chore: bump production dependencies (minor/patch)

- @actions/cache ^4.0.0 → ^4.1.0
- @actions/github ^6.0.0 → ^6.0.1
- commander ^9.0.0 → ^9.5.0
- nanoid ^3.3.1 → ^3.3.12
- reflect-metadata ^0.1.13 → ^0.2.2
- semver ^7.5.2 → ^7.7.4
- yaml ^2.2.2 → ^2.8.4

All minor/patch bumps. Major bumps (@actions/core 3.x, nanoid 5.x ESM)
deferred to a separate PR.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.eslintignore

@@ -1,4 +0,0 @@
-dist/
-lib/
-node_modules/
-jest.config.js

.eslintrc.json

@@ -1,90 +0,0 @@
-{
-  "plugins": ["jest", "@typescript-eslint", "prettier", "unicorn"],
-  "extends": ["plugin:unicorn/recommended", "plugin:github/recommended", "plugin:prettier/recommended"],
-  "parser": "@typescript-eslint/parser",
-  "parserOptions": {
-    "ecmaVersion": 2020,
-    "sourceType": "module",
-    "extraFileExtensions": [".mjs"],
-    "ecmaFeatures": {
-      "impliedStrict": true
-    },
-    "project": "./tsconfig.json"
-  },
-  "env": {
-    "node": true,
-    "es6": true,
-    "jest/globals": true,
-    "es2020": true
-  },
-  "rules": {
-    // Error out for code formatting errors
-    "prettier/prettier": "error",
-    // Namespaces or sometimes needed
-    "import/no-namespace": "off",
-    // Properly format comments
-    "spaced-comment": ["error", "always"],
-    "lines-around-comment": [
-      "error",
-      {
-        "beforeBlockComment": true,
-        "beforeLineComment": true,
-        "allowBlockStart": true,
-        "allowObjectStart": true,
-        "allowArrayStart": true,
-        "allowClassStart": true,
-        "ignorePattern": "pragma|ts-ignore"
-      }
-    ],
-    // Mandatory spacing
-    "padding-line-between-statements": [
-      "error",
-      {
-        "blankLine": "always",
-        "prev": "*",
-        "next": "return"
-      },
-      {
-        "blankLine": "always",
-        "prev": "directive",
-        "next": "*"
-      },
-      {
-        "blankLine": "any",
-        "prev": "directive",
-        "next": "directive"
-      }
-    ],
-    // Enforce camelCase
-    "camelcase": "error",
-    // Allow forOfStatements
-    "no-restricted-syntax": ["error", "ForInStatement", "LabeledStatement", "WithStatement"],
-    // Continue is viable in forOf loops in generators
-    "no-continue": "off",
-    // From experience, named exports are almost always desired. I got tired of this rule
-    "import/prefer-default-export": "off",
-    // Unused vars are useful to keep method signatures consistent and documented
-    "@typescript-eslint/no-unused-vars": "off",
-    // For this project only use kebab-case
-    "unicorn/filename-case": [
-      "error",
-      {
-        "cases": {
-          "kebabCase": true
-        }
-      }
-    ],
-    // Allow Array.from(set) mitigate TS2569 which would require '--downlevelIteration'
-    "unicorn/prefer-spread": "off",
-    // Temp disable to prevent mixing changes with other PRs
-    "i18n-text/no-en": "off"
-  },
-  "overrides": [
-    {
-      "files": ["jest.setup.js"],
-      "rules": {
-        "import/no-commonjs": "off"
-      }
-    }
-  ]
-}

.github/ISSUE_TEMPLATE/bug_report.md

@@ -14,9 +14,7 @@ assignees: ''
 
 <!--Steps to reproduce the behavior:-->
 
--
-
-**Expected behavior**
+- **Expected behavior**
 
 <!--A clear and concise description of what you expected to happen.-->
 

.github/workflows/build-tests-mac.yml

@@ -12,16 +12,15 @@ jobs:
   buildForAllPlatformsMacOS:
     name: ${{ matrix.targetPlatform }} on ${{ matrix.unityVersion }}
     runs-on: macos-latest
-    continue-on-error: true
     strategy:
       fail-fast: false
       matrix:
         projectPath:
           - test-project
         unityVersion:
-          - 2021.3.45f1
-          - 2022.3.13f1
-          - 2023.2.2f1
+          - 2021.3.45f2
+          - 2022.3.62f3
+          - 2023.2.22f1
         targetPlatform:
           - StandaloneOSX # Build a MacOS executable
           - iOS # Build an iOS executable

.github/workflows/build-tests-ubuntu.yml

@@ -9,8 +9,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  UNITY_LICENSE:
-    "<?xml version=\"1.0\" encoding=\"UTF-8\"?><root>\n    <License
+  UNITY_LICENSE: "<?xml version=\"1.0\" encoding=\"UTF-8\"?><root>\n    <License
     id=\"Terms\">\n        <MachineBindings>\n            <Binding Key=\"1\"
     Value=\"576562626572264761624c65526f7578\"/>\n            <Binding Key=\"2\"
     Value=\"576562626572264761624c65526f7578\"/>\n        </MachineBindings>\n        <MachineID
@@ -36,8 +35,7 @@ env:
 
 jobs:
   buildForAllPlatformsUbuntu:
-    name:
-      "${{ matrix.targetPlatform }} on ${{ matrix.unityVersion}}${{startsWith(matrix.buildProfile, 'Assets') && ' (via Build Profile)' || '' }}"
+    name: "${{ matrix.targetPlatform }} on ${{ matrix.unityVersion}}${{startsWith(matrix.buildProfile, 'Assets') && ' (via Build Profile)' || '' }}"
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -48,9 +46,9 @@ jobs:
         projectPath:
           - test-project
         unityVersion:
-          - 2021.3.32f1
-          - 2022.3.13f1
-          - 2023.2.2f1
+          - 2021.3.45f2
+          - 2022.3.62f3
+          - 2023.2.22f1
         targetPlatform:
           - StandaloneOSX # Build a macOS standalone (Intel 64-bit) with mono backend.
           - StandaloneWindows64 # Build a Windows 64-bit standalone with mono backend.
@@ -200,7 +198,6 @@ jobs:
       ###########################
       - uses: actions/upload-artifact@v4
         with:
-          name:
-            "Build ${{ matrix.targetPlatform }}${{ startsWith(matrix.buildProfile, 'Assets') && ' (via Build Profile)' || '' }} on Ubuntu (${{ matrix.unityVersion }}_il2cpp_${{ matrix.buildWithIl2cpp }}_params_${{ matrix.additionalParameters }})"
+          name: "Build ${{ matrix.targetPlatform }}${{ startsWith(matrix.buildProfile, 'Assets') && ' (via Build Profile)' || '' }} on Ubuntu (${{ matrix.unityVersion }}_il2cpp_${{ matrix.buildWithIl2cpp }}_params_${{ matrix.additionalParameters }})"
           path: build
           retention-days: 14

.github/workflows/build-tests-windows.yml

@@ -18,9 +18,9 @@ jobs:
         projectPath:
           - test-project
         unityVersion:
-          - 2021.3.32f1
-          - 2022.3.13f1
-          - 2023.2.2f1
+          - 2021.3.45f2
+          - 2022.3.62f3
+          - 2023.2.22f1
         targetPlatform:
           - Android # Build an Android apk.
           - StandaloneWindows64 # Build a Windows 64-bit standalone.
@@ -39,7 +39,7 @@ jobs:
           - unityVersion: 6000.0.36f1
             targetPlatform: StandaloneWindows64
             buildProfile: 'Assets/Settings/Build Profiles/Sample Windows Build Profile.asset'
-  
+
     steps:
       ###########################
       #         Checkout        #
@@ -66,6 +66,34 @@ jobs:
         run: |
           Move-Item -Path "./test-project/ProjectSettings/ProjectSettingsIl2cpp.asset" -Destination "./test-project/ProjectSettings/ProjectSettings.asset" -Force
 
+      ###########################
+      #    Docker Readiness     #
+      ###########################
+      - name: Ensure Docker daemon is ready
+        timeout-minutes: 2
+        shell: powershell
+        run: |
+          $maxRetries = 10
+          $retryDelay = 6
+          for ($i = 0; $i -lt $maxRetries; $i++) {
+            $svc = Get-Service docker -ErrorAction SilentlyContinue
+            if ($svc -and $svc.Status -eq 'Running') {
+              docker version 2>$null
+              if ($LASTEXITCODE -eq 0) {
+                Write-Host "Docker is ready."
+                exit 0
+              }
+            }
+            if ($svc -and $svc.Status -eq 'Stopped') {
+              Write-Host "Docker service stopped, attempting to start..."
+              Start-Service docker -ErrorAction SilentlyContinue
+            }
+            Write-Host "Waiting for Docker daemon (attempt $($i+1)/$maxRetries)..."
+            Start-Sleep -Seconds $retryDelay
+          }
+          Write-Error "Docker daemon did not start within $($maxRetries * $retryDelay) seconds"
+          exit 1
+
       ###########################
       #          Build          #
       ###########################
@@ -146,6 +174,8 @@ jobs:
       ###########################
       - uses: actions/upload-artifact@v4
         with:
-          name: Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
+          name:
+            Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With
+            GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
           path: build
           retention-days: 14

.github/workflows/integrity-check.yml

@@ -2,7 +2,8 @@ name: Integrity
 
 on:
   push: { branches: [main] }
-  pull_request: {}
+  pull_request:
+    types: [opened, synchronize, reopened, labeled]
 
 permissions:
   contents: read
@@ -22,17 +23,40 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      - name: Install package manager (from package.json)
+        run: |
+          corepack enable
+          corepack install
       - uses: actions/setup-node@v4
         with:
           node-version: '18'
-      - run: yarn
+      - name: Resolve yarn cache folder
+        id: yarn-config
+        run: echo "cacheFolder=$(yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
+      - name: Restore yarn install cache (node_modules + cacheFolder + install-state)
+        uses: actions/cache@v4
+        with:
+          path: |
+            ${{ steps.yarn-config.outputs.cacheFolder }}
+            .yarn/install-state.gz
+          key: yarn-v2-${{ runner.os }}-node-18-${{ hashFiles('yarn.lock') }}
+          restore-keys: |
+            yarn-v2-${{ runner.os }}-node-18-
+      - name: Install deps
+        env:
+          YARN_ENABLE_HARDENED_MODE: 'false'
+        run: |
+          case "$(yarn --version)" in 1.*) echo 'expected up-to-date yarn version'; exit 1 ;; esac
+          yarn install --immutable
       - run: yarn lint
       - run: yarn test:ci --coverage
       - run: bash <(curl -s https://codecov.io/bash)
       - run: yarn build || { echo "build command should always succeed" ; exit 61; }
   #      - run: yarn build --quiet && git diff --quiet dist || { echo "dist should be auto generated" ; git diff dist ; exit 62; }
 
-  orchestrator:
-    name: Orchestrator Integrity
-    uses: ./.github/workflows/orchestrator-integrity.yml
+  orchestrator-integration:
+    name: Orchestrator Integration
+    if: >-
+      github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'run-integration')
+    uses: ./.github/workflows/validate-orchestrator-integration.yml
     secrets: inherit

.github/workflows/orchestrator-async-checks.yml

@@ -1,61 +0,0 @@
-name: Async Checks API
-
-on:
-  workflow_dispatch:
-    inputs:
-      checksObject:
-        description: ''
-        required: false
-        default: ''
-
-permissions:
-  checks: write
-
-env:
-  GKE_ZONE: 'us-central1'
-  GKE_REGION: 'us-central1'
-  GKE_PROJECT: 'unitykubernetesbuilder'
-  GKE_CLUSTER: 'game-ci-github-pipelines'
-  GCP_LOGGING: true
-  GCP_PROJECT: unitykubernetesbuilder
-  GCP_LOG_FILE: ${{ github.workspace }}/orchestrator-logs.txt
-  # Commented out: Using LocalStack tests instead of real AWS
-  # AWS_REGION: eu-west-2
-  # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  # AWS_DEFAULT_REGION: eu-west-2
-  # AWS_STACK_NAME: game-ci-github-pipelines
-  ORCHESTRATOR_BRANCH: ${{ github.ref }}
-  ORCHESTRATOR_DEBUG: true
-  ORCHESTRATOR_DEBUG_TREE: true
-  DEBUG: true
-  UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}
-  PROJECT_PATH: test-project
-  UNITY_VERSION: 2019.3.15f1
-  USE_IL2CPP: false
-
-jobs:
-  asyncChecks:
-    name: Async Checks
-    if: github.event.event_type != 'pull_request_target'
-    runs-on: ubuntu-latest
-    steps:
-      - timeout-minutes: 180
-        env:
-          UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}
-          PROJECT_PATH: test-project
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_PRIVATE_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TARGET_PLATFORM: StandaloneWindows64
-          orchestratorTests: true
-          versioning: None
-          ORCHESTRATOR_CLUSTER: local-docker
-          # Commented out: Using LocalStack tests instead of real AWS
-          # AWS_STACK_NAME: game-ci-github-pipelines
-          CHECKS_UPDATE: ${{ github.event.inputs.checksObject }}
-        run: |
-          git clone -b main https://github.com/game-ci/unity-builder
-          cd unity-builder
-          yarn
-          ls
-          yarn run cli -m checks-update

.github/workflows/sync-secrets.yml

@@ -0,0 +1,91 @@
+name: Sync Secrets to Repositories
+
+on:
+  workflow_dispatch:
+    inputs:
+      target_repo:
+        description: 'Target repository (org/repo format)'
+        required: true
+        default: 'game-ci/orchestrator'
+        type: choice
+        options:
+          - game-ci/orchestrator
+          - game-ci/cli
+      dry_run:
+        description: 'Dry run (list secrets to sync without writing)'
+        required: false
+        default: false
+        type: boolean
+
+permissions:
+  contents: read
+
+jobs:
+  sync-secrets:
+    name: Sync secrets to ${{ inputs.target_repo }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Sync secrets
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          TARGET_REPO: ${{ inputs.target_repo }}
+          DRY_RUN: ${{ inputs.dry_run }}
+          # Secrets to sync — values come from repo + org secrets available here
+          SECRET_UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          SECRET_UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          SECRET_UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+          SECRET_GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          SECRET_GOOGLE_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+          SECRET_GOOGLE_SERVICE_ACCOUNT_KEY: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
+          SECRET_CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+          SECRET_UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}
+          SECRET_NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          SECRETS=(
+            "UNITY_EMAIL:SECRET_UNITY_EMAIL"
+            "UNITY_PASSWORD:SECRET_UNITY_PASSWORD"
+            "UNITY_SERIAL:SECRET_UNITY_SERIAL"
+            "UNITY_LICENSE:SECRET_UNITY_LICENSE"
+            "GIT_PRIVATE_TOKEN:SECRET_GIT_PRIVATE_TOKEN"
+            "GOOGLE_SERVICE_ACCOUNT_EMAIL:SECRET_GOOGLE_SERVICE_ACCOUNT_EMAIL"
+            "GOOGLE_SERVICE_ACCOUNT_KEY:SECRET_GOOGLE_SERVICE_ACCOUNT_KEY"
+            "CODECOV_TOKEN:SECRET_CODECOV_TOKEN"
+            "NPM_TOKEN:SECRET_NPM_TOKEN"
+          )
+
+          synced=0
+          skipped=0
+
+          for entry in "${SECRETS[@]}"; do
+            name="${entry%%:*}"
+            env_var="${entry##*:}"
+            value="${!env_var}"
+
+            if [ -z "$value" ]; then
+              echo "⏭ SKIP: $name (not available in this repo's context)"
+              skipped=$((skipped + 1))
+              continue
+            fi
+
+            if [ "$DRY_RUN" = "true" ]; then
+              echo "🔍 DRY RUN: would sync $name → $TARGET_REPO"
+            else
+              if echo "$value" | gh secret set "$name" -R "$TARGET_REPO" --body - 2>/dev/null; then
+                echo "✅ SYNCED: $name → $TARGET_REPO"
+              else
+                echo "⚠️ FAILED: $name → $TARGET_REPO (continuing)"
+                skipped=$((skipped + 1))
+                synced=$((synced - 1))
+              fi
+            fi
+            synced=$((synced + 1))
+          done
+
+          echo ""
+          echo "=== Summary ==="
+          echo "Synced: $synced"
+          echo "Skipped (not available): $skipped"
+          echo "Target: $TARGET_REPO"
+          if [ "$DRY_RUN" = "true" ]; then
+            echo "Mode: DRY RUN (no secrets were written)"
+          fi

.github/workflows/validate-community-plugins.yml

@@ -0,0 +1,205 @@
+name: Validate Community Plugins
+
+on:
+  schedule:
+    # Run weekly on Sunday at 02:00 UTC
+    - cron: '0 2 * * 0'
+  workflow_dispatch:
+    inputs:
+      plugin_filter:
+        description: 'Filter plugins by name (regex pattern, empty = all)'
+        required: false
+        default: ''
+      unity_version:
+        description: 'Override Unity version (empty = use plugin default)'
+        required: false
+        default: ''
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  load-plugins:
+    name: Load Plugin Registry
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+      plugin_count: ${{ steps.parse.outputs.count }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Parse plugin registry
+        id: parse
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const yaml = require('js-yaml');
+
+            const registry = yaml.load(fs.readFileSync('community-plugins.yml', 'utf8'));
+            let plugins = registry.plugins || [];
+
+            // Apply name filter if provided
+            const filter = '${{ github.event.inputs.plugin_filter }}';
+            if (filter) {
+              const regex = new RegExp(filter, 'i');
+              plugins = plugins.filter(p => regex.test(p.name));
+            }
+
+            // Expand platform matrix
+            const matrix = [];
+            for (const plugin of plugins) {
+              const platforms = plugin.platforms || ['StandaloneLinux64'];
+              for (const platform of platforms) {
+                matrix.push({
+                  name: plugin.name,
+                  package: plugin.package,
+                  source: plugin.source || 'git',
+                  unity: '${{ github.event.inputs.unity_version }}' || plugin.unity || '2021.3',
+                  platform: platform,
+                  timeout: plugin.timeout || 30
+                });
+              }
+            }
+
+            core.setOutput('matrix', JSON.stringify({ include: matrix }));
+            core.setOutput('count', matrix.length);
+            console.log(`Found ${matrix.length} plugin-platform combinations to validate`);
+
+  validate:
+    name: '${{ matrix.name }} (${{ matrix.platform }})'
+    needs: load-plugins
+    if: needs.load-plugins.outputs.plugin_count > 0
+    runs-on: ubuntu-latest
+    timeout-minutes: ${{ fromJson(matrix.timeout) }}
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.load-plugins.outputs.matrix) }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Create test project
+        run: |
+          mkdir -p test-project/Assets
+          mkdir -p test-project/Packages
+          mkdir -p test-project/ProjectSettings
+
+          # Create minimal manifest.json
+          if [ "${{ matrix.source }}" = "git" ]; then
+            cat > test-project/Packages/manifest.json << 'MANIFEST'
+          {
+            "dependencies": {
+              "com.unity.modules.imgui": "1.0.0",
+              "com.unity.modules.jsonserialize": "1.0.0"
+            }
+          }
+          MANIFEST
+
+            # Add git package via manifest
+            cd test-project
+            python3 -c "
+          import sys, json
+          manifest = json.load(sys.stdin)
+          manifest['dependencies']['${{ matrix.name }}'] = '${{ matrix.package }}'
+          json.dump(manifest, sys.stdout, indent=2)
+          " < Packages/manifest.json > Packages/manifest.tmp && mv Packages/manifest.tmp Packages/manifest.json
+            cd ..
+          fi
+
+          # Create minimal ProjectSettings
+          cat > test-project/ProjectSettings/ProjectVersion.txt << EOF
+          m_EditorVersion: ${{ matrix.unity }}
+          EOF
+
+      - name: Build with unity-builder
+        uses: ./
+        id: build
+        with:
+          projectPath: test-project
+          targetPlatform: ${{ matrix.platform }}
+          unityVersion: ${{ matrix.unity }}
+        continue-on-error: true
+
+      - name: Record result
+        if: always()
+        run: |
+          STATUS="${{ steps.build.outcome }}"
+          {
+            echo "## ${{ matrix.name }} — ${{ matrix.platform }}"
+            echo ""
+            if [ "$STATUS" = "success" ]; then
+              echo "✅ **PASSED** — Compiled and built successfully"
+            else
+              echo "❌ **FAILED** — Build or compilation failed"
+            fi
+            echo ""
+            echo "- Unity: ${{ matrix.unity }}"
+            echo "- Platform: ${{ matrix.platform }}"
+            echo "- Source: ${{ matrix.source }}"
+            echo "- Package: \`${{ matrix.package }}\`"
+          } >> "$GITHUB_STEP_SUMMARY"
+
+  report:
+    name: Validation Report
+    needs: [load-plugins, validate]
+    if: always()
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate summary
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data: run } = await github.rest.actions.listJobsForWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: context.runId
+            });
+
+            const validateJobs = run.jobs.filter(j => j.name.startsWith('validate'));
+            const passed = validateJobs.filter(j => j.conclusion === 'success').length;
+            const failed = validateJobs.filter(j => j.conclusion === 'failure').length;
+            const total = validateJobs.length;
+
+            let summary = `# Community Plugin Validation Report\n\n`;
+            summary += `**${passed}/${total} passed** | ${failed} failed\n\n`;
+            summary += `| Plugin | Platform | Status |\n|--------|----------|--------|\n`;
+
+            for (const job of validateJobs) {
+              const icon = job.conclusion === 'success' ? '✅' : '❌';
+              summary += `| ${job.name} | | ${icon} ${job.conclusion} |\n`;
+            }
+
+            await core.summary.addRaw(summary).write();
+
+            // Create or update issue if there are failures
+            if (failed > 0) {
+              const title = `Community Plugin Validation: ${failed} failure(s) — ${new Date().toISOString().split('T')[0]}`;
+              const body = summary + `\n\n[Workflow Run](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})`;
+
+              const { data: issues } = await github.rest.issues.listForRepo({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                state: 'open',
+                labels: 'community-plugin-validation'
+              });
+
+              if (issues.length > 0) {
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: issues[0].number,
+                  body: body
+                });
+              } else {
+                await github.rest.issues.create({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  title: title,
+                  body: body,
+                  labels: ['community-plugin-validation']
+                });
+              }
+            }

.github/workflows/validate-orchestrator.yml

@@ -0,0 +1,255 @@
+name: Validate Orchestrator Compatibility
+
+# ==============================================================================
+# Essential plugin health checks — runs on every PR and push.
+# Fast (~5 min): compilation, unit tests, plugin interface, type declarations.
+#
+# For exhaustive integration tests (k8s, AWS, local-docker, rclone) see
+# validate-orchestrator-integration.yml which runs on a daily cron.
+# ==============================================================================
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main, 'release/**', 'feature/**', 'refactor/**']
+    paths:
+      - 'src/model/orchestrator-plugin.ts'
+      - 'src/model/build-parameters.ts'
+      - 'src/model/input.ts'
+      - 'src/model/github.ts'
+      - 'src/model/cli/cli.ts'
+      - 'src/model/input-readers/**'
+      - 'src/index.ts'
+      - 'src/types/game-ci-orchestrator.d.ts'
+      - 'action.yml'
+      - 'package.json'
+      - 'yarn.lock'
+      - '.github/workflows/validate-orchestrator.yml'
+  pull_request:
+    branches: [main, 'release/**']
+    paths:
+      - 'src/model/orchestrator-plugin.ts'
+      - 'src/model/build-parameters.ts'
+      - 'src/model/input.ts'
+      - 'src/model/github.ts'
+      - 'src/model/cli/cli.ts'
+      - 'src/model/input-readers/**'
+      - 'src/index.ts'
+      - 'src/types/game-ci-orchestrator.d.ts'
+      - 'action.yml'
+      - 'package.json'
+      - 'yarn.lock'
+      - '.github/workflows/validate-orchestrator.yml'
+
+permissions:
+  contents: read
+  packages: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # ============================================================================
+  # PLUGIN ARCHITECTURE HEALTH CHECK
+  # ============================================================================
+  # Validates that:
+  #   1. unity-builder compiles and its unit tests pass
+  #   2. Plugin loader degrades gracefully without orchestrator
+  #   3. Orchestrator compiles and its unit tests pass
+  #   4. Plugin loader loads all services when orchestrator is installed
+  #   5. Type declarations match actual exports
+  # ============================================================================
+  plugin-health:
+    name: Plugin Architecture Health
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout unity-builder
+        uses: actions/checkout@v4
+
+      - name: Checkout orchestrator
+        uses: actions/checkout@v4
+        with:
+          repository: game-ci/orchestrator
+          ref: ${{ github.head_ref || github.ref_name }}
+          path: orchestrator-standalone
+        continue-on-error: true
+        id: orchestrator-branch
+
+      - name: Fallback to orchestrator main branch
+        if: steps.orchestrator-branch.outcome == 'failure'
+        uses: actions/checkout@v4
+        with:
+          repository: game-ci/orchestrator
+          path: orchestrator-standalone
+
+      - name: Install package manager (from package.json)
+        run: |
+          corepack enable
+          corepack install
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Resolve yarn cache folder
+        id: yarn-config
+        run: echo "cacheFolder=$(yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
+      - name: Restore yarn install cache (node_modules + cacheFolder + install-state)
+        uses: actions/cache@v4
+        with:
+          path: |
+            ${{ steps.yarn-config.outputs.cacheFolder }}
+            .yarn/install-state.gz
+          key: yarn-v2-${{ runner.os }}-node-20-${{ hashFiles('yarn.lock') }}
+          restore-keys: |
+            yarn-v2-${{ runner.os }}-node-20-
+
+      # --- unity-builder compilation and tests ---
+      - name: Install unity-builder dependencies
+        env:
+          YARN_ENABLE_HARDENED_MODE: 'false'
+        run: |
+          case "$(yarn --version)" in 1.*) echo 'expected up-to-date yarn version'; exit 1 ;; esac
+          yarn install --immutable
+
+      - name: Build unity-builder
+        run: |
+          echo "Building unity-builder TypeScript..."
+          npx tsc
+          echo "✓ unity-builder compiles successfully"
+
+      - name: Run orchestrator-plugin unit tests
+        run: |
+          echo "Running orchestrator-plugin unit tests..."
+          yarn vitest run orchestrator-plugin
+
+      # --- Plugin loader without orchestrator ---
+      - name: Verify plugin loader returns undefined without orchestrator
+        run: |
+          echo "Checking plugin loader handles missing @game-ci/orchestrator..."
+          node -e "
+            const { loadOrchestratorPlugin } = require('./lib/model/orchestrator-plugin');
+            (async () => {
+              const plugin = await loadOrchestratorPlugin();
+              if (plugin !== undefined) {
+                console.error('ERROR: loadOrchestratorPlugin should return undefined when package not installed');
+                process.exit(1);
+              }
+              console.log('✓ loadOrchestratorPlugin() returns undefined when package not installed');
+            })();
+          "
+
+      - name: Verify orchestrator type declarations exist
+        run: |
+          if [ -f "src/types/game-ci-orchestrator.d.ts" ]; then
+            echo "✓ Type declarations for @game-ci/orchestrator exist"
+          else
+            echo "::error::Missing type declarations: src/types/game-ci-orchestrator.d.ts"
+            exit 1
+          fi
+
+      # --- Orchestrator compilation and tests ---
+      - name: Build and pack orchestrator
+        working-directory: orchestrator-standalone
+        run: |
+          yarn install --immutable
+          echo "Building orchestrator..."
+          npx tsc
+          echo "✓ orchestrator compiles successfully"
+          echo "Packing orchestrator as tarball..."
+          npm pack
+
+      - name: Run orchestrator unit tests
+        working-directory: orchestrator-standalone
+        run: |
+          echo "Running orchestrator unit tests..."
+          yarn vitest run 2>&1 | tail -30
+
+      # --- Plugin loader with orchestrator installed ---
+      - name: Install orchestrator into unity-builder
+        run: |
+          echo "Installing orchestrator into unity-builder workspace..."
+          npm install ./orchestrator-standalone/game-ci-orchestrator-*.tgz --no-save --legacy-peer-deps
+
+      - name: Verify plugin loader returns exports with orchestrator installed
+        run: |
+          echo "Checking plugin loader returns defined exports..."
+          node -e "
+            const { loadOrchestratorPlugin } = require('./lib/model/orchestrator-plugin');
+            (async () => {
+              const plugin = await loadOrchestratorPlugin();
+              if (plugin === undefined) {
+                console.error('ERROR: loadOrchestratorPlugin should return defined plugin when package is installed');
+                process.exit(1);
+              }
+              const lifecycleMethods = [
+                'initialize', 'canHandleBuild', 'handleBuild',
+                'beforeLocalBuild', 'afterLocalBuild', 'handlePostBuild',
+              ];
+              for (const method of lifecycleMethods) {
+                if (typeof plugin[method] !== 'function') {
+                  console.error('ERROR: plugin.' + method + ' should be a function, got ' + typeof plugin[method]);
+                  process.exit(1);
+                }
+              }
+              console.log('✓ loadOrchestratorPlugin() returns plugin with all ' + lifecycleMethods.length + ' lifecycle methods');
+            })();
+          "
+
+      - name: Verify type declarations match orchestrator exports
+        run: |
+          echo "Checking type declarations align with orchestrator exports..."
+          node -e "
+            const orch = require('@game-ci/orchestrator');
+            const expectedExports = [
+              'Orchestrator', 'BuildReliabilityService', 'TestWorkflowService',
+              'HotRunnerService', 'OutputService', 'OutputTypeRegistry',
+              'ArtifactUploadHandler', 'IncrementalSyncService',
+              'ChildWorkspaceService', 'LocalCacheService', 'SubmoduleProfileService',
+              'LfsAgentService', 'GitHooksService',
+            ];
+            const missing = expectedExports.filter(e => orch[e] === undefined);
+            if (missing.length > 0) {
+              console.error('ERROR: Missing exports from @game-ci/orchestrator:', missing.join(', '));
+              process.exit(1);
+            }
+            console.log('✓ All ' + expectedExports.length + ' declared exports present in orchestrator package');
+          "
+
+      - name: Smoke test orchestrator build wiring
+        run: |
+          echo "Verifying orchestrator build wiring end-to-end..."
+          node -e "
+            const { loadOrchestratorPlugin } = require('./lib/model/orchestrator-plugin');
+
+            (async () => {
+              // Verify plugin loads successfully with orchestrator installed
+              const plugin = await loadOrchestratorPlugin();
+              if (plugin === undefined) {
+                console.error('ERROR: plugin should be defined when orchestrator is installed');
+                process.exit(1);
+              }
+
+              // Verify all lifecycle methods are callable
+              const lifecycleMethods = [
+                'initialize', 'canHandleBuild', 'handleBuild',
+                'beforeLocalBuild', 'afterLocalBuild', 'handlePostBuild',
+              ];
+              for (const m of lifecycleMethods) {
+                if (typeof plugin[m] !== 'function') {
+                  console.error('ERROR: plugin.' + m + ' should be a function, got ' + typeof plugin[m]);
+                  process.exit(1);
+                }
+              }
+              console.log('✓ Plugin has all ' + lifecycleMethods.length + ' lifecycle methods');
+
+              // Verify canHandleBuild returns a boolean
+              const canHandle = plugin.canHandleBuild();
+              if (typeof canHandle !== 'boolean') {
+                console.error('ERROR: canHandleBuild() should return a boolean, got ' + typeof canHandle);
+                process.exit(1);
+              }
+              console.log('✓ canHandleBuild() returns boolean');
+
+              console.log('✓ Plugin architecture wiring verified');
+            })();
+          "

.gitignore

@@ -7,3 +7,12 @@ yarn-error.log
 .orig
 $LOG_FILE
 temp/
+
+# yarn 4 (berry)
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions

.husky/pre-commit

@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+yarn lint-staged
+yarn typecheck
+
+if command -v gitleaks >/dev/null 2>&1; then
+  gitleaks protect --staged --no-banner --redact
+fi

.oxfmtrc.json

@@ -0,0 +1,17 @@
+{
+  "semi": true,
+  "singleQuote": true,
+  "trailingComma": "all",
+  "printWidth": 100,
+  "proseWrap": "preserve",
+  "sortPackageJson": false,
+  "ignorePatterns": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/coverage/**",
+    "**/.yarn/**",
+    "default-build-script/**",
+    "test-runner/**",
+    "platforms/**"
+  ]
+}

.oxlintrc.json

@@ -0,0 +1,58 @@
+{
+  "$schema": "./node_modules/oxlint/configuration_schema.json",
+  "plugins": ["typescript", "vitest", "unicorn", "oxc"],
+  "categories": {
+    "correctness": "error",
+    "suspicious": "error",
+    "perf": "error"
+  },
+  "rules": {
+    "vitest/require-mock-type-parameters": "off",
+    "vitest/valid-title": "off",
+    "vitest/valid-describe-callback": "off",
+    "vitest/expect-expect": "off",
+    "vitest/no-conditional-tests": "off",
+    "vitest/no-conditional-expect": "off",
+    "vitest/require-to-throw-message": "off",
+    "vitest/no-disabled-tests": "warn",
+    "unicorn/prefer-array-flat-map": "warn",
+    "typescript/no-explicit-any": "warn",
+    "typescript/ban-ts-comment": "off",
+    "typescript/no-namespace": "off",
+    "typescript/no-extraneous-class": "off",
+    "no-bitwise": "off",
+    "no-shadow": "off",
+    "no-await-in-loop": "off",
+    "no-underscore-dangle": "off",
+    "unicorn/no-array-sort": "off",
+    "unicorn/prefer-set-has": "off",
+    "unicorn/consistent-function-scoping": "off",
+    "unicorn/no-useless-spread": "warn",
+    "eslint/preserve-caught-error": "warn",
+    "oxc/no-map-spread": "warn"
+  },
+  "overrides": [
+    {
+      "files": ["**/*.test.ts", "**/*.spec.ts"],
+      "rules": {
+        "typescript/no-explicit-any": "off",
+        "no-unused-vars": "off"
+      }
+    }
+  ],
+  "env": {
+    "browser": false,
+    "node": true,
+    "es2024": true,
+    "vitest/globals": true
+  },
+  "ignorePatterns": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/coverage/**",
+    "**/.yarn/**",
+    "default-build-script/**",
+    "test-runner/**",
+    "platforms/**"
+  ]
+}

.prettierignore

@@ -1,2 +0,0 @@
-**/node_modules/**
-**/dist/**

.prettierrc.json

@@ -1,7 +0,0 @@
-{
-  "semi": true,
-  "singleQuote": true,
-  "trailingComma": "all",
-  "printWidth": 120,
-  "proseWrap": "always"
-}

.yarnrc

@@ -1,3 +0,0 @@
-save-prefix "^"
---install.audit true
---add.audit true

.yarnrc.yml

@@ -0,0 +1,10 @@
+approvedGitRepositories:
+  - '**'
+
+compressionLevel: mixed
+
+enableGlobalCache: false
+
+enableHardenedMode: false
+
+nodeLinker: node-modules

action.yml

@@ -9,8 +9,7 @@ inputs:
   unityVersion:
     required: false
     default: 'auto'
-    description:
-      'Version of unity to use for building the project. Use "auto" to get from your ProjectSettings/ProjectVersion.txt'
+    description: 'Version of unity to use for building the project. Use "auto" to get from your ProjectSettings/ProjectVersion.txt'
   customImage:
     required: false
     default: ''
@@ -47,6 +46,10 @@ inputs:
     required: false
     default: ''
     description: 'Custom parameters to configure the build.'
+  useHostNetwork:
+    required: false
+    default: false
+    description: 'Initialises Docker using the host network. (Linux only)'
   versioning:
     required: false
     default: 'Semantic'
@@ -104,11 +107,13 @@ inputs:
   gitPrivateToken:
     required: false
     default: ''
-    description: '[Orchestrator] Github private token to pull from github'
-  githubOwner:
+    description: 'Github private token to pull from github'
+  providerStrategy:
+    default: 'local'
     required: false
-    default: ''
-    description: '[Orchestrator] GitHub owner name or organization/team name'
+    description:
+      'Build execution strategy. Use "local" for local Docker/Mac builds. For remote builds (aws, k8s, etc.), install
+      @game-ci/orchestrator and use the game-ci/orchestrator action which declares its own inputs.'
   runAsHostUser:
     required: false
     default: 'false'
@@ -118,8 +123,7 @@ inputs:
   chownFilesTo:
     required: false
     default: ''
-    description:
-      'User and optionally group (user or user:group or uid:gid) to give ownership of the resulting build artifacts'
+    description: 'User and optionally group (user or user:group or uid:gid) to give ownership of the resulting build artifacts'
   dockerCpuLimit:
     required: false
     default: ''
@@ -149,102 +153,7 @@ inputs:
   allowDirtyBuild:
     required: false
     default: ''
-    description: '[Orchestrator] Allows the branch of the build to be dirty, and still generate the build.'
-  postBuildSteps:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] run a post build job in yaml format with the keys image, secrets (name, value object array),
-      command string'
-  preBuildSteps:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] Run a pre build job after the repository setup but before the build job (in yaml format with the
-      keys image, secrets (name, value object array), command line string)'
-  containerHookFiles:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] Specify the names (by file name) of custom steps to run before or after orchestrator jobs, must
-      match a yaml step file inside your repo in the folder .game-ci/steps/'
-  customHookFiles:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] Specify the names (by file name) of custom hooks to run before or after orchestrator jobs, must
-      match a yaml step file inside your repo in the folder .game-ci/hooks/'
-  customCommandHooks:
-    required: false
-    default: ''
-    description: '[Orchestrator] Specify custom commands and trigger hooks (injects commands into jobs)'
-  customJob:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] Run a custom job instead of the standard build automation for orchestrator (in yaml format with the
-      keys image, secrets (name, value object array), command line string)'
-  awsStackName:
-    default: 'game-ci'
-    required: false
-    description: '[Orchestrator] The Cloud Formation stack name that must be setup before using this option.'
-  providerStrategy:
-    default: 'local'
-    required: false
-    description:
-      '[Orchestrator] Either local, k8s or aws can be used to run builds on a remote cluster. Additional parameters must
-      be configured.'
-  resourceTracking:
-    default: 'false'
-    required: false
-    description: '[Orchestrator] Enable resource tracking logs for disk usage and allocation summaries.'
-  containerCpu:
-    default: ''
-    required: false
-    description: '[Orchestrator] Amount of CPU time to assign the remote build container'
-  containerMemory:
-    default: ''
-    required: false
-    description: '[Orchestrator] Amount of memory to assign the remote build container'
-  readInputFromOverrideList:
-    default: ''
-    required: false
-    description: '[Orchestrator] Comma separated list of input value names to read from "input override command"'
-  readInputOverrideCommand:
-    default: ''
-    required: false
-    description:
-      '[Orchestrator] Extend game ci by specifying a command to execute to pull input from external source e.g cloud
-      provider secret managers'
-  kubeConfig:
-    default: ''
-    required: false
-    description:
-      '[Orchestrator] Supply a base64 encoded kubernetes config to run builds on kubernetes and stream logs until
-      completion.'
-  kubeVolume:
-    default: ''
-    required: false
-    description: '[Orchestrator] Supply a Persistent Volume Claim name to use for the Unity build.'
-  kubeStorageClass:
-    default: ''
-    required: false
-    description:
-      '[Orchestrator] Kubernetes storage class to use for orchestrator jobs, leave empty to install rook cluster.'
-  kubeVolumeSize:
-    default: '5Gi'
-    required: false
-    description: '[Orchestrator] Amount of disc space to assign the Kubernetes Persistent Volume'
-  cacheKey:
-    default: ''
-    required: false
-    description: '[Orchestrator] Cache key to indicate bucket for cache'
-  watchToEnd:
-    default: 'true'
-    required: false
-    description:
-      '[Orchestrator] Whether or not to watch the build to the end. Can be used for especially long running jobs e.g
-      imports or self-hosted ephemeral runners.'
+    description: 'Allows the branch of the build to be dirty, and still generate the build.'
   cacheUnityInstallationOnMac:
     default: 'false'
     required: false
@@ -269,38 +178,6 @@ inputs:
     default: 'false'
     required: false
     description: 'Skip the activation/deactivation of Unity. This assumes Unity is already activated.'
-  artifactOutputTypes:
-    description: 'Comma-separated list of output types to collect (build, logs, test-results, coverage, images, metrics, data-export, server-build, custom)'
-    required: false
-    default: 'build,logs,test-results'
-  artifactUploadTarget:
-    description: 'Where to upload artifacts: github-artifacts, storage, local, none'
-    required: false
-    default: 'github-artifacts'
-  artifactUploadPath:
-    description: 'Destination path for artifact upload (storage URI or local path)'
-    required: false
-  artifactCompression:
-    description: 'Compression for artifacts: none, gzip, lz4'
-    required: false
-    default: 'gzip'
-  artifactRetentionDays:
-    description: 'Retention period for uploaded artifacts in days'
-    required: false
-    default: '30'
-  artifactCustomTypes:
-    description: 'JSON string defining custom output types [{name, defaultPath, description}]'
-    required: false
-  cloneDepth:
-    default: '50'
-    required: false
-    description: '[Orchestrator] Specifies the depth of the git clone for the repository. Use 0 for full clone.'
-  orchestratorRepoName:
-    default: 'game-ci/unity-builder'
-    required: false
-    description:
-      '[Orchestrator] Specifies the repo for the unity builder. Useful if you forked the repo for testing, features, or
-      fixes.'
 
 outputs:
   volume:
@@ -314,8 +191,6 @@ outputs:
       'Returns the exit code from the build scripts. This code is 0 if the build was successful. If there was an error
       during activation, the code is from the activation step. If activation is successful, the code is from the project
       build step.'
-  artifactManifestPath:
-    description: 'Path to the generated artifact manifest JSON file'
 branding:
   icon: 'box'
   color: 'gray-dark'

community-plugins.yml

@@ -0,0 +1,27 @@
+# Community Plugin Validation Registry
+# Packages listed here are automatically tested on a schedule
+# to ensure compatibility with unity-builder.
+#
+# Format:
+#   - name: Human-readable name
+#     package: UPM package name or git URL
+#     source: upm | git | asset-store
+#     unity: Minimum Unity version (optional, defaults to 2021.3)
+#     platforms: List of platforms to test (optional, defaults to [StandaloneLinux64])
+#     timeout: Build timeout in minutes (optional, defaults to 30)
+
+plugins:
+  # Example entries — community members can submit PRs to add their packages
+  - name: UniTask
+    package: https://github.com/Cysharp/UniTask.git?path=src/UniTask/Assets/Plugins/UniTask
+    source: git
+    platforms: [StandaloneLinux64, StandaloneWindows64]
+
+  - name: NaughtyAttributes
+    package: https://github.com/dbrizov/NaughtyAttributes.git?path=Assets/NaughtyAttributes
+    source: git
+
+  - name: Unity Atoms
+    package: https://github.com/unity-atoms/unity-atoms.git
+    source: git
+    platforms: [StandaloneLinux64]

jest.ci.config.js

@@ -1,11 +0,0 @@
-const base = require('./jest.config.js');
-
-module.exports = {
-  ...base,
-  forceExit: true,
-  detectOpenHandles: true,
-  testTimeout: 120000,
-  maxWorkers: 1,
-};
-
-

jest.config.js

@@ -1,30 +0,0 @@
-module.exports = {
-  // Automatically clear mock calls and instances between every test
-  clearMocks: true,
-
-  // An array of file extensions your modules use
-  moduleFileExtensions: ['js', 'ts'],
-
-  // The test environment that will be used for testing
-  testEnvironment: 'node',
-
-  // The glob patterns Jest uses to detect test files
-  testMatch: ['**/*.test.ts'],
-
-  // This option allows use of a custom test runner
-  testRunner: 'jest-circus/runner',
-
-  // A map with regular expressions for transformers to paths
-  transform: {
-    '^.+\\.ts$': 'ts-jest',
-  },
-
-  // Indicates whether each individual test should be reported during the run
-  verbose: true,
-
-  // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
-  modulePathIgnorePatterns: ['<rootDir>/lib/', '<rootDir>/dist/'],
-
-  // Use jest.setup.js to polyfill fetch for all tests
-  setupFiles: ['<rootDir>/jest.setup.js'],
-};

lefthook.yml

@@ -1,31 +0,0 @@
-# EXAMPLE USAGE
-# Refer for explanation to following link:
-# https://github.com/evilmartians/lefthook/blob/master/docs/full_guide.md
-#
-
-color: true
-extends: {}
-
-pre-commit:
-  parallel: true
-  commands:
-    format documents:
-      glob: '*.{md,mdx}'
-      run: yarn prettier --write {staged_files}
-    format configs:
-      glob: '*.{json,yml,yaml}'
-      run: yarn prettier --write {staged_files}
-    format code:
-      glob: '*.{js,jsx,ts,tsx}'
-      exclude: 'dist/'
-      run: yarn prettier --write {staged_files} && yarn eslint {staged_files} && git add {staged_files}
-    run tests:
-      glob: '*.{js,jsx,ts,tsx}'
-      exclude: 'dist/'
-      run: yarn jest --passWithNoTests --findRelatedTests {staged_files}
-    build distributables:
-      skip: ['merge', 'rebase']
-      run: yarn build && git add dist
-    make shell script executable:
-      glob: '*.sh'
-      run: git update-index --chmod=+x

mise.toml

@@ -0,0 +1,6 @@
+[tools]
+node = "20.18.0"
+yarn = "4.14.1"
+actionlint = "latest"
+shellcheck = "latest"
+gitleaks = "latest"

package.json

@@ -7,84 +7,70 @@
   "author": "Webber <webber@takken.io>",
   "license": "MIT",
   "scripts": {
-    "prepare": "lefthook install",
+    "prepare": "husky",
     "build": "yarn && tsc && ncc build lib --source-map --license licenses.txt",
-    "lint": "prettier --check \"src/**/*.{js,ts}\" && eslint src/**/*.ts",
-    "format": "prettier --write \"src/**/*.{js,ts}\"",
-    "cli": "yarn ts-node src/index.ts -m cli",
-    "gcp-secrets-tests": "cross-env providerStrategy=aws orchestratorTests=true inputPullCommand=\"gcp-secret-manager\" populateOverride=true pullInputList=UNITY_EMAIL,UNITY_SERIAL,UNITY_PASSWORD yarn test -i -t \"orchestrator\"",
-    "gcp-secrets-cli": "cross-env orchestratorTests=true USE_IL2CPP=false inputPullCommand=\"gcp-secret-manager\" yarn ts-node src/index.ts -m cli --populateOverride true --pullInputList UNITY_EMAIL,UNITY_SERIAL,UNITY_PASSWORD",
-    "aws-secrets-cli": "cross-env orchestratorTests=true inputPullCommand=\"aws-secret-manager\" yarn ts-node src/index.ts -m cli --populateOverride true --pullInputList UNITY_EMAIL,UNITY_SERIAL,UNITY_PASSWORD",
-    "cli-aws": "cross-env providerStrategy=aws yarn run test-cli",
-    "cli-k8s": "cross-env providerStrategy=k8s yarn run test-cli",
-    "test-cli": "cross-env orchestratorTests=true yarn ts-node src/index.ts -m cli --projectPath test-project",
-    "test": "jest",
-    "test:ci": "jest --config=jest.ci.config.js --runInBand",
-    "test-i": "cross-env orchestratorTests=true yarn test -i -t \"orchestrator\"",
-    "test-i-*": "yarn run test-i-aws && yarn run test-i-k8s",
-    "test-i-aws": "cross-env orchestratorTests=true providerStrategy=aws yarn test -i -t \"orchestrator\"",
-    "test-i-k8s": "cross-env orchestratorTests=true providerStrategy=k8s yarn test -i -t \"orchestrator\""
+    "test": "node scripts/ensure-husky.mjs && vitest run",
+    "test:watch": "vitest",
+    "test:ci": "vitest run",
+    "coverage": "vitest run --coverage",
+    "lint": "yarn oxlint --report-unused-disable-directives",
+    "format": "oxfmt --write",
+    "format:check": "oxfmt --check",
+    "typecheck": "tsc --noEmit",
+    "typecheck:tsgo": "tsgo --noEmit",
+    "setup:hooks": "node scripts/ensure-husky.mjs"
+  },
+  "lint-staged": {
+    "*.@(ts|tsx|mts|js|jsx|mjs|cjs)": [
+      "oxlint --fix --quiet",
+      "oxfmt --write"
+    ],
+    "*.@(json|jsonc|json5|md|mdx|yaml|yml|css|scss|sass|html|toml)": "oxfmt --write",
+    ".github/workflows/*.@(yml|yaml)": "actionlint"
   },
   "engines": {
     "node": ">=18.x"
   },
   "dependencies": {
-    "@actions/cache": "^4.0.0",
+    "@actions/cache": "^4.1.0",
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^6.0.0",
-    "@aws-sdk/client-cloudformation": "^3.777.0",
-    "@aws-sdk/client-cloudwatch-logs": "^3.777.0",
-    "@aws-sdk/client-ecs": "^3.778.0",
-    "@aws-sdk/client-kinesis": "^3.777.0",
-    "@aws-sdk/client-s3": "^3.779.0",
-    "@kubernetes/client-node": "^0.16.3",
-    "@octokit/core": "^5.1.0",
-    "async-wait-until": "^2.0.12",
-    "aws-sdk": "^2.1081.0",
-    "base-64": "^1.0.0",
-    "commander": "^9.0.0",
+    "@actions/github": "^6.0.1",
+    "commander": "^9.5.0",
     "commander-ts": "^0.2.0",
-    "kubernetes-client": "^9.0.0",
     "md5": "^2.3.0",
-    "nanoid": "^3.3.1",
-    "reflect-metadata": "^0.1.13",
-    "semver": "^7.5.2",
-    "shell-quote": "^1.8.3",
+    "nanoid": "^3.3.12",
+    "reflect-metadata": "^0.2.2",
+    "semver": "^7.7.4",
     "ts-md5": "^1.3.1",
     "unity-changeset": "^3.1.0",
-    "uuid": "^9.0.0",
-    "yaml": "^2.2.2"
+    "yaml": "^2.8.4"
   },
   "devDependencies": {
-    "@types/base-64": "^1.0.0",
-    "@types/jest": "^27.4.1",
     "@types/node": "^17.0.23",
     "@types/semver": "^7.3.9",
-    "@types/uuid": "^9.0.0",
-    "@typescript-eslint/parser": "4.8.1",
+    "@typescript/native-preview": "^7.0.0-dev.20260505.1",
     "@vercel/ncc": "^0.36.1",
+    "@vitest/coverage-istanbul": "^4.1.5",
     "cross-env": "^7.0.3",
-    "eslint": "^7.23.0",
-    "eslint-config-prettier": "8.1.0",
-    "eslint-plugin-github": "^4.1.1",
-    "eslint-plugin-jest": "24.1.3",
-    "eslint-plugin-prettier": "^3.3.1",
-    "eslint-plugin-unicorn": "28.0.2",
-    "jest": "^27.5.1",
-    "jest-circus": "^27.5.1",
-    "jest-fail-on-console": "^3.0.2",
+    "eslint": "^10.3.0",
+    "eslint-plugin-unicorn": "^64.0.0",
+    "husky": "9",
     "js-yaml": "^4.1.0",
-    "lefthook": "^1.6.1",
+    "lint-staged": "^16.4.0",
     "node-fetch": "2",
-    "prettier": "^2.5.1",
-    "ts-jest": "^27.1.3",
+    "oxfmt": "^0.48.0",
+    "oxlint": "^1.63.0",
     "ts-node": "10.8.1",
     "typescript": "4.7.4",
+    "vite": "^7",
+    "vitest": "^4",
     "yarn-audit-fix": "^9.3.8"
   },
-  "volta": {
-    "node": "20.5.1",
-    "yarn": "1.22.19"
+  "packageManager": "yarn@4.14.1",
+  "dependenciesMeta": {
+    "lefthook": {
+      "built": true
+    }
   }
 }

scripts/ensure-husky.mjs

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+// Self-heals husky git hooks before local dev workflows.
+//
+// Why this exists: Yarn 4 skips lifecycle scripts (`prepare`, `postinstall`) on
+// no-op installs, so `yarn install --immutable` does NOT reinstall hooks once
+// `.husky/_/` has been wiped. `.husky/_/` is gitignored, so it is also missing
+// in fresh worktrees and after `git clean -fdx`. Without this guard, commits
+// silently skip the pre-commit hook (git treats a missing hook file as "no hook").
+//
+// Behaviour: ~20 ms no-op when hooks are already installed. Skipped in CI and
+// when HUSKY=0. Fails loudly (non-zero exit) on real install errors so the
+// caller stops before commits are made without hooks.
+
+import { execSync } from 'node:child_process';
+import { existsSync } from 'node:fs';
+
+if (process.env.CI || process.env.HUSKY === '0') process.exit(0);
+
+const expectedHooksPath = '.husky/_';
+const sentinelHook = '.husky/_/pre-commit';
+// husky 9.1+ ships bin.js; husky 9.0 ships bin.mjs. Try both.
+const huskyBin = ['node_modules/husky/bin.js', 'node_modules/husky/bin.mjs'].find(existsSync);
+
+let configuredHooksPath = '';
+try {
+  configuredHooksPath = execSync('git config --get core.hooksPath', {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'ignore'],
+  }).trim();
+} catch {
+  // not a git repo or config unset — fall through and try to install
+}
+
+if (configuredHooksPath === expectedHooksPath && existsSync(sentinelHook)) {
+  process.exit(0);
+}
+
+if (!huskyBin) {
+  // husky not installed yet (yarn install hasn't run) — silent no-op
+  process.exit(0);
+}
+
+console.log('· installing git hooks (husky self-heal)…');
+try {
+  execSync(`node ${huskyBin}`, { stdio: 'inherit' });
+} catch (error) {
+  const message = error instanceof Error ? error.message : String(error);
+  console.error(
+    `\n❌ husky install failed: ${message}\n\n` +
+      `   git pre-commit hooks are NOT installed; commits will skip lint/format/tests.\n` +
+      `   Fix the underlying error above, then run \`yarn setup:hooks\` to retry.\n` +
+      `   To bypass this guard temporarily (NOT recommended): HUSKY=0 yarn <cmd>.\n`,
+  );
+  process.exit(1);
+}

src/index-plugin-features.test.ts

@@ -0,0 +1,278 @@
+import { describe, it, expect, beforeEach, afterEach, vi, type Mock } from 'vitest';
+/**
+ * Integration wiring tests for the plugin lifecycle in index.ts
+ *
+ * These tests verify that:
+ * - The plugin lifecycle hooks are called in the correct order
+ * - Plugin canHandleBuild() controls the execution path
+ * - fallbackToLocal is handled correctly
+ * - When no plugin is installed, local builds still work
+ * - When providerStrategy is non-local without a plugin, an error is thrown
+ */
+
+import { BuildParameters, Docker } from './model';
+import * as core from '@actions/core';
+
+// ---------------------------------------------------------------------------
+// Mock plugin
+// ---------------------------------------------------------------------------
+
+// `vi.mock` hoists to the top of the module, so any factory references must
+// be hoisted with `vi.hoisted` to be defined at mock-evaluation time.
+const { mockPlugin, mockLoadPlugin } = vi.hoisted(() => {
+  const plugin = {
+    initialize: vi.fn().mockResolvedValue(undefined),
+    canHandleBuild: vi.fn().mockReturnValue(false),
+    handleBuild: vi.fn().mockResolvedValue({ exitCode: 0 }),
+    beforeLocalBuild: vi.fn().mockResolvedValue(undefined),
+    afterLocalBuild: vi.fn().mockResolvedValue(undefined),
+    handlePostBuild: vi.fn().mockResolvedValue(undefined),
+  };
+  return {
+    mockPlugin: plugin,
+    mockLoadPlugin: vi.fn().mockResolvedValue(plugin),
+  };
+});
+
+vi.mock('./model/plugin', () => ({
+  loadPlugin: mockLoadPlugin,
+}));
+
+vi.mock('@actions/core');
+vi.mock('./model', () => ({
+  Action: {
+    checkCompatibility: vi.fn(),
+    workspace: '/workspace',
+    actionFolder: '/action',
+  },
+  BuildParameters: {
+    create: vi.fn(),
+  },
+  Cache: {
+    verify: vi.fn(),
+  },
+  Docker: {
+    run: vi.fn().mockResolvedValue(0),
+  },
+  // vitest 4 requires constructor mocks to use regular `function` (or
+  // `class`); arrow fns aren't valid constructors.
+  ImageTag: vi.fn(function () {
+    return { toString: () => 'mock-image:latest' };
+  }),
+  Output: {
+    setBuildVersion: vi.fn().mockResolvedValue(''),
+    setAndroidVersionCode: vi.fn().mockResolvedValue(''),
+    setEngineExitCode: vi.fn().mockResolvedValue(''),
+  },
+}));
+
+vi.mock('./model/cli/cli', () => ({
+  Cli: {
+    InitCliMode: vi.fn().mockReturnValue(false),
+  },
+}));
+
+vi.mock('./model/mac-builder', () => ({
+  __esModule: true,
+  default: {
+    run: vi.fn().mockResolvedValue(0),
+  },
+}));
+
+vi.mock('./model/platform-setup', () => ({
+  __esModule: true,
+  default: {
+    setup: vi.fn().mockResolvedValue(''),
+  },
+}));
+
+const mockedBuildParametersCreate = BuildParameters.create as Mock;
+
+function createMockBuildParameters(overrides: Record<string, any> = {}) {
+  return {
+    providerStrategy: 'local',
+    targetPlatform: 'StandaloneLinux64',
+    editorVersion: '2021.3.1f1',
+    buildVersion: '1.0.0',
+    androidVersionCode: '1',
+    projectPath: '.',
+    branch: 'main',
+    runnerTempPath: '/tmp',
+    ...overrides,
+  };
+}
+
+async function runIndex(overrides: Record<string, any> = {}): Promise<void> {
+  mockedBuildParametersCreate.mockResolvedValue(createMockBuildParameters(overrides));
+
+  // index.ts exports `runMain` for testability (the file used to rely on
+  // top-level execution + jest's `vi.isolateModules`, but vitest 4 dropped
+  // that API). Calling the exported function directly is cleaner than
+  // round-tripping through dynamic imports.
+  const { runMain } = await import('./index');
+  await runMain();
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('index.ts plugin lifecycle wiring', () => {
+  const originalPlatform = process.platform;
+  const originalEnvironment = { ...process.env };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    process.env.GITHUB_WORKSPACE = '/workspace';
+    Object.defineProperty(process, 'platform', { value: 'linux' });
+
+    // Reset plugin to default behavior
+    mockPlugin.canHandleBuild.mockReturnValue(false);
+    mockPlugin.handleBuild.mockResolvedValue({ exitCode: 0 });
+    mockLoadPlugin.mockResolvedValue(mockPlugin);
+  });
+
+  afterEach(() => {
+    Object.defineProperty(process, 'platform', { value: originalPlatform });
+    process.env = { ...originalEnvironment };
+  });
+
+  // -----------------------------------------------------------------------
+  // Local build with plugin
+  // -----------------------------------------------------------------------
+
+  describe('local build with plugin installed', () => {
+    it('should call lifecycle hooks in order: initialize -> beforeLocalBuild -> [build] -> afterLocalBuild -> handlePostBuild', async () => {
+      const callOrder: string[] = [];
+      mockPlugin.initialize.mockImplementation(async () => callOrder.push('initialize'));
+      mockPlugin.beforeLocalBuild.mockImplementation(async () =>
+        callOrder.push('beforeLocalBuild'),
+      );
+      mockPlugin.afterLocalBuild.mockImplementation(async () => callOrder.push('afterLocalBuild'));
+      mockPlugin.handlePostBuild.mockImplementation(async () => callOrder.push('handlePostBuild'));
+
+      await runIndex();
+
+      expect(callOrder).toEqual([
+        'initialize',
+        'beforeLocalBuild',
+        'afterLocalBuild',
+        'handlePostBuild',
+      ]);
+    });
+
+    it('should pass buildParameters and workspace to initialize', async () => {
+      await runIndex({ targetPlatform: 'WebGL' });
+
+      expect(mockPlugin.initialize).toHaveBeenCalledWith(
+        expect.objectContaining({ targetPlatform: 'WebGL' }),
+        '/workspace',
+      );
+    });
+
+    it('should pass workspace to beforeLocalBuild', async () => {
+      await runIndex();
+
+      expect(mockPlugin.beforeLocalBuild).toHaveBeenCalledWith('/workspace');
+    });
+
+    it('should pass workspace and exit code to afterLocalBuild', async () => {
+      await runIndex();
+
+      expect(mockPlugin.afterLocalBuild).toHaveBeenCalledWith('/workspace', 0);
+    });
+
+    it('should pass exit code to handlePostBuild', async () => {
+      await runIndex();
+
+      expect(mockPlugin.handlePostBuild).toHaveBeenCalledWith(0);
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // Plugin handles build entirely
+  // -----------------------------------------------------------------------
+
+  describe('plugin handles build (canHandleBuild = true)', () => {
+    it('should call handleBuild instead of Docker.run', async () => {
+      mockPlugin.canHandleBuild.mockReturnValue(true);
+      mockPlugin.handleBuild.mockResolvedValue({ exitCode: 0 });
+
+      await runIndex();
+
+      expect(mockPlugin.handleBuild).toHaveBeenCalledWith('mock-image:latest');
+      expect(Docker.run).not.toHaveBeenCalled();
+      expect(mockPlugin.beforeLocalBuild).not.toHaveBeenCalled();
+      expect(mockPlugin.afterLocalBuild).not.toHaveBeenCalled();
+    });
+
+    it('should still call handlePostBuild after handleBuild', async () => {
+      mockPlugin.canHandleBuild.mockReturnValue(true);
+      mockPlugin.handleBuild.mockResolvedValue({ exitCode: 0 });
+
+      await runIndex();
+
+      expect(mockPlugin.handlePostBuild).toHaveBeenCalledWith(0);
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // Fallback to local
+  // -----------------------------------------------------------------------
+
+  describe('fallback to local build', () => {
+    it('should do a local build when handleBuild returns fallbackToLocal', async () => {
+      mockPlugin.canHandleBuild.mockReturnValue(true);
+      mockPlugin.handleBuild.mockResolvedValue({ exitCode: -1, fallbackToLocal: true });
+
+      await runIndex();
+
+      expect(mockPlugin.handleBuild).toHaveBeenCalled();
+      expect(mockPlugin.beforeLocalBuild).toHaveBeenCalled();
+      expect(Docker.run).toHaveBeenCalled();
+      expect(mockPlugin.afterLocalBuild).toHaveBeenCalled();
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // No plugin installed
+  // -----------------------------------------------------------------------
+
+  describe('no plugin installed', () => {
+    it('should build locally without errors when providerStrategy is local', async () => {
+      mockLoadPlugin.mockResolvedValue(undefined);
+
+      await runIndex({ providerStrategy: 'local' });
+
+      expect(Docker.run).toHaveBeenCalled();
+    });
+
+    it('should error when providerStrategy is non-local and no plugin', async () => {
+      mockLoadPlugin.mockResolvedValue(undefined);
+
+      await runIndex({ providerStrategy: 'aws' });
+
+      expect(core.setFailed).toHaveBeenCalledWith(
+        expect.stringContaining('requires @game-ci/orchestrator'),
+      );
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // canHandleBuild = false with non-local provider
+  // -----------------------------------------------------------------------
+
+  describe('plugin installed but canHandleBuild returns false with non-local provider', () => {
+    it('should error when providerStrategy is non-local', async () => {
+      mockPlugin.canHandleBuild.mockReturnValue(false);
+
+      await runIndex({ providerStrategy: 'aws' });
+
+      // The plugin is initialized but says it can't handle the build,
+      // and providerStrategy is not local, so it falls to the error case
+      expect(core.setFailed).toHaveBeenCalledWith(
+        expect.stringContaining('requires @game-ci/orchestrator'),
+      );
+    });
+  });
+});

src/index.ts

@@ -1,14 +1,13 @@
 import * as core from '@actions/core';
-import path from 'node:path';
-import { Action, BuildParameters, Cache, Orchestrator, Docker, ImageTag, Output } from './model';
+import { Action, BuildParameters, Cache, Docker, ImageTag, Output } from './model';
 import { Cli } from './model/cli/cli';
 import MacBuilder from './model/mac-builder';
 import PlatformSetup from './model/platform-setup';
-import { OutputService } from './model/orchestrator/services/output/output-service';
-import { OutputTypeRegistry } from './model/orchestrator/services/output/output-type-registry';
-import { ArtifactUploadHandler } from './model/orchestrator/services/output/artifact-upload-handler';
+import { Plugin, loadPlugin } from './model/plugin';
 
-async function runMain() {
+// Exported so tests can drive the lifecycle directly without depending on
+// vitest's module re-loading (which changed in vitest 4).
+export async function runMain() {
   try {
     if (Cli.InitCliMode()) {
       await Cli.RunCli();
@@ -19,90 +18,38 @@ async function runMain() {
     Cache.verify();
 
     const { workspace, actionFolder } = Action;
-
     const buildParameters = await BuildParameters.create();
     const baseImage = new ImageTag(buildParameters);
 
+    // Load optional plugin. The default implementation is @game-ci/orchestrator.
+    const plugin = await loadPlugin();
+    await plugin?.initialize(buildParameters, workspace);
+
     let exitCode = -1;
 
-    if (buildParameters.providerStrategy === 'local') {
-      core.info('Building locally');
-      await PlatformSetup.setup(buildParameters, actionFolder);
-      exitCode =
-        process.platform === 'darwin'
-          ? await MacBuilder.run(actionFolder)
-          : await Docker.run(baseImage.toString(), {
-              workspace,
-              actionFolder,
-              ...buildParameters,
-            });
+    if (plugin?.canHandleBuild()) {
+      // Plugin handles the build entirely (remote providers, hot runner, test workflows)
+      const result = await plugin.handleBuild(baseImage.toString());
+
+      exitCode = result.fallbackToLocal
+        ? await runLocalBuild(buildParameters, baseImage, workspace, actionFolder, plugin)
+        : result.exitCode;
+    } else if (buildParameters.providerStrategy === 'local') {
+      exitCode = await runLocalBuild(buildParameters, baseImage, workspace, actionFolder, plugin);
     } else {
-      await Orchestrator.run(buildParameters, baseImage.toString());
-      exitCode = 0;
+      throw new Error(
+        `Provider strategy "${buildParameters.providerStrategy}" requires @game-ci/orchestrator. ` +
+          'Install it via the game-ci/orchestrator action, or use providerStrategy=local.',
+      );
     }
 
-    // Set output
+    // Set core outputs
     await Output.setBuildVersion(buildParameters.buildVersion);
     await Output.setAndroidVersionCode(buildParameters.androidVersionCode);
     await Output.setEngineExitCode(exitCode);
 
-    // Artifact collection and upload (runs on both success and failure)
-    try {
-      // Register custom output types if provided
-      if (buildParameters.artifactCustomTypes) {
-        try {
-          const customTypes = JSON.parse(buildParameters.artifactCustomTypes);
-          if (Array.isArray(customTypes)) {
-            for (const ct of customTypes) {
-              OutputTypeRegistry.registerType({
-                name: ct.name,
-                defaultPath: ct.defaultPath || ct.pattern || `./${ct.name}/`,
-                description: ct.description || `Custom output type: ${ct.name}`,
-                builtIn: false,
-              });
-            }
-          }
-        } catch (parseError) {
-          core.warning(`Failed to parse artifactCustomTypes: ${(parseError as Error).message}`);
-        }
-      }
-
-      // Collect outputs and generate manifest
-      const manifestPath = path.join(buildParameters.projectPath, 'output-manifest.json');
-      const manifest = await OutputService.collectOutputs(
-        buildParameters.projectPath,
-        buildParameters.buildGuid,
-        buildParameters.artifactOutputTypes,
-        manifestPath,
-      );
-
-      core.setOutput('artifactManifestPath', manifestPath);
-
-      // Upload artifacts
-      const uploadConfig = ArtifactUploadHandler.parseConfig(
-        buildParameters.artifactUploadTarget,
-        buildParameters.artifactUploadPath || undefined,
-        buildParameters.artifactCompression,
-        buildParameters.artifactRetentionDays,
-      );
-
-      const uploadResult = await ArtifactUploadHandler.uploadArtifacts(
-        manifest,
-        uploadConfig,
-        buildParameters.projectPath,
-      );
-
-      if (!uploadResult.success) {
-        core.warning(
-          `Artifact upload completed with errors: ${uploadResult.entries
-            .filter((e) => !e.success)
-            .map((e) => `${e.type}: ${e.error}`)
-            .join('; ')}`,
-        );
-      }
-    } catch (artifactError) {
-      core.warning(`Artifact collection/upload failed: ${(artifactError as Error).message}`);
-    }
+    // Plugin handles post-build (artifacts, archiving, retention)
+    await plugin?.handlePostBuild(exitCode);
 
     if (exitCode !== 0) {
       core.setFailed(`Build failed with exit code ${exitCode}`);
@@ -112,4 +59,33 @@ async function runMain() {
   }
 }
 
-runMain();
+async function runLocalBuild(
+  buildParameters: BuildParameters,
+  baseImage: ImageTag,
+  workspace: string,
+  actionFolder: string,
+  plugin?: Plugin,
+): Promise<number> {
+  await plugin?.beforeLocalBuild(workspace);
+
+  await PlatformSetup.setup(buildParameters, actionFolder);
+  const exitCode =
+    process.platform === 'darwin'
+      ? await MacBuilder.run(actionFolder)
+      : await Docker.run(baseImage.toString(), {
+          workspace,
+          actionFolder,
+          ...buildParameters,
+        });
+
+  await plugin?.afterLocalBuild(workspace, exitCode);
+
+  return exitCode;
+}
+
+// Auto-run when this module is the entry point. Tests import the file via
+// `await import('./index')` purely to register the mock factories and then
+// call `runMain()` directly.
+if (process.env.NODE_ENV !== 'test') {
+  runMain();
+}

src/integration/orchestrator-github-checks-integration-test.ts

@@ -1,29 +0,0 @@
-// Integration test for exercising real GitHub check creation and updates.
-import Orchestrator from '../model/orchestrator/orchestrator';
-import UnityVersioning from '../model/unity-versioning';
-import GitHub from '../model/github';
-import { TIMEOUT_INFINITE, createParameters } from '../test-utils/orchestrator-test-helpers';
-
-const runIntegration = process.env.RUN_GITHUB_INTEGRATION_TESTS === 'true';
-const describeOrSkip = runIntegration ? describe : describe.skip;
-
-describeOrSkip('Orchestrator Github Checks Integration', () => {
-  it(
-    'creates and updates a real GitHub check',
-    async () => {
-      const buildParameter = await createParameters({
-        versioning: 'None',
-        projectPath: 'test-project',
-        unityVersion: UnityVersioning.read('test-project'),
-        asyncOrchestrator: `true`,
-        githubChecks: `true`,
-      });
-      await Orchestrator.setup(buildParameter);
-      const checkId = await GitHub.createGitHubCheck(`integration create`);
-      expect(checkId).not.toEqual('');
-      await GitHub.updateGitHubCheck(`1 ${new Date().toISOString()}`, `integration`);
-      await GitHub.updateGitHubCheck(`2 ${new Date().toISOString()}`, `integration`, `success`, `completed`);
-    },
-    TIMEOUT_INFINITE,
-  );
-});

src/integrity.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import { stat } from 'node:fs/promises';
 
 describe('Integrity tests', () => {

src/jest.setup.ts

@@ -1,9 +0,0 @@
-import failOnConsole from 'jest-fail-on-console';
-
-// Fail when console logs something inside a test - use spyOn instead
-failOnConsole({
-  shouldFailOnWarn: true,
-  shouldFailOnError: true,
-  shouldFailOnLog: true,
-  shouldFailOnAssert: true,
-});

src/model/__mocks__/input.ts

@@ -1,7 +1,8 @@
+import { vi } from 'vitest';
 // Import this named export into your test file:
 import Platform from '../platform';
 
-export const mockGetFromUser = jest.fn().mockResolvedValue({
+export const mockGetFromUser = vi.fn().mockResolvedValue({
   editorVersion: '',
   targetPlatform: Platform.types.Test,
   projectPath: '.',

src/model/__mocks__/versioning.ts

@@ -1,22 +1,23 @@
+import { vi } from 'vitest';
 /* eslint unicorn/prevent-abbreviations: "off" */
 
 // Import these named export into your test file:
-export const mockProjectPath = jest.fn().mockResolvedValue('mockProjectPath');
-export const mockIsDirtyAllowed = jest.fn().mockResolvedValue(false);
-export const mockBranch = jest.fn().mockResolvedValue('mockBranch');
-export const mockHeadRef = jest.fn().mockResolvedValue('mockHeadRef');
-export const mockRef = jest.fn().mockResolvedValue('mockRef');
-export const mockDetermineVersion = jest.fn().mockResolvedValue('1.2.3');
-export const mockGenerateSemanticVersion = jest.fn().mockResolvedValue('2.3.4');
-export const mockGenerateTagVersion = jest.fn().mockResolvedValue('1.0');
-export const mockParseSemanticVersion = jest.fn().mockResolvedValue({});
-export const mockFetch = jest.fn().mockImplementation(() => {});
-export const mockGetVersionDescription = jest.fn().mockResolvedValue('1.2-3-g12345678-dirty');
-export const mockIsDirty = jest.fn().mockResolvedValue(false);
-export const mockGetTag = jest.fn().mockResolvedValue('v1.0');
-export const mockHasAnyVersionTags = jest.fn().mockResolvedValue(true);
-export const mockGetTotalNumberOfCommits = jest.fn().mockResolvedValue(3);
-export const mockGit = jest.fn().mockImplementation(() => {});
+export const mockProjectPath = vi.fn().mockResolvedValue('mockProjectPath');
+export const mockIsDirtyAllowed = vi.fn().mockResolvedValue(false);
+export const mockBranch = vi.fn().mockResolvedValue('mockBranch');
+export const mockHeadRef = vi.fn().mockResolvedValue('mockHeadRef');
+export const mockRef = vi.fn().mockResolvedValue('mockRef');
+export const mockDetermineVersion = vi.fn().mockResolvedValue('1.2.3');
+export const mockGenerateSemanticVersion = vi.fn().mockResolvedValue('2.3.4');
+export const mockGenerateTagVersion = vi.fn().mockResolvedValue('1.0');
+export const mockParseSemanticVersion = vi.fn().mockResolvedValue({});
+export const mockFetch = vi.fn().mockImplementation(() => {});
+export const mockGetVersionDescription = vi.fn().mockResolvedValue('1.2-3-g12345678-dirty');
+export const mockIsDirty = vi.fn().mockResolvedValue(false);
+export const mockGetTag = vi.fn().mockResolvedValue('v1.0');
+export const mockHasAnyVersionTags = vi.fn().mockResolvedValue(true);
+export const mockGetTotalNumberOfCommits = vi.fn().mockResolvedValue(3);
+export const mockGit = vi.fn().mockImplementation(() => {});
 
 export default {
   projectPath: mockProjectPath,

src/model/__snapshots__/versioning.test.ts.snap

@@ -1,3 +1,3 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
-exports[`Versioning determineBuildVersion throws for invalid strategy somethingRandom 1`] = `"Versioning strategy should be one of None, Semantic, Tag, Custom."`;
+exports[`Versioning > determineBuildVersion > throws for invalid strategy somethingRandom 1`] = `[ValidationError: Versioning strategy should be one of None, Semantic, Tag, Custom.]`;

src/model/action.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import path from 'node:path';
 import fs from 'node:fs';
 import Action from './action';

src/model/android-versioning.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import AndroidVersioning from './android-versioning';
 
 describe('Android Versioning', () => {
@@ -35,7 +36,9 @@ describe('Android Versioning', () => {
     });
 
     it('uses the specified api level', () => {
-      expect(AndroidVersioning.determineSdkManagerParameters('AndroidApiLevel30')).toBe('platforms;android-30');
+      expect(AndroidVersioning.determineSdkManagerParameters('AndroidApiLevel30')).toBe(
+        'platforms;android-30',
+      );
     });
   });
 });

src/model/android-versioning.ts

@@ -12,7 +12,9 @@ export default class AndroidVersioning {
 
   static versionToVersionCode(version: string): string {
     if (version === 'none') {
-      core.info(`Versioning strategy is set to ${version}, so android version code should not be applied.`);
+      core.info(
+        `Versioning strategy is set to ${version}, so android version code should not be applied.`,
+      );
 
       return '0';
     }
@@ -27,7 +29,8 @@ export default class AndroidVersioning {
 
     // The greatest value Google Plays allows is 2100000000.
     // Allow for 3 patch digits, 3 minor digits and 3 major digits.
-    const versionCode = parsedVersion.major * 1000000 + parsedVersion.minor * 1000 + parsedVersion.patch;
+    const versionCode =
+      parsedVersion.major * 1000000 + parsedVersion.minor * 1000 + parsedVersion.patch;
 
     if (versionCode >= 2050000000) {
       throw new Error(

src/model/build-parameters.test.ts

@@ -1,3 +1,4 @@
+import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, test, vi } from 'vitest';
 import Versioning from './versioning';
 import UnityVersioning from './unity-versioning';
 import AndroidVersioning from './android-versioning';
@@ -9,12 +10,12 @@ const testLicense =
   '<?xml version="1.0" encoding="UTF-8"?><root>\n    <License id="Terms">\n        <MachineBindings>\n            <Binding Key="1" Value="576562626572264761624c65526f7578"/>\n            <Binding Key="2" Value="576562626572264761624c65526f7578"/>\n        </MachineBindings>\n        <MachineID Value="D7nTUnjNAmtsUMcnoyrqkgIbYdM="/>\n        <SerialHash Value="2033b8ac3e6faa3742ca9f0bfae44d18f2a96b80"/>\n        <Features>\n            <Feature Value="33"/>\n            <Feature Value="1"/>\n            <Feature Value="12"/>\n            <Feature Value="2"/>\n            <Feature Value="24"/>\n            <Feature Value="3"/>\n            <Feature Value="36"/>\n            <Feature Value="17"/>\n            <Feature Value="19"/>\n            <Feature Value="62"/>\n        </Features>\n        <DeveloperData Value="AQAAAEY0LUJHUlgtWEQ0RS1aQ1dWLUM1SlctR0RIQg=="/>\n        <SerialMasked Value="F4-BGRX-XD4E-ZCWV-C5JW-XXXX"/>\n        <StartDate Value="2021-02-08T00:00:00"/>\n        <UpdateDate Value="2021-02-09T00:34:57"/>\n        <InitialActivationDate Value="2021-02-08T00:34:56"/>\n        <LicenseVersion Value="6.x"/>\n        <ClientProvidedVersion Value="2018.4.30f1"/>\n        <AlwaysOnline Value="false"/>\n        <Entitlements>\n            <Entitlement Ns="unity_editor" Tag="UnityPersonal" Type="EDITOR" ValidTo="9999-12-31T00:00:00"/>\n            <Entitlement Ns="unity_editor" Tag="DarkSkin" Type="EDITOR_FEATURE" ValidTo="9999-12-31T00:00:00"/>\n        </Entitlements>\n    </License>\n<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#Terms"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>m0Db8UK+ktnOLJBtHybkfetpcKo=</DigestValue></Reference></SignedInfo><SignatureValue>o/pUbSQAukz7+ZYAWhnA0AJbIlyyCPL7bKVEM2lVqbrXt7cyey+umkCXamuOgsWPVUKBMkXtMH8L\n5etLmD0getWIhTGhzOnDCk+gtIPfL4jMo9tkEuOCROQAXCci23VFscKcrkB+3X6h4wEOtA2APhOY\nB+wvC794o8/82ffjP79aVAi57rp3Wmzx+9pe9yMwoJuljAy2sc2tIMgdQGWVmOGBpQm3JqsidyzI\nJWG2kjnc7pDXK9pwYzXoKiqUqqrut90d+kQqRyv7MSZXR50HFqD/LI69h68b7P8Bjo3bPXOhNXGR\n9YCoemH6EkfCJxp2gIjzjWW+l2Hj2EsFQi8YXw==</SignatureValue></Signature></root>';
 
 afterEach(() => {
-  jest.clearAllMocks();
-  jest.restoreAllMocks();
+  vi.clearAllMocks();
+  vi.restoreAllMocks();
 });
 
 beforeEach(() => {
-  jest.spyOn(Versioning, 'determineBuildVersion').mockImplementation(async () => '1.3.37');
+  vi.spyOn(Versioning, 'determineBuildVersion').mockImplementation(async () => '1.3.37');
   process.env.UNITY_LICENSE = testLicense; // Todo - Don't use process.env directly, that's what the input model class is for.
 });
 
@@ -25,20 +26,20 @@ describe('BuildParameters', () => {
     });
 
     it('determines the version only once', async () => {
-      jest.spyOn(Versioning, 'determineBuildVersion').mockImplementation(async () => '1.3.37');
+      vi.spyOn(Versioning, 'determineBuildVersion').mockImplementation(async () => '1.3.37');
       await BuildParameters.create();
       await expect(Versioning.determineBuildVersion).toHaveBeenCalledTimes(1);
     });
 
     it('determines the unity version only once', async () => {
-      jest.spyOn(UnityVersioning, 'determineUnityVersion').mockImplementation(() => '2019.2.11f1');
+      vi.spyOn(UnityVersioning, 'determineUnityVersion').mockImplementation(() => '2019.2.11f1');
       await BuildParameters.create();
       expect(UnityVersioning.determineUnityVersion).toHaveBeenCalledTimes(1);
     });
 
     it('returns the android version code with provided input', async () => {
       const mockValue = '42';
-      jest.spyOn(Input, 'androidVersionCode', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidVersionCode', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidVersionCode: mockValue }),
       );
@@ -46,49 +47,59 @@ describe('BuildParameters', () => {
 
     it('returns the android version code from version by default', async () => {
       const mockValue = '';
-      jest.spyOn(Input, 'androidVersionCode', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidVersionCode', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidVersionCode: '1003037' }),
       );
     });
 
     it('determines the android sdk manager parameters only once', async () => {
-      jest.spyOn(AndroidVersioning, 'determineSdkManagerParameters').mockImplementation(() => 'platforms;android-30');
+      vi.spyOn(AndroidVersioning, 'determineSdkManagerParameters').mockImplementation(
+        () => 'platforms;android-30',
+      );
       await BuildParameters.create();
       expect(AndroidVersioning.determineSdkManagerParameters).toHaveBeenCalledTimes(1);
     });
 
     it('returns the targetPlatform', async () => {
       const mockValue = 'somePlatform';
-      jest.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(mockValue);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ targetPlatform: mockValue }));
+      vi.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ targetPlatform: mockValue }),
+      );
     });
 
     it('returns the project path', async () => {
       const mockValue = 'path/to/project';
-      jest.spyOn(UnityVersioning, 'determineUnityVersion').mockImplementation(() => '2019.2.11f1');
-      jest.spyOn(Input, 'projectPath', 'get').mockReturnValue(mockValue);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ projectPath: mockValue }));
+      vi.spyOn(UnityVersioning, 'determineUnityVersion').mockImplementation(() => '2019.2.11f1');
+      vi.spyOn(Input, 'projectPath', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ projectPath: mockValue }),
+      );
     });
 
     it('returns the build profile', async () => {
       const mockValue = 'path/to/build_profile.asset';
-      jest.spyOn(Input, 'buildProfile', 'get').mockReturnValue(mockValue);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ buildProfile: mockValue }));
+      vi.spyOn(Input, 'buildProfile', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ buildProfile: mockValue }),
+      );
     });
 
     it('returns the build name', async () => {
       const mockValue = 'someBuildName';
-      jest.spyOn(Input, 'buildName', 'get').mockReturnValue(mockValue);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ buildName: mockValue }));
+      vi.spyOn(Input, 'buildName', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ buildName: mockValue }),
+      );
     });
 
     it('returns the build path', async () => {
       const mockPath = 'somePath';
       const mockPlatform = 'somePlatform';
       const expectedBuildPath = `${mockPath}/${mockPlatform}`;
-      jest.spyOn(Input, 'buildsPath', 'get').mockReturnValue(mockPath);
-      jest.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(mockPlatform);
+      vi.spyOn(Input, 'buildsPath', 'get').mockReturnValue(mockPath);
+      vi.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(mockPlatform);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ buildPath: expectedBuildPath }),
       );
@@ -98,9 +109,11 @@ describe('BuildParameters', () => {
       const mockValue = 'someBuildName';
       const mockPlatform = 'somePlatform';
 
-      jest.spyOn(Input, 'buildName', 'get').mockReturnValue(mockValue);
-      jest.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(mockPlatform);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ buildFile: mockValue }));
+      vi.spyOn(Input, 'buildName', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(mockPlatform);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ buildFile: mockValue }),
+      );
     });
 
     test.each`
@@ -113,9 +126,9 @@ describe('BuildParameters', () => {
     `(
       'appends $expectedExtension for $targetPlatform with androidExportType $androidExportType',
       async ({ targetPlatform, expectedExtension, androidExportType }) => {
-        jest.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(targetPlatform);
-        jest.spyOn(Input, 'buildName', 'get').mockReturnValue(targetPlatform);
-        jest.spyOn(Input, 'androidExportType', 'get').mockReturnValue(androidExportType);
+        vi.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(targetPlatform);
+        vi.spyOn(Input, 'buildName', 'get').mockReturnValue(targetPlatform);
+        vi.spyOn(Input, 'androidExportType', 'get').mockReturnValue(androidExportType);
         await expect(BuildParameters.create()).resolves.toEqual(
           expect.objectContaining({ buildFile: `${targetPlatform}${expectedExtension}` }),
         );
@@ -132,22 +145,26 @@ describe('BuildParameters', () => {
     `(
       'androidSymbolType is set to $androidSymbolType when targetPlatform is $targetPlatform and input targetSymbolType is $androidSymbolType',
       async ({ targetPlatform, androidSymbolType }) => {
-        jest.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(targetPlatform);
-        jest.spyOn(Input, 'androidSymbolType', 'get').mockReturnValue(androidSymbolType);
-        jest.spyOn(Input, 'buildName', 'get').mockReturnValue(targetPlatform);
-        await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ androidSymbolType }));
+        vi.spyOn(Input, 'targetPlatform', 'get').mockReturnValue(targetPlatform);
+        vi.spyOn(Input, 'androidSymbolType', 'get').mockReturnValue(androidSymbolType);
+        vi.spyOn(Input, 'buildName', 'get').mockReturnValue(targetPlatform);
+        await expect(BuildParameters.create()).resolves.toEqual(
+          expect.objectContaining({ androidSymbolType }),
+        );
       },
     );
 
     it('returns the build method', async () => {
       const mockValue = 'Namespace.ClassName.BuildMethod';
-      jest.spyOn(Input, 'buildMethod', 'get').mockReturnValue(mockValue);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ buildMethod: mockValue }));
+      vi.spyOn(Input, 'buildMethod', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ buildMethod: mockValue }),
+      );
     });
 
     it('returns the android keystore name', async () => {
       const mockValue = 'keystore.keystore';
-      jest.spyOn(Input, 'androidKeystoreName', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidKeystoreName', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidKeystoreName: mockValue }),
       );
@@ -155,7 +172,7 @@ describe('BuildParameters', () => {
 
     it('returns the android keystore base64-encoded content', async () => {
       const mockValue = 'secret';
-      jest.spyOn(Input, 'androidKeystoreBase64', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidKeystoreBase64', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidKeystoreBase64: mockValue }),
       );
@@ -163,7 +180,7 @@ describe('BuildParameters', () => {
 
     it('returns the android keystore pass', async () => {
       const mockValue = 'secret';
-      jest.spyOn(Input, 'androidKeystorePass', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidKeystorePass', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidKeystorePass: mockValue }),
       );
@@ -171,7 +188,7 @@ describe('BuildParameters', () => {
 
     it('returns the android keyalias name', async () => {
       const mockValue = 'secret';
-      jest.spyOn(Input, 'androidKeyaliasName', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidKeyaliasName', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidKeyaliasName: mockValue }),
       );
@@ -179,7 +196,7 @@ describe('BuildParameters', () => {
 
     it('returns the android keyalias pass', async () => {
       const mockValue = 'secret';
-      jest.spyOn(Input, 'androidKeyaliasPass', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidKeyaliasPass', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidKeyaliasPass: mockValue }),
       );
@@ -187,7 +204,7 @@ describe('BuildParameters', () => {
 
     it('returns the android target sdk version', async () => {
       const mockValue = 'AndroidApiLevelAuto';
-      jest.spyOn(Input, 'androidTargetSdkVersion', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'androidTargetSdkVersion', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ androidTargetSdkVersion: mockValue }),
       );
@@ -195,7 +212,7 @@ describe('BuildParameters', () => {
 
     it('returns the unity licensing server address', async () => {
       const mockValue = 'http://example.com';
-      jest.spyOn(Input, 'unityLicensingServer', 'get').mockReturnValue(mockValue);
+      vi.spyOn(Input, 'unityLicensingServer', 'get').mockReturnValue(mockValue);
       await expect(BuildParameters.create()).resolves.toEqual(
         expect.objectContaining({ unityLicensingServer: mockValue }),
       );
@@ -210,14 +227,25 @@ describe('BuildParameters', () => {
       const mockValue = '123';
       delete process.env.UNITY_LICENSE; // Need to delete this as it is set for every test currently
       process.env.UNITY_SERIAL = mockValue;
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ unitySerial: mockValue }));
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ unitySerial: mockValue }),
+      );
       delete process.env.UNITY_SERIAL;
     });
 
     it('returns the custom parameters', async () => {
       const mockValue = '-profile SomeProfile -someBoolean -someValue exampleValue';
-      jest.spyOn(Input, 'customParameters', 'get').mockReturnValue(mockValue);
-      await expect(BuildParameters.create()).resolves.toEqual(expect.objectContaining({ customParameters: mockValue }));
+      vi.spyOn(Input, 'customParameters', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ customParameters: mockValue }),
+      );
+    });
+
+    it.each([true, false])('returns the flag for useHostNetwork when %s', async (mockValue) => {
+      vi.spyOn(Input, 'useHostNetwork', 'get').mockReturnValue(mockValue);
+      await expect(BuildParameters.create()).resolves.toEqual(
+        expect.objectContaining({ useHostNetwork: mockValue }),
+      );
     });
   });
 });

src/model/build-parameters.ts

@@ -1,7 +1,5 @@
 import { customAlphabet } from 'nanoid';
 import AndroidVersioning from './android-versioning';
-import OrchestratorConstants from './orchestrator/options/orchestrator-constants';
-import OrchestratorBuildGuid from './orchestrator/options/orchestrator-guid';
 import Input from './input';
 import Platform from './platform';
 import UnityVersioning from './unity-versioning';
@@ -10,8 +8,6 @@ import { GitRepoReader } from './input-readers/git-repo';
 import { GithubCliReader } from './input-readers/github-cli';
 import { Cli } from './cli/cli';
 import GitHub from './github';
-import OrchestratorOptions from './orchestrator/options/orchestrator-options';
-import Orchestrator from './orchestrator/orchestrator';
 import * as core from '@actions/core';
 
 class BuildParameters {
@@ -51,78 +47,48 @@ class BuildParameters {
   public containerRegistryImageVersion!: string;
 
   public customParameters!: string;
+  public useHostNetwork!: boolean;
   public sshAgent!: string;
   public sshPublicKeysDirectoryPath!: string;
   public providerStrategy!: string;
   public gitPrivateToken!: string;
-  public awsStackName!: string;
-  public awsEndpoint?: string;
-  public awsCloudFormationEndpoint?: string;
-  public awsEcsEndpoint?: string;
-  public awsKinesisEndpoint?: string;
-  public awsCloudWatchLogsEndpoint?: string;
-  public awsS3Endpoint?: string;
-  public storageProvider!: string;
-  public rcloneRemote!: string;
-  public kubeConfig!: string;
-  public containerMemory!: string;
-  public containerCpu!: string;
-  public containerNamespace!: string;
-  public kubeVolumeSize!: string;
-  public kubeVolume!: string;
-  public kubeStorageClass!: string;
   public runAsHostUser!: string;
   public chownFilesTo!: string;
-  public commandHooks!: string;
-  public pullInputList!: string[];
-  public inputPullCommand!: string;
-  public cacheKey!: string;
 
-  public postBuildContainerHooks!: string;
-  public preBuildContainerHooks!: string;
-  public customJob!: string;
   public runNumber!: string;
   public branch!: string;
   public githubRepo!: string;
-  public orchestratorRepoName!: string;
-  public cloneDepth!: number;
   public gitSha!: string;
   public logId!: string;
   public buildGuid!: string;
-  public orchestratorBranch!: string;
-  public orchestratorDebug!: boolean | undefined;
   public buildPlatform!: string | undefined;
   public isCliMode!: boolean;
-  public maxRetainedWorkspaces!: number;
-  public useLargePackages!: boolean;
-  public useCompressionStrategy!: boolean;
-  public garbageMaxAge!: number;
-  public githubChecks!: boolean;
-  public asyncWorkflow!: boolean;
-  public githubCheckId!: string;
-  public finalHooks!: string[];
-  public skipLfs!: boolean;
-  public skipCache!: boolean;
+
   public cacheUnityInstallationOnMac!: boolean;
   public unityHubVersionOnMac!: string;
   public dockerWorkspacePath!: string;
-  public artifactOutputTypes!: string;
-  public artifactUploadTarget!: string;
-  public artifactUploadPath!: string;
-  public artifactCompression!: string;
-  public artifactRetentionDays!: string;
-  public artifactCustomTypes!: string;
-
-  public static shouldUseRetainedWorkspaceMode(buildParameters: BuildParameters) {
-    return buildParameters.maxRetainedWorkspaces > 0 && Orchestrator.lockedWorkspace !== ``;
-  }
 
   static async create(): Promise<BuildParameters> {
-    const buildFile = this.parseBuildFile(Input.buildName, Input.targetPlatform, Input.androidExportType);
-    const editorVersion = UnityVersioning.determineUnityVersion(Input.projectPath, Input.unityVersion);
-    const buildVersion = await Versioning.determineBuildVersion(Input.versioningStrategy, Input.specifiedVersion);
-    const androidVersionCode = AndroidVersioning.determineVersionCode(buildVersion, Input.androidVersionCode);
-    const androidSdkManagerParameters = AndroidVersioning.determineSdkManagerParameters(Input.androidTargetSdkVersion);
+    const buildFile = this.parseBuildFile(
+      Input.buildName,
+      Input.targetPlatform,
+      Input.androidExportType,
+    );
+    const editorVersion = UnityVersioning.determineUnityVersion(
+      Input.projectPath,
+      Input.unityVersion,
+    );
+    const buildVersion = await Versioning.determineBuildVersion(
+      Input.versioningStrategy,
+      Input.specifiedVersion,
+    );
+    const androidVersionCode = AndroidVersioning.determineVersionCode(
+      buildVersion,
+      Input.androidVersionCode,
+    );
+    const androidSdkManagerParameters = AndroidVersioning.determineSdkManagerParameters(
+      Input.androidTargetSdkVersion,
+    );
 
     const androidSymbolExportType = Input.androidSymbolType;
     if (Platform.isAndroid(Input.targetPlatform)) {
@@ -161,6 +127,9 @@ class BuildParameters {
       core.setSecret(`${unitySerial.slice(0, -4)}XXXX`);
     }
 
+    const providerStrategy =
+      Input.getInput('providerStrategy') || (Cli.isCliMode ? 'aws' : 'local');
+
     return {
       editorVersion,
       customImage: Input.customImage,
@@ -189,6 +158,7 @@ class BuildParameters {
       androidExportType: Input.androidExportType,
       androidSymbolType: androidSymbolExportType,
       customParameters: Input.customParameters,
+      useHostNetwork: Input.useHostNetwork,
       sshAgent: Input.sshAgent,
       sshPublicKeysDirectoryPath: Input.sshPublicKeysDirectoryPath,
       gitPrivateToken: Input.gitPrivateToken ?? (await GithubCliReader.GetGitHubAuthToken()),
@@ -199,61 +169,22 @@ class BuildParameters {
       dockerIsolationMode: Input.dockerIsolationMode,
       containerRegistryRepository: Input.containerRegistryRepository,
       containerRegistryImageVersion: Input.containerRegistryImageVersion,
-      providerStrategy: OrchestratorOptions.providerStrategy,
-      buildPlatform: OrchestratorOptions.buildPlatform,
-      kubeConfig: OrchestratorOptions.kubeConfig,
-      containerMemory: OrchestratorOptions.containerMemory,
-      containerCpu: OrchestratorOptions.containerCpu,
-      containerNamespace: OrchestratorOptions.containerNamespace,
-      kubeVolumeSize: OrchestratorOptions.kubeVolumeSize,
-      kubeVolume: OrchestratorOptions.kubeVolume,
-      postBuildContainerHooks: OrchestratorOptions.postBuildContainerHooks,
-      preBuildContainerHooks: OrchestratorOptions.preBuildContainerHooks,
-      customJob: OrchestratorOptions.customJob,
+      providerStrategy,
+      buildPlatform: providerStrategy !== 'local' ? 'linux' : process.platform,
       runNumber: Input.runNumber,
       branch: Input.branch.replace('/head', '') || (await GitRepoReader.GetBranch()),
-      orchestratorBranch: OrchestratorOptions.orchestratorBranch.split('/').reverse()[0],
-      orchestratorDebug: OrchestratorOptions.orchestratorDebug,
-      githubRepo: (Input.githubRepo ?? (await GitRepoReader.GetRemote())) || OrchestratorOptions.orchestratorRepoName,
-      orchestratorRepoName: OrchestratorOptions.orchestratorRepoName,
-      cloneDepth: Number.parseInt(OrchestratorOptions.cloneDepth),
-      isCliMode: Cli.isCliMode,
-      awsStackName: OrchestratorOptions.awsStackName,
-      awsEndpoint: OrchestratorOptions.awsEndpoint,
-      awsCloudFormationEndpoint: OrchestratorOptions.awsCloudFormationEndpoint,
-      awsEcsEndpoint: OrchestratorOptions.awsEcsEndpoint,
-      awsKinesisEndpoint: OrchestratorOptions.awsKinesisEndpoint,
-      awsCloudWatchLogsEndpoint: OrchestratorOptions.awsCloudWatchLogsEndpoint,
-      awsS3Endpoint: OrchestratorOptions.awsS3Endpoint,
-      storageProvider: OrchestratorOptions.storageProvider,
-      rcloneRemote: OrchestratorOptions.rcloneRemote,
+      githubRepo:
+        (Input.githubRepo ?? (await GitRepoReader.GetRemote())) || 'game-ci/unity-builder',
       gitSha: Input.gitSha,
-      logId: customAlphabet(OrchestratorConstants.alphabet, 9)(),
-      buildGuid: OrchestratorBuildGuid.generateGuid(Input.runNumber, Input.targetPlatform),
-      commandHooks: OrchestratorOptions.commandHooks,
-      inputPullCommand: OrchestratorOptions.inputPullCommand,
-      pullInputList: OrchestratorOptions.pullInputList,
-      kubeStorageClass: OrchestratorOptions.kubeStorageClass,
-      cacheKey: OrchestratorOptions.cacheKey,
-      maxRetainedWorkspaces: Number.parseInt(OrchestratorOptions.maxRetainedWorkspaces),
-      useLargePackages: OrchestratorOptions.useLargePackages,
-      useCompressionStrategy: OrchestratorOptions.useCompressionStrategy,
-      garbageMaxAge: OrchestratorOptions.garbageMaxAge,
-      githubChecks: OrchestratorOptions.githubChecks,
-      asyncWorkflow: OrchestratorOptions.asyncOrchestrator,
-      githubCheckId: OrchestratorOptions.githubCheckId,
-      finalHooks: OrchestratorOptions.finalHooks,
-      skipLfs: OrchestratorOptions.skipLfs,
-      skipCache: OrchestratorOptions.skipCache,
+      logId: customAlphabet('0123456789abcdefghijklmnopqrstuvwxyz', 9)(),
+      buildGuid: `${Input.runNumber}-${Input.targetPlatform.toLowerCase().replace('standalone', '')}-${customAlphabet(
+        '0123456789abcdefghijklmnopqrstuvwxyz',
+        4,
+      )()}`,
+      isCliMode: Cli.isCliMode,
       cacheUnityInstallationOnMac: Input.cacheUnityInstallationOnMac,
       unityHubVersionOnMac: Input.unityHubVersionOnMac,
       dockerWorkspacePath: Input.dockerWorkspacePath,
-      artifactOutputTypes: Input.artifactOutputTypes,
-      artifactUploadTarget: Input.artifactUploadTarget,
-      artifactUploadPath: Input.artifactUploadPath,
-      artifactCompression: Input.artifactCompression,
-      artifactRetentionDays: Input.artifactRetentionDays,
-      artifactCustomTypes: Input.artifactCustomTypes,
     };
   }
 

src/model/cache.test.ts

@@ -1,6 +1,7 @@
+import { describe, it, expect, beforeEach, afterEach, beforeAll, afterAll, vi } from 'vitest';
 import Cache from './cache';
 
-jest.mock('./input');
+vi.mock('./input');
 
 describe('Cache', () => {
   describe('Verification', () => {

src/model/cli/cli.ts

@@ -1,15 +1,8 @@
 import { Command } from 'commander-ts';
-import { BuildParameters, Orchestrator, ImageTag, Input } from '..';
+import { Input } from '..';
 import * as core from '@actions/core';
 import { ActionYamlReader } from '../input-readers/action-yaml';
-import OrchestratorLogger from '../orchestrator/services/core/orchestrator-logger';
-import OrchestratorQueryOverride from '../orchestrator/options/orchestrator-query-override';
 import { CliFunction, CliFunctionsRepository } from './cli-functions-repository';
-import { Caching } from '../orchestrator/remote-client/caching';
-import { LfsHashing } from '../orchestrator/services/utility/lfs-hashing';
-import { RemoteClient } from '../orchestrator/remote-client';
-import OrchestratorOptionsReader from '../orchestrator/options/orchestrator-options-reader';
-import GitHub from '../github';
 import { OptionValues } from 'commander';
 import { InputKey } from '../input';
 
@@ -30,14 +23,13 @@ export class Cli {
   }
 
   public static InitCliMode() {
-    CliFunctionsRepository.PushCliFunctionSource(RemoteClient);
-    CliFunctionsRepository.PushCliFunctionSource(Caching);
-    CliFunctionsRepository.PushCliFunctionSource(LfsHashing);
     const program = new Command();
     program.version('0.0.1');
 
-    const properties = OrchestratorOptionsReader.GetProperties();
     const actionYamlReader: ActionYamlReader = new ActionYamlReader();
+    const properties = Object.getOwnPropertyNames(Input).filter(
+      (p) => p !== 'length' && p !== 'prototype' && p !== 'name',
+    );
     for (const element of properties) {
       program.option(`--${element} <${element}>`, actionYamlReader.GetActionYamlValue(element));
     }
@@ -47,12 +39,23 @@ export class Cli {
         .map((x) => `${x.key} (${x.description})`)
         .join(` | `),
     );
-    program.option('--populateOverride <populateOverride>', 'should use override query to pull input false by default');
+    program.option(
+      '--populateOverride <populateOverride>',
+      'should use override query to pull input false by default',
+    );
     program.option('--cachePushFrom <cachePushFrom>', 'cache push from source folder');
     program.option('--cachePushTo <cachePushTo>', 'cache push to caching folder');
     program.option('--artifactName <artifactName>', 'caching artifact name');
     program.option('--select <select>', 'select a particular resource');
     program.option('--logFile <logFile>', 'output to log file (log stream only)');
+    program.option('--profilePath <profilePath>', 'path to submodule profile YAML');
+    program.option('--variantPath <variantPath>', 'path to submodule variant YAML');
+    program.option('--agentPath <agentPath>', 'path to custom LFS transfer agent');
+    program.option('--agentArgs <agentArgs>', 'arguments for custom LFS transfer agent');
+    program.option(
+      '--storagePaths <storagePaths>',
+      'semicolon-separated storage paths for LFS agent',
+    );
     program.parse(process.argv);
     Cli.options = program.opts();
 
@@ -60,26 +63,15 @@ export class Cli {
   }
 
   static async RunCli(): Promise<void> {
-    GitHub.githubInputEnabled = false;
-    if (Cli.options!['populateOverride'] === `true`) {
-      await OrchestratorQueryOverride.PopulateQueryOverrideInput();
-    }
-    if (Cli.options!['logInput']) {
-      Cli.logInput();
-    }
     const results = CliFunctionsRepository.GetCliFunctions(Cli.options?.mode);
-    OrchestratorLogger.log(`Entrypoint: ${results.key}`);
+    if (!results) {
+      throw new Error(
+        `Unknown CLI mode: ${Cli.options?.mode}. Orchestrator CLI features require @game-ci/orchestrator.`,
+      );
+    }
+    core.info(`Entrypoint: ${results.key}`);
     Cli.options!.versioning = 'None';
 
-    Orchestrator.buildParameters = await BuildParameters.create();
-    Orchestrator.buildParameters.buildGuid = process.env.BUILD_GUID || ``;
-    OrchestratorLogger.log(`Build Params:
-      ${JSON.stringify(Orchestrator.buildParameters, undefined, 4)}
-    `);
-    Orchestrator.lockedWorkspace = process.env.LOCKED_WORKSPACE || ``;
-    OrchestratorLogger.log(`Locked Workspace: ${Orchestrator.lockedWorkspace}`);
-    await Orchestrator.setup(Orchestrator.buildParameters);
-
     return await results.target[results.propertyKey](Cli.options);
   }
 
@@ -87,7 +79,9 @@ export class Cli {
   private static logInput() {
     core.info(`\n`);
     core.info(`INPUT:`);
-    const properties = OrchestratorOptionsReader.GetProperties();
+    const properties = Object.getOwnPropertyNames(Input).filter(
+      (p) => p !== 'length' && p !== 'prototype' && p !== 'name',
+    );
     for (const element of properties) {
       if (
         element in Input &&
@@ -103,73 +97,4 @@ export class Cli {
     }
     core.info(`\n`);
   }
-
-  @CliFunction(`cli-build`, `runs a orchestrator build`)
-  public static async CLIBuild(): Promise<string> {
-    const buildParameter = await BuildParameters.create();
-    const baseImage = new ImageTag(buildParameter);
-
-    return (await Orchestrator.run(buildParameter, baseImage.toString())).BuildResults;
-  }
-
-  @CliFunction(`async-workflow`, `runs a orchestrator build`)
-  public static async asyncronousWorkflow(): Promise<string> {
-    const buildParameter = await BuildParameters.create();
-    const baseImage = new ImageTag(buildParameter);
-    await Orchestrator.setup(buildParameter);
-
-    return (await Orchestrator.run(buildParameter, baseImage.toString())).BuildResults;
-  }
-
-  @CliFunction(`checks-update`, `runs a orchestrator build`)
-  public static async checksUpdate() {
-    const buildParameter = await BuildParameters.create();
-
-    await Orchestrator.setup(buildParameter);
-    const input = JSON.parse(process.env.CHECKS_UPDATE || ``);
-    core.info(`Checks Update ${process.env.CHECKS_UPDATE}`);
-    if (input.mode === `create`) {
-      throw new Error(`Not supported: only use update`);
-    } else if (input.mode === `update`) {
-      await GitHub.updateGitHubCheckRequest(input.data);
-    }
-  }
-
-  @CliFunction(`garbage-collect`, `runs garbage collection`)
-  public static async GarbageCollect(): Promise<string> {
-    const buildParameter = await BuildParameters.create();
-
-    await Orchestrator.setup(buildParameter);
-
-    return await Orchestrator.Provider.garbageCollect(``, false, 0, false, false);
-  }
-
-  @CliFunction(`list-resources`, `lists active resources`)
-  public static async ListResources(): Promise<string[]> {
-    const buildParameter = await BuildParameters.create();
-
-    await Orchestrator.setup(buildParameter);
-    const result = await Orchestrator.Provider.listResources();
-    OrchestratorLogger.log(JSON.stringify(result, undefined, 4));
-
-    return result.map((x) => x.Name);
-  }
-
-  @CliFunction(`list-worfklow`, `lists running workflows`)
-  public static async ListWorfklow(): Promise<string[]> {
-    const buildParameter = await BuildParameters.create();
-
-    await Orchestrator.setup(buildParameter);
-
-    return (await Orchestrator.Provider.listWorkflow()).map((x) => x.Name);
-  }
-
-  @CliFunction(`watch`, `follows logs of a running workflow`)
-  public static async Watch(): Promise<string> {
-    const buildParameter = await BuildParameters.create();
-
-    await Orchestrator.setup(buildParameter);
-
-    return await Orchestrator.Provider.watchWorkflow();
-  }
 }

src/model/docker.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import Action from './action';
 import Docker from './docker';
 

src/model/docker.ts

@@ -17,7 +17,13 @@ class Docker {
     let runCommand = '';
     switch (process.platform) {
       case 'linux':
-        runCommand = this.getLinuxCommand(image, parameters, overrideCommands, additionalVariables, entrypointBash);
+        runCommand = this.getLinuxCommand(
+          image,
+          parameters,
+          overrideCommands,
+          additionalVariables,
+          entrypointBash,
+        );
         break;
       case 'win32':
         runCommand = this.getWindowsCommand(image, parameters);
@@ -42,6 +48,7 @@ class Docker {
     const {
       workspace,
       actionFolder,
+      useHostNetwork,
       runnerTempPath,
       sshAgent,
       sshPublicKeysDirectoryPath,
@@ -85,6 +92,7 @@ class Docker {
                 : ''
             } \
             ${sshPublicKeysDirectoryPath ? `--volume ${sshPublicKeysDirectoryPath}:/root/.ssh:ro` : ''} \
+            ${useHostNetwork ? '--net=host' : ''} \
             ${entrypointBash ? `--entrypoint ${commandPrefix}` : ``} \
             ${image} \
             ${entrypointBash ? `-c` : `${commandPrefix} -c`} \

src/model/error/command-execution-error.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import CommandExecutionError from './command-execution-error';
 
 describe('CommandExecutionError', () => {

src/model/error/not-implemented-exception.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import NotImplementedException from './not-implemented-exception';
 
 describe('NotImplementedException', () => {

src/model/error/validation-error.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import ValidationError from './validation-error';
 
 describe('ValidationError', () => {

src/model/github.ts

@@ -1,222 +1,5 @@
-import OrchestratorLogger from './orchestrator/services/core/orchestrator-logger';
-import Orchestrator from './orchestrator/orchestrator';
-import OrchestratorOptions from './orchestrator/options/orchestrator-options';
-import * as core from '@actions/core';
-import { Octokit } from '@octokit/core';
-
 class GitHub {
-  private static readonly asyncChecksApiWorkflowName = `Async Checks API`;
   public static githubInputEnabled: boolean = true;
-  private static longDescriptionContent: string = ``;
-  private static startedDate: string;
-  private static endedDate: string;
-  static result: string = ``;
-  static forceAsyncTest: boolean;
-  private static get octokitDefaultToken() {
-    return new Octokit({
-      auth: process.env.GITHUB_TOKEN,
-    });
-  }
-  private static get octokitPAT() {
-    return new Octokit({
-      auth: Orchestrator.buildParameters.gitPrivateToken,
-    });
-  }
-  private static get sha() {
-    return Orchestrator.buildParameters.gitSha;
-  }
-
-  private static get checkName() {
-    return `Orchestrator (${Orchestrator.buildParameters.buildGuid})`;
-  }
-
-  private static get nameReadable() {
-    return GitHub.checkName;
-  }
-
-  private static get checkRunId() {
-    return Orchestrator.buildParameters.githubCheckId;
-  }
-
-  private static get owner() {
-    return OrchestratorOptions.githubOwner;
-  }
-
-  private static get repo() {
-    return OrchestratorOptions.githubRepoName;
-  }
-
-  public static async createGitHubCheck(summary: string) {
-    if (!Orchestrator.buildParameters.githubChecks) {
-      return ``;
-    }
-    GitHub.startedDate = new Date().toISOString();
-
-    OrchestratorLogger.log(`Creating github check`);
-    const data = {
-      owner: GitHub.owner,
-      repo: GitHub.repo,
-      name: GitHub.checkName,
-      // eslint-disable-next-line camelcase
-      head_sha: GitHub.sha,
-      status: 'queued',
-      // eslint-disable-next-line camelcase
-      external_id: Orchestrator.buildParameters.buildGuid,
-      // eslint-disable-next-line camelcase
-      started_at: GitHub.startedDate,
-      output: {
-        title: GitHub.nameReadable,
-        summary,
-        text: '',
-        images: [
-          {
-            alt: 'Game-CI',
-            // eslint-disable-next-line camelcase
-            image_url: 'https://game.ci/assets/images/game-ci-brand-logo-wordmark.svg',
-          },
-        ],
-      },
-    };
-    const result = await GitHub.createGitHubCheckRequest(data);
-
-    OrchestratorLogger.log(`Creating github check ${result.status}`);
-
-    return result.data.id.toString();
-  }
-
-  public static async updateGitHubCheck(
-    longDescription: string,
-    summary: string,
-    result = `neutral`,
-    status = `in_progress`,
-  ) {
-    if (`${Orchestrator.buildParameters.githubChecks}` !== `true`) {
-      return;
-    }
-    OrchestratorLogger.log(
-      `githubChecks: ${Orchestrator.buildParameters.githubChecks} checkRunId: ${GitHub.checkRunId} sha: ${GitHub.sha} async: ${Orchestrator.isOrchestratorAsyncEnvironment}`,
-    );
-    GitHub.longDescriptionContent += `\n${longDescription}`;
-    if (GitHub.result !== `success` && GitHub.result !== `failure`) {
-      GitHub.result = result;
-    } else {
-      result = GitHub.result;
-    }
-    const data: any = {
-      owner: GitHub.owner,
-      repo: GitHub.repo,
-      // eslint-disable-next-line camelcase
-      check_run_id: GitHub.checkRunId,
-      name: GitHub.checkName,
-      // eslint-disable-next-line camelcase
-      head_sha: GitHub.sha,
-      // eslint-disable-next-line camelcase
-      started_at: GitHub.startedDate,
-      status,
-      output: {
-        title: GitHub.nameReadable,
-        summary,
-        text: GitHub.longDescriptionContent,
-        annotations: [],
-      },
-    };
-
-    if (status === `completed`) {
-      if (GitHub.endedDate !== undefined) {
-        GitHub.endedDate = new Date().toISOString();
-      }
-      // eslint-disable-next-line camelcase
-      data.completed_at = GitHub.endedDate || GitHub.startedDate;
-      data.conclusion = result;
-    }
-
-    await (Orchestrator.isOrchestratorAsyncEnvironment || GitHub.forceAsyncTest
-      ? GitHub.runUpdateAsyncChecksWorkflow(data, `update`)
-      : GitHub.updateGitHubCheckRequest(data));
-  }
-
-  public static async updateGitHubCheckRequest(data: any) {
-    return await GitHub.octokitDefaultToken.request(`PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}`, data);
-  }
-
-  public static async createGitHubCheckRequest(data: any) {
-    return await GitHub.octokitDefaultToken.request(`POST /repos/{owner}/{repo}/check-runs`, data);
-  }
-
-  public static async runUpdateAsyncChecksWorkflow(data: any, mode: string) {
-    if (mode === `create`) {
-      throw new Error(`Not supported: only use update`);
-    }
-    const workflowsResult = await GitHub.octokitPAT.request(`GET /repos/{owner}/{repo}/actions/workflows`, {
-      owner: GitHub.owner,
-      repo: GitHub.repo,
-    });
-    const workflows = workflowsResult.data.workflows;
-    OrchestratorLogger.log(`Got ${workflows.length} workflows`);
-    let selectedId = ``;
-    for (let index = 0; index < workflowsResult.data.total_count; index++) {
-      if (workflows[index].name === GitHub.asyncChecksApiWorkflowName) {
-        selectedId = workflows[index].id.toString();
-      }
-    }
-    if (selectedId === ``) {
-      core.info(JSON.stringify(workflows));
-      throw new Error(`no workflow with name "${GitHub.asyncChecksApiWorkflowName}"`);
-    }
-    await GitHub.octokitPAT.request(`POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches`, {
-      owner: GitHub.owner,
-      repo: GitHub.repo,
-      // eslint-disable-next-line camelcase
-      workflow_id: selectedId,
-      ref: OrchestratorOptions.branch,
-      inputs: {
-        checksObject: JSON.stringify({ data, mode }),
-      },
-    });
-  }
-
-  static async triggerWorkflowOnComplete(triggerWorkflowOnComplete: string[]) {
-    const isLocalAsync = Orchestrator.buildParameters.asyncWorkflow && !Orchestrator.isOrchestratorAsyncEnvironment;
-    if (isLocalAsync || triggerWorkflowOnComplete === undefined || triggerWorkflowOnComplete.length === 0) {
-      return;
-    }
-    try {
-      const workflowsResult = await GitHub.octokitPAT.request(`GET /repos/{owner}/{repo}/actions/workflows`, {
-        owner: GitHub.owner,
-        repo: GitHub.repo,
-      });
-      const workflows = workflowsResult.data.workflows;
-      OrchestratorLogger.log(`Got ${workflows.length} workflows`);
-      for (const element of triggerWorkflowOnComplete) {
-        let selectedId = ``;
-        for (let index = 0; index < workflowsResult.data.total_count; index++) {
-          if (workflows[index].name === element) {
-            selectedId = workflows[index].id.toString();
-          }
-        }
-        if (selectedId === ``) {
-          core.info(JSON.stringify(workflows));
-          throw new Error(`no workflow with name "${GitHub.asyncChecksApiWorkflowName}"`);
-        }
-        await GitHub.octokitPAT.request(`POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches`, {
-          owner: GitHub.owner,
-          repo: GitHub.repo,
-          // eslint-disable-next-line camelcase
-          workflow_id: selectedId,
-          ref: OrchestratorOptions.branch,
-          inputs: {
-            buildGuid: Orchestrator.buildParameters.buildGuid,
-          },
-        });
-      }
-    } catch {
-      core.info(`github workflow complete hook not found`);
-    }
-  }
-
-  public static async getCheckStatus() {
-    return await GitHub.octokitDefaultToken.request(`GET /repos/{owner}/{repo}/check-runs/{check_run_id}`);
-  }
 }
 
 export default GitHub;

src/model/image-environment-factory.ts

@@ -1,8 +1,14 @@
 import { DockerParameters, StringKeyValuePair } from './shared-types';
 
 class ImageEnvironmentFactory {
-  public static getEnvVarString(parameters: DockerParameters, additionalVariables: StringKeyValuePair[] = []) {
-    const environmentVariables = ImageEnvironmentFactory.getEnvironmentVariables(parameters, additionalVariables);
+  public static getEnvVarString(
+    parameters: DockerParameters,
+    additionalVariables: StringKeyValuePair[] = [],
+  ) {
+    const environmentVariables = ImageEnvironmentFactory.getEnvironmentVariables(
+      parameters,
+      additionalVariables,
+    );
     let string = '';
     for (const p of environmentVariables) {
       if (p.value === '' || p.value === undefined || p.value === null) {
@@ -21,7 +27,10 @@ class ImageEnvironmentFactory {
     return string;
   }
 
-  public static getEnvironmentVariables(parameters: DockerParameters, additionalVariables: StringKeyValuePair[] = []) {
+  public static getEnvironmentVariables(
+    parameters: DockerParameters,
+    additionalVariables: StringKeyValuePair[] = [],
+  ) {
     let environmentVariables: StringKeyValuePair[] = [
       { name: 'UNITY_EMAIL', value: process.env.UNITY_EMAIL },
       { name: 'UNITY_PASSWORD', value: process.env.UNITY_PASSWORD },

src/model/image-tag.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import ImageTag from './image-tag';
 
 describe('ImageTag', () => {
@@ -27,15 +28,18 @@ describe('ImageTag', () => {
       expect(image.builderPlatform).toStrictEqual(testImageParameters.builderPlatform);
     });
 
-    test.each(['2000.0.0f0', '2011.1.11f1', '6000.0.0f1'])('accepts %p version format', (version) => {
-      expect(
-        () =>
-          new ImageTag({
-            editorVersion: version,
-            targetPlatform: testImageParameters.targetPlatform,
-          }),
-      ).not.toThrow();
-    });
+    test.each(['2000.0.0f0', '2011.1.11f1', '6000.0.0f1'])(
+      'accepts %p version format',
+      (version) => {
+        expect(
+          () =>
+            new ImageTag({
+              editorVersion: version,
+              targetPlatform: testImageParameters.targetPlatform,
+            }),
+        ).not.toThrow();
+      },
+    );
 
     test.each(['some version', ''])('throws for incorrect version %p', (editorVersion) => {
       const { targetPlatform } = testImageParameters;

src/model/index.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import * as Index from '.';
 
 interface ExportedModules {

src/model/index.ts

@@ -9,8 +9,6 @@ import Platform from './platform';
 import Project from './project';
 import Unity from './unity';
 import Versioning from './versioning';
-import Orchestrator from './orchestrator/orchestrator';
-import loadProvider, { ProviderLoader } from './orchestrator/providers/provider-loader';
 
 export {
   Action,
@@ -24,7 +22,4 @@ export {
   Project,
   Unity,
   Versioning,
-  Orchestrator as Orchestrator,
-  loadProvider,
-  ProviderLoader,
 };

src/model/input-readers/generic-input-reader.ts

@@ -1,12 +1,21 @@
-import { OrchestratorSystem } from '../orchestrator/services/core/orchestrator-system';
-import OrchestratorOptions from '../orchestrator/options/orchestrator-options';
+import { exec } from 'node:child_process';
+import Input from '../input';
 
 export class GenericInputReader {
   public static async Run(command: string) {
-    if (OrchestratorOptions.providerStrategy === 'local') {
+    if ((Input.getInput('providerStrategy') || 'local') === 'local') {
       return '';
     }
 
-    return await OrchestratorSystem.Run(command, false, true);
+    return new Promise<string>((resolve, reject) => {
+      exec(command, { maxBuffer: 1024 * 10000 }, (error, stdout) => {
+        if (error) {
+          reject(error);
+
+          return;
+        }
+        resolve(stdout.toString());
+      });
+    });
   }
 }

src/model/input-readers/git-repo.test.ts

@@ -1,6 +1,6 @@
+import { describe, it, expect, beforeEach, afterEach, beforeAll, afterAll, vi } from 'vitest';
 import { GitRepoReader } from './git-repo';
-import { OrchestratorSystem } from '../orchestrator/services/core/orchestrator-system';
-import OrchestratorOptions from '../orchestrator/options/orchestrator-options';
+import Input from '../input';
 
 describe(`git repo tests`, () => {
   it(`Branch value parsed from CLI to not contain illegal characters`, async () => {
@@ -10,15 +10,15 @@ describe(`git repo tests`, () => {
 
   it(`returns valid branch name when using https`, async () => {
     const mockValue = 'https://github.com/example/example.git';
-    await jest.spyOn(OrchestratorSystem, 'Run').mockReturnValue(Promise.resolve(mockValue));
-    await jest.spyOn(OrchestratorOptions, 'providerStrategy', 'get').mockReturnValue('not-local');
+    vi.spyOn(GitRepoReader as any, 'runCommand').mockResolvedValue(mockValue);
+    vi.spyOn(Input, 'getInput').mockReturnValue('not-local');
     expect(await GitRepoReader.GetRemote()).toEqual(`example/example`);
   });
 
   it(`returns valid branch name when using ssh`, async () => {
     const mockValue = 'git@github.com:example/example.git';
-    await jest.spyOn(OrchestratorSystem, 'Run').mockReturnValue(Promise.resolve(mockValue));
-    await jest.spyOn(OrchestratorOptions, 'providerStrategy', 'get').mockReturnValue('not-local');
+    vi.spyOn(GitRepoReader as any, 'runCommand').mockResolvedValue(mockValue);
+    vi.spyOn(Input, 'getInput').mockReturnValue('not-local');
     expect(await GitRepoReader.GetRemote()).toEqual(`example/example`);
   });
 });

src/model/input-readers/git-repo.ts

@@ -1,33 +1,44 @@
 import { assert } from 'node:console';
 import fs from 'node:fs';
-import { OrchestratorSystem } from '../orchestrator/services/core/orchestrator-system';
-import OrchestratorLogger from '../orchestrator/services/core/orchestrator-logger';
-import OrchestratorOptions from '../orchestrator/options/orchestrator-options';
+import { exec } from 'node:child_process';
+import * as core from '@actions/core';
 import Input from '../input';
 
 export class GitRepoReader {
+  private static async runCommand(command: string): Promise<string> {
+    return new Promise<string>((resolve, reject) => {
+      exec(command, { maxBuffer: 1024 * 10000 }, (error, stdout) => {
+        if (error) {
+          reject(error);
+
+          return;
+        }
+        resolve(stdout.toString());
+      });
+    });
+  }
+
   public static async GetRemote() {
-    if (OrchestratorOptions.providerStrategy === 'local') {
+    if ((Input.getInput('providerStrategy') || 'local') === 'local') {
       return '';
     }
     assert(fs.existsSync(`.git`));
-    const value = (await OrchestratorSystem.Run(`cd ${Input.projectPath} && git remote -v`, false, true)).replace(
-      / /g,
-      ``,
-    );
-    OrchestratorLogger.log(`value ${value}`);
+    const value = (
+      await GitRepoReader.runCommand(`cd ${Input.projectPath} && git remote -v`)
+    ).replace(/ /g, ``);
+    core.info(`value ${value}`);
     assert(value.includes('github.com'));
 
     return value.split('github.com')[1].split('.git')[0].slice(1);
   }
 
   public static async GetBranch() {
-    if (OrchestratorOptions.providerStrategy === 'local') {
+    if ((Input.getInput('providerStrategy') || 'local') === 'local') {
       return '';
     }
     assert(fs.existsSync(`.git`));
 
-    return (await OrchestratorSystem.Run(`cd ${Input.projectPath} && git branch --show-current`, false, true))
+    return (await GitRepoReader.runCommand(`cd ${Input.projectPath} && git branch --show-current`))
       .split('\n')[0]
       .replace(/ /g, ``)
       .replace('/head', '');

src/model/input-readers/github-cli.test.ts

@@ -1,3 +1,4 @@
+import { describe, it, expect, vi, beforeEach, afterEach, beforeAll, afterAll, test } from 'vitest';
 import { GithubCliReader } from './github-cli';
 import * as core from '@actions/core';
 

src/model/input-readers/github-cli.ts

@@ -1,19 +1,32 @@
-import { OrchestratorSystem } from '../orchestrator/services/core/orchestrator-system';
+import { exec } from 'node:child_process';
 import * as core from '@actions/core';
-import OrchestratorOptions from '../orchestrator/options/orchestrator-options';
+import Input from '../input';
 
 export class GithubCliReader {
+  private static async runCommand(command: string, suppressError = false): Promise<string> {
+    return new Promise<string>((resolve, reject) => {
+      exec(command, { maxBuffer: 1024 * 10000 }, (error, stdout, stderr) => {
+        if (error && !suppressError) {
+          reject(error);
+
+          return;
+        }
+        resolve((stdout || '').toString() + (stderr || '').toString());
+      });
+    });
+  }
+
   static async GetGitHubAuthToken() {
-    if (OrchestratorOptions.providerStrategy === 'local') {
+    if ((Input.getInput('providerStrategy') || 'local') === 'local') {
       return '';
     }
     try {
-      const authStatus = await OrchestratorSystem.Run(`gh auth status`, true, true);
+      const authStatus = await GithubCliReader.runCommand(`gh auth status`, true);
       if (authStatus.includes('You are not logged') || authStatus === '') {
         return '';
       }
 
-      return (await OrchestratorSystem.Run(`gh auth status -t`, false, true))
+      return (await GithubCliReader.runCommand(`gh auth status -t`))
         .split(`Token: `)[1]
         .replace(/ /g, '')
         .replace(/\n/g, '');

src/model/input-readers/test-license-reader.ts

@@ -1,13 +1,20 @@
 import path from 'node:path';
 import fs from 'node:fs';
 import YAML from 'yaml';
-import OrchestratorOptions from '../orchestrator/options/orchestrator-options';
+import Input from '../input';
 
 export function ReadLicense(): string {
-  if (OrchestratorOptions.providerStrategy === 'local') {
+  if ((Input.getInput('providerStrategy') || 'local') === 'local') {
     return '';
   }
-  const pipelineFile = path.join(__dirname, `.github`, `workflows`, `orchestrator-k8s-pipeline.yml`);
+  const pipelineFile = path.join(
+    __dirname,
+    `.github`,
+    `workflows`,
+    `orchestrator-k8s-pipeline.yml`,
+  );
 
-  return fs.existsSync(pipelineFile) ? YAML.parse(fs.readFileSync(pipelineFile, 'utf8')).env.UNITY_LICENSE : '';
+  return fs.existsSync(pipelineFile)
+    ? YAML.parse(fs.readFileSync(pipelineFile, 'utf8')).env.UNITY_LICENSE
+    : '';
 }

src/model/input.test.ts

@@ -1,10 +1,11 @@
+import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, test, vi } from 'vitest';
 import * as core from '@actions/core';
 
 import Input from './input';
 import Platform from './platform';
 
 afterEach(() => {
-  jest.restoreAllMocks();
+  vi.restoreAllMocks();
 });
 
 describe('Input', () => {
@@ -15,7 +16,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = '2020.4.99f9';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.unityVersion).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -27,7 +28,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = '2020.4.99f9';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.customImage).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -40,7 +41,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'Android';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.targetPlatform).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -53,7 +54,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'customProjectPath';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.projectPath).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -66,7 +67,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'path/to/build_profile.asset';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.buildProfile).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -79,14 +80,14 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'Build';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.buildName).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
 
     it('takes special characters as input', () => {
       const mockValue = '1ßúëld2';
-      jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.buildName).toStrictEqual(mockValue);
     });
   });
@@ -98,7 +99,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'customBuildsPath';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.buildsPath).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -111,7 +112,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'Namespace.ClassName.Method';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.buildMethod).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -123,13 +124,13 @@ describe('Input', () => {
     });
 
     it('returns true when string true is passed', () => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue('true');
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('true');
       expect(Input.manualExit).toStrictEqual(true);
       expect(spy).toHaveBeenCalledTimes(1);
     });
 
     it('returns false when string false is passed', () => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue('false');
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('false');
       expect(Input.manualExit).toStrictEqual(false);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -141,13 +142,13 @@ describe('Input', () => {
     });
 
     it('returns true when string true is passed', () => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue('true');
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('true');
       expect(Input.enableGpu).toStrictEqual(true);
       expect(spy).toHaveBeenCalledTimes(1);
     });
 
     it('returns false when string false is passed', () => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue('false');
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('false');
       expect(Input.enableGpu).toStrictEqual(false);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -160,7 +161,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'Anything';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.versioningStrategy).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -173,7 +174,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = '1.33.7';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.specifiedVersion).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -186,7 +187,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = '42';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidVersionCode).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -203,7 +204,7 @@ describe('Input', () => {
       ${'androidAppBundle'}     | ${'androidAppBundle'}
       ${'androidStudioProject'} | ${'androidStudioProject'}
     `('returns $expected when $input is passed', ({ input, expected }) => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(input);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(input);
       expect(Input.androidExportType).toStrictEqual(expected);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -220,7 +221,7 @@ describe('Input', () => {
       ${'public'}    | ${'public'}
       ${'debugging'} | ${'debugging'}
     `('returns $expected when $input is passed', ({ input, expected }) => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(input);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(input);
       expect(Input.androidExportType).toStrictEqual(expected);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -233,7 +234,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'keystore.keystore';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidKeystoreName).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -246,7 +247,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'secret';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidKeystoreBase64).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -259,7 +260,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'secret';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidKeystorePass).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -272,7 +273,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'secret';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidKeyaliasName).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -285,7 +286,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'secret';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidKeyaliasPass).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -298,7 +299,7 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = 'secret';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.androidTargetSdkVersion).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -310,13 +311,13 @@ describe('Input', () => {
     });
 
     it('returns true when string true is passed', () => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue('true');
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('true');
       expect(Input.allowDirtyBuild).toStrictEqual(true);
       expect(spy).toHaveBeenCalledTimes(1);
     });
 
     it('returns false when string false is passed', () => {
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue('false');
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('false');
       expect(Input.allowDirtyBuild).toStrictEqual(false);
       expect(spy).toHaveBeenCalledTimes(1);
     });
@@ -329,9 +330,27 @@ describe('Input', () => {
 
     it('takes input from the users workflow', () => {
       const mockValue = '-imAFlag';
-      const spy = jest.spyOn(core, 'getInput').mockReturnValue(mockValue);
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue(mockValue);
       expect(Input.customParameters).toStrictEqual(mockValue);
       expect(spy).toHaveBeenCalledTimes(1);
     });
   });
+
+  describe('useHostNetwork', () => {
+    it('returns the default value', () => {
+      expect(Input.useHostNetwork).toStrictEqual(false);
+    });
+
+    it('returns true when string true is passed', () => {
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('true');
+      expect(Input.useHostNetwork).toStrictEqual(true);
+      expect(spy).toHaveBeenCalledTimes(1);
+    });
+
+    it('returns false when string false is passed', () => {
+      const spy = vi.spyOn(core, 'getInput').mockReturnValue('false');
+      expect(Input.useHostNetwork).toStrictEqual(false);
+      expect(spy).toHaveBeenCalledTimes(1);
+    });
+  });
 });

src/model/input.ts

@@ -1,7 +1,6 @@
 import fs from 'node:fs';
 import path from 'node:path';
 import { Cli } from './cli/cli';
-import OrchestratorQueryOverride from './orchestrator/options/orchestrator-query-override';
 import Platform from './platform';
 import GitHub from './github';
 import os from 'node:os';
@@ -15,7 +14,8 @@ export type InputKey = keyof typeof Input;
  *
  * Note that input is always passed as a string, even booleans.
  *
- * Todo: rename to UserInput and remove anything that is not direct input from the user / ci workflow
+ * Only core build inputs belong here. Orchestrator/plugin inputs are read
+ * directly by the @game-ci/orchestrator plugin via core.getInput() / env vars.
  */
 class Input {
   public static getInput(query: string): string | undefined {
@@ -32,10 +32,6 @@ class Input {
       return Cli.query(query, alternativeQuery);
     }
 
-    if (OrchestratorQueryOverride.query(query, alternativeQuery)) {
-      return OrchestratorQueryOverride.query(query, alternativeQuery);
-    }
-
     if (process.env[query] !== undefined) {
       return process.env[query]!;
     }
@@ -45,17 +41,16 @@ class Input {
     }
   }
 
-  static get region(): string {
-    return Input.getInput('region') ?? 'eu-west-2';
-  }
-
   static get githubRepo(): string | undefined {
     return Input.getInput('GITHUB_REPOSITORY') ?? Input.getInput('GITHUB_REPO') ?? undefined;
   }
 
   static get branch(): string {
     if (Input.getInput(`GITHUB_REF`)) {
-      return Input.getInput(`GITHUB_REF`)!.replace('refs/', '').replace(`head/`, '').replace(`heads/`, '');
+      return Input.getInput(`GITHUB_REF`)!
+        .replace('refs/', '')
+        .replace(`head/`, '')
+        .replace(`heads/`, '');
     } else if (Input.getInput('branch')) {
       return Input.getInput('branch')!;
     } else {
@@ -147,6 +142,12 @@ class Input {
     return Input.getInput('customParameters') ?? '';
   }
 
+  static get useHostNetwork(): boolean {
+    const input = Input.getInput('useHostNetwork') ?? false;
+
+    return input === 'true';
+  }
+
   static get versioningStrategy(): string {
     return Input.getInput('versioning') ?? 'Semantic';
   }
@@ -262,7 +263,8 @@ class Input {
     }
 
     return (
-      Input.getInput('dockerMemoryLimit') ?? `${Math.floor((os.totalmem() / bytesInMegabyte) * memoryMultiplier)}m`
+      Input.getInput('dockerMemoryLimit') ??
+      `${Math.floor((os.totalmem() / bytesInMegabyte) * memoryMultiplier)}m`
     );
   }
 
@@ -278,30 +280,6 @@ class Input {
     return Input.getInput('containerRegistryImageVersion') ?? '3';
   }
 
-  static get artifactOutputTypes(): string {
-    return Input.getInput('artifactOutputTypes') ?? 'build,logs,test-results';
-  }
-
-  static get artifactUploadTarget(): string {
-    return Input.getInput('artifactUploadTarget') ?? 'github-artifacts';
-  }
-
-  static get artifactUploadPath(): string {
-    return Input.getInput('artifactUploadPath') ?? '';
-  }
-
-  static get artifactCompression(): string {
-    return Input.getInput('artifactCompression') ?? 'gzip';
-  }
-
-  static get artifactRetentionDays(): string {
-    return Input.getInput('artifactRetentionDays') ?? '30';
-  }
-
-  static get artifactCustomTypes(): string {
-    return Input.getInput('artifactCustomTypes') ?? '';
-  }
-
   static get skipActivation(): string {
     return Input.getInput('skipActivation')?.toLowerCase() ?? 'false';
   }

src/model/orchestrator-plugin.test.ts

@@ -0,0 +1,17 @@
+import { describe, expect, it } from 'vitest';
+
+/**
+ * Compatibility tests for the legacy orchestrator-plugin module name.
+ *
+ * CI targets this file pattern directly, and consumers may still import this
+ * module while migrating to the generic plugin API.
+ */
+
+describe('orchestrator-plugin compatibility exports', () => {
+  it('keeps loadOrchestratorPlugin as an alias for loadPlugin', async () => {
+    const plugin = await import('./plugin');
+    const compatibility = await import('./orchestrator-plugin');
+
+    expect(compatibility.loadOrchestratorPlugin).toBe(plugin.loadPlugin);
+  });
+});

src/model/orchestrator-plugin.ts

@@ -0,0 +1,2 @@
+export { loadPlugin as loadOrchestratorPlugin } from './plugin';
+export type { Plugin as OrchestratorPlugin } from './plugin';

src/model/orchestrator/error/orchestrator-error.ts

@@ -1,15 +0,0 @@
-import OrchestratorLogger from '../services/core/orchestrator-logger';
-import * as core from '@actions/core';
-import Orchestrator from '../orchestrator';
-import OrchestratorSecret from '../options/orchestrator-secret';
-import BuildParameters from '../../build-parameters';
-
-export class OrchestratorError {
-  public static async handleException(error: unknown, buildParameters: BuildParameters, secrets: OrchestratorSecret[]) {
-    OrchestratorLogger.error(JSON.stringify(error, undefined, 4));
-    core.setFailed('Orchestrator failed');
-    if (Orchestrator.Provider !== undefined) {
-      await Orchestrator.Provider.cleanupWorkflow(buildParameters, buildParameters.branch, secrets);
-    }
-  }
-}

src/model/orchestrator/options/orchestrator-constants.ts

@@ -1,4 +0,0 @@
-class OrchestratorConstants {
-  static alphabet = '0123456789abcdefghijklmnopqrstuvwxyz';
-}
-export default OrchestratorConstants;

src/model/orchestrator/options/orchestrator-environment-variable.ts

@@ -1,5 +0,0 @@
-class OrchestratorEnvironmentVariable {
-  public name!: string;
-  public value!: string;
-}
-export default OrchestratorEnvironmentVariable;

src/model/orchestrator/options/orchestrator-folders.ts

@@ -1,90 +0,0 @@
-import path from 'node:path';
-import OrchestratorOptions from './orchestrator-options';
-import Orchestrator from '../orchestrator';
-import BuildParameters from '../../build-parameters';
-
-export class OrchestratorFolders {
-  public static readonly repositoryFolder = 'repo';
-
-  public static ToLinuxFolder(folder: string) {
-    return folder.replace(/\\/g, `/`);
-  }
-
-  // Only the following paths that do not start a path.join with another "Full" suffixed property need to start with an absolute /
-
-  public static get uniqueOrchestratorJobFolderAbsolute(): string {
-    return Orchestrator.buildParameters && BuildParameters.shouldUseRetainedWorkspaceMode(Orchestrator.buildParameters)
-      ? path.join(`/`, OrchestratorFolders.buildVolumeFolder, Orchestrator.lockedWorkspace)
-      : path.join(`/`, OrchestratorFolders.buildVolumeFolder, Orchestrator.buildParameters.buildGuid);
-  }
-
-  public static get cacheFolderForAllFull(): string {
-    return path.join('/', OrchestratorFolders.buildVolumeFolder, OrchestratorFolders.cacheFolder);
-  }
-
-  public static get cacheFolderForCacheKeyFull(): string {
-    return path.join(
-      '/',
-      OrchestratorFolders.buildVolumeFolder,
-      OrchestratorFolders.cacheFolder,
-      Orchestrator.buildParameters.cacheKey,
-    );
-  }
-
-  public static get builderPathAbsolute(): string {
-    return path.join(
-      OrchestratorOptions.useSharedBuilder
-        ? `/${OrchestratorFolders.buildVolumeFolder}`
-        : OrchestratorFolders.uniqueOrchestratorJobFolderAbsolute,
-      `builder`,
-    );
-  }
-
-  public static get repoPathAbsolute(): string {
-    return path.join(OrchestratorFolders.uniqueOrchestratorJobFolderAbsolute, OrchestratorFolders.repositoryFolder);
-  }
-
-  public static get projectPathAbsolute(): string {
-    return path.join(OrchestratorFolders.repoPathAbsolute, Orchestrator.buildParameters.projectPath);
-  }
-
-  public static get libraryFolderAbsolute(): string {
-    return path.join(OrchestratorFolders.projectPathAbsolute, `Library`);
-  }
-
-  public static get projectBuildFolderAbsolute(): string {
-    return path.join(OrchestratorFolders.repoPathAbsolute, Orchestrator.buildParameters.buildPath);
-  }
-
-  public static get lfsFolderAbsolute(): string {
-    return path.join(OrchestratorFolders.repoPathAbsolute, `.git`, `lfs`);
-  }
-
-  public static get purgeRemoteCaching(): boolean {
-    return process.env.PURGE_REMOTE_BUILDER_CACHE !== undefined;
-  }
-
-  public static get lfsCacheFolderFull() {
-    return path.join(OrchestratorFolders.cacheFolderForCacheKeyFull, `lfs`);
-  }
-
-  public static get libraryCacheFolderFull() {
-    return path.join(OrchestratorFolders.cacheFolderForCacheKeyFull, `Library`);
-  }
-
-  public static get unityBuilderRepoUrl(): string {
-    return `https://${Orchestrator.buildParameters.gitPrivateToken}@github.com/${Orchestrator.buildParameters.orchestratorRepoName}.git`;
-  }
-
-  public static get targetBuildRepoUrl(): string {
-    return `https://${Orchestrator.buildParameters.gitPrivateToken}@github.com/${Orchestrator.buildParameters.githubRepo}.git`;
-  }
-
-  public static get buildVolumeFolder() {
-    return 'data';
-  }
-
-  public static get cacheFolder() {
-    return 'cache';
-  }
-}

src/model/orchestrator/options/orchestrator-guid.ts

@@ -1,11 +0,0 @@
-import { customAlphabet } from 'nanoid';
-import OrchestratorConstants from './orchestrator-constants';
-
-class OrchestratorNamespace {
-  static generateGuid(runNumber: string | number, platform: string) {
-    const nanoid = customAlphabet(OrchestratorConstants.alphabet, 4);
-
-    return `${runNumber}-${platform.toLowerCase().replace('standalone', '')}-${nanoid()}`;
-  }
-}
-export default OrchestratorNamespace;

src/model/orchestrator/options/orchestrator-options-reader.ts

@@ -1,10 +0,0 @@
-import Input from '../../input';
-import OrchestratorOptions from './orchestrator-options';
-
-class OrchestratorOptionsReader {
-  static GetProperties() {
-    return [...Object.getOwnPropertyNames(Input), ...Object.getOwnPropertyNames(OrchestratorOptions)];
-  }
-}
-
-export default OrchestratorOptionsReader;

src/model/orchestrator/options/orchestrator-options.ts

@@ -1,338 +0,0 @@
-import { Cli } from '../../cli/cli';
-import OrchestratorQueryOverride from './orchestrator-query-override';
-import GitHub from '../../github';
-import * as core from '@actions/core';
-
-class OrchestratorOptions {
-  // ### ### ###
-  // Input Handling
-  // ### ### ###
-  public static getInput(query: string): string | undefined {
-    if (GitHub.githubInputEnabled) {
-      const coreInput = core.getInput(query);
-      if (coreInput && coreInput !== '') {
-        return coreInput;
-      }
-    }
-    const alternativeQuery = OrchestratorOptions.ToEnvVarFormat(query);
-
-    // Query input sources
-    if (Cli.query(query, alternativeQuery)) {
-      return Cli.query(query, alternativeQuery);
-    }
-
-    if (OrchestratorQueryOverride.query(query, alternativeQuery)) {
-      return OrchestratorQueryOverride.query(query, alternativeQuery);
-    }
-
-    if (process.env[query] !== undefined) {
-      return process.env[query];
-    }
-
-    if (alternativeQuery !== query && process.env[alternativeQuery] !== undefined) {
-      return process.env[alternativeQuery];
-    }
-  }
-
-  public static ToEnvVarFormat(input: string): string {
-    if (input.toUpperCase() === input) {
-      return input;
-    }
-
-    return input
-      .replace(/([A-Z])/g, ' $1')
-      .trim()
-      .toUpperCase()
-      .replace(/ /g, '_');
-  }
-
-  // ### ### ###
-  // Provider parameters
-  // ### ### ###
-
-  static get region(): string {
-    return OrchestratorOptions.getInput('region') || 'eu-west-2';
-  }
-
-  // ### ### ###
-  // GitHub  parameters
-  // ### ### ###
-  static get githubChecks(): boolean {
-    const value = OrchestratorOptions.getInput('githubChecks');
-
-    return value === `true` || false;
-  }
-  static get githubCheckId(): string {
-    return OrchestratorOptions.getInput('githubCheckId') || ``;
-  }
-
-  static get githubOwner(): string {
-    return OrchestratorOptions.getInput('githubOwner') || OrchestratorOptions.githubRepo?.split(`/`)[0] || '';
-  }
-
-  static get githubRepoName(): string {
-    return OrchestratorOptions.getInput('githubRepoName') || OrchestratorOptions.githubRepo?.split(`/`)[1] || '';
-  }
-
-  static get orchestratorRepoName(): string {
-    return OrchestratorOptions.getInput('orchestratorRepoName') || 'game-ci/unity-builder';
-  }
-
-  static get cloneDepth(): string {
-    return OrchestratorOptions.getInput('cloneDepth') || '50';
-  }
-
-  static get finalHooks(): string[] {
-    return OrchestratorOptions.getInput('finalHooks')?.split(',') || [];
-  }
-
-  // ### ### ###
-  // Git syncronization parameters
-  // ### ### ###
-
-  static get githubRepo(): string | undefined {
-    return (
-      OrchestratorOptions.getInput('GITHUB_REPOSITORY') || OrchestratorOptions.getInput('GITHUB_REPO') || undefined
-    );
-  }
-  static get branch(): string {
-    if (OrchestratorOptions.getInput(`GITHUB_REF`)) {
-      return (
-        OrchestratorOptions.getInput(`GITHUB_REF`)?.replace('refs/', '').replace(`head/`, '').replace(`heads/`, '') ||
-        ``
-      );
-    } else if (OrchestratorOptions.getInput('branch')) {
-      return OrchestratorOptions.getInput('branch') || ``;
-    } else {
-      return '';
-    }
-  }
-
-  // ### ### ###
-  // Orchestrator parameters
-  // ### ### ###
-
-  static get buildPlatform(): string {
-    const input = OrchestratorOptions.getInput('buildPlatform');
-    if (input && input !== '') {
-      return input;
-    }
-    if (OrchestratorOptions.providerStrategy !== 'local') {
-      return 'linux';
-    }
-
-    return process.platform;
-  }
-
-  static get orchestratorBranch(): string {
-    return OrchestratorOptions.getInput('orchestratorBranch') || 'main';
-  }
-
-  static get providerStrategy(): string {
-    const provider =
-      OrchestratorOptions.getInput('orchestratorCluster') || OrchestratorOptions.getInput('providerStrategy');
-    if (Cli.isCliMode) {
-      return provider || 'aws';
-    }
-
-    return provider || 'local';
-  }
-
-  static get containerCpu(): string {
-    return OrchestratorOptions.getInput('containerCpu') || `1024`;
-  }
-
-  static get containerMemory(): string {
-    return OrchestratorOptions.getInput('containerMemory') || `3072`;
-  }
-
-  static get containerNamespace(): string {
-    return OrchestratorOptions.getInput('containerNamespace') || `default`;
-  }
-
-  static get customJob(): string {
-    return OrchestratorOptions.getInput('customJob') || '';
-  }
-
-  // ### ### ###
-  // Custom commands from files parameters
-  // ### ### ###
-
-  static get containerHookFiles(): string[] {
-    return OrchestratorOptions.getInput('containerHookFiles')?.split(`,`) || [];
-  }
-
-  static get commandHookFiles(): string[] {
-    return OrchestratorOptions.getInput('commandHookFiles')?.split(`,`) || [];
-  }
-
-  // ### ### ###
-  // Custom commands from yaml parameters
-  // ### ### ###
-
-  static get commandHooks(): string {
-    return OrchestratorOptions.getInput('commandHooks') || '';
-  }
-
-  static get postBuildContainerHooks(): string {
-    return OrchestratorOptions.getInput('postBuildContainerHooks') || '';
-  }
-
-  static get preBuildContainerHooks(): string {
-    return OrchestratorOptions.getInput('preBuildContainerHooks') || '';
-  }
-
-  // ### ### ###
-  // Input override handling
-  // ### ### ###
-
-  static get pullInputList(): string[] {
-    return OrchestratorOptions.getInput('pullInputList')?.split(`,`) || [];
-  }
-
-  static get inputPullCommand(): string {
-    const value = OrchestratorOptions.getInput('inputPullCommand');
-
-    if (value === 'gcp-secret-manager') {
-      return 'gcloud secrets versions access 1 --secret="{0}"';
-    } else if (value === 'aws-secret-manager') {
-      return 'aws secretsmanager get-secret-value --secret-id {0}';
-    }
-
-    return value || '';
-  }
-
-  // ### ### ###
-  // Aws
-  // ### ### ###
-
-  static get awsStackName() {
-    return OrchestratorOptions.getInput('awsStackName') || 'game-ci';
-  }
-
-  static get awsEndpoint(): string | undefined {
-    return OrchestratorOptions.getInput('awsEndpoint');
-  }
-
-  static get awsCloudFormationEndpoint(): string | undefined {
-    return OrchestratorOptions.getInput('awsCloudFormationEndpoint') || OrchestratorOptions.awsEndpoint;
-  }
-
-  static get awsEcsEndpoint(): string | undefined {
-    return OrchestratorOptions.getInput('awsEcsEndpoint') || OrchestratorOptions.awsEndpoint;
-  }
-
-  static get awsKinesisEndpoint(): string | undefined {
-    return OrchestratorOptions.getInput('awsKinesisEndpoint') || OrchestratorOptions.awsEndpoint;
-  }
-
-  static get awsCloudWatchLogsEndpoint(): string | undefined {
-    return OrchestratorOptions.getInput('awsCloudWatchLogsEndpoint') || OrchestratorOptions.awsEndpoint;
-  }
-
-  static get awsS3Endpoint(): string | undefined {
-    return OrchestratorOptions.getInput('awsS3Endpoint') || OrchestratorOptions.awsEndpoint;
-  }
-
-  // ### ### ###
-  // Storage
-  // ### ### ###
-
-  static get storageProvider(): string {
-    return OrchestratorOptions.getInput('storageProvider') || 's3';
-  }
-
-  static get rcloneRemote(): string {
-    return OrchestratorOptions.getInput('rcloneRemote') || '';
-  }
-
-  // ### ### ###
-  // K8s
-  // ### ### ###
-
-  static get kubeConfig(): string {
-    return OrchestratorOptions.getInput('kubeConfig') || '';
-  }
-
-  static get kubeVolume(): string {
-    return OrchestratorOptions.getInput('kubeVolume') || '';
-  }
-
-  static get kubeVolumeSize(): string {
-    return OrchestratorOptions.getInput('kubeVolumeSize') || '25Gi';
-  }
-
-  static get kubeStorageClass(): string {
-    return OrchestratorOptions.getInput('kubeStorageClass') || '';
-  }
-
-  // ### ### ###
-  // Caching
-  // ### ### ###
-
-  static get cacheKey(): string {
-    return OrchestratorOptions.getInput('cacheKey') || OrchestratorOptions.branch;
-  }
-
-  // ### ### ###
-  // Utility Parameters
-  // ### ### ###
-
-  static get orchestratorDebug(): boolean {
-    return (
-      OrchestratorOptions.getInput(`orchestratorTests`) === `true` ||
-      OrchestratorOptions.getInput(`orchestratorDebug`) === `true` ||
-      OrchestratorOptions.getInput(`orchestratorDebugTree`) === `true` ||
-      OrchestratorOptions.getInput(`orchestratorDebugEnv`) === `true` ||
-      false
-    );
-  }
-  static get skipLfs(): boolean {
-    return OrchestratorOptions.getInput(`skipLfs`) === `true`;
-  }
-  static get skipCache(): boolean {
-    return OrchestratorOptions.getInput(`skipCache`) === `true`;
-  }
-
-  public static get asyncOrchestrator(): boolean {
-    return OrchestratorOptions.getInput('asyncOrchestrator') === 'true';
-  }
-
-  public static get resourceTracking(): boolean {
-    return OrchestratorOptions.getInput('resourceTracking') === 'true';
-  }
-
-  public static get useLargePackages(): boolean {
-    return OrchestratorOptions.getInput(`useLargePackages`) === `true`;
-  }
-
-  public static get useSharedBuilder(): boolean {
-    return OrchestratorOptions.getInput(`useSharedBuilder`) === `true`;
-  }
-
-  public static get useCompressionStrategy(): boolean {
-    return OrchestratorOptions.getInput(`useCompressionStrategy`) === `true`;
-  }
-
-  public static get useCleanupCron(): boolean {
-    return (OrchestratorOptions.getInput(`useCleanupCron`) || 'true') === 'true';
-  }
-
-  // ### ### ###
-  // Retained Workspace
-  // ### ### ###
-
-  public static get maxRetainedWorkspaces(): string {
-    return OrchestratorOptions.getInput(`maxRetainedWorkspaces`) || `0`;
-  }
-
-  // ### ### ###
-  // Garbage Collection
-  // ### ### ###
-
-  static get garbageMaxAge(): number {
-    return Number(OrchestratorOptions.getInput(`garbageMaxAge`)) || 24;
-  }
-}
-
-export default OrchestratorOptions;

src/model/orchestrator/options/orchestrator-query-override.ts

@@ -1,67 +0,0 @@
-import Input from '../../input';
-import { GenericInputReader } from '../../input-readers/generic-input-reader';
-import OrchestratorOptions from './orchestrator-options';
-
-const formatFunction = (value: string, arguments_: any[]) => {
-  for (const element of arguments_) {
-    value = value.replace(`{${element.key}}`, element.value);
-  }
-
-  return value;
-};
-
-class OrchestratorQueryOverride {
-  static queryOverrides: { [key: string]: string } | undefined;
-
-  // TODO accept premade secret sources or custom secret source definition yamls
-
-  public static query(key: string, alternativeKey: string) {
-    if (OrchestratorQueryOverride.queryOverrides && OrchestratorQueryOverride.queryOverrides[key] !== undefined) {
-      return OrchestratorQueryOverride.queryOverrides[key];
-    }
-    if (
-      OrchestratorQueryOverride.queryOverrides &&
-      alternativeKey &&
-      OrchestratorQueryOverride.queryOverrides[alternativeKey] !== undefined
-    ) {
-      return OrchestratorQueryOverride.queryOverrides[alternativeKey];
-    }
-
-    return;
-  }
-
-  private static shouldUseOverride(query: string) {
-    if (OrchestratorOptions.inputPullCommand !== '') {
-      if (OrchestratorOptions.pullInputList.length > 0) {
-        const doesInclude =
-          OrchestratorOptions.pullInputList.includes(query) ||
-          OrchestratorOptions.pullInputList.includes(Input.ToEnvVarFormat(query));
-
-        return doesInclude ? true : false;
-      } else {
-        return true;
-      }
-    }
-  }
-
-  private static async queryOverride(query: string) {
-    if (!this.shouldUseOverride(query)) {
-      throw new Error(`Should not be trying to run override query on ${query}`);
-    }
-
-    return await GenericInputReader.Run(
-      formatFunction(OrchestratorOptions.inputPullCommand, [{ key: 0, value: query }]),
-    );
-  }
-
-  public static async PopulateQueryOverrideInput() {
-    const queries = OrchestratorOptions.pullInputList;
-    OrchestratorQueryOverride.queryOverrides = {};
-    for (const element of queries) {
-      if (OrchestratorQueryOverride.shouldUseOverride(element)) {
-        OrchestratorQueryOverride.queryOverrides[element] = await OrchestratorQueryOverride.queryOverride(element);
-      }
-    }
-  }
-}
-export default OrchestratorQueryOverride;

src/model/orchestrator/options/orchestrator-secret.ts

@@ -1,6 +0,0 @@
-class OrchestratorSecret {
-  public ParameterKey!: string;
-  public EnvironmentVariable!: string;
-  public ParameterValue!: string;
-}
-export default OrchestratorSecret;

src/model/orchestrator/options/orchestrator-statics.ts

@@ -1,3 +0,0 @@
-export class OrchestratorStatics {
-  public static readonly logPrefix = `Orchestrator`;
-}

src/model/orchestrator/options/orchestrator-step-parameters.ts

@@ -1,13 +0,0 @@
-import OrchestratorEnvironmentVariable from './orchestrator-environment-variable';
-import OrchestratorSecret from './orchestrator-secret';
-
-export class OrchestratorStepParameters {
-  public image: string;
-  public environment: OrchestratorEnvironmentVariable[];
-  public secrets: OrchestratorSecret[];
-  constructor(image: string, environmentVariables: OrchestratorEnvironmentVariable[], secrets: OrchestratorSecret[]) {
-    this.image = image;
-    this.environment = environmentVariables;
-    this.secrets = secrets;
-  }
-}

src/model/orchestrator/orchestrator.ts

@@ -1,345 +0,0 @@
-import AwsBuildPlatform from './providers/aws';
-import { BuildParameters, Input } from '..';
-import Kubernetes from './providers/k8s';
-import OrchestratorLogger from './services/core/orchestrator-logger';
-import { OrchestratorStepParameters } from './options/orchestrator-step-parameters';
-import { WorkflowCompositionRoot } from './workflows/workflow-composition-root';
-import { OrchestratorError } from './error/orchestrator-error';
-import { TaskParameterSerializer } from './services/core/task-parameter-serializer';
-import * as core from '@actions/core';
-import OrchestratorSecret from './options/orchestrator-secret';
-import { ProviderInterface } from './providers/provider-interface';
-import OrchestratorEnvironmentVariable from './options/orchestrator-environment-variable';
-import TestOrchestrator from './providers/test';
-import LocalOrchestrator from './providers/local';
-import LocalDockerOrchestrator from './providers/docker';
-import loadProvider from './providers/provider-loader';
-import GitHub from '../github';
-import SharedWorkspaceLocking from './services/core/shared-workspace-locking';
-import { FollowLogStreamService } from './services/core/follow-log-stream-service';
-import OrchestratorResult from './services/core/orchestrator-result';
-import OrchestratorOptions from './options/orchestrator-options';
-import ResourceTracking from './services/core/resource-tracking';
-
-class Orchestrator {
-  public static Provider: ProviderInterface;
-  public static buildParameters: BuildParameters;
-  private static defaultSecrets: OrchestratorSecret[];
-  private static orchestratorEnvironmentVariables: OrchestratorEnvironmentVariable[];
-  static lockedWorkspace: string = ``;
-  public static readonly retainedWorkspacePrefix: string = `retained-workspace`;
-
-  // When true, validates AWS CloudFormation templates even when using local-docker execution
-  // This is set by AWS_FORCE_PROVIDER=aws-local mode
-  public static validateAwsTemplates: boolean = false;
-  public static get isOrchestratorEnvironment() {
-    return process.env[`GITHUB_ACTIONS`] !== `true`;
-  }
-  public static get isOrchestratorAsyncEnvironment() {
-    return process.env[`ASYNC_WORKFLOW`] === `true`;
-  }
-  public static async setup(buildParameters: BuildParameters) {
-    OrchestratorLogger.setup();
-    OrchestratorLogger.log(`Setting up orchestrator`);
-    Orchestrator.buildParameters = buildParameters;
-    ResourceTracking.logAllocationSummary('setup');
-    await ResourceTracking.logDiskUsageSnapshot('setup');
-    if (Orchestrator.buildParameters.githubCheckId === ``) {
-      Orchestrator.buildParameters.githubCheckId = await GitHub.createGitHubCheck(
-        Orchestrator.buildParameters.buildGuid,
-      );
-    }
-    await Orchestrator.setupSelectedBuildPlatform();
-    Orchestrator.defaultSecrets = TaskParameterSerializer.readDefaultSecrets();
-    Orchestrator.orchestratorEnvironmentVariables =
-      TaskParameterSerializer.createOrchestratorEnvironmentVariables(buildParameters);
-    if (GitHub.githubInputEnabled) {
-      const buildParameterPropertyNames = Object.getOwnPropertyNames(buildParameters);
-      for (const element of Orchestrator.orchestratorEnvironmentVariables) {
-        // OrchestratorLogger.log(`Orchestrator output ${Input.ToEnvVarFormat(element.name)} = ${element.value}`);
-        core.setOutput(Input.ToEnvVarFormat(element.name), element.value);
-      }
-      for (const element of buildParameterPropertyNames) {
-        // OrchestratorLogger.log(`Orchestrator output ${Input.ToEnvVarFormat(element)} = ${buildParameters[element]}`);
-        core.setOutput(Input.ToEnvVarFormat(element), buildParameters[element]);
-      }
-      core.setOutput(
-        Input.ToEnvVarFormat(`buildArtifact`),
-        `build-${Orchestrator.buildParameters.buildGuid}.tar${
-          Orchestrator.buildParameters.useCompressionStrategy ? '.lz4' : ''
-        }`,
-      );
-    }
-    FollowLogStreamService.Reset();
-  }
-
-  private static async setupSelectedBuildPlatform() {
-    OrchestratorLogger.log(`Orchestrator platform selected ${Orchestrator.buildParameters.providerStrategy}`);
-
-    // Detect LocalStack endpoints and handle AWS provider appropriately
-    // AWS_FORCE_PROVIDER options:
-    //   - 'aws': Force AWS provider (requires LocalStack Pro with ECS support)
-    //   - 'aws-local': Validate AWS templates/config but execute via local-docker (for CI without ECS)
-    //   - unset/other: Auto-fallback to local-docker when LocalStack detected
-    const awsForceProvider = process.env.AWS_FORCE_PROVIDER || '';
-    const forceAwsProvider = awsForceProvider === 'aws' || awsForceProvider === 'true';
-    const useAwsLocalMode = awsForceProvider === 'aws-local';
-    const endpointsToCheck = [
-      process.env.AWS_ENDPOINT,
-      process.env.AWS_S3_ENDPOINT,
-      process.env.AWS_CLOUD_FORMATION_ENDPOINT,
-      process.env.AWS_ECS_ENDPOINT,
-      process.env.AWS_KINESIS_ENDPOINT,
-      process.env.AWS_CLOUD_WATCH_LOGS_ENDPOINT,
-      OrchestratorOptions.awsEndpoint,
-      OrchestratorOptions.awsS3Endpoint,
-      OrchestratorOptions.awsCloudFormationEndpoint,
-      OrchestratorOptions.awsEcsEndpoint,
-      OrchestratorOptions.awsKinesisEndpoint,
-      OrchestratorOptions.awsCloudWatchLogsEndpoint,
-    ]
-      .filter((x) => typeof x === 'string')
-      .join(' ');
-    const isLocalStack = /localstack|localhost|127\.0\.0\.1/i.test(endpointsToCheck);
-    let provider = Orchestrator.buildParameters.providerStrategy;
-    let validateAwsTemplates = false;
-
-    if (provider === 'aws' && isLocalStack) {
-      if (useAwsLocalMode) {
-        // aws-local mode: Validate AWS templates but execute via local-docker
-        // This provides confidence in AWS CloudFormation without requiring LocalStack Pro
-        OrchestratorLogger.log('AWS_FORCE_PROVIDER=aws-local: Validating AWS templates, executing via local-docker');
-        validateAwsTemplates = true;
-        provider = 'local-docker';
-      } else if (forceAwsProvider) {
-        // Force full AWS provider (requires LocalStack Pro with ECS support)
-        OrchestratorLogger.log(
-          'LocalStack endpoints detected but AWS_FORCE_PROVIDER=aws; using full AWS provider (requires ECS support)',
-        );
-      } else {
-        // Auto-fallback to local-docker
-        OrchestratorLogger.log('LocalStack endpoints detected; routing provider to local-docker for this run');
-        OrchestratorLogger.log(
-          'Note: Set AWS_FORCE_PROVIDER=aws-local to validate AWS templates with local-docker execution',
-        );
-        provider = 'local-docker';
-      }
-    }
-
-    // Store whether we should validate AWS templates (used by aws-local mode)
-    Orchestrator.validateAwsTemplates = validateAwsTemplates;
-
-    switch (provider) {
-      case 'k8s':
-        Orchestrator.Provider = new Kubernetes(Orchestrator.buildParameters);
-        break;
-      case 'aws':
-        Orchestrator.Provider = new AwsBuildPlatform(Orchestrator.buildParameters);
-
-        // Validate that AWS provider is actually being used when expected
-        if (isLocalStack && forceAwsProvider) {
-          OrchestratorLogger.log('✓ AWS provider initialized with LocalStack - AWS functionality will be validated');
-        } else if (isLocalStack && !forceAwsProvider) {
-          OrchestratorLogger.log(
-            '⚠ WARNING: AWS provider was requested but LocalStack detected without AWS_FORCE_PROVIDER',
-          );
-          OrchestratorLogger.log('⚠ This may cause AWS functionality tests to fail validation');
-        }
-        break;
-      case 'test':
-        Orchestrator.Provider = new TestOrchestrator();
-        break;
-      case 'local-docker':
-        Orchestrator.Provider = new LocalDockerOrchestrator();
-        break;
-      case 'local-system':
-        Orchestrator.Provider = new LocalOrchestrator();
-        break;
-      case 'local':
-        Orchestrator.Provider = new LocalOrchestrator();
-        break;
-      default:
-        // Try to load provider using the dynamic loader for unknown providers
-        try {
-          Orchestrator.Provider = await loadProvider(provider, Orchestrator.buildParameters);
-        } catch (error: any) {
-          OrchestratorLogger.log(`Failed to load provider '${provider}' using dynamic loader: ${error.message}`);
-          OrchestratorLogger.log('Falling back to local provider...');
-          Orchestrator.Provider = new LocalOrchestrator();
-        }
-        break;
-    }
-
-    // Final validation: Ensure provider matches expectations
-    const finalProviderName = Orchestrator.Provider.constructor.name;
-    if (Orchestrator.buildParameters.providerStrategy === 'aws' && finalProviderName !== 'AWSBuildEnvironment') {
-      OrchestratorLogger.log(`⚠ WARNING: Expected AWS provider but got ${finalProviderName}`);
-      OrchestratorLogger.log('⚠ AWS functionality tests may not be validating AWS services correctly');
-    }
-  }
-
-  static async run(buildParameters: BuildParameters, baseImage: string) {
-    if (baseImage.includes(`undefined`)) {
-      throw new Error(`baseImage is undefined`);
-    }
-    await Orchestrator.setup(buildParameters);
-
-    // When aws-local mode is enabled, validate AWS CloudFormation templates
-    // This ensures AWS templates are correct even when executing via local-docker
-    if (Orchestrator.validateAwsTemplates) {
-      await Orchestrator.validateAwsCloudFormationTemplates();
-    }
-    await Orchestrator.Provider.setupWorkflow(
-      Orchestrator.buildParameters.buildGuid,
-      Orchestrator.buildParameters,
-      Orchestrator.buildParameters.branch,
-      Orchestrator.defaultSecrets,
-    );
-    try {
-      if (buildParameters.maxRetainedWorkspaces > 0) {
-        Orchestrator.lockedWorkspace = SharedWorkspaceLocking.NewWorkspaceName();
-
-        const result = await SharedWorkspaceLocking.GetLockedWorkspace(
-          Orchestrator.lockedWorkspace,
-          Orchestrator.buildParameters.buildGuid,
-          Orchestrator.buildParameters,
-        );
-
-        if (result) {
-          OrchestratorLogger.logLine(`Using retained workspace ${Orchestrator.lockedWorkspace}`);
-          Orchestrator.orchestratorEnvironmentVariables = [
-            ...Orchestrator.orchestratorEnvironmentVariables,
-            { name: `LOCKED_WORKSPACE`, value: Orchestrator.lockedWorkspace },
-          ];
-        } else {
-          OrchestratorLogger.log(`Max retained workspaces reached ${buildParameters.maxRetainedWorkspaces}`);
-          buildParameters.maxRetainedWorkspaces = 0;
-          Orchestrator.lockedWorkspace = ``;
-        }
-      }
-      await Orchestrator.updateStatusWithBuildParameters();
-      const output = await new WorkflowCompositionRoot().run(
-        new OrchestratorStepParameters(
-          baseImage,
-          Orchestrator.orchestratorEnvironmentVariables,
-          Orchestrator.defaultSecrets,
-        ),
-      );
-      await Orchestrator.Provider.cleanupWorkflow(
-        Orchestrator.buildParameters,
-        Orchestrator.buildParameters.branch,
-        Orchestrator.defaultSecrets,
-      );
-      if (!Orchestrator.buildParameters.isCliMode) core.endGroup();
-      if (buildParameters.asyncWorkflow && this.isOrchestratorEnvironment && this.isOrchestratorAsyncEnvironment) {
-        await GitHub.updateGitHubCheck(Orchestrator.buildParameters.buildGuid, `success`, `success`, `completed`);
-      }
-
-      if (BuildParameters.shouldUseRetainedWorkspaceMode(buildParameters)) {
-        const workspace = Orchestrator.lockedWorkspace || ``;
-        await SharedWorkspaceLocking.ReleaseWorkspace(
-          workspace,
-          Orchestrator.buildParameters.buildGuid,
-          Orchestrator.buildParameters,
-        );
-        const isLocked = await SharedWorkspaceLocking.IsWorkspaceLocked(workspace, Orchestrator.buildParameters);
-        if (isLocked) {
-          throw new Error(
-            `still locked after releasing ${await SharedWorkspaceLocking.GetAllLocksForWorkspace(
-              workspace,
-              buildParameters,
-            )}`,
-          );
-        }
-        Orchestrator.lockedWorkspace = ``;
-      }
-
-      await GitHub.triggerWorkflowOnComplete(Orchestrator.buildParameters.finalHooks);
-
-      if (buildParameters.constantGarbageCollection) {
-        Orchestrator.Provider.garbageCollect(``, true, buildParameters.garbageMaxAge, true, true);
-      }
-
-      return new OrchestratorResult(buildParameters, output, true, true, false);
-    } catch (error: any) {
-      OrchestratorLogger.log(JSON.stringify(error, undefined, 4));
-      await GitHub.updateGitHubCheck(
-        Orchestrator.buildParameters.buildGuid,
-        `Failed - Error ${error?.message || error}`,
-        `failure`,
-        `completed`,
-      );
-      if (!Orchestrator.buildParameters.isCliMode) core.endGroup();
-      await OrchestratorError.handleException(error, Orchestrator.buildParameters, Orchestrator.defaultSecrets);
-      throw error;
-    }
-  }
-
-  private static async updateStatusWithBuildParameters() {
-    const content = { ...Orchestrator.buildParameters };
-    content.gitPrivateToken = ``;
-    content.unitySerial = ``;
-    content.unityEmail = ``;
-    content.unityPassword = ``;
-    const jsonContent = JSON.stringify(content, undefined, 4);
-    await GitHub.updateGitHubCheck(jsonContent, Orchestrator.buildParameters.buildGuid);
-  }
-
-  /**
-   * Validates AWS CloudFormation templates without deploying them.
-   * Used by aws-local mode to ensure AWS templates are correct when executing via local-docker.
-   * This provides confidence that AWS ECS deployments would work with the generated templates.
-   */
-  private static async validateAwsCloudFormationTemplates() {
-    OrchestratorLogger.log('=== AWS CloudFormation Template Validation (aws-local mode) ===');
-
-    try {
-      // Import AWS template formations
-      const { BaseStackFormation } = await import('./providers/aws/cloud-formations/base-stack-formation');
-      const { TaskDefinitionFormation } = await import('./providers/aws/cloud-formations/task-definition-formation');
-
-      // Validate base stack template
-      const baseTemplate = BaseStackFormation.formation;
-      OrchestratorLogger.log(`✓ Base stack template generated (${baseTemplate.length} chars)`);
-
-      // Check for required resources in base stack
-      const requiredBaseResources = ['AWS::EC2::VPC', 'AWS::ECS::Cluster', 'AWS::S3::Bucket', 'AWS::IAM::Role'];
-      for (const resource of requiredBaseResources) {
-        if (baseTemplate.includes(resource)) {
-          OrchestratorLogger.log(`  ✓ Contains ${resource}`);
-        } else {
-          throw new Error(`Base stack template missing required resource: ${resource}`);
-        }
-      }
-
-      // Validate task definition template
-      const taskTemplate = TaskDefinitionFormation.formation;
-      OrchestratorLogger.log(`✓ Task definition template generated (${taskTemplate.length} chars)`);
-
-      // Check for required resources in task definition
-      const requiredTaskResources = ['AWS::ECS::TaskDefinition', 'AWS::Logs::LogGroup'];
-      for (const resource of requiredTaskResources) {
-        if (taskTemplate.includes(resource)) {
-          OrchestratorLogger.log(`  ✓ Contains ${resource}`);
-        } else {
-          throw new Error(`Task definition template missing required resource: ${resource}`);
-        }
-      }
-
-      // Validate YAML syntax by checking for common patterns
-      if (!baseTemplate.includes('AWSTemplateFormatVersion')) {
-        throw new Error('Base stack template missing AWSTemplateFormatVersion');
-      }
-      if (!taskTemplate.includes('AWSTemplateFormatVersion')) {
-        throw new Error('Task definition template missing AWSTemplateFormatVersion');
-      }
-
-      OrchestratorLogger.log('=== AWS CloudFormation templates validated successfully ===');
-      OrchestratorLogger.log('Note: Actual execution will use local-docker provider');
-    } catch (error: any) {
-      OrchestratorLogger.log(`AWS CloudFormation template validation failed: ${error.message}`);
-      throw error;
-    }
-  }
-}
-export default Orchestrator;

src/model/orchestrator/providers/README.md

@@ -1,222 +0,0 @@
-# Provider Loader Dynamic Imports
-
-## What is a Provider?
-
-A **provider** is a pluggable backend that Orchestrator uses to run builds and workflows. Examples include **AWS**, **Kubernetes**, or local execution. Each provider implements the [ProviderInterface](https://github.com/game-ci/unity-builder/blob/main/src/model/orchestrator/providers/provider-interface.ts), which defines the common lifecycle methods (setup, run, cleanup, garbage collection, etc.).
-
-This abstraction makes Orchestrator flexible: you can switch execution environments or add your own provider (via npm package, GitHub repo, or local path) without changing the rest of your pipeline.
-
-## Dynamic Provider Loading
-
-The provider loader now supports dynamic loading of providers from multiple sources including local file paths, GitHub repositories, and NPM packages.
-
-## Features
-
-- **Local File Paths**: Load providers from relative or absolute file paths
-- **GitHub URLs**: Clone and load providers from GitHub repositories with automatic updates
-- **NPM Packages**: Load providers from installed NPM packages
-- **Automatic Updates**: GitHub repositories are automatically updated when changes are available
-- **Caching**: Local caching of cloned repositories for improved performance
-- **Fallback Support**: Graceful fallback to local provider if loading fails
-
-## Usage Examples
-
-### Loading Built-in Providers
-
-```typescript
-import { ProviderLoader } from './provider-loader';
-
-// Load built-in providers
-const awsProvider = await ProviderLoader.loadProvider('aws', buildParameters);
-const k8sProvider = await ProviderLoader.loadProvider('k8s', buildParameters);
-```
-
-### Loading Local Providers
-
-```typescript
-// Load from relative path
-const localProvider = await ProviderLoader.loadProvider('./my-local-provider', buildParameters);
-
-// Load from absolute path
-const absoluteProvider = await ProviderLoader.loadProvider('/path/to/provider', buildParameters);
-```
-
-### Loading GitHub Providers
-
-```typescript
-// Load from GitHub URL
-const githubProvider = await ProviderLoader.loadProvider(
-  'https://github.com/user/my-provider', 
-  buildParameters
-);
-
-// Load from specific branch
-const branchProvider = await ProviderLoader.loadProvider(
-  'https://github.com/user/my-provider/tree/develop', 
-  buildParameters
-);
-
-// Load from specific path in repository
-const pathProvider = await ProviderLoader.loadProvider(
-  'https://github.com/user/my-provider/tree/main/src/providers', 
-  buildParameters
-);
-
-// Shorthand notation
-const shorthandProvider = await ProviderLoader.loadProvider('user/repo', buildParameters);
-const branchShorthand = await ProviderLoader.loadProvider('user/repo@develop', buildParameters);
-```
-
-### Loading NPM Packages
-
-```typescript
-// Load from NPM package
-const npmProvider = await ProviderLoader.loadProvider('my-provider-package', buildParameters);
-
-// Load from scoped NPM package
-const scopedProvider = await ProviderLoader.loadProvider('@scope/my-provider', buildParameters);
-```
-
-## Provider Interface
-
-All providers must implement the `ProviderInterface`:
-
-```typescript
-interface ProviderInterface {
-  cleanupWorkflow(): Promise<void>;
-  setupWorkflow(buildGuid: string, buildParameters: BuildParameters, branchName: string, defaultSecretsArray: any[]): Promise<void>;
-  runTaskInWorkflow(buildGuid: string, task: string, workingDirectory: string, buildVolumeFolder: string, environmentVariables: any[], secrets: any[]): Promise<string>;
-  garbageCollect(): Promise<void>;
-  listResources(): Promise<ProviderResource[]>;
-  listWorkflow(): Promise<ProviderWorkflow[]>;
-  watchWorkflow(): Promise<void>;
-}
-```
-
-## Example Provider Implementation
-
-```typescript
-// my-provider.ts
-import { ProviderInterface } from './provider-interface';
-import BuildParameters from './build-parameters';
-
-export default class MyProvider implements ProviderInterface {
-  constructor(private buildParameters: BuildParameters) {}
-
-  async cleanupWorkflow(): Promise<void> {
-    // Cleanup logic
-  }
-
-  async setupWorkflow(buildGuid: string, buildParameters: BuildParameters, branchName: string, defaultSecretsArray: any[]): Promise<void> {
-    // Setup logic
-  }
-
-  async runTaskInWorkflow(buildGuid: string, task: string, workingDirectory: string, buildVolumeFolder: string, environmentVariables: any[], secrets: any[]): Promise<string> {
-    // Task execution logic
-    return 'Task completed';
-  }
-
-  async garbageCollect(): Promise<void> {
-    // Garbage collection logic
-  }
-
-  async listResources(): Promise<ProviderResource[]> {
-    return [];
-  }
-
-  async listWorkflow(): Promise<ProviderWorkflow[]> {
-    return [];
-  }
-
-  async watchWorkflow(): Promise<void> {
-    // Watch logic
-  }
-}
-```
-
-## Utility Methods
-
-### Analyze Provider Source
-
-```typescript
-// Analyze a provider source without loading it
-const sourceInfo = ProviderLoader.analyzeProviderSource('https://github.com/user/repo');
-console.log(sourceInfo.type); // 'github'
-console.log(sourceInfo.owner); // 'user'
-console.log(sourceInfo.repo); // 'repo'
-```
-
-### Clean Up Cache
-
-```typescript
-// Clean up old cached repositories (older than 30 days)
-await ProviderLoader.cleanupCache();
-
-// Clean up repositories older than 7 days
-await ProviderLoader.cleanupCache(7);
-```
-
-### Get Available Providers
-
-```typescript
-// Get list of built-in providers
-const providers = ProviderLoader.getAvailableProviders();
-console.log(providers); // ['aws', 'k8s', 'test', 'local-docker', 'local-system', 'local']
-```
-
-## Supported URL Formats
-
-### GitHub URLs
-- `https://github.com/user/repo`
-- `https://github.com/user/repo.git`
-- `https://github.com/user/repo/tree/branch`
-- `https://github.com/user/repo/tree/branch/path/to/provider`
-- `git@github.com:user/repo.git`
-
-### Shorthand GitHub References
-- `user/repo`
-- `user/repo@branch`
-- `user/repo@branch/path/to/provider`
-
-### Local Paths
-- `./relative/path`
-- `../relative/path`
-- `/absolute/path`
-- `C:\\path\\to\\provider` (Windows)
-
-### NPM Packages
-- `package-name`
-- `@scope/package-name`
-
-## Caching
-
-GitHub repositories are automatically cached in the `.provider-cache` directory. The cache key is generated based on the repository owner, name, and branch. This ensures that:
-
-1. Repositories are only cloned once
-2. Updates are checked and applied automatically
-3. Performance is improved for repeated loads
-4. Storage is managed efficiently
-
-## Error Handling
-
-The provider loader includes comprehensive error handling:
-
-- **Missing packages**: Clear error messages when providers cannot be found
-- **Interface validation**: Ensures providers implement the required interface
-- **Git operations**: Handles network issues and repository access problems
-- **Fallback mechanism**: Falls back to local provider if loading fails
-
-## Configuration
-
-The provider loader can be configured through environment variables:
-
-- `PROVIDER_CACHE_DIR`: Custom cache directory (default: `.provider-cache`)
-- `GIT_TIMEOUT`: Git operation timeout in milliseconds (default: 30000)
-
-## Best Practices
-
-1. **Use specific branches or tags**: Always specify the branch or specific tag when loading from GitHub
-2. **Implement proper error handling**: Wrap provider loading in try-catch blocks
-3. **Clean up regularly**: Use the cleanup utility to manage cache size
-4. **Test locally first**: Test providers locally before deploying
-5. **Use semantic versioning**: Tag your provider repositories for stable versions

src/model/orchestrator/providers/aws/aws-base-stack.ts

@@ -1,170 +0,0 @@
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import * as core from '@actions/core';
-import {
-  CloudFormation,
-  CreateStackCommand,
-  // eslint-disable-next-line import/named
-  CreateStackCommandInput,
-  DescribeStacksCommand,
-  // eslint-disable-next-line import/named
-  DescribeStacksCommandInput,
-  ListStacksCommand,
-  // eslint-disable-next-line import/named
-  Parameter,
-  UpdateStackCommand,
-  // eslint-disable-next-line import/named
-  UpdateStackCommandInput,
-  waitUntilStackCreateComplete,
-  waitUntilStackUpdateComplete,
-} from '@aws-sdk/client-cloudformation';
-import { BaseStackFormation } from './cloud-formations/base-stack-formation';
-import crypto from 'node:crypto';
-
-const DEFAULT_STACK_WAIT_TIME_SECONDS = 600;
-
-function getStackWaitTime(): number {
-  const overrideValue = Number(process.env.ORCHESTRATOR_AWS_STACK_WAIT_TIME ?? '');
-  if (!Number.isNaN(overrideValue) && overrideValue > 0) {
-    return overrideValue;
-  }
-
-  return DEFAULT_STACK_WAIT_TIME_SECONDS;
-}
-
-export class AWSBaseStack {
-  constructor(baseStackName: string) {
-    this.baseStackName = baseStackName;
-  }
-  private baseStackName: string;
-
-  async setupBaseStack(CF: CloudFormation) {
-    const baseStackName = this.baseStackName;
-    const stackWaitTimeSeconds = getStackWaitTime();
-
-    const baseStack = BaseStackFormation.formation;
-
-    // Cloud Formation Input
-    const describeStackInput: DescribeStacksCommandInput = {
-      StackName: baseStackName,
-    };
-    const parametersWithoutHash: Parameter[] = [{ ParameterKey: 'EnvironmentName', ParameterValue: baseStackName }];
-    const parametersHash = crypto
-      .createHash('md5')
-      .update(baseStack + JSON.stringify(parametersWithoutHash))
-      .digest('hex');
-    const parameters: Parameter[] = [
-      ...parametersWithoutHash,
-      ...[{ ParameterKey: 'Version', ParameterValue: parametersHash }],
-    ];
-    const updateInput: UpdateStackCommandInput = {
-      StackName: baseStackName,
-      TemplateBody: baseStack,
-      Parameters: parameters,
-      Capabilities: ['CAPABILITY_IAM'],
-    };
-    const createStackInput: CreateStackCommandInput = {
-      StackName: baseStackName,
-      TemplateBody: baseStack,
-      Parameters: parameters,
-      Capabilities: ['CAPABILITY_IAM'],
-    };
-
-    const stacks = await CF.send(
-      new ListStacksCommand({
-        StackStatusFilter: [
-          'CREATE_IN_PROGRESS',
-          'UPDATE_IN_PROGRESS',
-          'UPDATE_COMPLETE',
-          'CREATE_COMPLETE',
-          'ROLLBACK_COMPLETE',
-        ],
-      }),
-    );
-    const stackNames = stacks.StackSummaries?.map((x) => x.StackName) || [];
-    const stackExists: boolean = stackNames.includes(baseStackName);
-    const describeStack = async () => {
-      return await CF.send(new DescribeStacksCommand(describeStackInput));
-    };
-    try {
-      if (!stackExists) {
-        OrchestratorLogger.log(`${baseStackName} stack does not exist (${JSON.stringify(stackNames)})`);
-        let created = false;
-        try {
-          await CF.send(new CreateStackCommand(createStackInput));
-          created = true;
-        } catch (error: any) {
-          const message = `${error?.name ?? ''} ${error?.message ?? ''}`;
-          if (message.includes('AlreadyExistsException')) {
-            OrchestratorLogger.log(`Base stack already exists, continuing with describe`);
-          } else {
-            throw error;
-          }
-        }
-        if (created) {
-          OrchestratorLogger.log(`created stack (version: ${parametersHash})`);
-        }
-      }
-      const CFState = await describeStack();
-      let stack = CFState.Stacks?.[0];
-      if (!stack) {
-        throw new Error(`Base stack doesn't exist, even after creation, stackExists check: ${stackExists}`);
-      }
-      const stackVersion = stack.Parameters?.find((x) => x.ParameterKey === 'Version')?.ParameterValue;
-
-      if (stack.StackStatus === 'CREATE_IN_PROGRESS') {
-        OrchestratorLogger.log(
-          `Waiting up to ${stackWaitTimeSeconds}s for '${baseStackName}' CloudFormation creation to finish`,
-        );
-        await waitUntilStackCreateComplete(
-          {
-            client: CF,
-            maxWaitTime: stackWaitTimeSeconds,
-          },
-          describeStackInput,
-        );
-      }
-
-      if (stackExists) {
-        OrchestratorLogger.log(`Base stack exists (version: ${stackVersion}, local version: ${parametersHash})`);
-        if (parametersHash !== stackVersion) {
-          OrchestratorLogger.log(`Attempting update of base stack`);
-          try {
-            await CF.send(new UpdateStackCommand(updateInput));
-          } catch (error: any) {
-            if (error['message'].includes('No updates are to be performed')) {
-              OrchestratorLogger.log(`No updates are to be performed`);
-            } else {
-              OrchestratorLogger.log(`Update Failed (Stack name: ${baseStackName})`);
-              OrchestratorLogger.log(error['message']);
-            }
-            OrchestratorLogger.log(`Continuing...`);
-          }
-        } else {
-          OrchestratorLogger.log(`No update required`);
-        }
-        stack = (await describeStack()).Stacks?.[0];
-        if (!stack) {
-          throw new Error(
-            `Base stack doesn't exist, even after updating and creation, stackExists check: ${stackExists}`,
-          );
-        }
-        if (stack.StackStatus === 'UPDATE_IN_PROGRESS') {
-          OrchestratorLogger.log(
-            `Waiting up to ${stackWaitTimeSeconds}s for '${baseStackName}' CloudFormation update to finish`,
-          );
-          await waitUntilStackUpdateComplete(
-            {
-              client: CF,
-              maxWaitTime: stackWaitTimeSeconds,
-            },
-            describeStackInput,
-          );
-        }
-      }
-      OrchestratorLogger.log('base stack is now ready');
-    } catch (error) {
-      core.error(JSON.stringify(await describeStack(), undefined, 4));
-      throw error;
-    }
-  }
-}

src/model/orchestrator/providers/aws/aws-client-factory.ts

@@ -1,93 +0,0 @@
-import { CloudFormation } from '@aws-sdk/client-cloudformation';
-import { ECS } from '@aws-sdk/client-ecs';
-import { Kinesis } from '@aws-sdk/client-kinesis';
-import { CloudWatchLogs } from '@aws-sdk/client-cloudwatch-logs';
-import { S3 } from '@aws-sdk/client-s3';
-import { Input } from '../../..';
-import OrchestratorOptions from '../../options/orchestrator-options';
-
-export class AwsClientFactory {
-  private static cloudFormation: CloudFormation;
-  private static ecs: ECS;
-  private static kinesis: Kinesis;
-  private static cloudWatchLogs: CloudWatchLogs;
-  private static s3: S3;
-
-  private static getCredentials() {
-    // Explicitly provide credentials from environment variables for LocalStack compatibility
-    // LocalStack accepts any credentials, but the AWS SDK needs them to be explicitly set
-    const accessKeyId = process.env.AWS_ACCESS_KEY_ID;
-    const secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY;
-
-    if (accessKeyId && secretAccessKey) {
-      return {
-        accessKeyId,
-        secretAccessKey,
-      };
-    }
-
-    // Return undefined to let AWS SDK use default credential chain
-    return;
-  }
-
-  static getCloudFormation(): CloudFormation {
-    if (!this.cloudFormation) {
-      this.cloudFormation = new CloudFormation({
-        region: Input.region,
-        endpoint: OrchestratorOptions.awsCloudFormationEndpoint,
-        credentials: AwsClientFactory.getCredentials(),
-      });
-    }
-
-    return this.cloudFormation;
-  }
-
-  static getECS(): ECS {
-    if (!this.ecs) {
-      this.ecs = new ECS({
-        region: Input.region,
-        endpoint: OrchestratorOptions.awsEcsEndpoint,
-        credentials: AwsClientFactory.getCredentials(),
-      });
-    }
-
-    return this.ecs;
-  }
-
-  static getKinesis(): Kinesis {
-    if (!this.kinesis) {
-      this.kinesis = new Kinesis({
-        region: Input.region,
-        endpoint: OrchestratorOptions.awsKinesisEndpoint,
-        credentials: AwsClientFactory.getCredentials(),
-      });
-    }
-
-    return this.kinesis;
-  }
-
-  static getCloudWatchLogs(): CloudWatchLogs {
-    if (!this.cloudWatchLogs) {
-      this.cloudWatchLogs = new CloudWatchLogs({
-        region: Input.region,
-        endpoint: OrchestratorOptions.awsCloudWatchLogsEndpoint,
-        credentials: AwsClientFactory.getCredentials(),
-      });
-    }
-
-    return this.cloudWatchLogs;
-  }
-
-  static getS3(): S3 {
-    if (!this.s3) {
-      this.s3 = new S3({
-        region: Input.region,
-        endpoint: OrchestratorOptions.awsS3Endpoint,
-        forcePathStyle: true,
-        credentials: AwsClientFactory.getCredentials(),
-      });
-    }
-
-    return this.s3;
-  }
-}

src/model/orchestrator/providers/aws/aws-cloud-formation-templates.ts

@@ -1,40 +0,0 @@
-import { TaskDefinitionFormation } from './cloud-formations/task-definition-formation';
-
-export class AWSCloudFormationTemplates {
-  public static getParameterTemplate(p1: string) {
-    return `
-  ${p1}:
-    Type: String
-    Default: ''
-`;
-  }
-
-  public static getSecretTemplate(p1: string) {
-    return `
-  ${p1}Secret:
-    Type: AWS::SecretsManager::Secret
-    Properties:
-      Name: '${p1}'
-      SecretString: !Ref ${p1}
-`;
-  }
-
-  public static getSecretDefinitionTemplate(p1: string, p2: string) {
-    return `
-          Secrets:
-            - Name: '${p1}'
-              ValueFrom: !Ref ${p2}Secret
-`;
-  }
-
-  public static insertAtTemplate(template: string, insertionKey: string, insertion: string) {
-    const index = template.search(insertionKey) + insertionKey.length + '\n'.length;
-    template = [template.slice(0, index), insertion, template.slice(index)].join('');
-
-    return template;
-  }
-
-  public static readTaskCloudFormationTemplate(): string {
-    return TaskDefinitionFormation.formation;
-  }
-}

src/model/orchestrator/providers/aws/aws-error.ts

@@ -1,16 +0,0 @@
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { CloudFormation, DescribeStackEventsCommand } from '@aws-sdk/client-cloudformation';
-import * as core from '@actions/core';
-import Orchestrator from '../../orchestrator';
-
-export class AWSError {
-  static async handleStackCreationFailure(error: any, CF: CloudFormation, taskDefStackName: string) {
-    OrchestratorLogger.log('aws error: ');
-    core.error(JSON.stringify(error, undefined, 4));
-    if (Orchestrator.buildParameters.orchestratorDebug) {
-      OrchestratorLogger.log('Getting events and resources for task stack');
-      const events = (await CF.send(new DescribeStackEventsCommand({ StackName: taskDefStackName }))).StackEvents;
-      OrchestratorLogger.log(JSON.stringify(events, undefined, 4));
-    }
-  }
-}

src/model/orchestrator/providers/aws/aws-job-stack.ts

@@ -1,242 +0,0 @@
-import {
-  CloudFormation,
-  CreateStackCommand,
-  // eslint-disable-next-line import/named
-  CreateStackCommandInput,
-  DescribeStackResourcesCommand,
-  DescribeStacksCommand,
-  ListStacksCommand,
-  waitUntilStackCreateComplete,
-} from '@aws-sdk/client-cloudformation';
-import OrchestratorAWSTaskDef from './orchestrator-aws-task-def';
-import OrchestratorSecret from '../../options/orchestrator-secret';
-import { AWSCloudFormationTemplates } from './aws-cloud-formation-templates';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { AWSError } from './aws-error';
-import Orchestrator from '../../orchestrator';
-import { CleanupCronFormation } from './cloud-formations/cleanup-cron-formation';
-import OrchestratorOptions from '../../options/orchestrator-options';
-import { TaskDefinitionFormation } from './cloud-formations/task-definition-formation';
-
-const DEFAULT_STACK_WAIT_TIME_SECONDS = 600;
-
-function getStackWaitTime(): number {
-  const overrideValue = Number(process.env.ORCHESTRATOR_AWS_STACK_WAIT_TIME ?? '');
-  if (!Number.isNaN(overrideValue) && overrideValue > 0) {
-    return overrideValue;
-  }
-
-  return DEFAULT_STACK_WAIT_TIME_SECONDS;
-}
-
-export class AWSJobStack {
-  private baseStackName: string;
-  constructor(baseStackName: string) {
-    this.baseStackName = baseStackName;
-  }
-
-  public async setupCloudFormations(
-    CF: CloudFormation,
-    buildGuid: string,
-    image: string,
-    entrypoint: string[],
-    commands: string,
-    mountdir: string,
-    workingdir: string,
-    secrets: OrchestratorSecret[],
-  ): Promise<OrchestratorAWSTaskDef> {
-    const taskDefStackName = `${this.baseStackName}-${buildGuid}`;
-    let taskDefCloudFormation = AWSCloudFormationTemplates.readTaskCloudFormationTemplate();
-    taskDefCloudFormation = taskDefCloudFormation.replace(
-      `ContainerCpu:
-    Default: 1024`,
-      `ContainerCpu:
-    Default: ${Number.parseInt(Orchestrator.buildParameters.containerCpu)}`,
-    );
-    taskDefCloudFormation = taskDefCloudFormation.replace(
-      `ContainerMemory:
-    Default: 2048`,
-      `ContainerMemory:
-    Default: ${Number.parseInt(Orchestrator.buildParameters.containerMemory)}`,
-    );
-    if (!OrchestratorOptions.asyncOrchestrator) {
-      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
-        taskDefCloudFormation,
-        '# template resources logstream',
-        TaskDefinitionFormation.streamLogs,
-      );
-    }
-    for (const secret of secrets) {
-      secret.ParameterKey = `${buildGuid.replace(/[^\dA-Za-z]/g, '')}${secret.ParameterKey.replace(
-        /[^\dA-Za-z]/g,
-        '',
-      )}`;
-      if (typeof secret.ParameterValue == 'number') {
-        secret.ParameterValue = `${secret.ParameterValue}`;
-      }
-      if (!secret.ParameterValue || secret.ParameterValue === '') {
-        secrets = secrets.filter((x) => x !== secret);
-        continue;
-      }
-      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
-        taskDefCloudFormation,
-        'p1 - input',
-        AWSCloudFormationTemplates.getParameterTemplate(secret.ParameterKey),
-      );
-      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
-        taskDefCloudFormation,
-        '# template resources secrets',
-        AWSCloudFormationTemplates.getSecretTemplate(`${secret.ParameterKey}`),
-      );
-      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
-        taskDefCloudFormation,
-        'p3 - container def',
-        AWSCloudFormationTemplates.getSecretDefinitionTemplate(secret.EnvironmentVariable, secret.ParameterKey),
-      );
-    }
-    const secretsMappedToCloudFormationParameters = secrets.map((x) => {
-      return { ParameterKey: x.ParameterKey.replace(/[^\dA-Za-z]/g, ''), ParameterValue: x.ParameterValue };
-    });
-    const logGroupName = `${this.baseStackName}/${taskDefStackName}`;
-    const parameters = [
-      {
-        ParameterKey: 'EnvironmentName',
-        ParameterValue: this.baseStackName,
-      },
-      {
-        ParameterKey: 'ImageUrl',
-        ParameterValue: image,
-      },
-      {
-        ParameterKey: 'ServiceName',
-        ParameterValue: taskDefStackName,
-      },
-      {
-        ParameterKey: 'LogGroupName',
-        ParameterValue: logGroupName,
-      },
-      {
-        ParameterKey: 'Command',
-        ParameterValue: 'echo "this template should be overwritten when running a task"',
-      },
-      {
-        ParameterKey: 'EntryPoint',
-        ParameterValue: entrypoint.join(','),
-      },
-      {
-        ParameterKey: 'WorkingDirectory',
-        ParameterValue: workingdir,
-      },
-      {
-        ParameterKey: 'EFSMountDirectory',
-        ParameterValue: mountdir,
-      },
-      ...secretsMappedToCloudFormationParameters,
-    ];
-    OrchestratorLogger.log(
-      `Starting AWS job with memory: ${Orchestrator.buildParameters.containerMemory} cpu: ${Orchestrator.buildParameters.containerCpu}`,
-    );
-    let previousStackExists = true;
-    while (previousStackExists) {
-      previousStackExists = false;
-      const stacks = await CF.send(new ListStacksCommand({}));
-      if (!stacks.StackSummaries) {
-        throw new Error('Faild to get stacks');
-      }
-      for (let index = 0; index < stacks.StackSummaries.length; index++) {
-        const element = stacks.StackSummaries[index];
-        if (element.StackName === taskDefStackName && element.StackStatus !== 'DELETE_COMPLETE') {
-          previousStackExists = true;
-          OrchestratorLogger.log(`Previous stack still exists: ${JSON.stringify(element)}`);
-          await new Promise((promise) => setTimeout(promise, 5000));
-        }
-      }
-    }
-    const createStackInput: CreateStackCommandInput = {
-      StackName: taskDefStackName,
-      TemplateBody: taskDefCloudFormation,
-      Capabilities: ['CAPABILITY_IAM'],
-      Parameters: parameters,
-    };
-    try {
-      const stackWaitTimeSeconds = getStackWaitTime();
-      OrchestratorLogger.log(
-        `Creating job aws formation ${taskDefStackName} (waiting up to ${stackWaitTimeSeconds}s for completion)`,
-      );
-      await CF.send(new CreateStackCommand(createStackInput));
-      await waitUntilStackCreateComplete(
-        {
-          client: CF,
-          maxWaitTime: stackWaitTimeSeconds,
-        },
-        { StackName: taskDefStackName },
-      );
-      const describeStack = await CF.send(new DescribeStacksCommand({ StackName: taskDefStackName }));
-      for (const parameter of parameters) {
-        if (!describeStack.Stacks?.[0].Parameters?.some((x) => x.ParameterKey === parameter.ParameterKey)) {
-          throw new Error(`Parameter ${parameter.ParameterKey} not found in stack`);
-        }
-      }
-    } catch (error) {
-      await AWSError.handleStackCreationFailure(error, CF, taskDefStackName);
-      throw error;
-    }
-
-    const createCleanupStackInput: CreateStackCommandInput = {
-      StackName: `${taskDefStackName}-cleanup`,
-      TemplateBody: CleanupCronFormation.formation,
-      Capabilities: ['CAPABILITY_IAM'],
-      Parameters: [
-        {
-          ParameterKey: 'StackName',
-          ParameterValue: taskDefStackName,
-        },
-        {
-          ParameterKey: 'DeleteStackName',
-          ParameterValue: `${taskDefStackName}-cleanup`,
-        },
-        {
-          ParameterKey: 'TTL',
-          ParameterValue: `1080`,
-        },
-        {
-          ParameterKey: 'BUILDGUID',
-          ParameterValue: Orchestrator.buildParameters.buildGuid,
-        },
-        {
-          ParameterKey: 'EnvironmentName',
-          ParameterValue: this.baseStackName,
-        },
-      ],
-    };
-    if (OrchestratorOptions.useCleanupCron) {
-      try {
-        OrchestratorLogger.log(`Creating job cleanup formation`);
-        await CF.send(new CreateStackCommand(createCleanupStackInput));
-
-        // await CF.waitFor('stackCreateComplete', { StackName: createCleanupStackInput.StackName }).promise();
-      } catch (error) {
-        await AWSError.handleStackCreationFailure(error, CF, taskDefStackName);
-        throw error;
-      }
-    }
-
-    const taskDefResources = (
-      await CF.send(
-        new DescribeStackResourcesCommand({
-          StackName: taskDefStackName,
-        }),
-      )
-    ).StackResources;
-
-    const baseResources = (await CF.send(new DescribeStackResourcesCommand({ StackName: this.baseStackName })))
-      .StackResources;
-
-    return {
-      taskDefStackName,
-      taskDefCloudFormation,
-      taskDefResources,
-      baseResources,
-    };
-  }
-}

src/model/orchestrator/providers/aws/aws-task-runner.ts

@@ -1,335 +0,0 @@
-import { DescribeTasksCommand, RunTaskCommand, waitUntilTasksRunning } from '@aws-sdk/client-ecs';
-import { DescribeStreamCommand, GetRecordsCommand, GetShardIteratorCommand } from '@aws-sdk/client-kinesis';
-import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
-import * as core from '@actions/core';
-import OrchestratorAWSTaskDef from './orchestrator-aws-task-def';
-import * as zlib from 'node:zlib';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { Input } from '../../..';
-import Orchestrator from '../../orchestrator';
-import { CommandHookService } from '../../services/hooks/command-hook-service';
-import { FollowLogStreamService } from '../../services/core/follow-log-stream-service';
-import OrchestratorOptions from '../../options/orchestrator-options';
-import GitHub from '../../../github';
-import { AwsClientFactory } from './aws-client-factory';
-
-class AWSTaskRunner {
-  private static readonly encodedUnderscore = `$252F`;
-
-  /**
-   * Transform localhost endpoints to host.docker.internal for container environments.
-   * When LocalStack is used, ECS tasks run in Docker containers that need to reach
-   * LocalStack on the host machine via host.docker.internal.
-   */
-  private static transformEndpointsForContainer(
-    environment: OrchestratorEnvironmentVariable[],
-  ): OrchestratorEnvironmentVariable[] {
-    const endpointEnvironmentNames = new Set([
-      'AWS_S3_ENDPOINT',
-      'AWS_ENDPOINT',
-      'AWS_CLOUD_FORMATION_ENDPOINT',
-      'AWS_ECS_ENDPOINT',
-      'AWS_KINESIS_ENDPOINT',
-      'AWS_CLOUD_WATCH_LOGS_ENDPOINT',
-      'INPUT_AWSS3ENDPOINT',
-      'INPUT_AWSENDPOINT',
-    ]);
-
-    return environment.map((x) => {
-      let value = x.value;
-      if (
-        typeof value === 'string' &&
-        endpointEnvironmentNames.has(x.name) &&
-        (value.startsWith('http://localhost') || value.startsWith('http://127.0.0.1'))
-      ) {
-        // Replace localhost with host.docker.internal so ECS containers can access host services
-        value = value
-          .replace('http://localhost', 'http://host.docker.internal')
-          .replace('http://127.0.0.1', 'http://host.docker.internal');
-        OrchestratorLogger.log(`AWS TaskRunner: Replaced localhost with host.docker.internal for ${x.name}: ${value}`);
-      }
-
-      return { name: x.name, value };
-    });
-  }
-
-  static async runTask(
-    taskDef: OrchestratorAWSTaskDef,
-    environment: OrchestratorEnvironmentVariable[],
-    commands: string,
-  ): Promise<{ output: string; shouldCleanup: boolean }> {
-    const cluster = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ECSCluster')?.PhysicalResourceId || '';
-    const taskDefinition =
-      taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'TaskDefinition')?.PhysicalResourceId || '';
-    const SubnetOne =
-      taskDef.baseResources?.find((x) => x.LogicalResourceId === 'PublicSubnetOne')?.PhysicalResourceId || '';
-    const SubnetTwo =
-      taskDef.baseResources?.find((x) => x.LogicalResourceId === 'PublicSubnetTwo')?.PhysicalResourceId || '';
-    const ContainerSecurityGroup =
-      taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ContainerSecurityGroup')?.PhysicalResourceId || '';
-    const streamName =
-      taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'KinesisStream')?.PhysicalResourceId || '';
-
-    // Transform localhost endpoints for container environment
-    const transformedEnvironment = AWSTaskRunner.transformEndpointsForContainer(environment);
-
-    const runParameters = {
-      cluster,
-      taskDefinition,
-      platformVersion: '1.4.0',
-      overrides: {
-        containerOverrides: [
-          {
-            name: taskDef.taskDefStackName,
-            environment: transformedEnvironment,
-            command: ['-c', CommandHookService.ApplyHooksToCommands(commands, Orchestrator.buildParameters)],
-          },
-        ],
-      },
-      launchType: 'FARGATE',
-      networkConfiguration: {
-        awsvpcConfiguration: {
-          subnets: [SubnetOne, SubnetTwo],
-          assignPublicIp: 'ENABLED',
-          securityGroups: [ContainerSecurityGroup],
-        },
-      },
-    };
-
-    if (JSON.stringify(runParameters.overrides.containerOverrides).length > 8192) {
-      OrchestratorLogger.log(JSON.stringify(runParameters.overrides.containerOverrides, undefined, 4));
-      throw new Error(`Container Overrides length must be at most 8192`);
-    }
-
-    const task = await AwsClientFactory.getECS().send(new RunTaskCommand(runParameters as any));
-    const taskArn = task.tasks?.[0].taskArn || '';
-    OrchestratorLogger.log('Orchestrator job is starting');
-    await AWSTaskRunner.waitUntilTaskRunning(taskArn, cluster);
-    OrchestratorLogger.log(
-      `Orchestrator job status is running ${(await AWSTaskRunner.describeTasks(cluster, taskArn))?.lastStatus} Async:${
-        OrchestratorOptions.asyncOrchestrator
-      }`,
-    );
-    if (OrchestratorOptions.asyncOrchestrator) {
-      const shouldCleanup: boolean = false;
-      const output: string = '';
-      OrchestratorLogger.log(`Watch Orchestrator To End: false`);
-
-      return { output, shouldCleanup };
-    }
-
-    OrchestratorLogger.log(`Streaming...`);
-    const { output, shouldCleanup } = await this.streamLogsUntilTaskStops(cluster, taskArn, streamName);
-    let exitCode;
-    let containerState;
-    let taskData;
-    while (exitCode === undefined) {
-      await new Promise((resolve) => setTimeout(resolve, 10000));
-      taskData = await AWSTaskRunner.describeTasks(cluster, taskArn);
-      const containers = taskData?.containers as any[] | undefined;
-      if (!containers || containers.length === 0) {
-        continue;
-      }
-      containerState = containers[0];
-      exitCode = containerState?.exitCode;
-    }
-    OrchestratorLogger.log(`Container State: ${JSON.stringify(containerState, undefined, 4)}`);
-    if (exitCode === undefined) {
-      OrchestratorLogger.logWarning(`Undefined exitcode for container`);
-    }
-    const wasSuccessful = exitCode === 0;
-    if (wasSuccessful) {
-      OrchestratorLogger.log(`Orchestrator job has finished successfully`);
-
-      return { output, shouldCleanup };
-    }
-
-    if (taskData?.stoppedReason === 'Essential container in task exited' && exitCode === 1) {
-      throw new Error('Container exited with code 1');
-    }
-
-    throw new Error(`Task failed`);
-  }
-
-  private static async waitUntilTaskRunning(taskArn: string, cluster: string) {
-    try {
-      await waitUntilTasksRunning(
-        {
-          client: AwsClientFactory.getECS(),
-          maxWaitTime: 300,
-          minDelay: 5,
-          maxDelay: 30,
-        },
-        { tasks: [taskArn], cluster },
-      );
-    } catch (error_) {
-      const error = error_ as Error;
-      await new Promise((resolve) => setTimeout(resolve, 3000));
-      const taskAfterError = await AWSTaskRunner.describeTasks(cluster, taskArn);
-      OrchestratorLogger.log(`Orchestrator job has ended ${taskAfterError?.containers?.[0]?.lastStatus}`);
-
-      core.setFailed(error);
-      core.error(error);
-    }
-  }
-
-  static async describeTasks(clusterName: string, taskArn: string) {
-    const maxAttempts = 10;
-    let delayMs = 1000;
-    const maxDelayMs = 60000;
-    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
-      try {
-        const tasks = await AwsClientFactory.getECS().send(
-          new DescribeTasksCommand({ cluster: clusterName, tasks: [taskArn] }),
-        );
-        if (tasks.tasks?.[0]) {
-          return tasks.tasks?.[0];
-        }
-        throw new Error('No task found');
-      } catch (error: any) {
-        const isThrottle = error?.name === 'ThrottlingException' || /rate exceeded/i.test(String(error?.message));
-        if (!isThrottle || attempt === maxAttempts) {
-          throw error;
-        }
-        const jitterMs = Math.floor(Math.random() * Math.min(1000, delayMs));
-        const sleepMs = delayMs + jitterMs;
-        OrchestratorLogger.log(
-          `AWS throttled DescribeTasks (attempt ${attempt}/${maxAttempts}), backing off ${sleepMs}ms (${delayMs} + jitter ${jitterMs})`,
-        );
-        await new Promise((r) => setTimeout(r, sleepMs));
-        delayMs = Math.min(delayMs * 2, maxDelayMs);
-      }
-    }
-  }
-
-  static async streamLogsUntilTaskStops(clusterName: string, taskArn: string, kinesisStreamName: string) {
-    await new Promise((resolve) => setTimeout(resolve, 3000));
-    OrchestratorLogger.log(`Streaming...`);
-    const stream = await AWSTaskRunner.getLogStream(kinesisStreamName);
-    let iterator = await AWSTaskRunner.getLogIterator(stream);
-
-    const logBaseUrl = `https://${Input.region}.console.aws.amazon.com/cloudwatch/home?region=${Input.region}#logsV2:log-groups/log-group/${Orchestrator.buildParameters.awsStackName}${AWSTaskRunner.encodedUnderscore}${Orchestrator.buildParameters.awsStackName}-${Orchestrator.buildParameters.buildGuid}`;
-    OrchestratorLogger.log(`You view the log stream on AWS Cloud Watch: ${logBaseUrl}`);
-    await GitHub.updateGitHubCheck(`You view the log stream on AWS Cloud Watch:  ${logBaseUrl}`, ``);
-    let shouldReadLogs = true;
-    let shouldCleanup = true;
-    let timestamp: number = 0;
-    let output = '';
-    while (shouldReadLogs) {
-      await new Promise((resolve) => setTimeout(resolve, 1500));
-      const taskData = await AWSTaskRunner.describeTasks(clusterName, taskArn);
-      ({ timestamp, shouldReadLogs } = AWSTaskRunner.checkStreamingShouldContinue(taskData, timestamp, shouldReadLogs));
-      if (taskData?.lastStatus !== 'RUNNING') {
-        await new Promise((resolve) => setTimeout(resolve, 3500));
-      }
-      ({ iterator, shouldReadLogs, output, shouldCleanup } = await AWSTaskRunner.handleLogStreamIteration(
-        iterator,
-        shouldReadLogs,
-        output,
-        shouldCleanup,
-      ));
-    }
-
-    return { output, shouldCleanup };
-  }
-
-  private static async handleLogStreamIteration(
-    iterator: string,
-    shouldReadLogs: boolean,
-    output: string,
-    shouldCleanup: boolean,
-  ) {
-    let records: any;
-    try {
-      records = await AwsClientFactory.getKinesis().send(new GetRecordsCommand({ ShardIterator: iterator }));
-    } catch (error: any) {
-      const isThrottle = error?.name === 'ThrottlingException' || /rate exceeded/i.test(String(error?.message));
-      if (isThrottle) {
-        const baseBackoffMs = 1000;
-        const jitterMs = Math.floor(Math.random() * 1000);
-        const sleepMs = baseBackoffMs + jitterMs;
-        OrchestratorLogger.log(`AWS throttled GetRecords, backing off ${sleepMs}ms (1000 + jitter ${jitterMs})`);
-        await new Promise((r) => setTimeout(r, sleepMs));
-
-        return { iterator, shouldReadLogs, output, shouldCleanup };
-      }
-      throw error;
-    }
-    iterator = records.NextShardIterator || '';
-    ({ shouldReadLogs, output, shouldCleanup } = AWSTaskRunner.logRecords(
-      records,
-      iterator,
-      shouldReadLogs,
-      output,
-      shouldCleanup,
-    ));
-
-    return { iterator, shouldReadLogs, output, shouldCleanup };
-  }
-
-  private static checkStreamingShouldContinue(taskData: any, timestamp: number, shouldReadLogs: boolean) {
-    if (taskData?.lastStatus === 'UNKNOWN') {
-      OrchestratorLogger.log('## Orchestrator job unknwon');
-    }
-    if (taskData?.lastStatus !== 'RUNNING') {
-      if (timestamp === 0) {
-        OrchestratorLogger.log('## Orchestrator job stopped, streaming end of logs');
-        timestamp = Date.now();
-      }
-      if (timestamp !== 0 && Date.now() - timestamp > 30000) {
-        OrchestratorLogger.log('## Orchestrator status is not RUNNING for 30 seconds, last query for logs');
-        shouldReadLogs = false;
-      }
-      OrchestratorLogger.log(`## Status of job: ${taskData.lastStatus}`);
-    }
-
-    return { timestamp, shouldReadLogs };
-  }
-
-  private static logRecords(
-    records: any,
-    iterator: string,
-    shouldReadLogs: boolean,
-    output: string,
-    shouldCleanup: boolean,
-  ) {
-    if ((records.Records ?? []).length > 0 && iterator) {
-      for (const record of records.Records ?? []) {
-        const json = JSON.parse(
-          zlib.gunzipSync(Buffer.from(record.Data as unknown as string, 'base64')).toString('utf8'),
-        );
-        if (json.messageType === 'DATA_MESSAGE') {
-          for (const logEvent of json.logEvents) {
-            ({ shouldReadLogs, shouldCleanup, output } = FollowLogStreamService.handleIteration(
-              logEvent.message,
-              shouldReadLogs,
-              shouldCleanup,
-              output,
-            ));
-          }
-        }
-      }
-    }
-
-    return { shouldReadLogs, output, shouldCleanup };
-  }
-
-  private static async getLogStream(kinesisStreamName: string) {
-    return await AwsClientFactory.getKinesis().send(new DescribeStreamCommand({ StreamName: kinesisStreamName }));
-  }
-
-  private static async getLogIterator(stream: any) {
-    return (
-      (
-        await AwsClientFactory.getKinesis().send(
-          new GetShardIteratorCommand({
-            ShardIteratorType: 'TRIM_HORIZON',
-            StreamName: stream.StreamDescription?.StreamName ?? '',
-            ShardId: stream.StreamDescription?.Shards?.[0]?.ShardId || '',
-          }),
-        )
-      ).ShardIterator || ''
-    );
-  }
-}
-export default AWSTaskRunner;

src/model/orchestrator/providers/aws/cloud-formations/base-stack-formation.ts

@@ -1,397 +0,0 @@
-export class BaseStackFormation {
-  public static readonly baseStackDecription = `Game-CI base stack`;
-  public static readonly formation: string = `AWSTemplateFormatVersion: '2010-09-09'
-Description: ${BaseStackFormation.baseStackDecription}
-Parameters:
-  EnvironmentName:
-    Type: String
-    Default: development
-    Description: 'Your deployment environment: DEV, QA , PROD'
-  Version:
-    Type: String
-    Description: 'hash of template'
-
-  # ContainerPort:
-  #   Type: Number
-  #   Default: 80
-  #   Description: What port number the application inside the docker container is binding to
-
-Mappings:
-  # Hard values for the subnet masks. These masks define
-  # the range of internal IP addresses that can be assigned.
-  # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255
-  # There are four subnets which cover the ranges:
-  #
-  # 10.0.0.0 - 10.0.0.255
-  # 10.0.1.0 - 10.0.1.255
-  # 10.0.2.0 - 10.0.2.255
-  # 10.0.3.0 - 10.0.3.255
-
-  SubnetConfig:
-    VPC:
-      CIDR: '10.0.0.0/16'
-    PublicOne:
-      CIDR: '10.0.0.0/24'
-    PublicTwo:
-      CIDR: '10.0.1.0/24'
-
-Resources:
-  # VPC in which containers will be networked.
-  # It has two public subnets, and two private subnets.
-  # We distribute the subnets across the first two available subnets
-  # for the region, for high availability.
-  VPC:
-    Type: AWS::EC2::VPC
-    Properties:
-      EnableDnsSupport: true
-      EnableDnsHostnames: true
-      CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
-
-  MainBucket:
-    Type: "AWS::S3::Bucket"
-    Properties:
-      BucketName: !Ref EnvironmentName
-
-  EFSServerSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupName: 'efs-server-endpoints'
-      GroupDescription: Which client ip addrs are allowed to access EFS server
-      VpcId: !Ref 'VPC'
-      SecurityGroupIngress:
-        - IpProtocol: tcp
-          FromPort: 2049
-          ToPort: 2049
-          SourceSecurityGroupId: !Ref ContainerSecurityGroup
-          #CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
-  # A security group for the containers we will run in Fargate.
-  # Rules are added to this security group based on what ingress you
-  # add for the cluster.
-  ContainerSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupName: 'task security group'
-      GroupDescription: Access to the Fargate containers
-      VpcId: !Ref 'VPC'
-      # SecurityGroupIngress:
-      #   - IpProtocol: tcp
-      #     FromPort: !Ref ContainerPort
-      #     ToPort: !Ref ContainerPort
-      #     CidrIp: 0.0.0.0/0
-      SecurityGroupEgress:
-        - IpProtocol: -1
-          FromPort: 2049
-          ToPort: 2049
-          CidrIp: '0.0.0.0/0'
-
-  # Two public subnets, where containers can have public IP addresses
-  PublicSubnetOne:
-    Type: AWS::EC2::Subnet
-    Properties:
-      AvailabilityZone: !Select
-        - 0
-        - Fn::GetAZs: !Ref 'AWS::Region'
-      VpcId: !Ref 'VPC'
-      CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
-      #  MapPublicIpOnLaunch: true
-
-  PublicSubnetTwo:
-    Type: AWS::EC2::Subnet
-    Properties:
-      AvailabilityZone: !Select
-        - 1
-        - Fn::GetAZs: !Ref 'AWS::Region'
-      VpcId: !Ref 'VPC'
-      CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']
-      #  MapPublicIpOnLaunch: true
-
-  # Setup networking resources for the public subnets. Containers
-  # in the public subnets have public IP addresses and the routing table
-  # sends network traffic via the internet gateway.
-  InternetGateway:
-    Type: AWS::EC2::InternetGateway
-  GatewayAttachement:
-    Type: AWS::EC2::VPCGatewayAttachment
-    Properties:
-      VpcId: !Ref 'VPC'
-      InternetGatewayId: !Ref 'InternetGateway'
-
-  # Attaching a Internet Gateway to route table makes it public.
-  PublicRouteTable:
-    Type: AWS::EC2::RouteTable
-    Properties:
-      VpcId: !Ref 'VPC'
-  PublicRoute:
-    Type: AWS::EC2::Route
-    DependsOn: GatewayAttachement
-    Properties:
-      RouteTableId: !Ref 'PublicRouteTable'
-      DestinationCidrBlock: '0.0.0.0/0'
-      GatewayId: !Ref 'InternetGateway'
-
-  # Attaching a public route table makes a subnet public.
-  PublicSubnetOneRouteTableAssociation:
-    Type: AWS::EC2::SubnetRouteTableAssociation
-    Properties:
-      SubnetId: !Ref PublicSubnetOne
-      RouteTableId: !Ref PublicRouteTable
-  PublicSubnetTwoRouteTableAssociation:
-    Type: AWS::EC2::SubnetRouteTableAssociation
-    Properties:
-      SubnetId: !Ref PublicSubnetTwo
-      RouteTableId: !Ref PublicRouteTable
-
-  # ECS Resources
-  ECSCluster:
-    Type: AWS::ECS::Cluster
-
-  # A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets
-  # on your AWS account
-  AutoscalingRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service: [application-autoscaling.amazonaws.com]
-            Action: ['sts:AssumeRole']
-      Path: /
-      Policies:
-        - PolicyName: service-autoscaling
-          PolicyDocument:
-            Statement:
-              - Effect: Allow
-                Action:
-                  - 'application-autoscaling:*'
-                  - 'cloudwatch:DescribeAlarms'
-                  - 'cloudwatch:PutMetricAlarm'
-                  - 'ecs:DescribeServices'
-                  - 'ecs:UpdateService'
-                Resource: '*'
-
-  # This is an IAM role which authorizes ECS to manage resources on your
-  # account on your behalf, such as updating your load balancer with the
-  # details of where your containers are, so that traffic can reach your
-  # containers.
-  ECSRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service: [ecs.amazonaws.com]
-            Action: ['sts:AssumeRole']
-      Path: /
-      Policies:
-        - PolicyName: ecs-service
-          PolicyDocument:
-            Statement:
-              - Effect: Allow
-                Action:
-                  # Rules which allow ECS to attach network interfaces to instances
-                  # on your behalf in order for awsvpc networking mode to work right
-                  - 'ec2:AttachNetworkInterface'
-                  - 'ec2:CreateNetworkInterface'
-                  - 'ec2:CreateNetworkInterfacePermission'
-                  - 'ec2:DeleteNetworkInterface'
-                  - 'ec2:DeleteNetworkInterfacePermission'
-                  - 'ec2:Describe*'
-                  - 'ec2:DetachNetworkInterface'
-
-                  # Rules which allow ECS to update load balancers on your behalf
-                  # with the information sabout how to send traffic to your containers
-                  - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
-                  - 'elasticloadbalancing:DeregisterTargets'
-                  - 'elasticloadbalancing:Describe*'
-                  - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
-                  - 'elasticloadbalancing:RegisterTargets'
-                Resource: '*'
-
-  # This is a role which is used by the ECS tasks themselves.
-  ECSTaskExecutionRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service: [ecs-tasks.amazonaws.com]
-            Action: ['sts:AssumeRole']
-      Path: /
-      Policies:
-        - PolicyName: AmazonECSTaskExecutionRolePolicy
-          PolicyDocument:
-            Statement:
-              - Effect: Allow
-                Action:
-                  # Allow the use of secret manager
-                  - 'secretsmanager:GetSecretValue'
-                  - 'kms:Decrypt'
-
-                  # Allow the ECS Tasks to download images from ECR
-                  - 'ecr:GetAuthorizationToken'
-                  - 'ecr:BatchCheckLayerAvailability'
-                  - 'ecr:GetDownloadUrlForLayer'
-                  - 'ecr:BatchGetImage'
-
-                  # Allow the ECS tasks to upload logs to CloudWatch
-                  - 'logs:CreateLogStream'
-                  - 'logs:PutLogEvents'
-                Resource: '*'
-
-  DeleteCFNLambdaExecutionRole:
-    Type: 'AWS::IAM::Role'
-    Properties:
-      AssumeRolePolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-          - Effect: 'Allow'
-            Principal:
-              Service: ['lambda.amazonaws.com']
-            Action: 'sts:AssumeRole'
-      Path: '/'
-      Policies:
-        - PolicyName: DeleteCFNLambdaExecutionRole
-          PolicyDocument:
-            Version: '2012-10-17'
-            Statement:
-              - Effect: 'Allow'
-                Action:
-                  - 'logs:CreateLogGroup'
-                  - 'logs:CreateLogStream'
-                  - 'logs:PutLogEvents'
-                Resource: 'arn:aws:logs:*:*:*'
-              - Effect: 'Allow'
-                Action:
-                  - 'cloudformation:DeleteStack'
-                  - 'kinesis:DeleteStream'
-                  - 'secretsmanager:DeleteSecret'
-                  - 'kinesis:DescribeStreamSummary'
-                  - 'logs:DeleteLogGroup'
-                  - 'logs:DeleteSubscriptionFilter'
-                  - 'ecs:DeregisterTaskDefinition'
-                  - 'lambda:DeleteFunction'
-                  - 'lambda:InvokeFunction'
-                  - 'events:RemoveTargets'
-                  - 'events:DeleteRule'
-                  - 'lambda:RemovePermission'
-                Resource: '*'
-
-  ### cloud watch to kinesis role
-  CloudWatchIAMRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service: [logs.amazonaws.com]
-            Action: ['sts:AssumeRole']
-      Path: /
-      Policies:
-        - PolicyName: service-autoscaling
-          PolicyDocument:
-            Statement:
-              - Effect: Allow
-                Action:
-                  - 'kinesis:PutRecord'
-                Resource: '*'
-
-  #####################EFS#####################
-  EfsFileStorage:
-    Type: 'AWS::EFS::FileSystem'
-    Properties:
-      BackupPolicy:
-        Status: ENABLED
-      PerformanceMode: maxIO
-      Encrypted: false
-
-      FileSystemPolicy:
-        Version: '2012-10-17'
-        Statement:
-          - Effect: 'Allow'
-            Action:
-              - 'elasticfilesystem:ClientMount'
-              - 'elasticfilesystem:ClientWrite'
-              - 'elasticfilesystem:ClientRootAccess'
-            Principal:
-              AWS: '*'
-
-  MountTargetResource1:
-    Type: AWS::EFS::MountTarget
-    Properties:
-      FileSystemId: !Ref EfsFileStorage
-      SubnetId: !Ref PublicSubnetOne
-      SecurityGroups:
-        - !Ref EFSServerSecurityGroup
-
-  MountTargetResource2:
-    Type: AWS::EFS::MountTarget
-    Properties:
-      FileSystemId: !Ref EfsFileStorage
-      SubnetId: !Ref PublicSubnetTwo
-      SecurityGroups:
-        - !Ref EFSServerSecurityGroup
-
-Outputs:
-  EfsFileStorageId:
-    Description: 'The connection endpoint for the database.'
-    Value: !Ref EfsFileStorage
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
-  ClusterName:
-    Description: The name of the ECS cluster
-    Value: !Ref 'ECSCluster'
-    Export:
-      Name: !Sub${' ${EnvironmentName}'}:ClusterName
-  AutoscalingRole:
-    Description: The ARN of the role used for autoscaling
-    Value: !GetAtt 'AutoscalingRole.Arn'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
-  ECSRole:
-    Description: The ARN of the ECS role
-    Value: !GetAtt 'ECSRole.Arn'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:ECSRole
-  ECSTaskExecutionRole:
-    Description: The ARN of the ECS role tsk execution role
-    Value: !GetAtt 'ECSTaskExecutionRole.Arn'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
-
-  DeleteCFNLambdaExecutionRole:
-    Description: Lambda execution role for cleaning up cloud formations
-    Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole
-
-  CloudWatchIAMRole:
-    Description: The ARN of the CloudWatch role for subscription filter
-    Value: !GetAtt 'CloudWatchIAMRole.Arn'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole
-  VpcId:
-    Description: The ID of the VPC that this stack is deployed in
-    Value: !Ref 'VPC'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:VpcId
-  PublicSubnetOne:
-    Description: Public subnet one
-    Value: !Ref 'PublicSubnetOne'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne
-  PublicSubnetTwo:
-    Description: Public subnet two
-    Value: !Ref 'PublicSubnetTwo'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
-  ContainerSecurityGroup:
-    Description: A security group used to allow Fargate containers to receive traffic
-    Value: !Ref 'ContainerSecurityGroup'
-    Export:
-      Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
-`;
-}

src/model/orchestrator/providers/aws/cloud-formations/cleanup-cron-formation.ts

@@ -1,146 +0,0 @@
-export class CleanupCronFormation {
-  public static readonly formation: string = `AWSTemplateFormatVersion: '2010-09-09'
-Description: Schedule automatic deletion of CloudFormation stacks
-Metadata:
-  AWS::CloudFormation::Interface:
-    ParameterGroups:
-      - Label:
-          default: Input configuration
-        Parameters:
-          - StackName
-          - TTL
-    ParameterLabels:
-      StackName:
-        default: Stack name
-      TTL:
-        default: Time-to-live
-Parameters:
-  EnvironmentName:
-    Type: String
-    Default: development
-    Description: 'Your deployment environment: DEV, QA , PROD'
-  BUILDGUID:
-    Type: String
-    Default: ''
-  StackName:
-    Type: String
-    Description: Stack name that will be deleted.
-  DeleteStackName:
-    Type: String
-    Description: Stack name that will be deleted.
-  TTL:
-    Type: Number
-    Description: Time-to-live in minutes for the stack.
-Resources:
-  DeleteCFNLambda:
-    Type: "AWS::Lambda::Function"
-    Properties:
-      FunctionName: !Join [ "", [ 'DeleteCFNLambda', !Ref BUILDGUID ] ]
-      Code:
-        ZipFile: |
-          import boto3
-          import os
-          import json
-
-          stack_name = os.environ['stackName']
-          delete_stack_name = os.environ['deleteStackName']
-
-          def delete_cfn(stack_name):
-              try:
-                  cfn = boto3.resource('cloudformation')
-                  stack = cfn.Stack(stack_name)
-                  stack.delete()
-                  return "SUCCESS"
-              except:
-                  return "ERROR"
-
-          def handler(event, context):
-              print("Received event:")
-              print(json.dumps(event))
-              result = delete_cfn(stack_name)
-              delete_cfn(delete_stack_name)
-              return result
-      Environment:
-        Variables:
-          stackName: !Ref 'StackName'
-          deleteStackName: !Ref 'DeleteStackName'
-      Handler: "index.handler"
-      Runtime: "python3.9"
-      Timeout: "5"
-      Role:
-       'Fn::ImportValue': !Sub '\${EnvironmentName}:DeleteCFNLambdaExecutionRole'
-  DeleteStackEventRule:
-     DependsOn:
-       - DeleteCFNLambda
-       - GenerateCronExpression
-     Type: "AWS::Events::Rule"
-     Properties:
-       Name: !Join [ "", [ 'DeleteStackEventRule', !Ref BUILDGUID ] ]
-       Description: Delete stack event
-       ScheduleExpression: !GetAtt GenerateCronExpression.cron_exp
-       State: "ENABLED"
-       Targets:
-          -
-            Arn: !GetAtt DeleteCFNLambda.Arn
-            Id: 'DeleteCFNLambda'
-  PermissionForDeleteCFNLambda:
-    Type: "AWS::Lambda::Permission"
-    DependsOn:
-      - DeleteStackEventRule
-    Properties:
-      FunctionName: !Join [ "", [ 'DeleteCFNLambda', !Ref BUILDGUID ] ]
-      Action: "lambda:InvokeFunction"
-      Principal: "events.amazonaws.com"
-      SourceArn: !GetAtt DeleteStackEventRule.Arn
-  GenerateCronExpLambda:
-    Type: "AWS::Lambda::Function"
-    Properties:
-      FunctionName: !Join [ "", [ 'GenerateCronExpressionLambda', !Ref BUILDGUID ] ]
-      Code:
-        ZipFile: |
-          from datetime import datetime, timedelta
-          import os
-          import logging
-          import json
-          import cfnresponse
-
-          def deletion_time(ttl):
-              delete_at_time = datetime.now() + timedelta(minutes=int(ttl))
-              hh = delete_at_time.hour
-              mm = delete_at_time.minute
-              yyyy = delete_at_time.year
-              month = delete_at_time.month
-              dd = delete_at_time.day
-              # minutes hours day month day-of-week year
-              cron_exp = "cron({} {} {} {} ? {})".format(mm, hh, dd, month, yyyy)
-              return cron_exp
-
-          def handler(event, context):
-            print('Received event: %s' % json.dumps(event))
-            status = cfnresponse.SUCCESS
-            try:
-                if event['RequestType'] == 'Delete':
-                    cfnresponse.send(event, context, status, {})
-                else:
-                    ttl = event['ResourceProperties']['ttl']
-                    responseData = {}
-                    responseData['cron_exp'] = deletion_time(ttl)
-                    cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData)
-            except Exception as e:
-                logging.error('Exception: %s' % e, exc_info=True)
-                status = cfnresponse.FAILED
-                cfnresponse.send(event, context, status, {}, None)
-      Handler: "index.handler"
-      Runtime: "python3.9"
-      Timeout: "5"
-      Role:
-       'Fn::ImportValue': !Sub '\${EnvironmentName}:DeleteCFNLambdaExecutionRole'
-  GenerateCronExpression:
-    Type: "Custom::GenerateCronExpression"
-    Version: "1.0"
-    Properties:
-      Name: !Join [ "", [ 'GenerateCronExpression', !Ref BUILDGUID ] ]
-      ServiceToken: !GetAtt GenerateCronExpLambda.Arn
-      ttl: !Ref 'TTL'
-`;
-}

src/model/orchestrator/providers/aws/cloud-formations/task-definition-formation.ts

@@ -1,168 +0,0 @@
-import Orchestrator from '../../../orchestrator';
-
-export class TaskDefinitionFormation {
-  public static readonly description: string = `Game CI Orchestrator Task Stack`;
-  public static get formation(): string {
-    return `AWSTemplateFormatVersion: 2010-09-09
-Description: ${TaskDefinitionFormation.description}
-Parameters:
-  EnvironmentName:
-    Type: String
-    Default: development
-    Description: 'Your deployment environment: DEV, QA , PROD'
-  ServiceName:
-    Type: String
-    Default: example
-    Description: A name for the service
-  LogGroupName:
-    Type: String
-    Default: example
-    Description: Name to use for the log group created for this task
-  ImageUrl:
-    Type: String
-    Default: nginx
-    Description: >-
-      The url of a docker image that contains the application process that will
-      handle the traffic for this service
-  ContainerPort:
-    Type: Number
-    Default: 80
-    Description: What port number the application inside the docker container is binding to
-  ContainerCpu:
-    Default: ${Orchestrator.buildParameters.containerCpu}
-    Type: Number
-    Description: How much CPU to give the container. 1024 is 1 CPU
-  ContainerMemory:
-    Default: ${Orchestrator.buildParameters.containerMemory}
-    Type: Number
-    Description: How much memory in megabytes to give the container
-  BUILDGUID:
-    Type: String
-    Default: ''
-  Command:
-    Type: String
-    Default: 'ls'
-  EntryPoint:
-    Type: String
-    Default: '/bin/sh'
-  WorkingDirectory:
-    Type: String
-    Default: '/efsdata/'
-  Role:
-    Type: String
-    Default: ''
-    Description: >-
-      (Optional) An IAM role to give the service's containers if the code within
-      needs to access other AWS resources like S3 buckets, DynamoDB tables, etc
-  EFSMountDirectory:
-    Type: String
-    Default: '/efsdata'
-  # template secrets p1 - input
-Mappings:
-  SubnetConfig:
-    VPC:
-      CIDR: 10.0.0.0/16
-    PublicOne:
-      CIDR: 10.0.0.0/24
-    PublicTwo:
-      CIDR: 10.0.1.0/24
-Conditions:
-  HasCustomRole: !Not
-    - !Equals
-      - Ref: Role
-      - ''
-Resources:
-  LogGroup:
-    Type: 'AWS::Logs::LogGroup'
-    Properties:
-      LogGroupName: !Ref LogGroupName
-    Metadata:
-      'AWS::CloudFormation::Designer':
-        id: aece53ae-b82d-4267-bc16-ed964b05db27
-  # template resources secrets
-
-  # template resources logstream
-
-  TaskDefinition:
-    Type: 'AWS::ECS::TaskDefinition'
-    Properties:
-      Family: !Ref ServiceName
-      Cpu: !Ref ContainerCpu
-      Memory: !Ref ContainerMemory
-      NetworkMode: awsvpc
-      Volumes:
-        - Name: efs-data
-          EFSVolumeConfiguration:
-            FilesystemId:
-              'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:EfsFileStorageId'
-            TransitEncryption: DISABLED
-      RequiresCompatibilities:
-        - FARGATE
-      ExecutionRoleArn:
-        'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:ECSTaskExecutionRole'
-      TaskRoleArn:
-        'Fn::If':
-          - HasCustomRole
-          - !Ref Role
-          - !Ref 'AWS::NoValue'
-      ContainerDefinitions:
-        - Name: !Ref ServiceName
-          Cpu: !Ref ContainerCpu
-          Memory: !Ref ContainerMemory
-          Image: !Ref ImageUrl
-          EntryPoint:
-            Fn::Split:
-              - ','
-              - !Ref EntryPoint
-          Command:
-            Fn::Split:
-              - ','
-              - !Ref Command
-          WorkingDirectory: !Ref WorkingDirectory
-          Environment:
-            - Name: ALLOW_EMPTY_PASSWORD
-              Value: 'yes'
-            # template - env vars
-          MountPoints:
-            - SourceVolume: efs-data
-              ContainerPath: !Ref EFSMountDirectory
-              ReadOnly: false
-          # template secrets p3 - container def
-          LogConfiguration:
-            LogDriver: awslogs
-            Options:
-              awslogs-group: !Ref LogGroupName
-              awslogs-region: !Ref 'AWS::Region'
-              awslogs-stream-prefix: !Ref ServiceName
-    DependsOn:
-      - LogGroup
-`;
-  }
-  public static streamLogs = `
-  SubscriptionFilter:
-    Type: 'AWS::Logs::SubscriptionFilter'
-    Properties:
-      FilterPattern: ''
-      RoleArn:
-        'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:CloudWatchIAMRole'
-      LogGroupName: !Ref LogGroupName
-      DestinationArn:
-        'Fn::GetAtt':
-          - KinesisStream
-          - Arn
-    Metadata:
-      'AWS::CloudFormation::Designer':
-        id: 7f809e91-9e5d-4678-98c1-c5085956c480
-    DependsOn:
-      - LogGroup
-      - KinesisStream
-  KinesisStream:
-    Type: 'AWS::Kinesis::Stream'
-    Properties:
-      Name: !Ref ServiceName
-      ShardCount: 1
-    Metadata:
-      'AWS::CloudFormation::Designer':
-        id: c6f18447-b879-4696-8873-f981b2cedd2b
-`;
-}

src/model/orchestrator/providers/aws/index.ts

@@ -1,176 +0,0 @@
-import { CloudFormation, DeleteStackCommand, waitUntilStackDeleteComplete } from '@aws-sdk/client-cloudformation';
-import OrchestratorSecret from '../../options/orchestrator-secret';
-import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
-import OrchestratorAWSTaskDef from './orchestrator-aws-task-def';
-import AwsTaskRunner from './aws-task-runner';
-import { ProviderInterface } from '../provider-interface';
-import BuildParameters from '../../../build-parameters';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { AWSJobStack as AwsJobStack } from './aws-job-stack';
-import { AWSBaseStack as AwsBaseStack } from './aws-base-stack';
-import { Input } from '../../..';
-import { GarbageCollectionService } from './services/garbage-collection-service';
-import { ProviderResource } from '../provider-resource';
-import { ProviderWorkflow } from '../provider-workflow';
-import { TaskService } from './services/task-service';
-import OrchestratorOptions from '../../options/orchestrator-options';
-import { AwsClientFactory } from './aws-client-factory';
-import ResourceTracking from '../../services/core/resource-tracking';
-
-const DEFAULT_STACK_WAIT_TIME_SECONDS = 600;
-
-function getStackWaitTime(): number {
-  const overrideValue = Number(process.env.ORCHESTRATOR_AWS_STACK_WAIT_TIME ?? '');
-  if (!Number.isNaN(overrideValue) && overrideValue > 0) {
-    return overrideValue;
-  }
-
-  return DEFAULT_STACK_WAIT_TIME_SECONDS;
-}
-
-class AWSBuildEnvironment implements ProviderInterface {
-  private baseStackName: string;
-
-  constructor(buildParameters: BuildParameters) {
-    this.baseStackName = buildParameters.awsStackName;
-  }
-  async listResources(): Promise<ProviderResource[]> {
-    await TaskService.getCloudFormationJobStacks();
-    await TaskService.getLogGroups();
-    await TaskService.getTasks();
-
-    return [];
-  }
-  listWorkflow(): Promise<ProviderWorkflow[]> {
-    throw new Error('Method not implemented.');
-  }
-  async watchWorkflow(): Promise<string> {
-    return await TaskService.watch();
-  }
-
-  async listOtherResources(): Promise<string> {
-    await TaskService.getLogGroups();
-
-    return '';
-  }
-
-  async garbageCollect(
-    filter: string,
-    previewOnly: boolean,
-    // eslint-disable-next-line no-unused-vars
-    olderThan: Number,
-    // eslint-disable-next-line no-unused-vars
-    fullCache: boolean,
-    // eslint-disable-next-line no-unused-vars
-    baseDependencies: boolean,
-  ): Promise<string> {
-    await GarbageCollectionService.cleanup(!previewOnly);
-
-    return ``;
-  }
-
-  async cleanupWorkflow(
-    // eslint-disable-next-line no-unused-vars
-    buildParameters: BuildParameters,
-    // eslint-disable-next-line no-unused-vars
-    branchName: string,
-    // eslint-disable-next-line no-unused-vars
-    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
-  ) {}
-  async setupWorkflow(
-    // eslint-disable-next-line no-unused-vars
-    buildGuid: string,
-    // eslint-disable-next-line no-unused-vars
-    buildParameters: BuildParameters,
-    // eslint-disable-next-line no-unused-vars
-    branchName: string,
-    // eslint-disable-next-line no-unused-vars
-    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
-  ) {
-    process.env.AWS_REGION = Input.region;
-    const CF = AwsClientFactory.getCloudFormation();
-    await new AwsBaseStack(this.baseStackName).setupBaseStack(CF);
-  }
-
-  async runTaskInWorkflow(
-    buildGuid: string,
-    image: string,
-    commands: string,
-    mountdir: string,
-    workingdir: string,
-    environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
-  ): Promise<string> {
-    process.env.AWS_REGION = Input.region;
-    ResourceTracking.logAllocationSummary('aws workflow');
-    await ResourceTracking.logDiskUsageSnapshot('aws workflow (host)');
-    AwsClientFactory.getECS();
-    const CF = AwsClientFactory.getCloudFormation();
-    AwsClientFactory.getKinesis();
-    OrchestratorLogger.log(`AWS Region: ${CF.config.region}`);
-    const entrypoint = ['/bin/sh'];
-    const startTimeMs = Date.now();
-    const taskDef = await new AwsJobStack(this.baseStackName).setupCloudFormations(
-      CF,
-      buildGuid,
-      image,
-      entrypoint,
-      commands,
-      mountdir,
-      workingdir,
-      secrets,
-    );
-
-    let postRunTaskTimeMs;
-    try {
-      const postSetupStacksTimeMs = Date.now();
-      OrchestratorLogger.log(`Setup job time: ${Math.floor((postSetupStacksTimeMs - startTimeMs) / 1000)}s`);
-      const { output, shouldCleanup } = await AwsTaskRunner.runTask(taskDef, environment, commands);
-      postRunTaskTimeMs = Date.now();
-      OrchestratorLogger.log(`Run job time: ${Math.floor((postRunTaskTimeMs - postSetupStacksTimeMs) / 1000)}s`);
-      if (shouldCleanup) {
-        await this.cleanupResources(CF, taskDef);
-      }
-      const postCleanupTimeMs = Date.now();
-      if (postRunTaskTimeMs !== undefined)
-        OrchestratorLogger.log(`Cleanup job time: ${Math.floor((postCleanupTimeMs - postRunTaskTimeMs) / 1000)}s`);
-
-      return output;
-    } catch (error) {
-      OrchestratorLogger.log(`error running task ${error}`);
-      await this.cleanupResources(CF, taskDef);
-      throw error;
-    }
-  }
-
-  async cleanupResources(CF: CloudFormation, taskDef: OrchestratorAWSTaskDef) {
-    const stackWaitTimeSeconds = getStackWaitTime();
-    OrchestratorLogger.log(`Cleanup starting (waiting up to ${stackWaitTimeSeconds}s for stack deletion)`);
-    await CF.send(new DeleteStackCommand({ StackName: taskDef.taskDefStackName }));
-    if (OrchestratorOptions.useCleanupCron) {
-      await CF.send(new DeleteStackCommand({ StackName: `${taskDef.taskDefStackName}-cleanup` }));
-    }
-
-    await waitUntilStackDeleteComplete(
-      {
-        client: CF,
-        maxWaitTime: stackWaitTimeSeconds,
-      },
-      {
-        StackName: taskDef.taskDefStackName,
-      },
-    );
-    await waitUntilStackDeleteComplete(
-      {
-        client: CF,
-        maxWaitTime: stackWaitTimeSeconds,
-      },
-      {
-        StackName: `${taskDef.taskDefStackName}-cleanup`,
-      },
-    );
-    OrchestratorLogger.log(`Deleted Stack: ${taskDef.taskDefStackName}`);
-    OrchestratorLogger.log('Cleanup complete');
-  }
-}
-export default AWSBuildEnvironment;

src/model/orchestrator/providers/aws/orchestrator-aws-task-def.ts

@@ -1,10 +0,0 @@
-// eslint-disable-next-line import/named
-import { StackResource } from '@aws-sdk/client-cloudformation';
-
-class OrchestratorAWSTaskDef {
-  public taskDefStackName!: string;
-  public taskDefCloudFormation!: string;
-  public taskDefResources: StackResource[] | undefined;
-  public baseResources: StackResource[] | undefined;
-}
-export default OrchestratorAWSTaskDef;

src/model/orchestrator/providers/aws/services/garbage-collection-service.ts

@@ -1,75 +0,0 @@
-import { DeleteStackCommand, DescribeStackResourcesCommand } from '@aws-sdk/client-cloudformation';
-import { DeleteLogGroupCommand } from '@aws-sdk/client-cloudwatch-logs';
-import { StopTaskCommand } from '@aws-sdk/client-ecs';
-import Input from '../../../../input';
-import OrchestratorLogger from '../../../services/core/orchestrator-logger';
-import { TaskService } from './task-service';
-import { AwsClientFactory } from '../aws-client-factory';
-
-export class GarbageCollectionService {
-  static isOlderThan1day(date: Date) {
-    const ageDate = new Date(date.getTime() - Date.now());
-
-    return ageDate.getDay() > 0;
-  }
-
-  public static async cleanup(deleteResources = false, OneDayOlderOnly: boolean = false) {
-    process.env.AWS_REGION = Input.region;
-    const CF = AwsClientFactory.getCloudFormation();
-    const ecs = AwsClientFactory.getECS();
-    const cwl = AwsClientFactory.getCloudWatchLogs();
-    const taskDefinitionsInUse = new Array();
-    const tasks = await TaskService.getTasks();
-
-    for (const task of tasks) {
-      const { taskElement, element } = task;
-      taskDefinitionsInUse.push(taskElement.taskDefinitionArn);
-      if (deleteResources && (!OneDayOlderOnly || GarbageCollectionService.isOlderThan1day(taskElement.createdAt!))) {
-        OrchestratorLogger.log(`Stopping task ${taskElement.containers?.[0].name}`);
-        await ecs.send(new StopTaskCommand({ task: taskElement.taskArn || '', cluster: element }));
-      }
-    }
-
-    const jobStacks = await TaskService.getCloudFormationJobStacks();
-    for (const element of jobStacks) {
-      if (
-        (await CF.send(new DescribeStackResourcesCommand({ StackName: element.StackName }))).StackResources?.some(
-          (x) => x.ResourceType === 'AWS::ECS::TaskDefinition' && taskDefinitionsInUse.includes(x.PhysicalResourceId),
-        )
-      ) {
-        OrchestratorLogger.log(`Skipping ${element.StackName} - active task was running not deleting`);
-
-        return;
-      }
-
-      if (
-        deleteResources &&
-        (!OneDayOlderOnly || (element.CreationTime && GarbageCollectionService.isOlderThan1day(element.CreationTime)))
-      ) {
-        if (element.StackName === 'game-ci' || element.TemplateDescription === 'Game-CI base stack') {
-          OrchestratorLogger.log(`Skipping ${element.StackName} ignore list`);
-
-          return;
-        }
-
-        OrchestratorLogger.log(`Deleting ${element.StackName}`);
-        await CF.send(new DeleteStackCommand({ StackName: element.StackName }));
-      }
-    }
-    const logGroups = await TaskService.getLogGroups();
-    for (const element of logGroups) {
-      if (
-        deleteResources &&
-        (!OneDayOlderOnly || GarbageCollectionService.isOlderThan1day(new Date(element.creationTime!)))
-      ) {
-        OrchestratorLogger.log(`Deleting ${element.logGroupName}`);
-        await cwl.send(new DeleteLogGroupCommand({ logGroupName: element.logGroupName || '' }));
-      }
-    }
-
-    const locks = await TaskService.getLocks();
-    for (const element of locks) {
-      OrchestratorLogger.log(`Lock: ${element.Key}`);
-    }
-  }
-}

src/model/orchestrator/providers/aws/services/task-service.ts

@@ -1,220 +0,0 @@
-import {
-  DescribeStackResourcesCommand,
-  DescribeStacksCommand,
-  ListStacksCommand,
-} from '@aws-sdk/client-cloudformation';
-import type { StackSummary } from '@aws-sdk/client-cloudformation';
-// eslint-disable-next-line import/named
-import { DescribeLogGroupsCommand, DescribeLogGroupsCommandInput } from '@aws-sdk/client-cloudwatch-logs';
-import type { LogGroup } from '@aws-sdk/client-cloudwatch-logs';
-import { DescribeTasksCommand, ListClustersCommand, ListTasksCommand } from '@aws-sdk/client-ecs';
-import type { Task } from '@aws-sdk/client-ecs';
-import { ListObjectsV2Command } from '@aws-sdk/client-s3';
-import Input from '../../../../input';
-import OrchestratorLogger from '../../../services/core/orchestrator-logger';
-import { BaseStackFormation } from '../cloud-formations/base-stack-formation';
-import AwsTaskRunner from '../aws-task-runner';
-import Orchestrator from '../../../orchestrator';
-import { AwsClientFactory } from '../aws-client-factory';
-import SharedWorkspaceLocking from '../../../services/core/shared-workspace-locking';
-
-export class TaskService {
-  static async watch() {
-    // eslint-disable-next-line no-unused-vars
-    const { output, shouldCleanup } = await AwsTaskRunner.streamLogsUntilTaskStops(
-      process.env.cluster || ``,
-      process.env.taskArn || ``,
-      process.env.streamName || ``,
-    );
-
-    return output;
-  }
-  public static async getCloudFormationJobStacks(): Promise<StackSummary[]> {
-    const result: StackSummary[] = [];
-    OrchestratorLogger.log(``);
-    OrchestratorLogger.log(`List Cloud Formation Stacks`);
-    process.env.AWS_REGION = Input.region;
-    const CF = AwsClientFactory.getCloudFormation();
-    const stacks =
-      (await CF.send(new ListStacksCommand({}))).StackSummaries?.filter(
-        (_x) =>
-          _x.StackStatus !== 'DELETE_COMPLETE' && _x.TemplateDescription !== BaseStackFormation.baseStackDecription,
-      ) || [];
-    OrchestratorLogger.log(``);
-    OrchestratorLogger.log(`Cloud Formation Stacks ${stacks.length}`);
-    for (const element of stacks) {
-      if (!element.CreationTime) {
-        OrchestratorLogger.log(`${element.StackName} due to undefined CreationTime`);
-      }
-
-      const ageDate: Date = new Date(Date.now() - (element.CreationTime?.getTime() ?? 0));
-
-      OrchestratorLogger.log(
-        `Task Stack ${element.StackName} - Age D${Math.floor(
-          ageDate.getHours() / 24,
-        )} H${ageDate.getHours()} M${ageDate.getMinutes()}`,
-      );
-      result.push(element);
-    }
-    const baseStacks =
-      (await CF.send(new ListStacksCommand({}))).StackSummaries?.filter(
-        (_x) =>
-          _x.StackStatus !== 'DELETE_COMPLETE' && _x.TemplateDescription === BaseStackFormation.baseStackDecription,
-      ) || [];
-    OrchestratorLogger.log(``);
-    OrchestratorLogger.log(`Base Stacks ${baseStacks.length}`);
-    for (const element of baseStacks) {
-      if (!element.CreationTime) {
-        OrchestratorLogger.log(`${element.StackName} due to undefined CreationTime`);
-      }
-
-      const ageDate: Date = new Date(Date.now() - (element.CreationTime?.getTime() ?? 0));
-
-      OrchestratorLogger.log(
-        `Task Stack ${element.StackName} - Age D${Math.floor(
-          ageDate.getHours() / 24,
-        )} H${ageDate.getHours()} M${ageDate.getMinutes()}`,
-      );
-      result.push(element);
-    }
-    OrchestratorLogger.log(``);
-
-    return result;
-  }
-  public static async getTasks(): Promise<{ taskElement: Task; element: string }[]> {
-    const result: { taskElement: Task; element: string }[] = [];
-    OrchestratorLogger.log(``);
-    OrchestratorLogger.log(`List Tasks`);
-    process.env.AWS_REGION = Input.region;
-    const ecs = AwsClientFactory.getECS();
-    const clusters: string[] = [];
-    {
-      let nextToken: string | undefined;
-      do {
-        const clusterResponse = await ecs.send(new ListClustersCommand({ nextToken }));
-        clusters.push(...(clusterResponse.clusterArns ?? []));
-        nextToken = clusterResponse.nextToken;
-      } while (nextToken);
-    }
-    OrchestratorLogger.log(`Task Clusters ${clusters.length}`);
-    for (const element of clusters) {
-      const taskArns: string[] = [];
-      {
-        let nextToken: string | undefined;
-        do {
-          const taskResponse = await ecs.send(new ListTasksCommand({ cluster: element, nextToken }));
-          taskArns.push(...(taskResponse.taskArns ?? []));
-          nextToken = taskResponse.nextToken;
-        } while (nextToken);
-      }
-      if (taskArns.length > 0) {
-        const describeInput = { tasks: taskArns, cluster: element };
-        const describeList = (await ecs.send(new DescribeTasksCommand(describeInput))).tasks || [];
-        if (describeList.length === 0) {
-          OrchestratorLogger.log(`No Tasks`);
-          continue;
-        }
-        OrchestratorLogger.log(`Tasks ${describeList.length}`);
-        for (const taskElement of describeList) {
-          if (taskElement === undefined) {
-            continue;
-          }
-          if (taskElement.createdAt === undefined) {
-            OrchestratorLogger.log(`Skipping ${taskElement.taskDefinitionArn} no createdAt date`);
-            continue;
-          }
-          result.push({ taskElement, element });
-        }
-      }
-    }
-    OrchestratorLogger.log(``);
-
-    return result;
-  }
-  public static async awsDescribeJob(job: string) {
-    process.env.AWS_REGION = Input.region;
-    const CF = AwsClientFactory.getCloudFormation();
-    try {
-      const stack =
-        (await CF.send(new ListStacksCommand({}))).StackSummaries?.find((_x) => _x.StackName === job) || undefined;
-      const stackInfo = (await CF.send(new DescribeStackResourcesCommand({ StackName: job }))) || undefined;
-      const stackInfo2 = (await CF.send(new DescribeStacksCommand({ StackName: job }))) || undefined;
-      if (stack === undefined) {
-        throw new Error('stack not defined');
-      }
-      if (!stack.CreationTime) {
-        OrchestratorLogger.log(`${stack.StackName} due to undefined CreationTime`);
-      }
-      const ageDate: Date = new Date(Date.now() - (stack.CreationTime?.getTime() ?? 0));
-      const message = `
-    Task Stack ${stack.StackName}
-    Age D${Math.floor(ageDate.getHours() / 24)} H${ageDate.getHours()} M${ageDate.getMinutes()}
-    ${JSON.stringify(stack, undefined, 4)}
-    ${JSON.stringify(stackInfo, undefined, 4)}
-    ${JSON.stringify(stackInfo2, undefined, 4)}
-    `;
-      OrchestratorLogger.log(message);
-
-      return message;
-    } catch (error) {
-      OrchestratorLogger.error(
-        `Failed to describe job ${job}: ${error instanceof Error ? error.message : String(error)}`,
-      );
-      throw error;
-    }
-  }
-  public static async getLogGroups(): Promise<LogGroup[]> {
-    const result: LogGroup[] = [];
-    process.env.AWS_REGION = Input.region;
-    const cwl = AwsClientFactory.getCloudWatchLogs();
-    let logStreamInput: DescribeLogGroupsCommandInput = {
-      /* logGroupNamePrefix: 'game-ci' */
-    };
-    let logGroupsDescribe = await cwl.send(new DescribeLogGroupsCommand(logStreamInput));
-    const logGroups = logGroupsDescribe.logGroups || [];
-    while (logGroupsDescribe.nextToken) {
-      logStreamInput = {
-        /* logGroupNamePrefix: 'game-ci',*/
-        nextToken: logGroupsDescribe.nextToken,
-      };
-      logGroupsDescribe = await cwl.send(new DescribeLogGroupsCommand(logStreamInput));
-      logGroups.push(...(logGroupsDescribe?.logGroups || []));
-    }
-
-    OrchestratorLogger.log(`Log Groups ${logGroups.length}`);
-    for (const element of logGroups) {
-      if (element.creationTime === undefined) {
-        OrchestratorLogger.log(`Skipping ${element.logGroupName} no createdAt date`);
-        continue;
-      }
-      const ageDate: Date = new Date(Date.now() - element.creationTime);
-
-      OrchestratorLogger.log(
-        `Task Stack ${element.logGroupName} - Age D${Math.floor(
-          ageDate.getHours() / 24,
-        )} H${ageDate.getHours()} M${ageDate.getMinutes()}`,
-      );
-      result.push(element);
-    }
-
-    return result;
-  }
-  public static async getLocks(): Promise<Array<{ Key: string }>> {
-    process.env.AWS_REGION = Input.region;
-    if (Orchestrator.buildParameters.storageProvider === 'rclone') {
-      // eslint-disable-next-line no-unused-vars
-      type ListObjectsFunction = (prefix: string) => Promise<string[]>;
-      const objects = await (SharedWorkspaceLocking as unknown as { listObjects: ListObjectsFunction }).listObjects('');
-
-      return objects.map((x: string) => ({ Key: x }));
-    }
-    const s3 = AwsClientFactory.getS3();
-    const listRequest = {
-      Bucket: Orchestrator.buildParameters.awsStackName,
-    };
-
-    const results = await s3.send(new ListObjectsV2Command(listRequest));
-
-    return (results.Contents || []).map((object) => ({ Key: object.Key || '' }));
-  }
-}

src/model/orchestrator/providers/docker/index.ts

@@ -1,196 +0,0 @@
-import BuildParameters from '../../../build-parameters';
-import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { ProviderInterface } from '../provider-interface';
-import OrchestratorSecret from '../../options/orchestrator-secret';
-import Docker from '../../../docker';
-import { Action } from '../../..';
-import { writeFileSync } from 'node:fs';
-import Orchestrator from '../../orchestrator';
-import { ProviderResource } from '../provider-resource';
-import { ProviderWorkflow } from '../provider-workflow';
-import { OrchestratorSystem } from '../../services/core/orchestrator-system';
-import * as fs from 'node:fs';
-import { CommandHookService } from '../../services/hooks/command-hook-service';
-import { StringKeyValuePair } from '../../../shared-types';
-
-class LocalDockerOrchestrator implements ProviderInterface {
-  public buildParameters!: BuildParameters;
-
-  listResources(): Promise<ProviderResource[]> {
-    return new Promise((resolve) => resolve([]));
-  }
-  listWorkflow(): Promise<ProviderWorkflow[]> {
-    throw new Error('Method not implemented.');
-  }
-  watchWorkflow(): Promise<string> {
-    throw new Error('Method not implemented.');
-  }
-  garbageCollect(
-    // eslint-disable-next-line no-unused-vars
-    filter: string,
-    // eslint-disable-next-line no-unused-vars
-    previewOnly: boolean,
-    // eslint-disable-next-line no-unused-vars
-    olderThan: Number,
-    // eslint-disable-next-line no-unused-vars
-    fullCache: boolean,
-    // eslint-disable-next-line no-unused-vars
-    baseDependencies: boolean,
-  ): Promise<string> {
-    return new Promise((result) => result(``));
-  }
-  async cleanupWorkflow(
-    buildParameters: BuildParameters,
-    // eslint-disable-next-line no-unused-vars
-    branchName: string,
-    // eslint-disable-next-line no-unused-vars
-    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
-  ) {
-    const { workspace } = Action;
-    if (
-      fs.existsSync(
-        `${workspace}/orchestrator-cache/cache/build/build-${buildParameters.buildGuid}.tar${
-          Orchestrator.buildParameters.useCompressionStrategy ? '.lz4' : ''
-        }`,
-      )
-    ) {
-      await OrchestratorSystem.Run(`ls ${workspace}/orchestrator-cache/cache/build/`);
-      await OrchestratorSystem.Run(
-        `rm -r ${workspace}/orchestrator-cache/cache/build/build-${buildParameters.buildGuid}.tar${
-          Orchestrator.buildParameters.useCompressionStrategy ? '.lz4' : ''
-        }`,
-      );
-    }
-  }
-  setupWorkflow(
-    buildGuid: string,
-    buildParameters: BuildParameters,
-    // eslint-disable-next-line no-unused-vars
-    branchName: string,
-    // eslint-disable-next-line no-unused-vars
-    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
-  ) {
-    this.buildParameters = buildParameters;
-  }
-
-  public async runTaskInWorkflow(
-    buildGuid: string,
-    image: string,
-    commands: string,
-    mountdir: string,
-    workingdir: string,
-    environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
-  ): Promise<string> {
-    OrchestratorLogger.log(buildGuid);
-    OrchestratorLogger.log(commands);
-
-    const { workspace, actionFolder } = Action;
-    const content: StringKeyValuePair[] = [];
-    for (const x of secrets) {
-      content.push({ name: x.EnvironmentVariable, value: x.ParameterValue });
-    }
-
-    // Replace localhost with host.docker.internal for LocalStack endpoints (similar to K8s)
-    // This allows Docker containers to access LocalStack running on the host
-    const endpointEnvironmentNames = new Set([
-      'AWS_S3_ENDPOINT',
-      'AWS_ENDPOINT',
-      'AWS_CLOUD_FORMATION_ENDPOINT',
-      'AWS_ECS_ENDPOINT',
-      'AWS_KINESIS_ENDPOINT',
-      'AWS_CLOUD_WATCH_LOGS_ENDPOINT',
-      'INPUT_AWSS3ENDPOINT',
-      'INPUT_AWSENDPOINT',
-    ]);
-    for (const x of environment) {
-      let value = x.value;
-      if (
-        typeof value === 'string' &&
-        endpointEnvironmentNames.has(x.name) &&
-        (value.startsWith('http://localhost') || value.startsWith('http://127.0.0.1'))
-      ) {
-        // Replace localhost with host.docker.internal so containers can access host services
-        value = value
-          .replace('http://localhost', 'http://host.docker.internal')
-          .replace('http://127.0.0.1', 'http://host.docker.internal');
-        OrchestratorLogger.log(`Replaced localhost with host.docker.internal for ${x.name}: ${value}`);
-      }
-      content.push({ name: x.name, value });
-    }
-
-    // if (this.buildParameters?.orchestratorIntegrationTests) {
-    //   core.info(JSON.stringify(content, undefined, 4));
-    //   core.info(JSON.stringify(secrets, undefined, 4));
-    //   core.info(JSON.stringify(environment, undefined, 4));
-    // }
-
-    // eslint-disable-next-line unicorn/no-for-loop
-    for (let index = 0; index < content.length; index++) {
-      if (content[index] === undefined) {
-        delete content[index];
-      }
-    }
-    let myOutput = '';
-    const sharedFolder = `/data/`;
-
-    // core.info(JSON.stringify({ workspace, actionFolder, ...this.buildParameters, ...content }, undefined, 4));
-    const entrypointFilePath = `start.sh`;
-
-    // Use #!/bin/sh for POSIX compatibility (Alpine-based images like rclone/rclone don't have bash)
-    const fileContents = `#!/bin/sh
-set -e
-
-mkdir -p /github/workspace/orchestrator-cache
-mkdir -p /data/cache
-cp -a /github/workspace/orchestrator-cache/. ${sharedFolder}
-${CommandHookService.ApplyHooksToCommands(commands, this.buildParameters)}
-# Only copy cache directory, exclude retained workspaces to avoid running out of disk space
-if [ -d "${sharedFolder}cache" ]; then
-  cp -a ${sharedFolder}cache/. /github/workspace/orchestrator-cache/cache/ || true
-fi
-# Copy test files from /data/ root to workspace for test assertions
-# This allows tests to write files to /data/ and have them available in the workspace
-find ${sharedFolder} -maxdepth 1 -type f -name "test-*" -exec cp -a {} /github/workspace/orchestrator-cache/ \\; || true
-`;
-    writeFileSync(`${workspace}/${entrypointFilePath}`, fileContents, {
-      flag: 'w',
-    });
-
-    if (Orchestrator.buildParameters.orchestratorDebug) {
-      OrchestratorLogger.log(`Running local-docker: \n ${fileContents}`);
-    }
-
-    if (fs.existsSync(`${workspace}/orchestrator-cache`)) {
-      await OrchestratorSystem.Run(`ls ${workspace}/orchestrator-cache && du -sh ${workspace}/orchestrator-cache`);
-    }
-    const exitCode = await Docker.run(
-      image,
-      { workspace, actionFolder, ...this.buildParameters },
-      false,
-      `chmod +x /github/workspace/${entrypointFilePath} && /github/workspace/${entrypointFilePath}`,
-      content,
-      {
-        listeners: {
-          stdout: (data: Buffer) => {
-            myOutput += data.toString();
-          },
-          stderr: (data: Buffer) => {
-            myOutput += `[LOCAL-DOCKER-ERROR]${data.toString()}`;
-          },
-        },
-      },
-      true,
-    );
-
-    // Docker doesn't exit on fail now so adding this to ensure behavior is unchanged
-    // TODO: Is there a helpful way to consume the exit code or is it best to except
-    if (exitCode !== 0) {
-      throw new Error(`Build failed with exit code ${exitCode}`);
-    }
-
-    return myOutput;
-  }
-}
-export default LocalDockerOrchestrator;

src/model/orchestrator/providers/k8s/index.ts

@@ -1,460 +0,0 @@
-import * as k8s from '@kubernetes/client-node';
-import { BuildParameters } from '../../..';
-import * as core from '@actions/core';
-import { ProviderInterface } from '../provider-interface';
-import OrchestratorSecret from '../../options/orchestrator-secret';
-import KubernetesStorage from './kubernetes-storage';
-import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
-import KubernetesTaskRunner from './kubernetes-task-runner';
-import KubernetesSecret from './kubernetes-secret';
-import KubernetesJobSpecFactory from './kubernetes-job-spec-factory';
-import KubernetesServiceAccount from './kubernetes-service-account';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { CoreV1Api } from '@kubernetes/client-node';
-import Orchestrator from '../../orchestrator';
-import { ProviderResource } from '../provider-resource';
-import { ProviderWorkflow } from '../provider-workflow';
-import { RemoteClientLogger } from '../../remote-client/remote-client-logger';
-import { KubernetesRole } from './kubernetes-role';
-import { OrchestratorSystem } from '../../services/core/orchestrator-system';
-import ResourceTracking from '../../services/core/resource-tracking';
-
-class Kubernetes implements ProviderInterface {
-  public static Instance: Kubernetes;
-  public kubeConfig!: k8s.KubeConfig;
-  public kubeClient!: k8s.CoreV1Api;
-  public kubeClientApps!: k8s.AppsV1Api;
-  public kubeClientBatch!: k8s.BatchV1Api;
-  public rbacAuthorizationV1Api!: k8s.RbacAuthorizationV1Api;
-  public buildGuid: string = '';
-  public buildParameters!: BuildParameters;
-  public pvcName: string = '';
-  public secretName: string = '';
-  public jobName: string = '';
-  public namespace!: string;
-  public podName: string = '';
-  public containerName: string = '';
-  public cleanupCronJobName: string = '';
-  public serviceAccountName: string = '';
-  public ip: string = '';
-
-  constructor(buildParameters: BuildParameters) {
-    Kubernetes.Instance = this;
-    this.kubeConfig = new k8s.KubeConfig();
-    this.kubeConfig.loadFromDefault();
-    this.kubeClient = this.kubeConfig.makeApiClient(k8s.CoreV1Api);
-    this.kubeClientApps = this.kubeConfig.makeApiClient(k8s.AppsV1Api);
-    this.kubeClientBatch = this.kubeConfig.makeApiClient(k8s.BatchV1Api);
-    this.rbacAuthorizationV1Api = this.kubeConfig.makeApiClient(k8s.RbacAuthorizationV1Api);
-    this.namespace = buildParameters.containerNamespace ? buildParameters.containerNamespace : 'default';
-    OrchestratorLogger.log('Loaded default Kubernetes configuration for this environment');
-  }
-
-  async PushLogUpdate(logs: string) {
-    // push logs to nginx file server via 'LOG_SERVICE_IP' env var
-    const ip = process.env[`LOG_SERVICE_IP`];
-    if (ip === undefined) {
-      RemoteClientLogger.logWarning(`LOG_SERVICE_IP not set, skipping log push`);
-
-      return;
-    }
-    const url = `http://${ip}/api/log`;
-    RemoteClientLogger.log(`Pushing logs to ${url}`);
-
-    // logs to base64
-    logs = Buffer.from(logs).toString('base64');
-    const response = await OrchestratorSystem.Run(`curl -X POST -d "${logs}" ${url}`, false, true);
-    RemoteClientLogger.log(`Pushed logs to ${url} ${response}`);
-  }
-
-  async listResources(): Promise<ProviderResource[]> {
-    const pods = await this.kubeClient.listNamespacedPod(this.namespace);
-    const serviceAccounts = await this.kubeClient.listNamespacedServiceAccount(this.namespace);
-    const secrets = await this.kubeClient.listNamespacedSecret(this.namespace);
-    const jobs = await this.kubeClientBatch.listNamespacedJob(this.namespace);
-
-    return [
-      ...pods.body.items.map((x) => {
-        return { Name: x.metadata?.name || `` };
-      }),
-      ...serviceAccounts.body.items.map((x) => {
-        return { Name: x.metadata?.name || `` };
-      }),
-      ...secrets.body.items.map((x) => {
-        return { Name: x.metadata?.name || `` };
-      }),
-      ...jobs.body.items.map((x) => {
-        return { Name: x.metadata?.name || `` };
-      }),
-    ];
-  }
-  listWorkflow(): Promise<ProviderWorkflow[]> {
-    throw new Error('Method not implemented.');
-  }
-  watchWorkflow(): Promise<string> {
-    throw new Error('Method not implemented.');
-  }
-  garbageCollect(
-    // eslint-disable-next-line no-unused-vars
-    filter: string,
-    // eslint-disable-next-line no-unused-vars
-    previewOnly: boolean,
-    // eslint-disable-next-line no-unused-vars
-    olderThan: Number,
-    // eslint-disable-next-line no-unused-vars
-    fullCache: boolean,
-    // eslint-disable-next-line no-unused-vars
-    baseDependencies: boolean,
-  ): Promise<string> {
-    return new Promise((result) => result(``));
-  }
-  public async setupWorkflow(
-    buildGuid: string,
-    buildParameters: BuildParameters,
-    // eslint-disable-next-line no-unused-vars
-    branchName: string,
-    // eslint-disable-next-line no-unused-vars
-    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
-  ) {
-    try {
-      this.buildParameters = buildParameters;
-      this.cleanupCronJobName = `unity-builder-cronjob-${buildParameters.buildGuid}`;
-      this.serviceAccountName = `service-account-${buildParameters.buildGuid}`;
-
-      await KubernetesServiceAccount.createServiceAccount(this.serviceAccountName, this.namespace, this.kubeClient);
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  async runTaskInWorkflow(
-    buildGuid: string,
-    image: string,
-    commands: string,
-    mountdir: string,
-    workingdir: string,
-    environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
-  ): Promise<string> {
-    try {
-      OrchestratorLogger.log('Orchestrator K8s workflow!');
-      ResourceTracking.logAllocationSummary('k8s workflow');
-      await ResourceTracking.logDiskUsageSnapshot('k8s workflow (host)');
-      await ResourceTracking.logK3dNodeDiskUsage('k8s workflow (before job)');
-
-      // Setup
-      const id =
-        BuildParameters && BuildParameters.shouldUseRetainedWorkspaceMode(this.buildParameters)
-          ? Orchestrator.lockedWorkspace
-          : this.buildParameters.buildGuid;
-      this.pvcName = `unity-builder-pvc-${id}`;
-      await KubernetesStorage.createPersistentVolumeClaim(
-        this.buildParameters,
-        this.pvcName,
-        this.kubeClient,
-        this.namespace,
-      );
-      this.buildGuid = buildGuid;
-      this.secretName = `build-credentials-${this.buildGuid}`;
-      this.jobName = `unity-builder-job-${this.buildGuid}`;
-      this.containerName = `main`;
-      await KubernetesSecret.createSecret(secrets, this.secretName, this.namespace, this.kubeClient);
-
-      // For tests, clean up old images before creating job to free space for image pull
-      // IMPORTANT: Preserve the Unity image to avoid re-pulling it
-      if (process.env['orchestratorTests'] === 'true') {
-        try {
-          OrchestratorLogger.log('Cleaning up old images in k3d node before pulling new image...');
-          const { OrchestratorSystem: OrchestratorSystemModule } = await import(
-            '../../services/core/orchestrator-system'
-          );
-
-          // Aggressive cleanup: remove stopped containers and non-Unity images
-          // IMPORTANT: Preserve Unity images (unityci/editor) to avoid re-pulling the 3.9GB image
-          const K3D_NODE_CONTAINERS = ['k3d-unity-builder-agent-0', 'k3d-unity-builder-server-0'];
-          const cleanupCommands: string[] = [];
-
-          for (const NODE of K3D_NODE_CONTAINERS) {
-            // Remove all stopped containers (this frees runtime space but keeps images)
-            cleanupCommands.push(
-              `docker exec ${NODE} sh -c "crictl rm --all 2>/dev/null || true" || true`,
-              `docker exec ${NODE} sh -c "for img in $(crictl images -q 2>/dev/null); do repo=$(crictl inspecti $img --format '{{.repo}}' 2>/dev/null || echo ''); if echo "$repo" | grep -qvE 'unityci/editor|unity'; then crictl rmi $img 2>/dev/null || true; fi; done" || true`,
-              `docker exec ${NODE} sh -c "crictl rmi --prune 2>/dev/null || true" || true`,
-            );
-          }
-
-          for (const cmd of cleanupCommands) {
-            try {
-              await OrchestratorSystemModule.Run(cmd, true, true);
-            } catch (cmdError) {
-              // Ignore individual command failures - cleanup is best effort
-              OrchestratorLogger.log(`Cleanup command failed (non-fatal): ${cmdError}`);
-            }
-          }
-          OrchestratorLogger.log('Cleanup completed (containers and non-Unity images removed, Unity images preserved)');
-        } catch (cleanupError) {
-          OrchestratorLogger.logWarning(`Failed to cleanup images before job creation: ${cleanupError}`);
-
-          // Continue anyway - image might already be cached
-        }
-      }
-
-      let output = '';
-      try {
-        // Before creating the job, verify we have the Unity image cached on the agent node
-        // If not cached, try to ensure it's available to avoid disk pressure during pull
-        if (process.env['orchestratorTests'] === 'true' && image.includes('unityci/editor')) {
-          try {
-            const { OrchestratorSystem: OrchestratorSystemModule2 } = await import(
-              '../../services/core/orchestrator-system'
-            );
-
-            // Check if image is cached on agent node (where pods run)
-            const agentImageCheck = await OrchestratorSystemModule2.Run(
-              `docker exec k3d-unity-builder-agent-0 sh -c "crictl images | grep -q unityci/editor && echo 'cached' || echo 'not_cached'" || echo 'not_cached'`,
-              true,
-              true,
-            );
-
-            if (agentImageCheck.includes('not_cached')) {
-              // Check if image is on server node
-              const serverImageCheck = await OrchestratorSystemModule2.Run(
-                `docker exec k3d-unity-builder-server-0 sh -c "crictl images | grep -q unityci/editor && echo 'cached' || echo 'not_cached'" || echo 'not_cached'`,
-                true,
-                true,
-              );
-
-              // Check available disk space on agent node
-              const diskInfo = await OrchestratorSystemModule2.Run(
-                'docker exec k3d-unity-builder-agent-0 sh -c "df -h /var/lib/rancher/k3s 2>/dev/null | tail -1 || df -h / 2>/dev/null | tail -1 || echo unknown" || echo unknown',
-                true,
-                true,
-              );
-
-              OrchestratorLogger.logWarning(
-                `Unity image not cached on agent node (where pods run). Server node: ${
-                  serverImageCheck.includes('cached') ? 'has image' : 'no image'
-                }. Disk info: ${diskInfo.trim()}. Pod will attempt to pull image (3.9GB) which may fail due to disk pressure.`,
-              );
-
-              // If image is on server but not agent, log a warning
-              // NOTE: We don't attempt to pull here because:
-              // 1. Pulling a 3.9GB image can take several minutes and block the test
-              // 2. If there's not enough disk space, the pull will hang indefinitely
-              // 3. The pod will attempt to pull during scheduling anyway
-              // 4. If the pull fails, Kubernetes will provide proper error messages
-              if (serverImageCheck.includes('cached')) {
-                OrchestratorLogger.logWarning(
-                  'Unity image exists on server node but not agent node. Pod will attempt to pull during scheduling. If pull fails due to disk pressure, ensure cleanup runs before this test.',
-                );
-              } else {
-                // Image not on either node - check if we have enough space to pull
-                // Extract available space from disk info
-                const availableSpaceMatch = diskInfo.match(/(\d+(?:\.\d+)?)\s*([gkm]?i?b)/i);
-                if (availableSpaceMatch) {
-                  const availableValue = Number.parseFloat(availableSpaceMatch[1]);
-                  const availableUnit = availableSpaceMatch[2].toUpperCase();
-                  let availableGB = availableValue;
-
-                  if (availableUnit.includes('M')) {
-                    availableGB = availableValue / 1024;
-                  } else if (availableUnit.includes('K')) {
-                    availableGB = availableValue / (1024 * 1024);
-                  }
-
-                  // Unity image is ~3.9GB, need at least 4.5GB to be safe
-                  if (availableGB < 4.5) {
-                    OrchestratorLogger.logWarning(
-                      `CRITICAL: Unity image not cached and only ${availableGB.toFixed(
-                        2,
-                      )}GB available. Image pull (3.9GB) will likely fail. Consider running cleanup or ensuring pre-pull step succeeds.`,
-                    );
-                  }
-                }
-              }
-            } else {
-              OrchestratorLogger.log('Unity image is cached on agent node - pod should start without pulling');
-            }
-          } catch (checkError) {
-            // Ignore check errors - continue with job creation
-            OrchestratorLogger.logWarning(`Failed to verify Unity image cache: ${checkError}`);
-          }
-        }
-
-        OrchestratorLogger.log('Job does not exist');
-        await this.createJob(commands, image, mountdir, workingdir, environment, secrets);
-        OrchestratorLogger.log('Watching pod until running');
-        await KubernetesTaskRunner.watchUntilPodRunning(this.kubeClient, this.podName, this.namespace);
-
-        OrchestratorLogger.log('Pod is running');
-        output += await KubernetesTaskRunner.runTask(
-          this.kubeConfig,
-          this.kubeClient,
-          this.jobName,
-          this.podName,
-          this.containerName,
-          this.namespace,
-        );
-      } catch (error: any) {
-        OrchestratorLogger.log(`error running k8s workflow ${error}`);
-        await new Promise((resolve) => setTimeout(resolve, 3000));
-        OrchestratorLogger.log(
-          JSON.stringify(
-            (await this.kubeClient.listNamespacedEvent(this.namespace)).body.items
-              .map((x) => {
-                return {
-                  message: x.message || ``,
-                  name: x.metadata.name || ``,
-                  reason: x.reason || ``,
-                };
-              })
-              .filter((x) => x.name.includes(this.podName)),
-            undefined,
-            4,
-          ),
-        );
-        await this.cleanupTaskResources();
-        throw error;
-      }
-
-      await this.cleanupTaskResources();
-
-      return output;
-    } catch (error) {
-      OrchestratorLogger.log('Running job failed');
-      core.error(JSON.stringify(error, undefined, 4));
-
-      // await this.cleanupTaskResources();
-      throw error;
-    }
-  }
-
-  private async createJob(
-    commands: string,
-    image: string,
-    mountdir: string,
-    workingdir: string,
-    environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
-  ) {
-    await this.createNamespacedJob(commands, image, mountdir, workingdir, environment, secrets);
-    const find = await Kubernetes.findPodFromJob(this.kubeClient, this.jobName, this.namespace);
-    this.setPodNameAndContainerName(find);
-  }
-
-  private async doesJobExist(name: string) {
-    const jobs = await this.kubeClientBatch.listNamespacedJob(this.namespace);
-
-    return jobs.body.items.some((x) => x.metadata?.name === name);
-  }
-
-  private async doesFailedJobExist() {
-    const podStatus = await this.kubeClient.readNamespacedPodStatus(this.podName, this.namespace);
-
-    return podStatus.body.status?.phase === `Failed`;
-  }
-
-  private async createNamespacedJob(
-    commands: string,
-    image: string,
-    mountdir: string,
-    workingdir: string,
-    environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
-  ) {
-    for (let index = 0; index < 3; index++) {
-      try {
-        const jobSpec = KubernetesJobSpecFactory.getJobSpec(
-          commands,
-          image,
-          mountdir,
-          workingdir,
-          environment,
-          secrets,
-          this.buildGuid,
-          this.buildParameters,
-          this.secretName,
-          this.pvcName,
-          this.jobName,
-          k8s,
-          this.containerName,
-          this.ip,
-        );
-        await new Promise((promise) => setTimeout(promise, 15000));
-
-        // await KubernetesRole.createRole(this.serviceAccountName, this.namespace, this.rbacAuthorizationV1Api);
-
-        const result = await this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec);
-        OrchestratorLogger.log(`Build job created`);
-        await new Promise((promise) => setTimeout(promise, 5000));
-        OrchestratorLogger.log('Job created');
-
-        return result.body.metadata?.name;
-      } catch (error) {
-        OrchestratorLogger.log(`Error occured creating job: ${error}`);
-        throw error;
-      }
-    }
-  }
-
-  setPodNameAndContainerName(pod: k8s.V1Pod) {
-    this.podName = pod.metadata?.name || '';
-    this.containerName = pod.status?.containerStatuses?.[0].name || this.containerName;
-  }
-
-  async cleanupTaskResources() {
-    OrchestratorLogger.log('cleaning up');
-    try {
-      await this.kubeClientBatch.deleteNamespacedJob(this.jobName, this.namespace);
-      await this.kubeClient.deleteNamespacedPod(this.podName, this.namespace);
-      await KubernetesRole.deleteRole(this.serviceAccountName, this.namespace, this.rbacAuthorizationV1Api);
-    } catch (error: any) {
-      OrchestratorLogger.log(`Failed to cleanup`);
-      if (error.response.body.reason !== `NotFound`) {
-        OrchestratorLogger.log(`Wasn't a not found error: ${error.response.body.reason}`);
-        throw error;
-      }
-    }
-    try {
-      await this.kubeClient.deleteNamespacedSecret(this.secretName, this.namespace);
-    } catch (error: any) {
-      OrchestratorLogger.log(`Failed to cleanup secret`);
-      OrchestratorLogger.log(error.response.body.reason);
-    }
-    OrchestratorLogger.log('cleaned up Secret, Job and Pod');
-    OrchestratorLogger.log('cleaning up finished');
-  }
-
-  async cleanupWorkflow(
-    buildParameters: BuildParameters,
-    // eslint-disable-next-line no-unused-vars
-    branchName: string,
-    // eslint-disable-next-line no-unused-vars
-    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
-  ) {
-    if (BuildParameters && BuildParameters.shouldUseRetainedWorkspaceMode(buildParameters)) {
-      return;
-    }
-    OrchestratorLogger.log(`deleting PVC`);
-
-    try {
-      await this.kubeClient.deleteNamespacedPersistentVolumeClaim(this.pvcName, this.namespace);
-      await this.kubeClient.deleteNamespacedServiceAccount(this.serviceAccountName, this.namespace);
-      OrchestratorLogger.log('cleaned up PVC and Service Account');
-    } catch (error: any) {
-      OrchestratorLogger.log(`Cleanup failed ${JSON.stringify(error, undefined, 4)}`);
-      throw error;
-    }
-  }
-
-  static async findPodFromJob(kubeClient: CoreV1Api, jobName: string, namespace: string) {
-    const namespacedPods = await kubeClient.listNamespacedPod(namespace);
-    const pod = namespacedPods.body.items.find((x) => x.metadata?.labels?.['job-name'] === jobName);
-    if (pod === undefined) {
-      throw new Error("pod with job-name label doesn't exist");
-    }
-
-    return pod;
-  }
-}
-export default Kubernetes;

src/model/orchestrator/providers/k8s/kubernetes-job-spec-factory.ts

@@ -1,208 +0,0 @@
-import { V1EnvVar, V1EnvVarSource, V1SecretKeySelector } from '@kubernetes/client-node';
-import BuildParameters from '../../../build-parameters';
-import { CommandHookService } from '../../services/hooks/command-hook-service';
-import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
-import OrchestratorSecret from '../../options/orchestrator-secret';
-import Orchestrator from '../../orchestrator';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-
-class KubernetesJobSpecFactory {
-  static getJobSpec(
-    command: string,
-    image: string,
-    mountdir: string,
-    workingDirectory: string,
-    environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
-    buildGuid: string,
-    buildParameters: BuildParameters,
-    secretName: string,
-    pvcName: string,
-    jobName: string,
-    k8s: any,
-    containerName: string,
-    ip: string = '',
-  ) {
-    const endpointEnvironmentNames = new Set([
-      'AWS_S3_ENDPOINT',
-      'AWS_ENDPOINT',
-      'AWS_CLOUD_FORMATION_ENDPOINT',
-      'AWS_ECS_ENDPOINT',
-      'AWS_KINESIS_ENDPOINT',
-      'AWS_CLOUD_WATCH_LOGS_ENDPOINT',
-      'INPUT_AWSS3ENDPOINT',
-      'INPUT_AWSENDPOINT',
-    ]);
-
-    // Determine the LocalStack hostname to use for K8s pods
-    // Priority: K8S_LOCALSTACK_HOST env var > localstack-main (container name on shared network)
-    // Note: Using K8S_LOCALSTACK_HOST instead of LOCALSTACK_HOST to avoid conflict with awslocal CLI
-    const localstackHost = process.env['K8S_LOCALSTACK_HOST'] || 'localstack-main';
-    OrchestratorLogger.log(`K8s pods will use LocalStack host: ${localstackHost}`);
-
-    const adjustedEnvironment = environment.map((x) => {
-      let value = x.value;
-      if (
-        typeof value === 'string' &&
-        endpointEnvironmentNames.has(x.name) &&
-        (value.startsWith('http://localhost') || value.startsWith('http://127.0.0.1'))
-      ) {
-        // Replace localhost with the LocalStack container hostname
-        // When k3d and LocalStack are on the same Docker network, pods can reach LocalStack by container name
-        value = value
-          .replace('http://localhost', `http://${localstackHost}`)
-          .replace('http://127.0.0.1', `http://${localstackHost}`);
-        OrchestratorLogger.log(`Replaced localhost with ${localstackHost} for ${x.name}: ${value}`);
-      }
-
-      return { name: x.name, value } as OrchestratorEnvironmentVariable;
-    });
-
-    const job = new k8s.V1Job();
-    job.apiVersion = 'batch/v1';
-    job.kind = 'Job';
-    job.metadata = {
-      name: jobName,
-      labels: {
-        app: 'unity-builder',
-        buildGuid,
-      },
-    };
-
-    // Reduce TTL for tests to free up resources faster (default 9999s = ~2.8 hours)
-    // For CI/test environments, use shorter TTL (300s = 5 minutes) to prevent disk pressure
-    const jobTTL = process.env['orchestratorTests'] === 'true' ? 300 : 9999;
-    job.spec = {
-      ttlSecondsAfterFinished: jobTTL,
-      backoffLimit: 0,
-      template: {
-        spec: {
-          terminationGracePeriodSeconds: 90, // Give PreStopHook (60s sleep) time to complete
-          volumes: [
-            {
-              name: 'build-mount',
-              persistentVolumeClaim: {
-                claimName: pvcName,
-              },
-            },
-          ],
-          containers: [
-            {
-              ttlSecondsAfterFinished: 9999,
-              name: containerName,
-              image,
-              imagePullPolicy: process.env['orchestratorTests'] === 'true' ? 'IfNotPresent' : 'Always',
-              command: ['/bin/sh'],
-              args: [
-                '-c',
-                `${CommandHookService.ApplyHooksToCommands(`${command}\nsleep 2m`, Orchestrator.buildParameters)}`,
-              ],
-
-              workingDir: `${workingDirectory}`,
-              resources: {
-                requests: (() => {
-                  // Use smaller resource requests for lightweight hook containers
-                  // Hook containers typically use utility images like aws-cli, rclone, etc.
-                  const lightweightImages = ['amazon/aws-cli', 'rclone/rclone', 'steamcmd/steamcmd', 'ubuntu'];
-                  const isLightweightContainer = lightweightImages.some((lightImage) => image.includes(lightImage));
-
-                  if (isLightweightContainer && process.env['orchestratorTests'] === 'true') {
-                    // For test environments, use minimal resources for hook containers
-                    return {
-                      memory: '128Mi',
-                      cpu: '100m', // 0.1 CPU
-                    };
-                  }
-
-                  // For main build containers, use the configured resources
-                  const memoryMB = Number.parseInt(buildParameters.containerMemory);
-                  const cpuMB = Number.parseInt(buildParameters.containerCpu);
-
-                  return {
-                    memory: !Number.isNaN(memoryMB) && memoryMB > 0 ? `${memoryMB / 1024}G` : '750M',
-                    cpu: !Number.isNaN(cpuMB) && cpuMB > 0 ? `${cpuMB / 1024}` : '1',
-                  };
-                })(),
-              },
-              env: [
-                ...adjustedEnvironment.map((x) => {
-                  const environmentVariable = new V1EnvVar();
-                  environmentVariable.name = x.name;
-                  environmentVariable.value = x.value;
-
-                  return environmentVariable;
-                }),
-                ...secrets.map((x) => {
-                  const secret = new V1EnvVarSource();
-                  secret.secretKeyRef = new V1SecretKeySelector();
-                  secret.secretKeyRef.key = x.ParameterKey;
-                  secret.secretKeyRef.name = secretName;
-                  const environmentVariable = new V1EnvVar();
-                  environmentVariable.name = x.EnvironmentVariable;
-                  environmentVariable.valueFrom = secret;
-
-                  return environmentVariable;
-                }),
-                { name: 'LOG_SERVICE_IP', value: ip },
-              ],
-              volumeMounts: [
-                {
-                  name: 'build-mount',
-                  mountPath: `${mountdir}`,
-                },
-              ],
-              lifecycle: {
-                preStop: {
-                  exec: {
-                    command: [
-                      '/bin/sh',
-                      '-c',
-                      'sleep 60; cd /data/builder/action/steps && chmod +x /steps/return_license.sh 2>/dev/null || true; /steps/return_license.sh 2>/dev/null || true',
-                    ],
-                  },
-                },
-              },
-            },
-          ],
-          restartPolicy: 'Never',
-
-          // Add tolerations for CI/test environments to allow scheduling even with disk pressure
-          // This is acceptable for CI where we aggressively clean up disk space
-          tolerations: [
-            {
-              key: 'node.kubernetes.io/disk-pressure',
-              operator: 'Exists',
-              effect: 'NoSchedule',
-            },
-          ],
-        },
-      },
-    };
-
-    if (process.env['ORCHESTRATOR_MINIKUBE']) {
-      job.spec.template.spec.volumes[0] = {
-        name: 'build-mount',
-        hostPath: {
-          path: `/data`,
-          type: `Directory`,
-        },
-      };
-    }
-
-    // Set ephemeral-storage request to a reasonable value to prevent evictions
-    // For tests, don't set a request (or use minimal 128Mi) since k3d nodes have very limited disk space
-    // Kubernetes will use whatever is available without a request, which is better for constrained environments
-    // For production, use 2Gi to allow for larger builds
-    // The node needs some free space headroom, so requesting too much causes evictions
-    // With node at 96% usage and only ~2.7GB free, we can't request much without triggering evictions
-    if (process.env['orchestratorTests'] !== 'true') {
-      // Only set ephemeral-storage request for production builds
-      job.spec.template.spec.containers[0].resources.requests[`ephemeral-storage`] = '2Gi';
-    }
-
-    // For tests, don't set ephemeral-storage request - let Kubernetes use available space
-
-    return job;
-  }
-}
-export default KubernetesJobSpecFactory;

src/model/orchestrator/providers/k8s/kubernetes-pods.ts

@@ -1,194 +0,0 @@
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import { CoreV1Api } from '@kubernetes/client-node';
-class KubernetesPods {
-  public static async IsPodRunning(podName: string, namespace: string, kubeClient: CoreV1Api) {
-    const pods = (await kubeClient.listNamespacedPod(namespace)).body.items.filter((x) => podName === x.metadata?.name);
-    const running = pods.length > 0 && (pods[0].status?.phase === `Running` || pods[0].status?.phase === `Pending`);
-    const phase = pods[0]?.status?.phase || 'undefined status';
-    OrchestratorLogger.log(`Getting pod status: ${phase}`);
-    if (phase === `Failed`) {
-      const pod = pods[0];
-      const containerStatuses = pod.status?.containerStatuses || [];
-      const conditions = pod.status?.conditions || [];
-      const events = (await kubeClient.listNamespacedEvent(namespace)).body.items
-        .filter((x) => x.involvedObject?.name === podName)
-        .map((x) => ({
-          message: x.message || '',
-          reason: x.reason || '',
-          type: x.type || '',
-        }));
-
-      const errorDetails: string[] = [];
-      errorDetails.push(`Pod: ${podName}`, `Phase: ${phase}`);
-
-      if (conditions.length > 0) {
-        errorDetails.push(
-          `Conditions: ${JSON.stringify(
-            conditions.map((c) => ({ type: c.type, status: c.status, reason: c.reason, message: c.message })),
-            undefined,
-            2,
-          )}`,
-        );
-      }
-
-      let containerExitCode: number | undefined;
-      let containerSucceeded = false;
-
-      if (containerStatuses.length > 0) {
-        for (const [index, cs] of containerStatuses.entries()) {
-          if (cs.state?.waiting) {
-            errorDetails.push(
-              `Container ${index} (${cs.name}) waiting: ${cs.state.waiting.reason} - ${cs.state.waiting.message || ''}`,
-            );
-          }
-          if (cs.state?.terminated) {
-            const exitCode = cs.state.terminated.exitCode;
-            containerExitCode = exitCode;
-            if (exitCode === 0) {
-              containerSucceeded = true;
-            }
-            errorDetails.push(
-              `Container ${index} (${cs.name}) terminated: ${cs.state.terminated.reason} - ${
-                cs.state.terminated.message || ''
-              } (exit code: ${exitCode})`,
-            );
-          }
-        }
-      }
-
-      if (events.length > 0) {
-        errorDetails.push(`Recent events: ${JSON.stringify(events.slice(-5), undefined, 2)}`);
-      }
-
-      // Check if only PreStopHook failed but container succeeded
-      const hasPreStopHookFailure = events.some((event) => event.reason === 'FailedPreStopHook');
-      const wasKilled = events.some((event) => event.reason === 'Killing');
-      const hasExceededGracePeriod = events.some((event) => event.reason === 'ExceededGracePeriod');
-
-      // If container succeeded (exit code 0), PreStopHook failure is non-critical
-      // Also check if pod was killed but container might have succeeded
-      if (containerSucceeded && containerExitCode === 0) {
-        // Container succeeded - PreStopHook failure is non-critical
-        if (hasPreStopHookFailure) {
-          OrchestratorLogger.logWarning(
-            `Pod ${podName} marked as Failed due to PreStopHook failure, but container exited successfully (exit code 0). This is non-fatal.`,
-          );
-        } else {
-          OrchestratorLogger.log(
-            `Pod ${podName} container succeeded (exit code 0), but pod phase is Failed. Checking details...`,
-          );
-        }
-        OrchestratorLogger.log(`Pod details: ${errorDetails.join('\n')}`);
-
-        // Don't throw error - container succeeded, PreStopHook failure is non-critical
-        return false; // Pod is not running, but we don't treat it as a failure
-      }
-
-      // If pod was killed and we have PreStopHook failure, wait for container status
-      // The container might have succeeded but status hasn't been updated yet
-      if (wasKilled && hasPreStopHookFailure && (containerExitCode === undefined || !containerSucceeded)) {
-        OrchestratorLogger.log(
-          `Pod ${podName} was killed with PreStopHook failure. Waiting for container status to determine if container succeeded...`,
-        );
-
-        // Wait a bit for container status to become available (up to 30 seconds)
-        for (let index = 0; index < 6; index++) {
-          await new Promise((resolve) => setTimeout(resolve, 5000));
-          try {
-            const updatedPod = (await kubeClient.listNamespacedPod(namespace)).body.items.find(
-              (x) => podName === x.metadata?.name,
-            );
-            if (updatedPod?.status?.containerStatuses && updatedPod.status.containerStatuses.length > 0) {
-              const updatedContainerStatus = updatedPod.status.containerStatuses[0];
-              if (updatedContainerStatus.state?.terminated) {
-                const updatedExitCode = updatedContainerStatus.state.terminated.exitCode;
-                if (updatedExitCode === 0) {
-                  OrchestratorLogger.logWarning(
-                    `Pod ${podName} container succeeded (exit code 0) after waiting. PreStopHook failure is non-fatal.`,
-                  );
-
-                  return false; // Pod is not running, but container succeeded
-                } else {
-                  OrchestratorLogger.log(
-                    `Pod ${podName} container failed with exit code ${updatedExitCode} after waiting.`,
-                  );
-                  errorDetails.push(`Container terminated after wait: exit code ${updatedExitCode}`);
-                  containerExitCode = updatedExitCode;
-                  containerSucceeded = false;
-                  break;
-                }
-              }
-            }
-          } catch (waitError) {
-            OrchestratorLogger.log(`Error while waiting for container status: ${waitError}`);
-          }
-        }
-
-        // If we still don't have container status after waiting, but only PreStopHook failed,
-        // be lenient - the container might have succeeded but status wasn't updated
-        if (containerExitCode === undefined && hasPreStopHookFailure && !hasExceededGracePeriod) {
-          OrchestratorLogger.logWarning(
-            `Pod ${podName} container status not available after waiting, but only PreStopHook failed (no ExceededGracePeriod). Assuming container may have succeeded.`,
-          );
-
-          return false; // Be lenient - PreStopHook failure alone is not fatal
-        }
-        OrchestratorLogger.log(
-          `Container status check completed. Exit code: ${containerExitCode}, PreStopHook failure: ${hasPreStopHookFailure}`,
-        );
-      }
-
-      // If we only have PreStopHook failure and no actual container failure, be lenient
-      if (hasPreStopHookFailure && !hasExceededGracePeriod && containerExitCode === undefined) {
-        OrchestratorLogger.logWarning(
-          `Pod ${podName} has PreStopHook failure but no container failure detected. Treating as non-fatal.`,
-        );
-
-        return false; // PreStopHook failure alone is not fatal if container status is unclear
-      }
-
-      // Check if pod was evicted due to disk pressure - this is an infrastructure issue
-      const wasEvicted = errorDetails.some(
-        (detail) => detail.toLowerCase().includes('evicted') || detail.toLowerCase().includes('diskpressure'),
-      );
-      if (wasEvicted) {
-        const evictionMessage = `Pod ${podName} was evicted due to disk pressure. This is a test infrastructure issue - the cluster doesn't have enough disk space.`;
-        OrchestratorLogger.logWarning(evictionMessage);
-        OrchestratorLogger.log(`Pod details: ${errorDetails.join('\n')}`);
-        throw new Error(
-          `${evictionMessage}\nThis indicates the test environment needs more disk space or better cleanup.\n${errorDetails.join(
-            '\n',
-          )}`,
-        );
-      }
-
-      // Exit code 137 (128 + 9) means SIGKILL - container was killed by system (often OOM)
-      // If this happened with PreStopHook failure, it might be a resource issue, not a real failure
-      // Be lenient if we only have PreStopHook/ExceededGracePeriod issues
-      if (containerExitCode === 137 && (hasPreStopHookFailure || hasExceededGracePeriod)) {
-        OrchestratorLogger.logWarning(
-          `Pod ${podName} was killed (exit code 137 - likely OOM or resource limit) with PreStopHook/grace period issues. This may be a resource constraint issue rather than a build failure.`,
-        );
-
-        // Still log the details but don't fail the test - the build might have succeeded before being killed
-        OrchestratorLogger.log(`Pod details: ${errorDetails.join('\n')}`);
-
-        return false; // Don't treat system kills as test failures if only PreStopHook issues
-      }
-
-      const errorMessage = `K8s pod failed\n${errorDetails.join('\n')}`;
-      OrchestratorLogger.log(errorMessage);
-      throw new Error(errorMessage);
-    }
-
-    return running;
-  }
-  public static async GetPodStatus(podName: string, namespace: string, kubeClient: CoreV1Api) {
-    const pods = (await kubeClient.listNamespacedPod(namespace)).body.items.find((x) => podName === x.metadata?.name);
-    const phase = pods?.status?.phase || 'undefined status';
-
-    return phase;
-  }
-}
-
-export default KubernetesPods;

src/model/orchestrator/providers/k8s/kubernetes-role.ts

@@ -1,53 +0,0 @@
-import { RbacAuthorizationV1Api } from '@kubernetes/client-node';
-
-class KubernetesRole {
-  static async createRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {
-    // create admin kubernetes role and role binding
-    const roleBinding = {
-      apiVersion: 'rbac.authorization.k8s.io/v1',
-      kind: 'RoleBinding',
-      metadata: {
-        name: `${serviceAccountName}-admin`,
-        namespace,
-      },
-      subjects: [
-        {
-          kind: 'ServiceAccount',
-          name: serviceAccountName,
-          namespace,
-        },
-      ],
-      roleRef: {
-        apiGroup: 'rbac.authorization.k8s.io',
-        kind: 'Role',
-        name: `${serviceAccountName}-admin`,
-      },
-    };
-
-    const role = {
-      apiVersion: 'rbac.authorization.k8s.io/v1',
-      kind: 'Role',
-      metadata: {
-        name: `${serviceAccountName}-admin`,
-        namespace,
-      },
-      rules: [
-        {
-          apiGroups: ['*'],
-          resources: ['*'],
-          verbs: ['*'],
-        },
-      ],
-    };
-    const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding);
-    const roleResponse = await rbac.createNamespacedRole(namespace, role);
-
-    return { roleBindingResponse, roleResponse };
-  }
-
-  public static async deleteRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {
-    await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace);
-    await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace);
-  }
-}
-export { KubernetesRole };

src/model/orchestrator/providers/k8s/kubernetes-secret.ts

@@ -1,45 +0,0 @@
-import { CoreV1Api } from '@kubernetes/client-node';
-import OrchestratorSecret from '../../options/orchestrator-secret';
-import * as k8s from '@kubernetes/client-node';
-import OrchestratorLogger from '../../services/core/orchestrator-logger';
-import * as base64 from 'base-64';
-
-class KubernetesSecret {
-  static async createSecret(
-    secrets: OrchestratorSecret[],
-    secretName: string,
-    namespace: string,
-    kubeClient: CoreV1Api,
-  ) {
-    try {
-      const secret = new k8s.V1Secret();
-      secret.apiVersion = 'v1';
-      secret.kind = 'Secret';
-      secret.type = 'Opaque';
-      secret.metadata = {
-        name: secretName,
-      };
-      secret.data = {};
-      for (const buildSecret of secrets) {
-        secret.data[buildSecret.ParameterKey] = base64.encode(buildSecret.ParameterValue);
-      }
-      OrchestratorLogger.log(`Creating secret: ${secretName}`);
-      const existingSecrets = await kubeClient.listNamespacedSecret(namespace);
-      const mappedSecrets = existingSecrets.body.items.map((x) => {
-        return x.metadata?.name || `no name`;
-      });
-
-      OrchestratorLogger.log(
-        `ExistsAlready: ${mappedSecrets.includes(secretName)} SecretsCount: ${mappedSecrets.length}`,
-      );
-      await new Promise((promise) => setTimeout(promise, 15000));
-      await kubeClient.createNamespacedSecret(namespace, secret);
-      OrchestratorLogger.log('Created secret');
-    } catch (error) {
-      OrchestratorLogger.log(`Created secret failed ${error}`);
-      throw new Error(`Failed to create kubernetes secret`);
-    }
-  }
-}
-
-export default KubernetesSecret;

src/model/orchestrator/providers/k8s/kubernetes-service-account.ts

@@ -1,18 +0,0 @@
-import { CoreV1Api } from '@kubernetes/client-node';
-import * as k8s from '@kubernetes/client-node';
-
-class KubernetesServiceAccount {
-  static async createServiceAccount(serviceAccountName: string, namespace: string, kubeClient: CoreV1Api) {
-    const serviceAccount = new k8s.V1ServiceAccount();
-    serviceAccount.apiVersion = 'v1';
-    serviceAccount.kind = 'ServiceAccount';
-    serviceAccount.metadata = {
-      name: serviceAccountName,
-    };
-    serviceAccount.automountServiceAccountToken = true;
-
-    return kubeClient.createNamespacedServiceAccount(namespace, serviceAccount);
-  }
-}
-
-export default KubernetesServiceAccount;