Just a note on CI solutions:

For https://gitea.kosmos.org we use Gitea Actions, which is compatible with GitHub Actions, like you describe.

https://docs.gitea.com/next/usage/actions/overview

It works nicely, and the configuration allows to configure both hosted and external runners per repo, user, or org. (Meaning you don't have to allow just any user to run arbitrary payloads on your infra, but you can allow only trusted or paying users to do it.)

Being compatible with GitHub Actions brings baggage, but also convenience and less migration work, of course.