bug fixed by a hardcoded {arch-version → sha256} table kept in
sync with upstream by a new CI check.

Rotation: 6bb148b (Phase 6.a, IMDSv2) -> 0fdd401 (Phase 4 retry).

Critical dogfood. If start-runner fails, I have the console-output
recipe ready — diagnosis turnaround is minutes, not a day.

Signed-off-by: yuriyryabikov <22548029+kurok@users.noreply.github.com>
---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4fd68fde..840ee9ed 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -140,7 +140,7 @@ jobs:
         # SHA-pinned (was @feat/al2023-support). The same SHA is reused by
         # the stop-runner step so both halves of the runner lifecycle run
         # identical action code.
-        uses: namecheap/ec2-github-runner@6bb148b43cd5b3734d81f8a7dd7ab15b3d7f7a8b # feat/al2023-support @ 2026-04-21 — Phase 6.a: IMDSv2 required
+        uses: namecheap/ec2-github-runner@0fdd4014da74d56d46154f73a1cfe6d6113cbedc # feat/al2023-support @ 2026-04-21 — Phase 4 (retry): non-root runner + --ephemeral + hardcoded checksum table
         with:
           mode: start
           github-token: ${{ secrets.GH_TOKEN }}
@@ -231,7 +231,7 @@ jobs:
       - name: Stop EC2 runner
         # SHA-pinned (was @main). Matches the start-runner step above so
         # stop logic is in lockstep with the code that started the runner.
-        uses: namecheap/ec2-github-runner@6bb148b43cd5b3734d81f8a7dd7ab15b3d7f7a8b # feat/al2023-support @ 2026-04-21 — Phase 6.a: IMDSv2 required
+        uses: namecheap/ec2-github-runner@0fdd4014da74d56d46154f73a1cfe6d6113cbedc # feat/al2023-support @ 2026-04-21 — Phase 4 (retry): non-root runner + --ephemeral + hardcoded checksum table
         with:
           mode: stop
           github-token: ${{ secrets.GH_TOKEN }}