GitHub- vs Self-Hosted detection is inaccurate.

[MarkLodato]

The detection of GitHub-hosted runner vs Self-hosted runner is inaccurate. What we want to know is "did all jobs use GitHub-hosted runners?" Instead, the current code says "does the current job (creating the provenance) use a GitHub-hosted runner." Is it possible to actually check what we need?

An ugly idea is to parse the yaml to check all the runs-on fields, but that both (a) requires fetching and parsing the yaml, which is terrible, and (b) properly identifying which are github-hosted and which are self-hosted.

Any better ideas?

[MarkLodato]

Another idea: Download all workflow run logs. The first line indicates whether it's github- or self-hosted. That would require the provenance generator to have access to the logs, which is not ideal, and when doing it mid-run, I'm not sure if there are race conditions where that wouldn't work well.