diff --git a/.github/workflows/check-deps.yml b/.github/workflows/check-deps.yml
index 4a76e66a3f068..c9feedec3135a 100644
--- a/.github/workflows/check-deps.yml
+++ b/.github/workflows/check-deps.yml
@@ -12,7 +12,7 @@ permissions:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     if: github.repository == 'envoyproxy/envoy'
     steps:
       - name: Checkout repository
diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml
index 3b70679003c37..e8d4538c2d903 100644
--- a/.github/workflows/codeql-daily.yml
+++ b/.github/workflows/codeql-daily.yml
@@ -10,8 +10,8 @@ jobs:
     strategy:
       fail-fast: false
 
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
+    # CodeQL runs on ubuntu-20.04
+    runs-on: ubuntu-20.04
 
     steps:
     - name: Checkout repository
diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml
index 495a36ed9e589..6d396c95d4f2e 100644
--- a/.github/workflows/codeql-push.yml
+++ b/.github/workflows/codeql-push.yml
@@ -16,8 +16,8 @@ jobs:
     strategy:
       fail-fast: false
 
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
+    # CodeQL runs on ubuntu-20.04
+    runs-on: ubuntu-20.04
     if: github.repository == 'envoyproxy/envoy'
 
     steps:
diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml
index 266ce59d0e2b4..f8aac6105298f 100644
--- a/.github/workflows/depsreview.yml
+++ b/.github/workflows/depsreview.yml
@@ -3,7 +3,7 @@ on: [pull_request]
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     if: github.repository == 'envoyproxy/envoy'
     steps:
       - name: 'Checkout Repository'
diff --git a/.github/workflows/pr_notifier.yml b/.github/workflows/pr_notifier.yml
index 71f1bba1345f9..f12ab2b8b9462 100644
--- a/.github/workflows/pr_notifier.yml
+++ b/.github/workflows/pr_notifier.yml
@@ -13,7 +13,7 @@ jobs:
       statuses: read # for pr_notifier.py
       pull-requests: read # for pr_notifier.py
     name: PR Notifier
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     if: github.repository == 'envoyproxy/envoy'
     steps:
     - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index cb06c17ada33d..f398f3ef40a6c 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -9,7 +9,7 @@ jobs:
       issues: write  # for actions/stale to close stale issues
       pull-requests: write  # for actions/stale to close stale PRs
     name: Prune Stale
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     if: github.repository == 'envoyproxy/envoy'
 
     steps: