diff --git a/.github/workflows/assign-labels.yaml b/.github/workflows/assign-labels.yaml
index 1cdbfbb..9a69296 100644
--- a/.github/workflows/assign-labels.yaml
+++ b/.github/workflows/assign-labels.yaml
@@ -24,7 +24,7 @@ permissions:
 
 jobs:
   assign-labels:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       pull-requests: write
 
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 3cc2b45..a33c3e2 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -21,7 +21,7 @@ permissions:
 jobs:
   analyze:
     name: 'Analyze'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       actions: read
       contents: read
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
index 092eba2..54f0c86 100644
--- a/.github/workflows/dependency-review.yaml
+++ b/.github/workflows/dependency-review.yaml
@@ -16,7 +16,7 @@ permissions:
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: 'Harden runner'
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
diff --git a/.github/workflows/ossf-scorecard.yaml b/.github/workflows/ossf-scorecard.yaml
index 0a3cf2b..c8af71b 100644
--- a/.github/workflows/ossf-scorecard.yaml
+++ b/.github/workflows/ossf-scorecard.yaml
@@ -20,7 +20,7 @@ permissions: read-all
 jobs:
   analysis:
     name: 'Scorecard analysis'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
diff --git a/.github/workflows/python-app.yaml b/.github/workflows/python-app.yaml
index 68bf3e5..b3bc9aa 100644
--- a/.github/workflows/python-app.yaml
+++ b/.github/workflows/python-app.yaml
@@ -98,7 +98,7 @@ permissions:
 
 jobs:
   tests:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     outputs:
       VERSION_TAG: ${{ steps.computed.outputs.VERSION_TAG }}
@@ -197,7 +197,7 @@ jobs:
         run: 'poetry run tox -e py'
 
   build:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     # No build for push events, which use artifacts from pull_request
     if: github.event_name == 'pull_request'
@@ -274,7 +274,7 @@ jobs:
           retention-days: 90 # stale + close + 13 <= artifact retention (90 max)
 
   draft-release:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     # No draft for push; that uses artifact and draft release from pull_request.
     if: >
@@ -325,7 +325,7 @@ jobs:
           updateOnlyUnreleased: true
 
   test-publish:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     if: >
       github.event_name == 'pull_request' &&
@@ -364,7 +364,7 @@ jobs:
         uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
 
   publish:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     if: github.event_name == 'push' && github.repository == 'dupuy/reliabot'
     env:
@@ -418,7 +418,7 @@ jobs:
         uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
 
   pre-release:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     if: github.event_name == 'push' && github.repository == 'dupuy/reliabot'
     env:
@@ -455,7 +455,7 @@ jobs:
           updateOnlyUnreleased: true
 
   release:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     if: github.event_name == 'push' && github.repository == 'dupuy/reliabot'
     env:
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 34b7e0b..1c1b7d6 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   stale:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       issues: write
       pull-requests: write