Adds configurable control over the `.x86_64` file extension for
StandaloneLinux64 builds. Default is `false` (keep the extension),
matching Unity's native behavior.
Set `linux64RemoveExecutableExtension: true` to restore the
extensionless behavior from v4.
Rebased from kitlith's original PR #726. Default flipped for v5.
Closes#722
Co-Authored-By: kitlith <kitlith@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: quality-tightening (oxfmt + oxlint + tsc + vitest + husky + actionlint)
Standard rollout for unity-builder. Most of the work was porting 24
test files from jest 27 to vitest 4.
- prettier -> oxfmt
- eslint (with @typescript-eslint, github, jest, prettier, unicorn) ->
oxlint with eslint-plugin-unicorn
- jest 27 + jest-circus + ts-jest + @types/jest + @jest/globals ->
vitest 4 + vite 7 + @vitest/coverage-istanbul (jest config files
removed)
- new: tsgo --noEmit (alongside tsc fallback)
- lefthook (and lefthook.yml) -> husky 9 with the standard
scripts/ensure-husky.mjs self-heal pattern + lint-staged
- new: gitleaks, actionlint, shellcheck as mise-managed binaries
- TypeScript bumped target ES2020 -> ES2022 + lib ES2022 + DOM (for
Error.cause and modern globals)
Test migration (24 files):
- Bulk-converted jest.* -> vi.*; jest.Mocked -> Mocked from vitest;
jest.MockedFunction -> MockedFunction.
- Added vitest imports to all *.test.ts files (and __mocks__/*.ts)
that didn't have them.
- src/index.ts: extracted runMain() as a named export and gated the
module-level invocation behind NODE_ENV !== 'test'. The
index-plugin-features test now calls runMain() directly instead of
relying on jest's removed vi.isolateModules.
- index-plugin-features.test.ts: moved hoisted refs (mockPlugin,
mockLoadOrchestratorPlugin) into vi.hoisted() so vi.mock factories
can reference them. Replaced arrow constructor mock for ImageTag
with regular function() {...} (vitest 4 disallows arrows as ctors).
Replaced require('./model') / require('@actions/core') inside test
bodies with top-level imports.
- model/orchestrator-plugin.test.ts: dropped jest's '{ virtual: true }'
flag (vitest doesn't support it); replaced the
'mock factory throws' pattern with 'createPlugin throws' so vitest
doesn't wrap the error message at the assertion site.
- model/versioning.test.ts: stray jest.spyOn -> vi.spyOn; replaced
mockImplementation() with no args (jest pattern) by
mockResolvedValue('') / mockImplementation(() => undefined) where
the source expects a string return.
Workflow shell-quoting cleanup (actionlint):
- All bare $GITHUB_STEP_SUMMARY / $GITHUB_OUTPUT / $GITHUB_ENV
redirects quoted across 2 workflows (SC2086).
- s3://$AWS_STACK_NAME / s3://$BUCKET_NAME -> s3://"$AWS_STACK_NAME"
/ s3://"$BUCKET_NAME".
- 'for i in {1..N}; do ... done' loops where i isn't referenced in
the body renamed to 'for _ in' (SC2034).
- 'grep ... | wc -l' -> 'grep -c ...' (SC2126).
- Multiple consecutive '>> $file' redirects in
validate-community-plugins.yml summary block collapsed into a
single block redirect (SC2129).
- 'cat $file | python3 -c "..."' -> 'python3 -c "..." < $file'
(SC2002).
- http://${VAR}:port -> http://"${VAR}":port (SC2086).
tsgo: kept tsc --noEmit as the default 'typecheck' because
unity-builder publishes CommonJS for the GitHub Action consumer,
which conflicts with tsgo's bundler/node16 moduleResolution
requirement (per playbook trap #9). 'yarn typecheck:tsgo' is wired
up for when consumers move to ESM.
Caveats: 28 pre-existing oxlint warnings remain (mostly
typescript/no-explicit-any across the build-parameter shapes and
vitest/no-disabled-tests on 2 explicitly skipped scenarios). Per
playbook trap #22 the lint script drops --deny-warnings.
Verified locally: format clean, lint 0/28, typecheck clean,
test 340/342 (2 pre-existing skipped), actionlint clean across all
12 workflows.
* ci(unity-builder): fix Tests + Plugin Architecture Health on quality-tightening
Three issues surfaced in CI after the jest -> vitest port:
1. **Obsolete snapshot blocks Tests job.**
src/model/__snapshots__/versioning.test.ts.snap had two entries
for the same 'throws for invalid strategy' assertion: one in the
vitest format ('Versioning > determineBuildVersion > ...') and one
in the legacy jest format without the '>'. vitest correctly
regenerates the new one and flags the old one as obsolete; CI
runs without --update so 'Test Files 1 failed' even though all
343 tests passed. Removed the obsolete entry.
2. **'Plugin Architecture Health' workflow still calls jest.**
.github/workflows/validate-orchestrator.yml had two 'npx jest'
steps (orchestrator-plugin unit tests + orchestrator-standalone
tests). The unity-builder + orchestrator codebases are both on
vitest now. Replaced both with 'yarn vitest run'.
3. **jest-fail-on-console + src/jest.setup.ts left over.**
The earlier vitest port missed the jest-fail-on-console
integration. yarn install in CI surfaced
YN0002: doesn't provide @jest/globals (requested by
jest-fail-on-console). Removed jest-fail-on-console + jest.setup.ts;
added src/test/setup.ts with the equivalent vitest beforeEach
spies (same as unity-test-runner).
---------
Co-authored-by: frostebite <jas.f.ukcmti@gmail.com>
* chore: migrate to mise + bump yarn to 4.14.1 (yarn 1 -> 4)
- Pin Node and Yarn 4.14.1 in mise.toml
- Drop Volta from package.json
- Switch to corepack-managed yarn via packageManager field
- Regenerate yarn.lock from scratch (yarn 1 v1 format -> yarn 4 v9)
- enableScripts off (default); allowlist lefthook via dependenciesMeta
- Replace setup-node + cache:'yarn' across 4 yarn-using workflows
(integrity-check, validate-community-plugins, validate-orchestrator,
validate-orchestrator-integration) with the standard cache pattern
- Add yarn 4 (berry) gitignore rules
* chore: revert dist/ + build-tests workflow churn
Keep PR scoped to tooling migration only; dist/ rebuild and prettier
auto-wraps in build-tests-* workflows are unrelated drive-by changes.
* fix(ci): add missing eslint plugins + jest globals
Yarn 4 strict layout doesn't expose @typescript-eslint/eslint-plugin
or eslint-plugin-import which were resolved transitively under yarn 1.
Add them as explicit devDeps. Same for @jest/globals (used by
jest-fail-on-console).
Disable unicorn/no-useless-undefined which now fires on existing
mockResolvedValue(undefined) calls. The undefined arg is required by
@types/jest 27 typings (removing it breaks tsc), so the rule and the
typecheck disagree. Pre-existing under yarn 1 these calls compiled
because the eslint config was effectively non-functional (plugin
resolution failed silently) so the rule never ran.
* fix(ci): disable unicorn/no-useless-undefined
@types/jest 27 typings require explicit .mockResolvedValue(undefined),
which the rule wants removed; tsc and eslint disagreed. Disable the
rule to match upstream behaviour (it only fires now because yarn 4
exposes the eslint plugin tree that yarn 1 silently broke).
* ci: bump cache key to v2 to bust stale node_modules
The restore-key pattern matched an older cache that had @types/tar
+ minipass 3.x in node_modules from before the lockfile regen.
Fresh installs end up with that stale tree and tsc fails on
incompatible types. Versioning the key forces a clean cache.
* chore: actually revert dist/ to origin/main
Earlier revert commit only fixed workflows; dist/ stayed rebuilt.
The newer ncc bundle output triggers 2 high-severity CodeQL alerts
(URL substring sanitization + escape sanitization) that don't fire
on the main branch's dist/. Restore main's dist/ so CodeQL passes.
* ci: drop node_modules from yarn cache (stale-state fix)
Caching node_modules causes stale trees to leak across yarn.lock
changes (e.g. @types/tar persisting after a regen). Cache only the
yarn cacheFolder + install-state.gz; yarn install rebuilds
node_modules from those (fast).
* fix: remove concurrency block from reusable workflow to prevent deadlock
When integrity-check.yml calls validate-orchestrator-integration.yml via
workflow_call, both workflows resolve github.workflow to the same name
("Integrity"), creating identical concurrency groups. GitHub detects this
as a deadlock and cancels the run.
Fix: remove concurrency from the reusable workflow entirely — the caller
already manages concurrency for the group.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add optional argument to action
* Add useHostNetwork to Input class
* Adds useHostNetwork to BuildParameters
* Uses useHostNetwork in docker arguments for the linux command
* Adds tests for Inputs
* Tests for Build Parameters
* Use latests unity version for Xcode compatibility with modern versions
* chore: rebuild dist after rebase onto main
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: frostebite <jas.f.ukcmti@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When integrity-check.yml calls validate-orchestrator-integration.yml via
workflow_call, both workflows resolve github.workflow to the same name
("Integrity"), creating identical concurrency groups. GitHub detects this
as a deadlock and cancels the run.
Fix: remove concurrency from the reusable workflow entirely — the caller
already manages concurrency for the group.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When integrity-check.yml calls validate-orchestrator-integration.yml via
workflow_call, both workflows resolve github.workflow to the same name
("Integrity"), creating identical concurrency groups. GitHub detects this
as a deadlock and cancels the run.
Fix: remove concurrency from the reusable workflow entirely — the caller
already manages concurrency for the group.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(orchestrator): enterprise feature support — CLI provider, submodule profiles, caching, LFS, hooks
Add generic enterprise-grade features to the orchestrator, enabling Unity projects with
complex CI/CD pipelines to adopt game-ci/unity-builder with built-in support for:
- CLI provider protocol: JSON-over-stdin/stdout bridge enabling providers in any language
(Go, Python, Rust, shell) via the `providerExecutable` input
- Submodule profiles: YAML-based selective submodule initialization with glob patterns
and variant overlays (`submoduleProfilePath`, `submoduleVariantPath`)
- Local build caching: Filesystem-based Library and LFS caching for local builds without
external cache actions (`localCacheEnabled`, `localCacheRoot`)
- Custom LFS transfer agents: Register external transfer agents like elastic-git-storage
(`lfsTransferAgent`, `lfsTransferAgentArgs`, `lfsStoragePaths`)
- Git hooks support: Detect and install lefthook/husky with configurable skip lists
(`gitHooksEnabled`, `gitHooksSkipList`)
Also removes all `orchestrator-develop` branch references, replacing with `main`.
13 new action inputs, 13 new files, 14 new CLI provider tests, 17 submodule tests,
plus cache/LFS/hooks unit tests. All 452 tests pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): add experimental GCP Cloud Run and Azure ACI providers
Add two new cloud provider implementations for the orchestrator, both marked
as experimental:
- **GCP Cloud Run Jobs** (`providerStrategy: gcp-cloud-run`): Executes Unity
builds as Cloud Run Jobs with GCS FUSE for large artifact storage. Supports
configurable machine types, service accounts, and VPC connectors. 7 new inputs
(gcpProject, gcpRegion, gcpBucket, gcpMachineType, gcpDiskSizeGb,
gcpServiceAccount, gcpVpcConnector).
- **Azure Container Instances** (`providerStrategy: azure-aci`): Executes Unity
builds as ACI containers with Azure File Shares (Premium FileStorage) for
large artifact storage up to 100 TiB. Supports configurable CPU/memory,
VNet integration, and subscription targeting. 9 new inputs
(azureResourceGroup, azureLocation, azureStorageAccount, azureFileShareName,
azureSubscriptionId, azureCpu, azureMemoryGb, azureDiskSizeGb, azureSubnetId).
Both providers use their respective CLIs (gcloud, az) for infrastructure
management and support garbage collection of old build resources. No tests
included as these require real cloud infrastructure to validate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): multi-storage support for GCP and Azure providers
Both providers now support four storage backends via gcpStorageType / azureStorageType:
GCP Cloud Run:
- gcs-fuse: Mount GCS bucket as POSIX filesystem (unlimited, best for large sequential I/O)
- gcs-copy: Copy artifacts in/out via gsutil (simpler, no FUSE overhead)
- nfs: Filestore NFS mount (true POSIX, good random I/O, up to 100 TiB)
- in-memory: tmpfs (fastest, volatile, up to 32 GiB)
Azure ACI:
- azure-files: SMB file share mount (up to 100 TiB, premium throughput)
- blob-copy: Copy artifacts in/out via az storage blob (no mount overhead)
- azure-files-nfs: NFS 4.1 file share mount (true POSIX, no SMB lock overhead)
- in-memory: emptyDir tmpfs (fastest, volatile, limited by container memory)
New inputs: gcpStorageType, gcpFilestoreIp, gcpFilestoreShare, azureStorageType,
azureBlobContainer. Constructor validates storage config and warns on missing
prerequisites (e.g. NFS requires VPC connector/subnet).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): automatic provider fallback with runner availability check
Adds built-in load balancing: check GitHub runner availability before
builds start, auto-route to a fallback provider when runners are busy
or offline. Eliminates the need for a separate check-runner job.
New inputs: fallbackProviderStrategy, runnerCheckEnabled,
runnerCheckLabels, runnerCheckMinAvailable.
Outputs providerFallbackUsed and providerFallbackReason for workflow
visibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): add retry-on-fallback and provider init timeout
Adds retryOnFallback (retry failed builds on alternate provider) and
providerInitTimeout (swap provider if init takes too long). Refactors
run() into run()/runWithProvider() to support retry loop.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: format changed files with prettier
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test(orchestrator): expand local cache service test coverage
Adds tests for cache hit restore (picks latest tar), LFS cache
restore/save, garbage collection age filtering, and edge cases
like permission errors and empty directories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test(orchestrator): add runner availability service tests
Covers: no token skip, no runners fallback, busy/offline runners,
label filtering (case-insensitive), minAvailable threshold,
fail-open on API error, mixed runner states.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test(orchestrator): add unit tests for untested core services
Adds 64 new mock-based unit tests covering orchestrator services that
previously had zero test coverage:
- TaskParameterSerializer: env var format conversion, round-trip,
uniqBy deduplication, blocked params, default secrets
- FollowLogStreamService: build output message parsing — end of
transmission, build success/failure detection, error accumulation,
Library rebuild detection
- OrchestratorNamespace (guid): GUID generation format, platform
name normalization, nanoid uniqueness
- OrchestratorFolders: path computation for all folder getters,
ToLinuxFolder conversion, repo URL generation, purge flag detection
All tests are pure mock-based and run without any external
infrastructure (no LocalStack, K8s, Docker, or AWS).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci(orchestrator): add fast unit test gate to integrity workflow
Adds a fast-fail unit test step at the top of orchestrator-integrity,
right after yarn install and before any infrastructure setup (k3d,
LocalStack). Runs 113 mock-based orchestrator tests in ~5 seconds.
If serialization, path computation, log parsing, or provider loading
is broken, the workflow fails immediately instead of spending 30+
minutes setting up LocalStack and k3d clusters.
Tests included: orchestrator-guid, orchestrator-folders,
task-parameter-serializer, follow-log-stream-service,
runner-availability-service, provider-url-parser, provider-loader,
provider-git-manager, orchestrator-image, orchestrator-hooks,
orchestrator-github-checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test(orchestrator): expand unit tests for enterprise services
Add comprehensive tests for CLI provider (cleanupWorkflow, garbageCollect,
listWorkflow, watchWorkflow, stderr forwarding, timeout handling), local
cache service (saveLfsCache full path and error handling), git hooks service
(husky install, failure logging, edge cases), and LFS agent service (empty
storagePaths, validate logging). 73 tests across 4 test files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(orchestrator): use http.extraHeader for secure git authentication
Replace token-in-URL pattern with http.extraHeader for git clone and LFS
operations. The token no longer appears in clone URLs, git remote config,
or process command lines.
Add gitAuthMode input (default: 'header', legacy: 'url') so users can
fall back to the old behavior if needed.
Closes#785
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): add premade secret sources and YAML definitions
Add SecretSourceService with premade secret source integrations:
- aws-secrets-manager (with --query SecretString for direct value)
- aws-parameter-store (with --with-decryption)
- gcp-secret-manager (latest version)
- azure-key-vault (via $AZURE_VAULT_NAME env var)
- env (environment variables, no shell command needed)
- Custom commands (any string with {0} placeholder)
- YAML file definitions for custom sources
Add secretSource input that takes precedence over inputPullCommand.
Backward compatible — existing inputPullCommand behavior unchanged.
Closes#776
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(secrets): add HashiCorp Vault as first-class premade secret source
Adds three Vault entries: hashicorp-vault (KV v2), hashicorp-vault-kv1
(KV v1), and vault (short alias). Uses VAULT_ADDR for server address and
VAULT_MOUNT env var for configurable mount path (defaults to 'secret').
Refs #776
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(lfs): add built-in elastic-git-storage support with auto-install
First-class support for elastic-git-storage as a custom LFS transfer
agent. When lfsTransferAgent is set to "elastic-git-storage" (or
"elastic-git-storage@v1.0.0" for a specific version), the service
automatically finds or installs the agent from GitHub releases, then
configures it via git config.
Supports version pinning via @version suffix in the agent value,
eliminating the need for a separate version parameter. Platform and
architecture detection handles linux/darwin/windows on amd64/arm64.
37 unit tests covering detection, PATH lookup, installation, version
parsing, and configuration delegation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(hooks): add Unity Git Hooks integration and runHookGroups
Built-in support for Unity Git Hooks (com.frostebite.unitygithooks):
- Auto-detect UPM package in Packages/manifest.json
- Run init-unity-lefthook.js before hook installation
- Set CI-friendly env vars (disable background project mode)
New gitHooksRunBeforeBuild input runs specific lefthook groups before
the Unity build, allowing CI to trigger pre-commit or pre-push checks
that normally only fire on git events.
35 unit tests covering detection, init, CI env, group execution, and
failure handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): add test workflow engine placeholder
Initial scaffold for the test workflow engine service directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): add hot runner protocol placeholder
Initial scaffold for the runner registration and hot editor provider module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): generic artifact system — output types, manifests, and collection service
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): incremental sync protocol — git delta, direct input, and storage-backed sync
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: community plugin validation workflow (#800)
Add scheduled workflow that validates community Unity packages compile
and build correctly using unity-builder. Runs weekly on Sunday.
Includes:
- YAML plugin registry (community-plugins.yml) for package listings
- Matrix expansion across plugins and platforms
- Automatic failure reporting via GitHub issues
- Manual trigger with plugin filter and Unity version override
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): CI platform providers — Remote PowerShell, GitHub Actions, GitLab CI, Ansible
Add four new providers that delegate builds to external CI platforms:
- remote-powershell: Execute on remote machines via WinRM/SSH
- github-actions: Dispatch workflow_dispatch on target repository
- gitlab-ci: Trigger pipeline via GitLab API
- ansible: Run playbooks against managed inventory
Each follows the CI-as-a-provider pattern: trigger remote job,
pass build parameters, stream logs, report status.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix prettier formatting and eslint errors on test files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(orchestrator): build reliability features — git integrity, reserved filename cleanup, archival
Add three optional reliability features for hardening CI pipelines:
- Git corruption detection & recovery (fsck, stale lock cleanup,
submodule backing store validation, auto-recovery)
- Reserved filename cleanup (removes Windows device names that
cause Unity asset importer infinite loops)
- Build output archival with configurable retention policy
All features are opt-in and fail gracefully with warnings only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(reliability): implement build reliability service with git integrity, reserved filename cleanup, and build archival
Adds BuildReliabilityService with the following capabilities:
- checkGitIntegrity(): runs git fsck --no-dangling and parses output for corruption
- cleanStaleLockFiles(): removes stale .lock files older than 10 minutes
- validateSubmoduleBackingStores(): validates .git files point to valid backing stores
- recoverCorruptedRepo(): orchestrates fsck, lock cleanup, re-fetch, retry fsck
- cleanReservedFilenames(): removes Windows reserved filenames (con, prn, aux, nul, com1-9, lpt1-9)
- archiveBuildOutput(): creates tar.gz archive of build output
- enforceRetention(): deletes archives older than retention period
- configureGitEnvironment(): sets GIT_TERMINAL_PROMPT=0, http.postBuffer, core.longpaths
Wired into action.yml as opt-in inputs, with pre-build integrity checks and
post-build archival in the main entry point.
Includes 29 unit tests covering success and failure cases for all methods.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test(providers): add comprehensive unit tests for GitHub Actions, GitLab CI, PowerShell, and Ansible providers (#806)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(hot-runner): implement hot runner protocol with registry, health monitoring, and job dispatch (#791)
Adds persistent Unity editor instance support to reduce build iteration time
by eliminating cold-start overhead. Includes:
- HotRunnerTypes: interfaces for config, status, job request/result, transport
- HotRunnerRegistry: in-memory runner management with file-based persistence
- HotRunnerHealthMonitor: periodic health checks, idle recycling, job-count recycling
- HotRunnerDispatcher: job routing with wait-for-runner, timeout, and output streaming
- HotRunnerService: high-level API integrating registry, health, and dispatch
- 34 unit tests covering registration, filtering, health, dispatch, timeout, fallback
- action.yml inputs for hot runner configuration (7 new inputs)
- Input/BuildParameters integration for hot runner settings
- index.ts wiring with cold-build fallback when hot runner unavailable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(artifacts): complete generic artifact system with upload handlers, tests, and action integration (#798)
- Add ArtifactUploadHandler with support for github-artifacts, storage (rclone),
and local copy upload targets, including large file chunking for GitHub Artifacts
- Add 44 unit tests covering OutputTypeRegistry, OutputService, and
ArtifactUploadHandler (config parsing, upload coordination, file collection)
- Add 6 new action.yml inputs for artifact configuration
- Add artifactManifestPath action output
- Wire artifact collection and upload into index.ts post-build flow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(testing): implement test workflow engine with YAML suites, taxonomy filtering, and structured results (#790)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(sync): complete incremental sync protocol with storage-pull, state management, and tests (#799)
- Add storage-pull strategy: rclone-based sync from remote storage with
overlay and clean modes, URI parsing (storage://remote:bucket/path),
transfer parallelism, and automatic rclone availability checking
- Add SyncStateManager: persistent state load/save with configurable
paths, workspace hash calculation via SHA-256 of key project files,
and drift detection for external modification awareness
- Add action.yml inputs: syncStrategy, syncInputRef, syncStorageRemote,
syncRevertAfter, syncStatePath with sensible defaults
- Wire sync into Input (5 getters), BuildParameters (5 fields), index.ts
(local build path), and RemoteClient (orchestrator path) with post-job
overlay revert when syncRevertAfter is true
- Add 42 unit tests covering all strategies, URI parsing, state
management, hash calculation, drift detection, error handling, and
edge cases (missing rclone, invalid URIs, absent state, empty diffs)
- Add root:true to eslintrc to prevent plugin resolution conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(cache): add child workspace isolation for multi-product CI builds (#777)
Implement two-level workspace isolation pattern for enterprise-scale CI:
- Atomic O(1) workspace restore via filesystem move (no tar/download/extract)
- Separate Library caching for independent restore
- .git preservation for delta operations
- Stale workspace cleanup with configurable retention policies
- 5 new action inputs: childWorkspacesEnabled, childWorkspaceName,
childWorkspaceCacheRoot, childWorkspacePreserveGit,
childWorkspaceSeparateLibrary
- 28 unit tests covering all service methods
This enables enterprise CI where workspaces are 50GB+ and traditional
caching via actions/cache is impractical. On NTFS, workspace restore
is O(1) via atomic rename when source and destination are on the same volume.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(testing): use async exec for parallel test group execution
Replace execSync with promisified exec so Promise.all actually runs
test groups in parallel. Add native timeout support via exec options.
Add 50MB maxBuffer for large Unity output. Fix ESLint violations
(variable naming, padding lines, array push consolidation).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(cli-provider): add timeout protection for external CLI processes
Prevent builds from hanging indefinitely when CLI provider subprocess
is unresponsive. Default 2h for runTaskInWorkflow, 1h for watchWorkflow.
Graceful SIGTERM with 10s grace before SIGKILL.
- Added RUN_TASK_TIMEOUT_MS (2 hours) and WATCH_WORKFLOW_TIMEOUT_MS (1 hour)
- Added gracefulKill helper: SIGTERM first, SIGKILL after 10s grace period
- runTaskInWorkflow and watchWorkflow now have timeout protection
- Existing execute() method upgraded to use gracefulKill
- core.error() called with clear human-readable timeout message
- Added comprehensive tests: timeout triggers, SIGKILL escalation,
grace period cancellation on voluntary exit, normal completion
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(secrets): prevent shell injection in secret key names and mask values
- Validate secret key names against alphanumeric allowlist before shell interpolation
- Apply validation in both SecretSourceService.fetchSecret() and legacy queryOverride()
- Mask fetched secret values with core.setSecret() to prevent log exposure
- Add 20 new tests for validation and masking
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: rebuild dist for cli-provider timeout changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(artifacts): validate rclone availability before storage upload
Check for rclone binary before attempting storage-based uploads.
Validate storage destination URI format (remoteName:path).
Provide clear error message with install link when rclone is missing.
Fail gracefully instead of cryptic ENOENT crash.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(load-balancing): add pagination limits and rate-limit detection
Cap pagination at 100 pages (10,000 runners max), detect GitHub API
rate limiting (403/429) with reset time reporting, add 30-second total
timeout for pagination loop. Log clear diagnostic when no runners found
suggesting possible causes (token permissions, runner registration).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(reliability): add disk space validation before build archival
Check available disk space (cross-platform: wmic/df) before archive
operations to prevent data loss on full disks. Skip archival with
warning if insufficient space (10% safety margin). Clean up partial
archives on tar failure. Proceed with warning when space check fails.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(hot-runner): validate persisted registry state and add dispatcher safeguards
Validate runner entries when loading from hot-runners.json. Discard
corrupted entries with warnings. Add validateAndRepair() method for
runtime recovery. Validate data before persisting to prevent writing
corrupt state. Handle corrupt persistence files (invalid JSON)
gracefully. Rewrite executeWithTimeout using Promise.race to clean up
transport connections on timeout. Fix pre-existing ESLint violations
in dispatcher and test files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(providers): add polling timeouts, fix credential parsing, validate dependencies
- GitHub Actions: max 4-hour polling with clear timeout error including run URL
- GitLab CI: max 4-hour polling with clear timeout error including pipeline URL
- Remote PowerShell: fix credential split to preserve passwords with colons
(split on first colon only instead of all colons)
- Remote PowerShell: throw clear error when credential format is invalid
- Ansible: validate ansible-playbook binary exists in setupWorkflow
(separate from ansible --version check)
- All timeout errors use core.error() for GitHub Actions annotation visibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: rebuild dist for provider timeout and credential fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: prettier formatting for orchestrator-folders-auth test
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: split orchestrator integrity into parallel jobs for faster validation
Rewrite the monolith orchestrator-integrity.yml (1110 lines, single job,
3+ hour sequential execution) into 4 parallel jobs that run on separate
runners:
- k8s-tests: k3d cluster + LocalStack, 5 tests
- aws-provider-tests: LocalStack only, 10 tests
- local-docker-tests: Docker + LocalStack for S3 tests, 9 tests
- rclone-tests: rclone + LocalStack, 1 test
Key improvements:
- Wall-clock time drops from ~3h to ~1h (longest single job)
- Disk exhaustion eliminated: each job gets its own fresh 14GB runner
- Cleanup logic deduplicated via sourced shell functions instead of
15 copy-pasted 30-line blocks
- K3d node image cleanup only runs in the k8s job (where it matters)
- Light cleanup (cache + docker prune -f) between tests; heavy cleanup
(prune -af --volumes) only at job boundaries
- workflow_call interface unchanged; integrity-check.yml needs no changes
Ref: #794
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix prettier formatting
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix prettier formatting
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix prettier formatting
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix prettier formatting
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix prettier formatting
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add official game-ci CLI with build, activate, and orchestrate commands
Introduces a yargs-based CLI entry point (src/cli.ts) distributed as the
`game-ci` command. The CLI reuses existing unity-builder modules — Input,
BuildParameters, Orchestrator, Docker, MacBuilder — so the same build
engine powers both the GitHub Action and the standalone CLI.
Commands: build, activate, orchestrate, cache (list/restore/clear),
status, version.
Closes#812
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(cli): add npm publish workflow and CLI tests
Add .github/workflows/publish-cli.yml for publishing the CLI to npm on
release or via manual workflow_dispatch with dry-run support.
Add comprehensive test coverage for the CLI:
- input-mapper.test.ts: 16 tests covering argument mapping, boolean
conversion, yargs internal property filtering, and Cli.options population
- commands.test.ts: 26 tests verifying command exports, builder flags,
default values, and camelCase aliases for all six commands
- cli-integration.test.ts: 8 integration tests spawning the CLI process
to verify help output, version info, and error handling
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(cli): add release workflow, install scripts, and self-update command
Replace the npm-only publish-cli.yml with a comprehensive release-cli.yml
that builds standalone binaries via pkg for all platforms (Linux/macOS/Windows,
x64/arm64), uploads them as GitHub Release assets with SHA256 checksums,
and retains npm publish as an optional job.
Add curl-pipe-sh installer (install.sh) and PowerShell installer (install.ps1)
for one-liner installation from GitHub Releases. Both scripts auto-detect
platform/architecture, verify checksums, and guide PATH configuration.
Add `game-ci update` command for self-updating standalone binaries: checks
GitHub releases for newer versions, downloads the correct platform binary,
verifies it, and atomically replaces the running executable.
Distribution strategy: GitHub Releases (primary), npm (optional), with
winget/Homebrew/Chocolatey/Scoop as future providers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(cli): address review findings — exit codes, missing inputs, null safety
- Add process.exit(1) in cli.ts catch block so failures produce non-zero exit codes
- Add 6 missing build inputs: containerRegistryRepository, containerRegistryImageVersion,
dockerIsolationMode, sshPublicKeysDirectoryPath, cacheUnityInstallationOnMac, unityHubVersionOnMac
- Add 6 missing orchestrate inputs: kubeStorageClass, readInputFromOverrideList,
readInputOverrideCommand, postBuildSteps, preBuildSteps, customJob
- Fix activate command description to accurately reflect verification behavior
- Add null check before accessing result.BuildResults in orchestrate handler
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: split orchestrator integrity into 4 parallel jobs to fix timeout
The monolithic orchestrator-integrity workflow runs 25+ tests sequentially
in a single job, consistently hitting the 60-minute timeout on PR runs.
Split into 4 parallel jobs (k8s, aws-provider, local-docker, rclone) each
on its own runner, cutting wall-clock time from 3+ hours to ~1 hour and
eliminating disk space exhaustion from shared runner contention.
Adopts the parallel architecture from PR #809.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add integration branch update scripts for release/lts-2.0.0
* ci: set macOS builds to continue-on-error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add release/lts-infrastructure to update-all script
* ci: set macOS builds to continue-on-error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: make git hooks opt-in only — do not modify hooks when disabled
Remove the else branch that actively called GitHooksService.disableHooks()
for every user where gitHooksEnabled was false (the default). This was a
breaking change that silently modified core.hooksPath to point at an empty
directory, disabling any existing git hooks (husky, lefthook, pre-commit, etc.).
When gitHooksEnabled is false (default), the action now does nothing
regarding hooks — exactly matching the behavior on main before the hooks
feature was added. The hooks feature only activates when users explicitly
set gitHooksEnabled: true.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: add integration wiring and input parsing tests for enterprise features
Add three test files covering the two highest-priority gaps in PR #777:
1. src/index-enterprise-features.test.ts (21 tests) - Integration wiring
tests for index.ts that verify conditional gating of all enterprise
services (GitHooks, LocalCache, ChildWorkspace, SubmoduleProfile,
LfsAgent). Tests that disabled features (default) are never invoked,
enabled features call the correct service methods, and the order of
operations is correct (restore before build, save after build).
Also tests non-local provider strategy skips all enterprise features.
2. src/model/enterprise-inputs.test.ts (103 tests) - Input/BuildParameters
wiring tests for all 20 new enterprise properties. Covers defaults,
explicit values, and boolean string parsing edge cases (the #1 source
of bugs: 'false' as truthy, 'TRUE' case sensitivity, '1', 'yes').
Verifies BuildParameters.create() correctly maps all Input getters.
3. src/model/orchestrator/services/submodule/submodule-profile-service.test.ts
(5 new tests) - Command construction safety tests for execute(),
documenting how paths, branches, and tokens are passed into git
commands and verifying the expected command strings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: mark failed macOS builds as neutral instead of failure
Use the Checks API to flip failed macOS build conclusions to neutral
(gray dash) so unstable builds don't show red X marks on PRs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert: restore build-tests-mac.yml to match main
Stop modifying the macOS build workflow — leave it identical to main.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(test): add gitAuthMode to orchestrator-folders test mock
The test mock was missing gitAuthMode, causing useHeaderAuth to
default to true and strip the token from repo URLs. Adding
gitAuthMode: 'url' restores the expected URL-mode behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): bump node version to 20 in integrity-check
yargs@18.0.0 requires Node >=20.19.0, so Node 18 is no longer
compatible.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: downgrade yargs to ^17.7.2 and revert Node to 18 for CI compatibility
yargs@18 requires Node >=20.19.0 which is incompatible with CI's Node 18.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(cli): move cache command under orchestrate subcommand
Cache is an orchestrator feature, so it belongs under `game-ci orchestrate cache`
rather than as a top-level `game-ci cache` command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: add orchestrator compatibility validation workflow
Runs on PRs that touch orchestrator source or bridge files.
Validates:
- Orchestrator source files are in sync with standalone repo
- Bridge file exports exist in both repos
- Orchestrator tests pass in both unity-builder and standalone contexts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: route orchestrator through plugin loader
Replace 8 direct orchestrator service imports with a thin plugin loader.
- loadOrchestrator(): loads remote build orchestration
- loadEnterpriseServices(): loads enterprise features for local builds
All functionality is preserved; only the import mechanism changes.
This is the first step toward making orchestrator an optional dependency.
Includes comprehensive integration tests for enterprise feature wiring
that verify gating logic, call ordering, and provider strategy routing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract orchestrator — delete 30k lines, decouple all imports
Remove the entire src/model/orchestrator/ directory (148 files, ~30k lines)
and refactor all dependent code to use the plugin loader pattern.
Key changes:
- build-parameters.ts: replace OrchestratorOptions with Input.getInput()
- input.ts: remove OrchestratorQueryOverride input source
- github.ts: strip to minimal class (only githubInputEnabled remains)
- cli/cli.ts: remove orchestrator CLI commands, simplify to core structure
- input-readers/*: replace OrchestratorSystem.Run with child_process.exec
- orchestrator-plugin.ts: import from @game-ci/orchestrator package
- orchestrate.ts, build.ts: use plugin loader instead of direct imports
- index.ts: inline SyncStrategy type, fix implicit any types
- Add type declarations for @game-ci/orchestrator
- Remove orchestrator-only npm dependencies (AWS SDK, K8s, etc.)
- Remove orchestrator-specific npm scripts and CI workflows
- Update validate-orchestrator.yml for external repo validation
All enterprise features gracefully degrade when @game-ci/orchestrator
is not installed — the plugin loader returns undefined and optional
chaining in index.ts skips all enterprise service calls.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: move CLI to orchestrator, fix validate-orchestrator workflow
- Delete src/cli.ts, src/cli/ (commands, tests, input-mapper) — moved
to game-ci/orchestrator repo (PR #813 reference)
- Delete .github/workflows/release-cli.yml — moved to orchestrator
- Remove bin, pkg, yargs, @types/yargs, pkg from package.json
- Fix validate-orchestrator.yml:
- Build TypeScript before running require() smoke tests
- Remove || echo fallback that swallowed errors
- Add smoke test that installs orchestrator via npm pack and
verifies loadOrchestrator() returns defined exports
Legacy src/model/cli/ (Cli class, CliFunctionsRepository) preserved —
used by Input.getInput() and build-parameters.ts on main.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): remove reference to deleted orchestrator-integrity.yml
The orchestrator job in integrity-check.yml called the deleted
orchestrator-integrity.yml workflow, causing CI failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): use --legacy-peer-deps for orchestrator install in validation
The orchestrator package brings eslint dependencies that conflict with
unity-builder's peer deps. Since this install is only for smoke-testing
the plugin loader, --legacy-peer-deps is safe here.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: remove temporary delete-me scripts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(ci): add orchestrator integration tests and plugin interface tests
- Add validate-orchestrator-integration.yml with 3 parallel jobs:
plugin-interface (unit tests + smoke tests), k8s-integration
(k3d + localstack), and aws-integration (localstack only)
- Add orchestrator-plugin.test.ts with 15 unit tests covering
loadOrchestrator() and loadEnterpriseServices() for both
installed and not-installed states
- Disk space management follows proven patterns from orchestrator
repo (parallel jobs, aggressive cleanup between tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): add build step to k8s and aws integration jobs
The orchestrator tests need compiled output (dist/index.js) to exist
before running integration tests that spawn containers/k8s jobs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): add refactor/** branch pattern and workflow_dispatch to orchestrator workflows
The refactor/orchestrator-extraction branch was not matching the
feature/** pattern, preventing the integration workflow from running
after fix commits were pushed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(ci): split orchestrator tests into per-PR health checks and nightly exhaustive suite
validate-orchestrator.yml (per-PR, ~5 min):
- Plugin architecture health: compilation, unit tests, plugin loader
graceful degradation, installed service validation, type declaration checks
validate-orchestrator-integration.yml (daily 3 AM UTC cron, ~1-2h):
- 5 parallel jobs mirroring orchestrator-integrity.yml:
plugin-interface, k8s (5 tests), aws (10 tests),
local-docker (9 tests), rclone (1 test)
- Full LocalStack + k3d integration coverage
- continue-on-error on known flaky end2end tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: add yarn.lock to validate-orchestrator path filters
Ensure orchestrator validation runs when yarn.lock changes, since
dependency updates can affect plugin compatibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: move install scripts to orchestrator repo
Install scripts now live at game-ci/orchestrator where the CLI releases
are published. Removed from unity-builder to avoid duplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Potential fix for code scanning alert no. 78: Workflow does not contain permissions
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* refactor: rename enterprise services to plugin services
The orchestrator is a plugin, not an enterprise feature. Renamed
loadEnterpriseServices -> loadPluginServices and all related variables,
types, log messages, and test descriptions to use "plugin" terminology.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): update workflow references from loadEnterpriseServices to loadPluginServices
CI workflows still referenced the old function name after the rename.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: remove (Nightly) from integration tests workflow name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: only suppress module-not-found errors in plugin loader
Previously both loadOrchestrator() and loadPluginServices() caught all
errors, masking real failures like syntax errors or missing transitive
dependencies. Now only MODULE_NOT_FOUND / ERR_MODULE_NOT_FOUND errors
are suppressed; all other exceptions are rethrown.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: add smoke test for orchestrator build wiring
Verifies end-to-end that loadOrchestrator().run() is correctly wired
to Orchestrator.run(), BuildParameters.create() produces valid config,
and plugin services resolve to real implementations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: wire orchestrator integration tests into integrity check
- Add workflow_call trigger to validate-orchestrator-integration.yml
so other workflows can invoke the exhaustive test suite
- Add orchestrator-integration job to integrity-check.yml that runs
on pushes to main (skipped on PRs to avoid 1-2h CI time)
- Daily cron + manual dispatch remain as fallback triggers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): pin LocalStack to v3.8.1 for AWS SDK v3 compatibility
localstack:latest (v4.14+) returns JSON responses for some S3 operations,
but @aws-sdk/client-s3 v3.779+ uses AwsRestXmlProtocol which expects XML.
This breaks all SharedWorkspaceLocking tests (locking, e2e caching,
retaining). Pin to v3.8.1 (last v3 release) where the S3 provider
returns proper XML responses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert: restore localstack:latest now that SDK is pinned
The S3 deserialization issue was caused by @aws-sdk/client-s3 v3.1005
(schema-based AwsRestXmlProtocol), not LocalStack's version. The SDK
is now pinned to ~3.779.0 in the orchestrator repo, so localstack:latest
works correctly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: reorder AWS integration tests to prevent workspace corruption
Move mandatory tests (caching, locking-core, locking-get-locked) before
continue-on-error e2e tests. The e2e tests can corrupt the workspace
(delete package.json), which was causing subsequent mandatory tests to
fail with "Couldn't find a package.json".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: plugin lifecycle interface for orchestrator extraction
Replace hardcoded orchestrator params with a lifecycle-based plugin
interface. The orchestrator reads its own config from env vars —
unity-builder just calls 6 hooks (initialize, canHandleBuild,
handleBuild, beforeLocalBuild, afterLocalBuild, handlePostBuild).
Removes ~2900 lines from unity-builder (93 BuildParameters fields,
346 Input getters, 70 action.yml inputs, 400 lines of service
orchestration in index.ts).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: align CI workflow with actual loadOrchestratorPlugin export
The validate-orchestrator workflows referenced loadOrchestrator and
loadPluginServices which don't exist — the source exports
loadOrchestratorPlugin. Updated all CI steps to use the correct
function name and test the actual OrchestratorPlugin lifecycle interface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: checkout matching orchestrator branch in CI validation
The validate-orchestrator workflow was always checking out the main
branch of game-ci/orchestrator. When both repos have changes on a
feature branch (e.g. refactor/orchestrator-extraction), the CI needs
to use the matching branch. Falls back to main if the branch doesn't
exist in the orchestrator repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: add run-integration label to trigger full integration tests on PRs
PRs labeled `run-integration` now run the full orchestrator integration
suite (K8s, AWS, local-docker, rclone via LocalStack + k3d). Without the
label, integration tests only run on push to main and the daily cron.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: checkout matching orchestrator branch in integration tests
Try the matching branch name (e.g. refactor/orchestrator-extraction)
from game-ci/orchestrator first, falling back to main. This allows
testing cross-repo changes before merging to orchestrator main.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: switch from LocalStack to MiniStack for AWS mock services
LocalStack community edition was discontinued (2026.03.0+) and now
requires a paid license for ECS, CloudFormation, Kinesis, and other
services used in integration tests.
Switch to MiniStack (MIT, free, ministackorg/ministack) which provides
all 40+ AWS services on the same port 4566 with backward-compatible
health endpoints. ~10x smaller image, ~2s startup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add sync-secrets workflow for sibling repositories
Manually-triggered workflow that copies secrets (Unity credentials,
AWS/GCP tokens, Codecov) from unity-builder to orchestrator or cli repos.
Supports dry-run mode. Folded from PR #825.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Potential fix for pull request finding 'CodeQL / Workflow does not contain permissions'
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* fix: add UNITY_LICENSE and NPM_TOKEN to sync-secrets, don't block on failures
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: remove LOCALSTACK_AUTH_TOKEN from sync-secrets workflow
MiniStack doesn't require an auth token.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* ci(windows): add Docker daemon readiness check before build
Add a proactive Docker daemon health check step to the Windows build
workflow. The windows-2022 runner images sometimes have the Docker
service in a stopped or starting state, causing the first build attempt
to fail on Docker operations.
The new step polls the Docker service for up to 60 seconds, actively
starting it if stopped, before proceeding to the build. This is faster
and more diagnostic than relying solely on the existing retry loop
(which sleeps 120-240s between full re-runs of the action).
The existing retry pattern is kept as defense-in-depth since it also
handles non-Docker transient failures (Unity licensing, network, etc).
Ref: actions/runner-images#13729
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: apply Prettier formatting to workflow files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: pass Unity license secrets to AWS ECS container via RunTask overrides
The AWS provider was not passing UNITY_EMAIL, UNITY_PASSWORD, and
UNITY_SERIAL to the ECS container as environment variables. These
secrets were only sent to CloudFormation Secrets Manager, but the
template generation produced duplicate YAML Secrets keys (one per
secret), causing only the last secret to survive. The activate.sh
script requires all three to be present simultaneously.
This fix merges secrets into the ECS RunTask containerOverrides
environment array, matching how the docker and k8s providers already
handle secrets. The CloudFormation Secrets Manager path is preserved
as a secondary mechanism.
Fixes license activation failure when using providerStrategy: aws.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Pin LocalStack to 4.4.0 (pre-auth-token requirement)
As of 2026-03-23, localstack/localstack:latest requires an auth token
even for community features. Pin to 4.4.0 (last community release
before the single-image migration) to restore CI.
See: https://blog.localstack.cloud/localstack-single-image-next-steps/
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Rename "Cloud Runner" to "Orchestrator" across entire codebase
Breaking change: All CloudRunner classes, options, environment variables,
and action.yml inputs have been renamed to Orchestrator equivalents.
- Renamed src/model/cloud-runner/ directory to src/model/orchestrator/
- Renamed all cloud-runner-* files to orchestrator-*
- Renamed all CloudRunner* classes to Orchestrator* (15+ classes)
- Renamed all cloudRunner* properties to orchestrator* equivalents
- Renamed CLOUD_RUNNER_* env vars to ORCHESTRATOR_*
- Updated action.yml [CloudRunner] markers to [Orchestrator]
- Updated workflow files and package.json test scripts
- Updated all runtime strings (cache paths, log messages, branch refs)
- Rebuilt dist/index.js
No backward compatibility layer is provided.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Remove tracked log/temp files and add to .gitignore
Remove $LOG_FILE and temp/job-log.txt debug artifacts that should
not be in the repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Enhance LFS file pulling with token fallback mechanism
- Implemented a primary attempt to pull LFS files using GIT_PRIVATE_TOKEN.
- Added a fallback mechanism to use GITHUB_TOKEN if the initial attempt fails.
- Configured git to replace SSH and HTTPS URLs with token-based authentication for the fallback.
- Improved error handling to log specific failure messages for both token attempts.
This change ensures more robust handling of LFS file retrieval in various authentication scenarios.
* Update GitHub Actions permissions in CI pipeline
- Added permissions for packages, pull-requests, statuses, and id-token to enhance workflow capabilities.
- This change improves the CI pipeline's ability to manage pull requests and access necessary resources.
* Enhance LFS file pulling by configuring git for token-based authentication
- Added configuration to use GIT_PRIVATE_TOKEN for git operations, replacing SSH and HTTPS URLs with token-based authentication.
- Improved error handling to ensure GIT_PRIVATE_TOKEN availability before attempting to pull LFS files.
- This change streamlines the process of pulling LFS files in environments requiring token authentication.
* Refactor git configuration for LFS file pulling with token-based authentication
- Enhanced the process of configuring git to use GIT_PRIVATE_TOKEN and GITHUB_TOKEN by clearing existing URL configurations before setting new ones.
- Improved the clarity of the URL replacement commands for better readability and maintainability.
- This change ensures a more robust setup for pulling LFS files in environments requiring token authentication.
* Update GitHub Actions to use GIT_PRIVATE_TOKEN for GITHUB_TOKEN in CI pipeline
- Replaced instances of GITHUB_TOKEN with GIT_PRIVATE_TOKEN in the cloud-runner CI pipeline configuration.
- This change ensures consistent use of token-based authentication across various jobs in the workflow, enhancing security and functionality.
* Update git configuration commands in RemoteClient to ensure robust URL unsetting
- Modified the git configuration commands to append '|| true' to prevent errors if the specified URLs do not exist.
- This change enhances the reliability of the URL clearing process in the RemoteClient class, ensuring smoother execution during token-based authentication setups.
* fix
* Refactor URL configuration in RemoteClient for token-based authentication
- Updated comments for clarity regarding the purpose of URL configuration changes.
- Simplified the git configuration commands by removing redundant lines while maintaining functionality for HTTPS token-based authentication.
- This change enhances the readability and maintainability of the RemoteClient class's git setup process.
* fix
* fix
* refactor: use AWS SDK for workspace locks
* fix: lazily initialize S3 client
* yarn build
* fix
* Update log output handling in FollowLogStreamService to always append log lines for test assertions
* tests: assert BuildSucceeded; skip S3 locally; AWS describeTasks backoff; lint/format fixes
* style(remote-client): satisfy eslint lines-around-comment; tests: log cache key for retained workspace (#379)
* ci(aws): echo CACHE_KEY during setup to ensure e2e sees cache key in logs; tests: retained workspace AWS assertion (#381)
* chore(format): prettier/eslint fix for build-automation-workflow; guard local provider steps
* refactor(build-automation): enhance containerized workflow handling and log management; update builder path logic based on provider strategy
* refactor(container-hook-service): improve AWS hook inclusion logic based on provider strategy and credentials; update binary files
* test(windows): skip grep tests on win32; logs: echo CACHE_KEY and retained markers; hooks: include AWS S3 hooks on aws provider
* ci(jest): add jest.ci.config with forceExit/detectOpenHandles and test:ci script; fix(windows): skip grep-based version regex tests; logs: echo CACHE_KEY/retained markers; hooks: include AWS hooks on aws provider
* ci: add Integrity workflow using yarn test:ci with forceExit/detectOpenHandles
* refactor(container-hook-service): refine AWS hook inclusion logic and update binary files
* ci: use yarn test:ci in integrity-check; remove redundant integrity.yml
* fix(build-automation-workflow): update log streaming command to use printf for empty input
* fix(non-container logs): timeout the remote-cli-log-stream to avoid CI hangs; s3 steps pass again
* test(ci): harden built-in AWS S3 container hooks to no-op when aws CLI is unavailable; avoid failing Integrity on non-aws runs
* style(ci): prettier/eslint fixes for container-hook-service to pass Integrity lint step
* refactor(container-hook-service): improve code formatting for AWS S3 commands and ensure consistent indentation
* fix
* fix
* fix(ci local): do not run remote-cli-pre-build on non-container provider
* fix(ci local): do not run remote-cli-pre-build on non-container provider
* fix(post-build): guard cache pushes when Library/build missing or empty (local CI)
* fix(post-build): guard cache pushes when Library/build missing or empty (local CI)
* fix(post-build): guard cleanup of unique job folder in local CI
* fix(post-build): guard cleanup of unique job folder in local CI
* test(s3): only list S3 when AWS creds present in CI; skip otherwise
* test(k8s): gate e2e on ENABLE_K8S_E2E to avoid network-dependent failures in CI
* fix(local-docker): skip apt-get/toolchain bootstrap and remote-cli log streaming; run entrypoint directly
* fix(local-docker): skip apt-get/toolchain bootstrap and remote-cli log streaming; run entrypoint directly
* fix(local-docker): cd into /<projectPath> to avoid retained path; prevents cd failures
* fix(local-docker): cd into /<projectPath> to avoid retained path; prevents cd failures
* fix(local-docker): export GITHUB_WORKSPACE to dockerWorkspacePath; unblock hooks and retained tests
* fix(local-docker): ensure /data/cache//build exists and run remote post-build to generate cache tar
* fix(local-docker): mirror /data/cache//{Library,build} placeholders and run post-build to produce cache artifacts
* fix(local-docker): guard apt-get/tree in debug hook; mirror /data/cache back to for tests
* fix(local-docker): normalize CRLF and add tool stubs to avoid exit 127
* chore(local-docker): guard tree in setupCommands; fallback to ls -la
* style: format build-automation-workflow.ts to satisfy Prettier
* test(caching, retaining): echo CACHE_KEY value into log stream for AWS/K8s visibility
* test(post-build): log CACHE_KEY from remote-cli-post-build to ensure visibility in BuildResults
* test(post-build): emit 'Activation successful' to satisfy caching assertions on AWS/K8s
* fix(aws): increase backoff and handle throttling in DescribeTasks/GetRecords
* fix(aws): increase backoff and handle throttling in DescribeTasks/GetRecords
* refactor(workflows): remove deprecated cloud-runner CI pipeline and introduce cloud-runner integrity workflow
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* feat: configure aws endpoints and localstack tests
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: run localstack pipeline in integrity check
* style: format aws-task-runner.ts to satisfy Prettier
* style: format aws-task-runner.ts to satisfy Prettier
* style: format aws-task-runner.ts to satisfy Prettier
* style: format aws-task-runner.ts to satisfy Prettier
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci: add reusable cloud-runner-integrity workflow; wire into Integrity; disable legacy pipeline triggers
* ci(k8s): run LocalStack inside k3s and use in-cluster endpoint; scope host LocalStack to local-docker
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* Cloud runner develop rclone (#732)
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* ci(k8s): remove in-cluster LocalStack; use host LocalStack via localhost:4566 for all; rely on k3d host mapping
* Update README.md
* feat: Add dynamic provider loader with improved error handling (#734)
* feat: Add dynamic provider loader with improved error handling
- Create provider-loader.ts with function-based dynamic import functionality
- Update CloudRunner.setupSelectedBuildPlatform to use dynamic loader for unknown providers
- Add comprehensive error handling for missing packages and interface validation
- Include test coverage for successful loading and error scenarios
- Maintain backward compatibility with existing built-in providers
- Add ProviderLoader class wrapper for backward compatibility
- Support both built-in providers (via switch) and external providers (via dynamic import)
* fix: Resolve linting errors in provider loader
- Fix TypeError usage instead of Error for type checking
- Add missing blank lines for proper code formatting
- Fix comment spacing issues
* build: Update built artifacts after linting fixes
- Rebuild dist/ with latest changes
- Include updated provider loader in built bundle
- Ensure all changes are reflected in compiled output
* build: Update built artifacts after linting fixes
- Rebuild dist/ with latest changes
- Include updated provider loader in built bundle
- Ensure all changes are reflected in compiled output
* build: Update built artifacts after linting fixes
- Rebuild dist/ with latest changes
- Include updated provider loader in built bundle
- Ensure all changes are reflected in compiled output
* build: Update built artifacts after linting fixes
- Rebuild dist/ with latest changes
- Include updated provider loader in built bundle
- Ensure all changes are reflected in compiled output
* fix: Fix AWS job dependencies and remove duplicate localstack tests
- Update AWS job to depend on both k8s and localstack jobs
- Remove duplicate localstack tests from k8s job (now only runs k8s tests)
- Remove unused cloud-runner-localstack job from main integrity check
- Fix AWS SDK warnings by using Uint8Array(0) instead of empty string for S3 PutObject
- Rename localstack-and-k8s job to k8s job for clarity
* feat: Implement provider loader dynamic imports with GitHub URL support
- Add URL detection and parsing utilities for GitHub URLs, local paths, and NPM packages
- Implement git operations for cloning and updating repositories with local caching
- Add automatic update checking mechanism for GitHub repositories
- Update provider-loader.ts to support multiple source types with comprehensive error handling
- Add comprehensive test coverage for all new functionality
- Include complete documentation with usage examples
- Support GitHub URLs: https://github.com/user/repo, user/repo@branch
- Support local paths: ./path, /absolute/path
- Support NPM packages: package-name, @scope/package
- Maintain backward compatibility with existing providers
- Add fallback mechanisms and interface validation
* feat: Implement provider loader dynamic imports with GitHub URL support
- Add URL detection and parsing utilities for GitHub URLs, local paths, and NPM packages
- Implement git operations for cloning and updating repositories with local caching
- Add automatic update checking mechanism for GitHub repositories
- Update provider-loader.ts to support multiple source types with comprehensive error handling
- Add comprehensive test coverage for all new functionality
- Include complete documentation with usage examples
- Support GitHub URLs: https://github.com/user/repo, user/repo@branch
- Support local paths: ./path, /absolute/path
- Support NPM packages: package-name, @scope/package
- Maintain backward compatibility with existing providers
- Add fallback mechanisms and interface validation
* feat: Fix provider-loader tests and URL parser consistency
- Fixed provider-loader test failures (constructor validation, module imports)
- Fixed provider-url-parser to return consistent base URLs for GitHub sources
- Updated error handling to use TypeError consistently
- All provider-loader and provider-url-parser tests now pass
- Fixed prettier and eslint formatting issues
* feat: Implement provider loader dynamic imports with GitHub URL support
- Add URL detection and parsing utilities for GitHub URLs, local paths, and NPM packages
- Implement git operations for cloning and updating repositories with local caching
- Add automatic update checking mechanism for GitHub repositories
- Update provider-loader.ts to support multiple source types with comprehensive error handling
- Add comprehensive test coverage for all new functionality
- Include complete documentation with usage examples
- Support GitHub URLs: https://github.com/user/repo, user/repo@branch
- Support local paths: ./path, /absolute/path
- Support NPM packages: package-name, @scope/package
- Maintain backward compatibility with existing providers
- Add fallback mechanisms and interface validation
* feat: Implement provider loader dynamic imports with GitHub URL support
- Add URL detection and parsing utilities for GitHub URLs, local paths, and NPM packages
- Implement git operations for cloning and updating repositories with local caching
- Add automatic update checking mechanism for GitHub repositories
- Update provider-loader.ts to support multiple source types with comprehensive error handling
- Add comprehensive test coverage for all new functionality
- Include complete documentation with usage examples
- Support GitHub URLs: https://github.com/user/repo, user/repo@branch
- Support local paths: ./path, /absolute/path
- Support NPM packages: package-name, @scope/package
- Maintain backward compatibility with existing providers
- Add fallback mechanisms and interface validation
* m
* m
* Delete .cursor/settings.json
* Update src/model/cloud-runner/providers/README.md
Co-authored-by: Gabriel Le Breton <lebreton.gabriel@gmail.com>
* fix
* fix
* fix
* fix
* PR feedback
* PR feedback
* Update .github/workflows/cloud-runner-integrity.yml
Co-authored-by: Gabriel Le Breton <lebreton.gabriel@gmail.com>
* Update .github/workflows/cloud-runner-integrity.yml
Co-authored-by: Gabriel Le Breton <lebreton.gabriel@gmail.com>
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* PR feedback
* pr feedback
* PR feedback
* PR feedback
* pr feedback
* PR feedback
* pr feedback
* pr feedback
* pr feedback
* PR feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback - test should fail on evictions
* pr feedback - fix cleanup loop timeout
* pr feedback - handle evictions and wait for disk pressure condition
* pr feedback - remove ephemeral-storage request for tests
* pr feedback - fix taint removal syntax
* pr feedback - fail faster on pending pods and detect scheduling failures
* pr feedback - cleanup images before job creation and use IfNotPresent
* pr feedback - pre-pull Unity image into k3d node
* Improve k3d cleanup in integrity workflow
* Harden k3d cleanup to avoid disk exhaustion
* pr feedback
* pr feedback - improve pod scheduling diagnostics and remove eviction thresholds that prevent scheduling
* pr feedback - increase timeout for image pulls in tests and detect active image pulls to allow more time
* pr feedback - pre-pull Unity image at cluster setup to avoid runtime disk pressure evictions
* pr feedback - ensure pre-pull pod ephemeral storage is fully reclaimed before tests
* Add host disk cleanup before k3d cluster creation to prevent evictions
* Run LocalStack as managed Docker step for better resource control
* Improve LocalStack readiness checks and add retries for S3 bucket creation
* Unify k8s, localstack, and localDocker jobs into single job with separate steps for better disk space management
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* pr feedback
* f
* fix
* fix
* fixes
* fixes
* fixes
* fixes
* fix
* fix
* fix: k3d/LocalStack networking - use shared Docker network and container name
* fix: rename LOCALSTACK_HOST to K8S_LOCALSTACK_HOST to avoid awslocal conflict
* fix: skip AWS environment test (requires LocalStack Pro for full CloudFormation)
* fix: remove EFS from AWS stack - use S3 caching for storage instead
* Revert "fix: remove EFS from AWS stack - use S3 caching for storage instead"
This reverts commit fdb7286204.
* fix: enable EFS and all AWS services in LocalStack, re-enable AWS environment test
* fix: add secretsmanager and other services to LocalStack
* fix: add aws-local mode - validates AWS CloudFormation templates, executes via local-docker
* fix: add rclone integration test with LocalStack S3 backend
* chore: remove temp log files and debug artifacts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address PR review feedback from GabLeRoux
- Update kubectl to v1.34.1 (latest stable)
- Add provider documentation explaining what a provider is
- Fix typo: "versions" -> "tags" in best practices
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* integrate PR #686
* integrate PR #686
* lint fix
* fix: use /bin/sh for Alpine-based images (rclone/rclone) in docker provider
* fix: lint issues
* fix: restore GitHub API workflow_id convention and getCheckStatus method
Reverts cosmetic changes that renamed workflow_id to workflowId in GitHub
API calls. The GitHub REST API uses workflow_id, so we keep the eslint
camelcase suppression comments to match the official API convention.
Also restores the getCheckStatus() method that was removed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* revert: remove unrelated changes to docker.ts, github.ts, image-tag.ts, versioning.test.ts
These files had changes unrelated to the Cloud Runner improvements PR goals.
Reverting to main branch state.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use /bin/sh for Alpine-based images (rclone/rclone) in docker provider
The rclone/rclone image is Alpine-based and only has /bin/sh, not /bin/bash.
This fixes exit code 127 errors when running rclone commands in containers.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: fetch only specific PR ref instead of all PR refs
The previous implementation fetched ALL PR refs with:
git fetch origin +refs/pull/*:refs/remotes/origin/pull/*
This is extremely slow for repos with many PRs (700+ PRs in unity-builder).
Now fetches only the specific PR ref needed, e.g., for pull/731/merge:
git fetch origin +refs/pull/731/merge:... +refs/pull/731/head:...
This should significantly speed up the Cloud Runner integrity tests.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: remove cleanup.yml workflow
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: remove redundant cloud-runner-integrity-localstack.yml
Tests are already covered by cloud-runner-integrity.yml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Gabriel Le Breton <lebreton.gabriel@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* Fixes bug where kubectl picks a different namespace (e.g. cloud runner is kicked from self hosted k8s agents that are in a non default namespace)
* update generated content
* Add support for setting a namespace for containers in Cloud Runner
* Remove arguments for license activation from build step
* Support Unity license server on macOS platform
* Prepare configuration file to appropriate path
* Use extended regular expression since mac uses BSD grep
* Store the exit code from license activation command
---------
Co-authored-by: Webber Takken <webber@takken.io>
* Supports github_home in windows-latest
* Attempt at copying from specific volume
* Adding some more logging
* Fix and compiles index.js
* Debugging and some other approach
* Another attempt at debugging
* Testing two more approaches
* Try only copying the file
* Cleanup
* Updates index.js, index.js.map and licenses.txt
After `yarn` + `npm run build`
* Update index.js.map
* Added install_llvmpipe script
* Replace ternary with a regular condition
* Revert files I haven't changed
* Pin llvmpipe version, expand test matrix with a single enableGPU target
* Fixed parameter name
* EnableGPU false by default
* Fixed nitpick
* Fixed scripts
* Pass enableGpu into tests properly
* Fixed script
* Append With GPU to build name
* Fix expression
* feat: add `buildProfile` parameter
add new `buildProfile` action param, which will be passed into
Unity as the `-activeBuildProfile ...` CLI param.
closes https://github.com/game-ci/unity-builder/issues/674
* ci: add tests for Unity 6 and build profiles
* Bump versions of @actions/cache, @actions/core to support actions/upload-artifact: v4 dependency. Bump version actions/upload-artifact in repo actions.
* Add UNITY_LICENSE secret to CI workflows.
* Fix getVersionDescription() to prioritize version tags over non-version tags
This fix modifies the getVersionDescription() method to ensure it only considers valid version tags when describing the current version. It retrieves all tags merged into the current branch, filters them based on a version-compatible regex, and uses the most recent valid version tag for description. If no valid tags are found, it falls back to the default description behavior. This resolves the issue of incorrect tags being used when multiple tags are present.
* Update versioning.ts
Rewrote getting the description for the last valid tag using `rev-list` and `rev-parse`
* Fix formatting
* Revert "dist"
This reverts commit bd58cbedf7.
* Revert "dist"
This reverts commit bd58cbedf7.
* Only build mono for windows/mac on linux test builds. Add dedicated server build tests
* Fix typo
* Fix build matrix and upload name
* Remove unsupported unity version
* Add skipActivation functionality
* Update packages and fix lint/test issues
* Use nullish coalescing operator
* Ensure there is enough space for Android test builds
* fixes
* fixes
* fixes
* fixes
* fixes
* check for startup message in workflows
* check for startup message in workflows
* check for startup message in workflows
* check for startup message in workflows
* check for startup message in workflows
* check for startup message in workflows
* Update cloud-runner-ci-pipeline.yml
* Update cloud-runner-ci-pipeline.yml
* no storage class specified
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* updates
* log file path
* latest develop
* log file path
* log file path
* Update package.json
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* log file path
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* stream logs through standard input and new remote client cli command
* update pipeline to use k3s
* version: 'latest'
* fixes
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* disable aws pipe for now
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* push k8s logs to LOG SERVICE IP
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* tests
* podname logs for log service
* podname logs for log service
* podname logs for log service
* podname logs for log service
* podname logs for log service
* podname logs for log service
* podname logs for log service
* podname logs for log service
* podname logs for log service
* hashed logs
* hashed logs
* hashed logs
* hashed logs
* hashed logs
* hashed logs
* no wait, just repeat logs
* no wait, just repeat logs
* remove typo - double await
* test fix - kubernetes - name typo in github yaml
* test fix - kubernetes - name typo in github yaml
* check missing log file
* check missing log file
* Push to steam test
* Push to steam test
* Fix path
* k8s reliable log hashing
* k8s reliable log hashing
* k8s reliable log hashing
* hashed logging k8s
* hashed logging k8s
* hashed logging k8s
* hashed logging k8s
* hashed logging k8s
* hashed logging k8s
* Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line
* Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line
* Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line
* Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line
* Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line
* Fix exit flow for k8s job
* hash comparison logging for log complete in k8s flow
* Interrupt k8s logs when logs found
* cleanup async parameter
* cleanup async parameter
* cleanup async parameter
* fixes
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* fix
* Fix missed directory change that isn't used anymore
* Fixes, improvements, and cleanup while reconciling test runner scripts
* Additional cleanup
* Fix possible hang
* Don't mislead with activation server on windows
* Update node version
- Added `runAsHostUser` to allow running the container as the same user as the host system. This fixes most permissions issues on self-hosted runners.
- Perform android sdk setup during entrypoint.sh to ensure it has root permissions if the user switches to a non-root user
- Automatically detect android sdk target version if parameters are not already provided to configure the sdk
- Generate a new uuid for machineID to ensure separate containers are unique to reduce license activation errors
- Add exponential retry strategy for Ubuntu license activations
- Windows now exits with the proper exit codes. This mirrors Ubuntu behavior properly now and means we do not need the error parsing logic to handle error conditions which means we should be back to v2 behavior.
- Allow customizing image registry/image version
- Only create the licensing directory on Mac if it doesn't already exist. Don't delete the folder on build complete. This means builds nominally shouldn't need sudo permissions, very useful for self-hosted runners.
- Pick correct architecture when installing macos editor to support both x86 and arm-based systems (Credit @dcvz)
* Ensure serial is prioritized
* Add compile listener to create github annotations
* Update node modules
* Don't build ubuntu on PR as secrets are now needed. Update PR template to request an example successful run. Remove 32bit windows build. Build on push to any branch
* Update activation to use blank project
* Ensure exceptions get annotated as well
* More robust console printing
* Update test project
* Build iOS test on macos to verify burst functionality. Add annotation for license activation error. Fix unity version test. Remove minification from android
* Improve license checks
* Mask partially redacted serial in addition to full serial
* Add retry logic to ubuntu builds
* Allow dirty build on retry
* Bump unity version
- Allow updating container memory and cpu limits for Windows. Previously, they defaulted to 1cpu and 1gb ram which was far too low and it seems docker wouldn't allocate all available resources. Now it will use all available cores and 80% of system memory.
- Allow setting docker isolation mode for windows. Defaults to default to ensure behavior doesn't change from prior versions but now you can do stuff like force process mode on non-server versions which grants a performance uplift during runs
- Added logic to allow building Android on Windows. Android doesn't support burst when built on Linux, only on Windows and macOS. Thus we need to allow building Android on WIndows due to the major performance benefits of Burst.
- Support Windows 2022 and VS2022 by mounting the x64 Visual Studio path in addition to the x86 path to maintain compatibility with VS2019 and older
- Attempted fixes for windows builds hanging by killing the regsvr32 process after registering VS dll and using a different method to launch Unity. Unsure if this is a definite fix so I am leaving in several debug calls to print out running processes so we have more data to work with on chasing down this bug. I suspect there's a process that's hanging around that isn't cleaning itself up or is getting into some kind of deadlock situation and needs to be killed. But the changes I've made have seen no hangs on building during docker test workflows when previously there would be at least 3-5 hanging builds.
* add sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS parameters that adds git configs and mounts .ssh/config and public keys to the container, in order to allow multiple sh deploy key trick by webplatform@ssh-agent
* remove sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS from windows runner for now
* fix: resolution errors and vulnerability
* feat: bump (major) docker image rolling tag
* chore: bump major version
* fix: up workflow node to lts
* fix: conventions
* Subtarget support for Unity 2021.2+
Allows passing the -standaloneBuildSubtarget parameter via customParameters in order to facilitate dedicated server builds. Since Unity introduced the subtarget option in 2021.2, this parameter only takes effect in supported Unity versions.
* Fix build subtarget compatibility
Certain versions of Unity do not have a value for `NoSubtarget`. Using `default` will be more robust against churn in this area of Unity's API.
- Add missing unityLicenseServer input (Fix#480)
- Use HEAD when calculating semantic version number. This is a riskier change as this has always used `github.sha` on the runner. However, when pulling in other repos and running the action, it may not be referencing the correct commit on the repo. After testing, though, nothing appears to be broken so this in theory should work fine. (Fix#417)
- Setup private token rewrites on Windows images (Fix#428)
- Allow setting a custom workspace path within docker container with `dockerWorkspacePath`. (Fix#433)
- [Breaking Change] Remove `androidAppBundle` parameter in favor of `androidExportType`.
* Enable noImplicitAny
Add types to all implicit any variables
Bump target to ES2020 for recent language features (optional chaining)
Code cleanup
Add debug configuration for vscode
Remove autorun flag from jest to remove warning
Bump packages to fix dependency version mismatch warning
Changed @arkweid/lefthook to @evilmartians/lefthook as @arkweid/lefthook has been deprecated in favor of @evilmartians/lefthook
Added concurrency groups to integrity check and build workflows. New commits to branches will cancel superseded runs on the same branch/pr
Update imports to not use require syntax
Use node packages (ie node:fs rather than fs)
AndroidVersionCode is now a string rather than a number as it gets converted to a string when passed out of the system
Reduce timeout for windows builds
Remove 2020.1.17f1 from windows builds due to repeated license activation errors
Update naming scheme of workflows for consistency
Update build names so target platform and unity version aren't cut off by github actions UI
* Add exclude to test matrix for 2022.2 on android until Unity bug is fixed
---------
Co-authored-by: AndrewKahr <AndrewKahr@users.noreply.github.com>
* Add caching for Unity Hub/Editor on MacOS. Add parameter to pin Unity Hub version on MacOS. Live output MacOS build log to console. Hid extraneous log outputs from git. Throw error when failures detected in log output.
* Update pr template links
* Add system to build Android Project. Update PR Template links. Fix missing types on functions. Cleanup mac-setup module installation
* Switch to androidExportType instead of exportGoogleAndroidProject
* Enforce minimum node version
* Enforce node version minimum. Added yarn-audit-fix to dev dependencies and Updated package vulnerabilities.
* Improve deprecation warning
* Add android symbol type parameter. Change windows scripts to use $LastExitCode and not $?. Update tests.
* Fix issues on android symbols for older unity versions. Change symbol default to public. Increase build test coverage of unity versions.
* Remove 2018.1 from tests
* Remove out variable declaration to support Unity 2018 in default build script. Remove <2019.3 versions of unity from windows builder as IL2CPP isn't supported until 2019.3.
* Fix typo. Use reflection to set buildAppBundle as Unity 2018.2 doesn't support it
* Add missing reflection using
* Remove 2018-2019.3 unity versions from mac as they don't support IL2CPP. Fix app identifier for android in testproject
* Fix android bundle id
* Updated android identifier. Removed incompatible unity versions from tests. Add retry logic to windows as it seems to have licensing issues when so many runners start
* Add timeout and continue on error
* fix: k8s error handling
(cherry picked from commit f633a3efb42432a6d2492712aead865a950c8dca)
* include main in main cloud-runner pipeline
(cherry picked from commit a40fbe941bba1ba4593c83c754b37363a969bfe5)
* Initial support for adding a UNITY_LICENSING_SERVER parameter to build parameters
* Test to figure out what the working directory is of current bash script
* Outputting current directory and using $ACTION_FOLDER
* Add resources folder to mounted docker volumes. Used by activation script to copy over template file for unity licensing server
* use awk instead of sed due to http characters breaking syntax
* mkdir for unity config
* Add -p flag to mkdir so parents are also created if missing
* Initial work on returning floating license when using licensing server
* Checking licensing server first for now, since serial is always set
* Parse and save acquired floating license for use for returning after build
* Clean up duplicate commands in activate.sh
* Fixed running string as command, use it as input instead
* Fixed cloud runner tests failing when using a ssh remote.
* Clean up of test files and unnecessary logging
* Moved process of generating services-config.json file from platform specific activate scripts to typescript
* Fixed path
* update actions core to 1.10.0
The current version of actions/core produces a lot of warning about deprecated set-output command, like this:
```
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
```
the new version of actions/core uses the environment files instead, so this version bump should fix the warning
* reran yarn
* Fix androidTargetSdkVersion
Fix for newer versions of Android API levels that do not get correctly parsed.
* Update dist/default-build-script/Assets/Editor/UnityBuilderAction/Input/AndroidSettings.cs
* Correct aws logs link
* Correct aws logs link
* better aws cli commands and better cleanup for aws
* better aws cli commands and better cleanup for aws
* improved garbage collection cli options
* Only allow ephemeral runners when using cloud runner integration tests flag to avoid unexpected hangup
* Only allow ephemeral runners when using cloud runner integration tests flag to avoid unexpected hangup
* fix issue #393
* Extract follow log stream service
* consolidate into one pipeline file
* consolidate into one pipeline file
* Update cloud-runner-aws-pipeline.yml
* Update cloud-runner-k8s-pipeline.yml
* yarn build
* yarn build
* correct branch ref
* correct branch ref passed to target repo
* Create k8s-tests.yml
* Delete k8s-tests.yml
* correct branch ref passed to target repo
* correct branch ref passed to target repo
* Always describe AWS tasks for now, because unstable error handling
* Remove unused tree commands
* Use lfs guid sum
* Simple override cache push
* Simple override cache push and pull override to allow pure cloud storage driven caching
* Removal of early branch (breaks lfs caching)
* Remove unused tree commands
* Update action.yml
* Update action.yml
* Support cache and input override commands as input + full support custom hooks
* Increase k8s timeout
* replace filename being appended for unknclear reason
* cache key should not contain whitespaces
* Always try and deploy rook for k8s
* Apply k8s files for rook
* Update action.yml
* Apply k8s files for rook
* Apply k8s files for rook
* cache test and action description for kuber storage class
* Correct test and implement dependency health check and start
* GCP-secret run, cache key
* lfs smudge set explicit and undo explicit
* Run using external secret provider to speed up input
* Update cloud-runner-aws-pipeline.yml
* Add nodejs as build step dependency
* Add nodejs as build step dependency
* Cloud Runner Tests must be specified to capture logs from cloud runner for tests
* Cloud Runner Tests must be specified to capture logs from cloud runner for tests
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* better defaults for new inputs
* better defaults
* merge latest
* force build update
* use npm n to update node in unity builder
* use npm n to update node in unity builder
* use npm n to update node in unity builder
* correct new line
* quiet zipping
* quiet zipping
* default secrets for unity username and password
* default secrets for unity username and password
* ls active directory before lfs install
* Get cloud runner secrets from
* Get cloud runner secrets from
* Cleanup setup of default secrets
* Various fixes
* Cleanup setup of default secrets
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* AWS secrets manager support
* less caching logs
* default k8s storage class to pd-standard
* more readable build commands
* Capture aws exit code 1 reliably
* Always replace /head from branch
* k8s default storage class to standard-rwo
* cleanup
* further cleanup input
* further cleanup input
* further cleanup input
* further cleanup input
* further cleanup input
* folder sizes to inspect caching
* dir command for local cloud runner test
* k8s wait for pending because pvc will not create earlier
* prefer k8s standard storage
* handle empty string as cloud runner cluster input
* local-system is now used for cloud runner test implementation AND correctly unset test CLI input
* local-system is now used for cloud runner test implementation AND correctly unset test CLI input
* fix unterminated quote
* fix unterminated quote
* do not share build parameters in tests - in cloud runner this will cause conflicts with resouces of the same name
* remove head and heads from branch prefix
* fix reversed caching direction of cache-push
* fixes
* fixes
* fixes
* cachePull cli
* fixes
* fixes
* fixes
* fixes
* fixes
* order cache test to be first
* order cache test to be first
* fixes
* populate cache key instead of using branch
* cleanup cli
* garbage-collect-aws cli can iterate over aws resources and cli scans all ts files
* import cli methods
* import cli files explicitly
* import cli files explicitly
* import cli files explicitly
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* log parameters in cloud runner parameter test
* log parameters in cloud runner parameter test
* log parameters in cloud runner parameter test
* Cloud runner param test before caching because we have a fast local cache test now
* Using custom build path relative to repo root rather than project root
* aws-garbage-collect at end of pipeline
* aws-garbage-collect do not actually delete anything for now - just list
* remove some legacy du commands
* Update cloud-runner-aws-pipeline.yml
* log contents after cache pull and fix some scenarios with duplicate secrets
* log contents after cache pull and fix some scenarios with duplicate secrets
* log contents after cache pull and fix some scenarios with duplicate secrets
* PR comments
* Replace guid with uuid package
* use fileExists lambda instead of stat to check file exists in caching
* build failed results in core error message
* Delete sample.txt
* cloud-runner-system prefix changed to cloud-runner
* Update cloud-runner-aws-pipeline.yml
* remove du from caching, should run manually if interested in size, adds too much runtime to job to include by default
* github ephemeral pipeline support
* github ephemeral pipeline support
* Merge remote-tracking branch 'origin/main' into cloud-runner-develop
# Conflicts:
# dist/index.js.map
# src/model/cloud-runner/providers/aws/aws-task-runner.ts
# src/model/cloud-runner/providers/aws/index.ts
* garbage collection
* garbage collection
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* self hosted runner pipeline
* ephemeral runner pipeline
* ephemeral runner pipeline
* ephemeral runner pipeline
* download runner each time
* download runner each time
* download runner each time
* garbage collect all older than 1d as part of cleanup
* download runner each time
* number container cpu and memory for aws
* per provider container defaults
* per provider container defaults
* per provider container defaults
* per provider container defaults
* Skip printing size unless cloudRunnerIntegrationTests is true
* transition zip usage in cache to uncompressed tar for speed
* transition zip usage in cache to uncompressed tar for speed
* transition zip usage in cache to uncompressed tar for speed
* transition zip usage in cache to uncompressed tar for speed
* per provider container defaults
* per provider container defaults
* per provider container defaults
* per provider container defaults
* per provider container defaults
* per provider container defaults
* per provider container defaults
* per provider container defaults
* baked in cloud formation template
* baked in cloud formation template
* baked in cloud formation template
* baked in cloud formation template
* baked in cloud formation template
* baked in cloud formation template
* baked in cloud formation template
* baked in cloud formation template
* better aws commands
* better aws commands
* parse number for cloud formation template
* remove container resource defaults from actions yaml
* remove container resource defaults from actions yaml
* skip all input readers when cloud runner is local
* prefer fs/promises
* actually set aws cloud runner step as failure if unity build fails
* default to 3gb of ram - webgl fails on 2
* Update cloud-runner-aws-pipeline.yml
* Update cloud-runner-k8s-pipeline.yml
* yarn build
* yarn build
* correct branch ref
* correct branch ref passed to target repo
* Create k8s-tests.yml
* Delete k8s-tests.yml
* correct branch ref passed to target repo
* correct branch ref passed to target repo
* Always describe AWS tasks for now, because unstable error handling
* Remove unused tree commands
* Use lfs guid sum
* Simple override cache push
* Simple override cache push and pull override to allow pure cloud storage driven caching
* Removal of early branch (breaks lfs caching)
* Remove unused tree commands
* Update action.yml
* Update action.yml
* Support cache and input override commands as input + full support custom hooks
* Increase k8s timeout
* replace filename being appended for unknclear reason
* cache key should not contain whitespaces
* Always try and deploy rook for k8s
* Apply k8s files for rook
* Update action.yml
* Apply k8s files for rook
* Apply k8s files for rook
* cache test and action description for kuber storage class
* Correct test and implement dependency health check and start
* GCP-secret run, cache key
* lfs smudge set explicit and undo explicit
* Run using external secret provider to speed up input
* Update cloud-runner-aws-pipeline.yml
* Add nodejs as build step dependency
* Add nodejs as build step dependency
* Cloud Runner Tests must be specified to capture logs from cloud runner for tests
* Cloud Runner Tests must be specified to capture logs from cloud runner for tests
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* Refactor and cleanup - no async input, combined setup/build, removed github logs for cli runs
* better defaults for new inputs
* better defaults
* merge latest
* force build update
* use npm n to update node in unity builder
* use npm n to update node in unity builder
* use npm n to update node in unity builder
* correct new line
* quiet zipping
* quiet zipping
* default secrets for unity username and password
* default secrets for unity username and password
* ls active directory before lfs install
* Get cloud runner secrets from
* Get cloud runner secrets from
* Cleanup setup of default secrets
* Various fixes
* Cleanup setup of default secrets
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* Various fixes
* AWS secrets manager support
* less caching logs
* default k8s storage class to pd-standard
* more readable build commands
* Capture aws exit code 1 reliably
* Always replace /head from branch
* k8s default storage class to standard-rwo
* cleanup
* further cleanup input
* further cleanup input
* further cleanup input
* further cleanup input
* further cleanup input
* folder sizes to inspect caching
* dir command for local cloud runner test
* k8s wait for pending because pvc will not create earlier
* prefer k8s standard storage
* handle empty string as cloud runner cluster input
* local-system is now used for cloud runner test implementation AND correctly unset test CLI input
* local-system is now used for cloud runner test implementation AND correctly unset test CLI input
* fix unterminated quote
* fix unterminated quote
* do not share build parameters in tests - in cloud runner this will cause conflicts with resouces of the same name
* remove head and heads from branch prefix
* fix reversed caching direction of cache-push
* fixes
* fixes
* fixes
* cachePull cli
* fixes
* fixes
* fixes
* fixes
* fixes
* order cache test to be first
* order cache test to be first
* fixes
* populate cache key instead of using branch
* cleanup cli
* garbage-collect-aws cli can iterate over aws resources and cli scans all ts files
* import cli methods
* import cli files explicitly
* import cli files explicitly
* import cli files explicitly
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* import cli methods
* log parameters in cloud runner parameter test
* log parameters in cloud runner parameter test
* log parameters in cloud runner parameter test
* Cloud runner param test before caching because we have a fast local cache test now
* Using custom build path relative to repo root rather than project root
* aws-garbage-collect at end of pipeline
* aws-garbage-collect do not actually delete anything for now - just list
* remove some legacy du commands
* Update cloud-runner-aws-pipeline.yml
* log contents after cache pull and fix some scenarios with duplicate secrets
* log contents after cache pull and fix some scenarios with duplicate secrets
* log contents after cache pull and fix some scenarios with duplicate secrets
* PR comments
* Replace guid with uuid package
* use fileExists lambda instead of stat to check file exists in caching
* build failed results in core error message
* Delete sample.txt
* avoid building a custom image
* fix: remove unnecessary double-dash
* Rebuild with -- fix
* linting
* Remove unused variable
* support windows as well
* Fix -- command not found
* Fix unused import, remove docker build test
* no dockerfile anymore
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* fix: misalignments in dev lifecycle
* fix: dist no longer added to staged
* fix: misalignments in dev lifecycle
* chore: multi-platform hooks and tests
* chore: multi-platform hooks and tests
* chore: add intention for colors
* chore: update lint-staged to fix color
* chore: update dist files
* feat: move to lefthook (remove husky and lint-staged)
* feat: move to lefthook (remove husky and lint-staged)
* fix: test aftereach
* fix: test aftereach
* fix: early restore call
* feat: jest fails if something gets logged to console
* chore: add todos of misplaced code
* chore: update dist files
* chore: move jest file
Running docker currently mounts the docker.sock file into the container.
This was introduced in 2ab738c083 but
there is no explanation provided.
The docker.sock file is only needed if we want to run docker inside the container
to create other images or start other containers.
I searched through the code and I did not find any such use.
In particular, on fedora this gives permission denied because docker.sock
is owned by root and the container runs under an unprivileged user.
One has to change the permissions of docker.sock
(which is actually a link to /run/podman/podman.sock) to be writeable by the user.
If we don't need to use docker inside the containers, then we can remove this file,
thus we can run this GitHub action as an unprivileged user out of the box.
In self hosted runners in fedora with SELinux enabled,
it sometimes gives a random error
```
Error: lsetxattr /var/run/docker.sock: operation not permitted
Error: The process '/usr/bin/docker' failed with exit code 126
```
This seems to happen with docker.sock which is a link to
/run/podman/podman.sock
looks like lsetxattr is broken for links.
* feat: compatibility with self-hosted runners with SELinux
When using a self-hosted runner with SELinux (fedora)
volumes need to be mounted with ":z" in order to have write access
these flags are documented [here](https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label)
* Ensure folders are created
* use if instead of short circuit
* ts convention either inline or use braces
* Fix linting
* fix linting errors
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Run yarn upgrade in order to resolve security vulnerability
* Remove unneeded git add from pre-commit hook
* Update packages
* Update non-eslint packages
if there is both a unity package and a test-project in one github repo, then the token generation process is created Library folder and then the build of the test project breaks. Requires a tilde to ignore Library folder in _activate-license.
Or need set the path ACTIVATE_LICENSE_PATH from the global ENV in runtime-action
Co-authored-by: Maxim Vorobyev <dolphinikk@gmail.com>
* Implemented logic for windows based docker builds. Moved dockerfiles and scripts to platform specific folders.
* Add missing newline character
* Add build-tests for windows and a unity project configured to output il2cpp
* Add additional build targets (uwp and tvOS)
Adjustments to build scripts to not require win10 sdk when not needed (tvOS)
Platform-based prereq setup
Setup image tags for the new platforms with errors if building on the wrong base os
Rename test-project-il2cpp to test-project-windows to be used for all windows based project building (IL2CPP backend selected instead of mono)
Fix tests to be platform based
* Update dist/platforms/windows/steps/return_license.ps1
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Update src/model/docker.ts
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Update src/model/docker.ts
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Update src/model/docker.ts
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Fix outdated repository and homepage links in dockerfiles
* Fix comment style and rename validateWindowsPrereqs to validateWindowsPlatformRequirements
* Remove redundant comment
* Remove windows unity test project, add ProjectSettings for the il2cpp backend, and add logic to replace the projectsettings file with the il2cpp one on windows test builds.
* Fix action.test.ts to accept windows as a base platform
* Fix camelcase for wsaPlayer
* Switch from add to copy in windows dockerfile
* Change slash direction
* Switch ADD to COPY to conform with best practices, change ls to dir on windows dockerfile
* Improve error message for unset UNITY_EMAIL and UNITY_PASSWORD
* Further improve missing email and password error. Remove temppaths being mounted to docker image
* Add debug statement. TODO: Remove these
* Add more debug
* Explicitly pass in unity email to docker run
* Remove debug and fix environment variables for activation/deactivation scripts
* Prevent Unity serial from leaking to console
* Debug folder listings
* More debug print dirs
* fix debug print path
* fix reg export command
* Remove debug directory listings and try setSecret to mask serial
* Update src/model/action.ts
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Update src/model/docker.ts
Co-authored-by: Webber Takken <webber.nl@gmail.com>
* Update src/model/image-tag.ts
Co-authored-by: David Finol <davidmfinol@gmail.com>
* Update .github/workflows/build-tests.yml
Co-authored-by: David Finol <davidmfinol@gmail.com>
* Move platform validation and setup out of docker and into its own layer, remove branching on docker run command
* Fix test failure due to missing license
* Fix camelCase and duplicate variables
* Fix lint issues and make paths more understandable
* Fix typo in build-tests.yml
* Fix move command in build-tests.yml
* Different method to force move file
* Fix missing quote and backslash
* Pass unity email and password to builder action for windows build tests
* Push serial to windows test builds
* Make windows build tests only run on push to main
Co-authored-by: Webber Takken <webber.nl@gmail.com>
Co-authored-by: David Finol <davidmfinol@gmail.com>
* adding option to pass git credential
* trigger change
* trigger change
* build dist/index
* prettier
* adding set git credentials with more config
* correct docker.ts input
* change default of git credential
* try using git command line to set token
* remove git config cat
* adding api: to git config
* change to token
* change input name to reflect the type github private token
Co-authored-by: Alexander Brandstedt <alexander@infralium.com>
Co-authored-by: Alexander Brandstedt <mad01@users.noreply.github.com>
* using SSH_AUTH_SOCK (ssh agent forwarding) to pull upm private repos
* sshAgent as input parameter
* yarn run prettier --write "src/**/*.{js,ts}"
* yarn run lint --fix && yarn build
* fixed compilation after rebase
* removed RUN apt-get update && apt-get install -y openssh-client. This change needs to be done upstream. See game-ci/docker#117
To automatically upload symbols to unity, we need to define the `USYM_UPLOAD_AUTH_TOKEN` variable. Currently the build container ignores this variable, even if it's defined in the github action.
```
2021-03-26T02:35:35.5938747Z time="2021-03-26T02:35:35Z" level=fatal msg="Please provide an auth token with USYM_UPLOAD_AUTH_TOKEN environment variable"
```
[](https://codecov.io/gh/webbertakken/unity-builder)
description:'Build Unity projects for different platforms.'
inputs:
targetPlatform:
required:true
default:''
description:'Platform that the build should target.'
unityVersion:
required:false
default:'auto'
@@ -10,18 +14,18 @@ inputs:
required:false
default:''
description:'Specific docker image that should be used for building the project'
targetPlatform:
required:false
default:''
description:'Platform that the build should target.'
projectPath:
required:false
default:''
description:'Relative path to the project to be built.'
description:'Path to the project to be built, relative to the repository root.'
buildProfile:
required:false
default:''
description:'Path to the build profile to activate, relative to the project root.'
buildName:
required:false
default:''
description:'Name of the build.'
description:'Name of the build. Should not include a file extension.'
buildsPath:
required:false
default:''
@@ -30,30 +34,22 @@ inputs:
required:false
default:''
description:'Path to a Namespace.Class.StaticMethod to run to perform the build.'
kubeConfig:
manualExit:
required:false
default:''
description:'Suppresses `-quit`. Exit your build method using `EditorApplication.Exit(0)` instead.'
enableGpu:
required:false
description:'Supply a base64 encoded kubernetes config to run builds on kubernetes and stream logs until completion.'
kubeVolume:
default:''
description:'Launches unity without specifying `-nographics`.'
customParameters:
required:false
description:'Supply a Persistent Volume Claim name to use for the Unity build.'
kubeContainerMemory:
default:'800M'
required:false
description:'Amount of memory to assign the build container in Kubernetes (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes)'
kubeContainerCPU:
default:'0.25'
required:false
description:'Amount of CPU time to assign the build container in Kubernetes (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes)'
kubeVolumeSize:
default:'5Gi'
required:false
description:'Amount of disc space to assign the Kubernetes Persistent Volume (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes)'
githubToken:
default:''
description:'Custom parameters to configure the build.'
useHostNetwork:
required:false
description:'GitHub token for cloning, only needed when kubeconfig is used.'
default:false
description:'Initialises Docker using the host network. (Linux only)'
versioning:
required:false
default:'Semantic'
@@ -66,10 +62,12 @@ inputs:
required:false
default:''
description:'The android versionCode'
androidAppBundle:
androidExportType:
required:false
default:'false'
description:'Whether to build .aab instead of .apk'
default:'androidPackage'
description:
'The android export type. Should be androidPackage for apk, androidAppBundle for aab, or androidStudioProject for
an android studio project.'
androidKeystoreName:
required:false
default:''
@@ -90,31 +88,117 @@ inputs:
required:false
default:''
description:'The android keyaliasPass'
customParameters:
androidTargetSdkVersion:
required:false
default:''
description:>
Custom parameters to configure the build.
Parameters must start with a hyphen (-) and may be followed by a value (without hyphen).
Parameters without a value will be considered booleans (with a value of true).
description:'The android target API level.'
androidSymbolType:
required:false
default:'none'
description:'The android symbol type to export. Should be "none", "public" or "debugging".'
sshAgent:
required:false
default:''
description:'SSH Agent path to forward to the container'
sshPublicKeysDirectoryPath:
required:false
default:''
description:'Path to a directory containing SSH public keys to forward to the container.'
gitPrivateToken:
required:false
default:''
description:'Github private token to pull from github'
providerStrategy:
default:'local'
required:false
description:
'Build execution strategy. Use "local" for local Docker/Mac builds. For remote builds (aws, k8s, etc.), install
@game-ci/orchestrator and use the game-ci/orchestrator action which declares its own inputs.'
runAsHostUser:
required:false
default:'false'
description:
'Whether to run as a user that matches the host system or the default root container user. Only applicable to
Linux hosts and containers. This is useful for fixing permission errors on Self-Hosted runners.'
chownFilesTo:
required:false
default:''
description:'User and optionally group (user or user:group or uid:gid) to give ownership of the resulting build artifacts'
dockerCpuLimit:
required:false
default:''
description:'Number of CPU cores to assign the docker container. Defaults to all available cores on all platforms.'
dockerMemoryLimit:
required:false
default:''
description:
'Amount of memory to assign the docker container. Defaults to 95% of total system memory rounded down to the
nearest megabyte on Linux and 80% on Windows. On unrecognized platforms, defaults to 75% of total system memory.
To manually specify a value, use the format <number><unit>, where unit is either m or g. ie: 512m = 512 megabytes'
dockerIsolationMode:
required:false
default:'default'
description:
'Isolation mode to use for the docker container. Can be one of process, hyperv, or default. Default will pick the
default mode as described by Microsoft where server versions use process and desktop versions use hyperv. Only
applicable on Windows'
containerRegistryRepository:
required:false
default:'unityci/editor'
description:'Container registry and repository to pull image from. Only applicable if customImage is not set.'
containerRegistryImageVersion:
required:false
default:'3'
description:'Container registry image version. Only applicable if customImage is not set.'
allowDirtyBuild:
required:false
default:''
description:>
Allows the branch of the build to be dirty, and still generate the build.
description:'Allows the branch of the build to be dirty, and still generate the build.'
cacheUnityInstallationOnMac:
default:'false'
required:false
description:'Whether to cache the Unity hub and editor installation on MacOS'
unityHubVersionOnMac:
default:''
required:false
description:
'The version of Unity Hub to install on MacOS (e.g. 3.4.0). Defaults to latest available on brew if empty string
or nothing is specified.'
unityLicensingServer:
default:''
required:false
description:'The Unity licensing server address to use for activating Unity.'
dockerWorkspacePath:
default:'/github/workspace'
required:false
description:
'The path to mount the workspace inside the docker container. For windows, leave out the drive letter. For example
c:/github/workspace should be defined as /github/workspace'
skipActivation:
default:'false'
required:false
description:'Skip the activation/deactivation of Unity. This assumes Unity is already activated.'
linux64RemoveExecutableExtension:
default:'false'
required:false
description:
'When building for StandaloneLinux64, remove the default file extension of `.x86_64`. Set to true to restore the extensionless behavior from v4.'
Note that it is generally bad practice to modify your branch
in a CI Pipeline. However there are exceptions where this might
be needed. (use with care).
outputs:
volume:
description:'The Persistent Volume (PV) where the build artifacts have been stored by Kubernetes'
buildVersion:
description:'The generated version used for the Unity build'
androidVersionCode:
description:'The generated versionCode used for the Android Unity build'
engineExitCode:
description:
'Returns the exit code from the build scripts. This code is 0 if the build was successful. If there was an error
during activation, the code is from the activation step. If activation is successful, the code is from the project
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
