- Add validate-orchestrator-integration.yml with 3 parallel jobs:
plugin-interface (unit tests + smoke tests), k8s-integration
(k3d + localstack), and aws-integration (localstack only)
- Add orchestrator-plugin.test.ts with 15 unit tests covering
loadOrchestrator() and loadEnterpriseServices() for both
installed and not-installed states
- Disk space management follows proven patterns from orchestrator
repo (parallel jobs, aggressive cleanup between tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Delete src/cli.ts, src/cli/ (commands, tests, input-mapper) — moved
to game-ci/orchestrator repo (PR #813 reference)
- Delete .github/workflows/release-cli.yml — moved to orchestrator
- Remove bin, pkg, yargs, @types/yargs, pkg from package.json
- Fix validate-orchestrator.yml:
- Build TypeScript before running require() smoke tests
- Remove || echo fallback that swallowed errors
- Add smoke test that installs orchestrator via npm pack and
verifies loadOrchestrator() returns defined exports
Legacy src/model/cli/ (Cli class, CliFunctionsRepository) preserved —
used by Input.getInput() and build-parameters.ts on main.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the entire src/model/orchestrator/ directory (148 files, ~30k lines)
and refactor all dependent code to use the plugin loader pattern.
Key changes:
- build-parameters.ts: replace OrchestratorOptions with Input.getInput()
- input.ts: remove OrchestratorQueryOverride input source
- github.ts: strip to minimal class (only githubInputEnabled remains)
- cli/cli.ts: remove orchestrator CLI commands, simplify to core structure
- input-readers/*: replace OrchestratorSystem.Run with child_process.exec
- orchestrator-plugin.ts: import from @game-ci/orchestrator package
- orchestrate.ts, build.ts: use plugin loader instead of direct imports
- index.ts: inline SyncStrategy type, fix implicit any types
- Add type declarations for @game-ci/orchestrator
- Remove orchestrator-only npm dependencies (AWS SDK, K8s, etc.)
- Remove orchestrator-specific npm scripts and CI workflows
- Update validate-orchestrator.yml for external repo validation
All enterprise features gracefully degrade when @game-ci/orchestrator
is not installed — the plugin loader returns undefined and optional
chaining in index.ts skips all enterprise service calls.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace 8 direct orchestrator service imports with a thin plugin loader.
- loadOrchestrator(): loads remote build orchestration
- loadEnterpriseServices(): loads enterprise features for local builds
All functionality is preserved; only the import mechanism changes.
This is the first step toward making orchestrator an optional dependency.
Includes comprehensive integration tests for enterprise feature wiring
that verify gating logic, call ordering, and provider strategy routing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cache is an orchestrator feature, so it belongs under `game-ci orchestrate cache`
rather than as a top-level `game-ci cache` command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The test mock was missing gitAuthMode, causing useHeaderAuth to
default to true and strip the token from repo URLs. Adding
gitAuthMode: 'url' restores the expected URL-mode behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add three test files covering the two highest-priority gaps in PR #777:
1. src/index-enterprise-features.test.ts (21 tests) - Integration wiring
tests for index.ts that verify conditional gating of all enterprise
services (GitHooks, LocalCache, ChildWorkspace, SubmoduleProfile,
LfsAgent). Tests that disabled features (default) are never invoked,
enabled features call the correct service methods, and the order of
operations is correct (restore before build, save after build).
Also tests non-local provider strategy skips all enterprise features.
2. src/model/enterprise-inputs.test.ts (103 tests) - Input/BuildParameters
wiring tests for all 20 new enterprise properties. Covers defaults,
explicit values, and boolean string parsing edge cases (the #1 source
of bugs: 'false' as truthy, 'TRUE' case sensitivity, '1', 'yes').
Verifies BuildParameters.create() correctly maps all Input getters.
3. src/model/orchestrator/services/submodule/submodule-profile-service.test.ts
(5 new tests) - Command construction safety tests for execute(),
documenting how paths, branches, and tokens are passed into git
commands and verifying the expected command strings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the else branch that actively called GitHooksService.disableHooks()
for every user where gitHooksEnabled was false (the default). This was a
breaking change that silently modified core.hooksPath to point at an empty
directory, disabling any existing git hooks (husky, lefthook, pre-commit, etc.).
When gitHooksEnabled is false (default), the action now does nothing
regarding hooks — exactly matching the behavior on main before the hooks
feature was added. The hooks feature only activates when users explicitly
set gitHooksEnabled: true.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the npm-only publish-cli.yml with a comprehensive release-cli.yml
that builds standalone binaries via pkg for all platforms (Linux/macOS/Windows,
x64/arm64), uploads them as GitHub Release assets with SHA256 checksums,
and retains npm publish as an optional job.
Add curl-pipe-sh installer (install.sh) and PowerShell installer (install.ps1)
for one-liner installation from GitHub Releases. Both scripts auto-detect
platform/architecture, verify checksums, and guide PATH configuration.
Add `game-ci update` command for self-updating standalone binaries: checks
GitHub releases for newer versions, downloads the correct platform binary,
verifies it, and atomically replaces the running executable.
Distribution strategy: GitHub Releases (primary), npm (optional), with
winget/Homebrew/Chocolatey/Scoop as future providers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add .github/workflows/publish-cli.yml for publishing the CLI to npm on
release or via manual workflow_dispatch with dry-run support.
Add comprehensive test coverage for the CLI:
- input-mapper.test.ts: 16 tests covering argument mapping, boolean
conversion, yargs internal property filtering, and Cli.options population
- commands.test.ts: 26 tests verifying command exports, builder flags,
default values, and camelCase aliases for all six commands
- cli-integration.test.ts: 8 integration tests spawning the CLI process
to verify help output, version info, and error handling
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces a yargs-based CLI entry point (src/cli.ts) distributed as the
`game-ci` command. The CLI reuses existing unity-builder modules — Input,
BuildParameters, Orchestrator, Docker, MacBuilder — so the same build
engine powers both the GitHub Action and the standalone CLI.
Commands: build, activate, orchestrate, cache (list/restore/clear),
status, version.
Closes#812
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- GitHub Actions: max 4-hour polling with clear timeout error including run URL
- GitLab CI: max 4-hour polling with clear timeout error including pipeline URL
- Remote PowerShell: fix credential split to preserve passwords with colons
(split on first colon only instead of all colons)
- Remote PowerShell: throw clear error when credential format is invalid
- Ansible: validate ansible-playbook binary exists in setupWorkflow
(separate from ansible --version check)
- All timeout errors use core.error() for GitHub Actions annotation visibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Validate runner entries when loading from hot-runners.json. Discard
corrupted entries with warnings. Add validateAndRepair() method for
runtime recovery. Validate data before persisting to prevent writing
corrupt state. Handle corrupt persistence files (invalid JSON)
gracefully. Rewrite executeWithTimeout using Promise.race to clean up
transport connections on timeout. Fix pre-existing ESLint violations
in dispatcher and test files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Check available disk space (cross-platform: wmic/df) before archive
operations to prevent data loss on full disks. Skip archival with
warning if insufficient space (10% safety margin). Clean up partial
archives on tar failure. Proceed with warning when space check fails.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cap pagination at 100 pages (10,000 runners max), detect GitHub API
rate limiting (403/429) with reset time reporting, add 30-second total
timeout for pagination loop. Log clear diagnostic when no runners found
suggesting possible causes (token permissions, runner registration).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Check for rclone binary before attempting storage-based uploads.
Validate storage destination URI format (remoteName:path).
Provide clear error message with install link when rclone is missing.
Fail gracefully instead of cryptic ENOENT crash.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Validate secret key names against alphanumeric allowlist before shell interpolation
- Apply validation in both SecretSourceService.fetchSecret() and legacy queryOverride()
- Mask fetched secret values with core.setSecret() to prevent log exposure
- Add 20 new tests for validation and masking
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevent builds from hanging indefinitely when CLI provider subprocess
is unresponsive. Default 2h for runTaskInWorkflow, 1h for watchWorkflow.
Graceful SIGTERM with 10s grace before SIGKILL.
- Added RUN_TASK_TIMEOUT_MS (2 hours) and WATCH_WORKFLOW_TIMEOUT_MS (1 hour)
- Added gracefulKill helper: SIGTERM first, SIGKILL after 10s grace period
- runTaskInWorkflow and watchWorkflow now have timeout protection
- Existing execute() method upgraded to use gracefulKill
- core.error() called with clear human-readable timeout message
- Added comprehensive tests: timeout triggers, SIGKILL escalation,
grace period cancellation on voluntary exit, normal completion
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace execSync with promisified exec so Promise.all actually runs
test groups in parallel. Add native timeout support via exec options.
Add 50MB maxBuffer for large Unity output. Fix ESLint violations
(variable naming, padding lines, array push consolidation).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement two-level workspace isolation pattern for enterprise-scale CI:
- Atomic O(1) workspace restore via filesystem move (no tar/download/extract)
- Separate Library caching for independent restore
- .git preservation for delta operations
- Stale workspace cleanup with configurable retention policies
- 5 new action inputs: childWorkspacesEnabled, childWorkspaceName,
childWorkspaceCacheRoot, childWorkspacePreserveGit,
childWorkspaceSeparateLibrary
- 28 unit tests covering all service methods
This enables enterprise CI where workspaces are 50GB+ and traditional
caching via actions/cache is impractical. On NTFS, workspace restore
is O(1) via atomic rename when source and destination are on the same volume.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add storage-pull strategy: rclone-based sync from remote storage with
overlay and clean modes, URI parsing (storage://remote:bucket/path),
transfer parallelism, and automatic rclone availability checking
- Add SyncStateManager: persistent state load/save with configurable
paths, workspace hash calculation via SHA-256 of key project files,
and drift detection for external modification awareness
- Add action.yml inputs: syncStrategy, syncInputRef, syncStorageRemote,
syncRevertAfter, syncStatePath with sensible defaults
- Wire sync into Input (5 getters), BuildParameters (5 fields), index.ts
(local build path), and RemoteClient (orchestrator path) with post-job
overlay revert when syncRevertAfter is true
- Add 42 unit tests covering all strategies, URI parsing, state
management, hash calculation, drift detection, error handling, and
edge cases (missing rclone, invalid URIs, absent state, empty diffs)
- Add root:true to eslintrc to prevent plugin resolution conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add ArtifactUploadHandler with support for github-artifacts, storage (rclone),
and local copy upload targets, including large file chunking for GitHub Artifacts
- Add 44 unit tests covering OutputTypeRegistry, OutputService, and
ArtifactUploadHandler (config parsing, upload coordination, file collection)
- Add 6 new action.yml inputs for artifact configuration
- Add artifactManifestPath action output
- Wire artifact collection and upload into index.ts post-build flow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds persistent Unity editor instance support to reduce build iteration time
by eliminating cold-start overhead. Includes:
- HotRunnerTypes: interfaces for config, status, job request/result, transport
- HotRunnerRegistry: in-memory runner management with file-based persistence
- HotRunnerHealthMonitor: periodic health checks, idle recycling, job-count recycling
- HotRunnerDispatcher: job routing with wait-for-runner, timeout, and output streaming
- HotRunnerService: high-level API integrating registry, health, and dispatch
- 34 unit tests covering registration, filtering, health, dispatch, timeout, fallback
- action.yml inputs for hot runner configuration (7 new inputs)
- Input/BuildParameters integration for hot runner settings
- index.ts wiring with cold-build fallback when hot runner unavailable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds BuildReliabilityService with the following capabilities:
- checkGitIntegrity(): runs git fsck --no-dangling and parses output for corruption
- cleanStaleLockFiles(): removes stale .lock files older than 10 minutes
- validateSubmoduleBackingStores(): validates .git files point to valid backing stores
- recoverCorruptedRepo(): orchestrates fsck, lock cleanup, re-fetch, retry fsck
- cleanReservedFilenames(): removes Windows reserved filenames (con, prn, aux, nul, com1-9, lpt1-9)
- archiveBuildOutput(): creates tar.gz archive of build output
- enforceRetention(): deletes archives older than retention period
- configureGitEnvironment(): sets GIT_TERMINAL_PROMPT=0, http.postBuffer, core.longpaths
Wired into action.yml as opt-in inputs, with pre-build integrity checks and
post-build archival in the main entry point.
Includes 29 unit tests covering success and failure cases for all methods.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add three optional reliability features for hardening CI pipelines:
- Git corruption detection & recovery (fsck, stale lock cleanup,
submodule backing store validation, auto-recovery)
- Reserved filename cleanup (removes Windows device names that
cause Unity asset importer infinite loops)
- Build output archival with configurable retention policy
All features are opt-in and fail gracefully with warnings only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add four new providers that delegate builds to external CI platforms:
- remote-powershell: Execute on remote machines via WinRM/SSH
- github-actions: Dispatch workflow_dispatch on target repository
- gitlab-ci: Trigger pipeline via GitLab API
- ansible: Run playbooks against managed inventory
Each follows the CI-as-a-provider pattern: trigger remote job,
pass build parameters, stream logs, report status.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
frostebite