diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index e93c1eaba063..129d67a8ce4a 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
   # shared kong github action for security checking
   generate-sbom-and-upload-assets:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     permissions:
       packages: write
       contents: write # publish sbom to GH releases/tag assets
@@ -49,7 +49,7 @@ jobs:
           - os: windows-latest
             csc_link_secret: DESIGNER_WINDOWS_CSC_LINK
             csc_key_password_secret: DESIGNER_WINDOWS_CSC_KEY_PASSWORD
-          - os: ubuntu-latest
+          - os: ubuntu-20.04
             csc_link_secret: ''
             csc_key_password_secret: ''
     steps:
@@ -141,7 +141,7 @@ jobs:
         shell: bash
         working-directory: ./packages/${{ env.INSO_PACKAGE_NAME }}
         continue-on-error: false
-        env:
+        env:ubuntu-20.04
           MACOS_CERTIFICATE: ${{ secrets.DESIGNER_MAC_CSC_LINK }}
           MACOS_CERTIFICATE_PWD: ${{ secrets.DESIGNER_MAC_CSC_KEY_PASSWORD }}
           PKG_NAME: inso-${{ matrix.os }}-${{ env.INSO_VERSION }}
@@ -150,7 +150,7 @@ jobs:
 
       - name: Notarize Inso CLI installer (macOS only)
         if:  matrix.os == 'macos-13'
-        uses: lando/notarize-action@v2
+        uses: lando/notariubuntu-20.04
         with:
           product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg
           primary-bundle-id: com.insomnia.inso
@@ -188,7 +188,7 @@ jobs:
       # Automatically uploads to workflow assets
       - name: Scan inso docker artifacts
         id: sbom_action
-        if: matrix.os == 'ubuntu-latest'
+        if: mubuntu-20.04ubuntu-latest'
         uses: Kong/public-shared-actions/security-actions/scan-docker-image@62643b74f79f6a697b9add1a2f9c069bf9ca1250 # v2.3.0
         with:
           asset_prefix: image-inso-${{ runner.os }}
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index 7d296dad2c22..7a1c7885c795 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -19,7 +19,7 @@ env:
 jobs:
   publish:
     timeout-minutes: 15
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     outputs:
       NOTARY_REPOSITORY: ${{ env.NOTARY_REPOSITORY }}
       INSO_BINARY_ARTIFACTS_SUBJECTS_AS_FILE: ${{ steps.cli_binary_hashes.outputs.handle }}
@@ -122,8 +122,8 @@ jobs:
       - name: Publish beta/stable of Insomnia to Insomnia API
         if: ${{ !contains(github.event.inputs.version, 'alpha') }}
         run: |
-          curl \
-            --fail \
+          curl \ubuntu-20.04
+            --fail \ubuntu-20.04
             --request POST \
             --url $INSOMNIA_API_URL/v1/releases \
             --header "Authorization: Bearer ${INSOMNIA_API_TOKEN}" \
@@ -166,7 +166,7 @@ jobs:
 
       - name: Docker meta for Inso CLI Docker Image
         id: inso_docker_meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@ubuntu-20.04
         with:
           images: ${{ env.INSO_DOCKER_IMAGE }}
           tags: |
@@ -258,7 +258,7 @@ jobs:
           PULP_PASSWORD: ${{ secrets.PULP_PASSWORD }}
           PULP_HOST: ${{ secrets.PULP_HOST }}
           VERBOSE: ${{ runner.debug == '1' && '1' || '' }}
-          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
+          CLOUDSMITH_API_Kubuntu-20.04ts.CLOUDSMITH_API_KEY }}
           CLOUDSMITH_DRY_RUN: ''
           IGNORE_CLOUDSMITH_FAILURES: ${{ vars.IGNORE_CLOUDSMITH_FAILURES }}
           USE_CLOUDSMITH: ${{ vars.USE_CLOUDSMITH }}
@@ -278,7 +278,7 @@ jobs:
     permissions:
       id-token: write # needed for signing the images
       actions: read # For getting workflow run info to build provenance
-      packages: write # Required for publishing provenance. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
+      packages: write # Requiubuntu-20.04shing provenance. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
       contents: write
     strategy:
       fail-fast: true
diff --git a/.github/workflows/release-recurring.yml b/.github/workflows/release-recurring.yml
index 19bc924c799b..625f6effa966 100644
--- a/.github/workflows/release-recurring.yml
+++ b/.github/workflows/release-recurring.yml
@@ -30,7 +30,7 @@ jobs:
             build-targets: "zip"
           - os: "windows-latest"
             build-targets: "portable"
-          - os: "ubuntu-latest"
+          - os: "ubuntu-20.04"
             build-targets: "tar.gz"
     steps:
       - name: Checkout branch
diff --git a/.github/workflows/release-start.yml b/.github/workflows/release-start.yml
index 9e53dd3bc0f3..d8084001d16b 100644
--- a/.github/workflows/release-start.yml
+++ b/.github/workflows/release-start.yml
@@ -18,7 +18,7 @@ on:
 jobs:
   setup-release-branch:
     timeout-minutes: 5
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index 5a3b93664404..7f82069052a2 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -13,7 +13,7 @@ jobs:
   semgrep:
     timeout-minutes: 5
     name: Semgrep SAST
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     permissions:
       # required for all workflows
       security-events: write
diff --git a/.github/workflows/test-cli.yml b/.github/workflows/test-cli.yml
index 1785d5f5bcd4..5a0b3d89f90b 100644
--- a/.github/workflows/test-cli.yml
+++ b/.github/workflows/test-cli.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   Test:
     timeout-minutes: 10
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
@@ -50,7 +50,7 @@ jobs:
         shell: bash
         run: |
           INSO_VERSION="$(jq .version packages/insomnia-inso/package.json -rj)-run.${{ github.run_number }}"
-          PKG_NAME="inso-ubuntu-latest-$INSO_VERSION"
+          PKG_NAME="inso-ubuntu-20.04-$INSO_VERSION"
           echo "pkg-name=$PKG_NAME" >> $GITHUB_OUTPUT
           echo "inso-version=$INSO_VERSION" >> $GITHUB_OUTPUT
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ee373cb62ea5..8b3b47ea0d37 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   Test:
     timeout-minutes: 20
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml
index 84647294ba87..571a416d4615 100644
--- a/.github/workflows/update-changelog.yml
+++ b/.github/workflows/update-changelog.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   update:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     permissions:
       # Give the default GITHUB_TOKEN write permission to commit and push the