feedback improvements

- Add URL detection and parsing utilities for GitHub URLs, local paths, and NPM packages
- Implement git operations for cloning and updating repositories with local caching
- Add automatic update checking mechanism for GitHub repositories
- Update provider-loader.ts to support multiple source types with comprehensive error handling
- Add comprehensive test coverage for all new functionality
- Include complete documentation with usage examples
- Support GitHub URLs: https://github.com/user/repo, user/repo@branch
- Support local paths: ./path, /absolute/path
- Support NPM packages: package-name, @scope/package
- Maintain backward compatibility with existing providers
- Add fallback mechanisms and interface validation

.cursor/settings.json

@@ -0,0 +1,18 @@
+{
+    "files.autoSave": "on",
+    "files.autoSaveWhen": "on",
+    "files.autoSaveDelay": 1000,
+  
+    "editor.formatOnSave": false,
+    "editor.formatOnPaste": false,
+    "editor.formatOnType": false,
+  
+    "editor.codeActionsOnSave": {},
+  
+    "git.autorefresh": false,
+    "git.confirmSync": false,
+    "git.autofetch": false,
+  
+    "editor.defaultFormatter": null
+  }
+  

.eslintignore

@@ -2,4 +2,3 @@ dist/
 lib/
 node_modules/
 jest.config.js
-src/types/

.eslintrc.json

@@ -1,5 +1,4 @@
 {
-  "root": true,
   "plugins": ["jest", "@typescript-eslint", "prettier", "unicorn"],
   "extends": ["plugin:unicorn/recommended", "plugin:github/recommended", "plugin:prettier/recommended"],
   "parser": "@typescript-eslint/parser",
@@ -15,8 +14,7 @@
   "env": {
     "node": true,
     "es6": true,
-    "jest/globals": true,
-    "es2020": true
+    "jest/globals": true
   },
   "rules": {
     // Error out for code formatting errors

.github/workflows/build-tests-mac.yml

@@ -24,13 +24,6 @@ jobs:
         targetPlatform:
           - StandaloneOSX # Build a MacOS executable
           - iOS # Build an iOS executable
-        include:
-          # Additionally test enableGpu build for a standalone windows target
-          - unityVersion: 6000.0.36f1
-            targetPlatform: StandaloneOSX
-          - unityVersion: 6000.0.36f1
-            targetPlatform: StandaloneOSX
-            buildProfile: 'Assets/Settings/Build Profiles/Sample macOS Build Profile.asset'
 
     steps:
       ###########################
@@ -72,7 +65,6 @@ jobs:
           projectPath: ${{ matrix.projectPath }}
           unityVersion: ${{ matrix.unityVersion }}
           targetPlatform: ${{ matrix.targetPlatform }}
-          buildProfile: ${{ matrix.buildProfile }}
           customParameters: -profile SomeProfile -someBoolean -someValue exampleValue
           # We use dirty build because we are replacing the default project settings file above
           allowDirtyBuild: true
@@ -82,6 +74,6 @@ jobs:
       ###########################
       - uses: actions/upload-artifact@v4
         with:
-          name: Build ${{ matrix.targetPlatform }} on MacOS (${{ matrix.unityVersion }})${{ matrix.buildProfile && '  With Build Profile' || '' }}
+          name: Build ${{ matrix.targetPlatform }} on MacOS (${{ matrix.unityVersion }})
           path: build
           retention-days: 14

.github/workflows/build-tests-windows.yml

@@ -34,12 +34,7 @@ jobs:
             unityVersion: 2023.2.2f1
             targetPlatform: StandaloneWindows64
             enableGpu: true
-          - unityVersion: 6000.0.36f1
-            targetPlatform: StandaloneWindows64
-          - unityVersion: 6000.0.36f1
-            targetPlatform: StandaloneWindows64
-            buildProfile: 'Assets/Settings/Build Profiles/Sample Windows Build Profile.asset'
-  
+
     steps:
       ###########################
       #         Checkout        #
@@ -84,7 +79,6 @@ jobs:
           projectPath: ${{ matrix.projectPath }}
           unityVersion: ${{ matrix.unityVersion }}
           targetPlatform: ${{ matrix.targetPlatform }}
-          buildProfile: ${{ matrix.buildProfile }}
           enableGpu: ${{ matrix.enableGpu }}
           customParameters: -profile SomeProfile -someBoolean -someValue exampleValue
           allowDirtyBuild: true
@@ -146,6 +140,6 @@ jobs:
       ###########################
       - uses: actions/upload-artifact@v4
         with:
-          name: Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
+          name: Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With GPU' || '' }}
           path: build
           retention-days: 14

.github/workflows/cleanup.yml

@@ -0,0 +1,37 @@
+name: Cleanup (cron)
+on:
+  schedule:
+    - cron: '30 10 * * SUN' # every sunday at 10:30
+
+jobs:
+  deleteArtifacts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete old artifacts
+        uses: kolpav/purge-artifacts-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          expire-in: 21 days
+  cleanupCloudRunner:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        if: github.event.event_type != 'pull_request_target'
+        with:
+          lfs: true
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+      - run: yarn
+      - run: yarn run cli --help
+        env:
+          AWS_REGION: eu-west-2
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: eu-west-2
+      - run: yarn run cli -m list-resources
+        env:
+          AWS_REGION: eu-west-2
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: eu-west-2

.github/workflows/cloud-runner-async-checks.yml

@@ -0,0 +1,59 @@
+name: Async Checks API
+
+on:
+  workflow_dispatch:
+    inputs:
+      checksObject:
+        description: ''
+        required: false
+        default: ''
+
+permissions:
+  checks: write
+
+env:
+  GKE_ZONE: 'us-central1'
+  GKE_REGION: 'us-central1'
+  GKE_PROJECT: 'unitykubernetesbuilder'
+  GKE_CLUSTER: 'game-ci-github-pipelines'
+  GCP_LOGGING: true
+  GCP_PROJECT: unitykubernetesbuilder
+  GCP_LOG_FILE: ${{ github.workspace }}/cloud-runner-logs.txt
+  AWS_REGION: eu-west-2
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: eu-west-2
+  AWS_STACK_NAME: game-ci-github-pipelines
+  CLOUD_RUNNER_BRANCH: ${{ github.ref }}
+  CLOUD_RUNNER_DEBUG: true
+  CLOUD_RUNNER_DEBUG_TREE: true
+  DEBUG: true
+  UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}
+  PROJECT_PATH: test-project
+  UNITY_VERSION: 2019.3.15f1
+  USE_IL2CPP: false
+
+jobs:
+  asyncChecks:
+    name: Async Checks
+    if: github.event.event_type != 'pull_request_target'
+    runs-on: ubuntu-latest
+    steps:
+      - timeout-minutes: 180
+        env:
+          UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}
+          PROJECT_PATH: test-project
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_PRIVATE_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TARGET_PLATFORM: StandaloneWindows64
+          cloudRunnerTests: true
+          versioning: None
+          CLOUD_RUNNER_CLUSTER: local-docker
+          AWS_STACK_NAME: game-ci-github-pipelines
+          CHECKS_UPDATE: ${{ github.event.inputs.checksObject }}
+        run: |
+          git clone -b cloud-runner-develop https://github.com/game-ci/unity-builder
+          cd unity-builder
+          yarn
+          ls
+          yarn run cli -m checks-update

.github/workflows/cloud-runner-integrity-localstack.yml

@@ -0,0 +1,83 @@
+name: cloud-runner-integrity-localstack
+
+on:
+  workflow_call:
+    inputs:
+      runGithubIntegrationTests:
+        description: 'Run GitHub Checks integration tests'
+        required: false
+        default: 'false'
+        type: string
+
+permissions:
+  checks: write
+  contents: read
+  actions: write
+  packages: read
+  pull-requests: write
+  statuses: write
+  id-token: write
+
+env:
+  AWS_REGION: us-east-1
+  AWS_DEFAULT_REGION: us-east-1
+  AWS_STACK_NAME: game-ci-local
+  AWS_ENDPOINT: http://localhost:4566
+  AWS_ENDPOINT_URL: http://localhost:4566
+  AWS_ACCESS_KEY_ID: test
+  AWS_SECRET_ACCESS_KEY: test
+  CLOUD_RUNNER_BRANCH: ${{ github.ref }}
+  DEBUG: true
+  PROJECT_PATH: test-project
+  USE_IL2CPP: false
+
+jobs:
+  tests:
+    name: Cloud Runner Tests (LocalStack)
+    runs-on: ubuntu-latest
+    services:
+      localstack:
+        image: localstack/localstack
+        ports:
+          - 4566:4566
+        env:
+          SERVICES: cloudformation,ecs,kinesis,cloudwatch,s3,logs
+    strategy:
+      fail-fast: false
+      matrix:
+        test:
+          - 'cloud-runner-end2end-locking'
+          - 'cloud-runner-end2end-caching'
+          - 'cloud-runner-end2end-retaining'
+          - 'cloud-runner-caching'
+          - 'cloud-runner-environment'
+          - 'cloud-runner-image'
+          - 'cloud-runner-hooks'
+          - 'cloud-runner-local-persistence'
+          - 'cloud-runner-locking-core'
+          - 'cloud-runner-locking-get-locked'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: false
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'yarn'
+      - run: yarn install --frozen-lockfile
+      - run: yarn run test "${{ matrix.test }}" --detectOpenHandles --forceExit --runInBand
+        timeout-minutes: 60
+        env:
+          UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+          PROJECT_PATH: test-project
+          TARGET_PLATFORM: StandaloneWindows64
+          cloudRunnerTests: true
+          versioning: None
+          KUBE_STORAGE_CLASS: local-path
+          PROVIDER_STRATEGY: aws
+          AWS_ACCESS_KEY_ID: test
+          AWS_SECRET_ACCESS_KEY: test
+          GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}

.github/workflows/cloud-runner-integrity.yml

@@ -0,0 +1,196 @@
+name: cloud-runner-integrity
+
+on:
+  workflow_call:
+    inputs:
+      runGithubIntegrationTests:
+        description: 'Run GitHub Checks integration tests'
+        required: false
+        default: 'false'
+        type: string
+
+permissions:
+  checks: write
+  contents: read
+  actions: write
+  packages: read
+  pull-requests: write
+  statuses: write
+  id-token: write
+
+env:
+  AWS_REGION: eu-west-2
+  AWS_DEFAULT_REGION: eu-west-2
+  AWS_STACK_NAME: game-ci-team-pipelines
+  CLOUD_RUNNER_BRANCH: ${{ github.ref }}
+  DEBUG: true
+  PROJECT_PATH: test-project
+  USE_IL2CPP: false
+
+jobs:
+  k8s:
+    name: Cloud Runner Tests (K8s)
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # K8s runs (k3s)
+          - test: 'cloud-runner-end2end-caching'
+            provider: k8s
+          - test: 'cloud-runner-end2end-retaining'
+            provider: k8s
+          - test: 'cloud-runner-hooks'
+            provider: k8s
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: false
+      # Set up Kubernetes (k3s via k3d) only for k8s matrix entries
+      - name: Set up kubectl
+        if: ${{ matrix.provider == 'k8s' }}
+        uses: azure/setup-kubectl@v4
+        with:
+          version: 'v1.29.0'
+      - name: Install k3d
+        if: ${{ matrix.provider == 'k8s' }}
+        run: |
+          curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash
+          k3d version | cat
+      - name: Create k3s cluster (k3d)
+        if: ${{ matrix.provider == 'k8s' }}
+        run: |
+          k3d cluster create unity-builder --agents 1 --wait
+          kubectl config current-context | cat
+      - name: Verify cluster readiness
+        if: ${{ matrix.provider == 'k8s' }}
+        run: |
+          for i in {1..60}; do kubectl get nodes && break || sleep 5; done
+          kubectl get storageclass
+      - name: Start LocalStack (S3)
+        uses: localstack/setup-localstack@v0.2.3
+        with:
+          install-awslocal: true
+      - name: Create S3 bucket for tests (host LocalStack)
+        run: |
+          awslocal s3 mb s3://$AWS_STACK_NAME || true
+          awslocal s3 ls
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'yarn'
+      - run: yarn install --frozen-lockfile
+      - run: yarn run test "${{ matrix.test }}" --detectOpenHandles --forceExit --runInBand
+        timeout-minutes: 60
+        env:
+          UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+          PROJECT_PATH: test-project
+          TARGET_PLATFORM: StandaloneWindows64
+          cloudRunnerTests: true
+          versioning: None
+          KUBE_STORAGE_CLASS: ${{ matrix.provider == 'k8s' && 'local-path' || '' }}
+          PROVIDER_STRATEGY: ${{ matrix.provider }}
+          AWS_ACCESS_KEY_ID: test
+          AWS_SECRET_ACCESS_KEY: test
+          AWS_S3_ENDPOINT: http://localhost:4566
+          AWS_ENDPOINT: http://localhost:4566
+          INPUT_AWSS3ENDPOINT: http://localhost:4566
+          INPUT_AWSENDPOINT: http://localhost:4566
+          AWS_S3_FORCE_PATH_STYLE: 'true'
+          AWS_EC2_METADATA_DISABLED: 'true'
+          GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+  localstack:
+    name: Cloud Runner Tests (LocalStack)
+    runs-on: ubuntu-latest
+    services:
+      localstack:
+        image: localstack/localstack
+        ports:
+          - 4566:4566
+        env:
+          SERVICES: cloudformation,ecs,kinesis,cloudwatch,s3,logs
+    strategy:
+      fail-fast: false
+      matrix:
+        test:
+          - 'cloud-runner-end2end-locking'
+          - 'cloud-runner-end2end-caching'
+          - 'cloud-runner-end2end-retaining'
+          - 'cloud-runner-caching'
+          - 'cloud-runner-environment'
+          - 'cloud-runner-image'
+          - 'cloud-runner-hooks'
+          - 'cloud-runner-local-persistence'
+          - 'cloud-runner-locking-core'
+          - 'cloud-runner-locking-get-locked'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: false
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'yarn'
+      - run: yarn install --frozen-lockfile
+      - run: yarn run test "${{ matrix.test }}" --detectOpenHandles --forceExit --runInBand
+        timeout-minutes: 60
+        env:
+          UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+          PROJECT_PATH: test-project
+          TARGET_PLATFORM: StandaloneWindows64
+          cloudRunnerTests: true
+          versioning: None
+          KUBE_STORAGE_CLASS: local-path
+          PROVIDER_STRATEGY: aws
+          AWS_ACCESS_KEY_ID: test
+          AWS_SECRET_ACCESS_KEY: test
+          AWS_ENDPOINT: http://localhost:4566
+          AWS_ENDPOINT_URL: http://localhost:4566
+          GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+  aws:
+    name: Cloud Runner Tests (AWS)
+    runs-on: ubuntu-latest
+    needs: [k8s, localstack]
+    strategy:
+      fail-fast: false
+      matrix:
+        test:
+          - 'cloud-runner-end2end-caching'
+          - 'cloud-runner-end2end-retaining'
+          - 'cloud-runner-hooks'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: false
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'yarn'
+      - run: yarn install --frozen-lockfile
+      - run: yarn run test "${{ matrix.test }}" --detectOpenHandles --forceExit --runInBand
+        timeout-minutes: 60
+        env:
+          UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+          PROJECT_PATH: test-project
+          TARGET_PLATFORM: StandaloneWindows64
+          cloudRunnerTests: true
+          versioning: None
+          PROVIDER_STRATEGY: aws
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}

.github/workflows/integrity-check.yml

@@ -4,11 +4,6 @@ on:
   push: { branches: [main] }
   pull_request: {}
 
-permissions:
-  contents: read
-  checks: write
-  statuses: write
-
 env:
   CODECOV_TOKEN: '2f2eb890-30e2-4724-83eb-7633832cf0de'
 
@@ -32,8 +27,8 @@ jobs:
       - run: yarn build || { echo "build command should always succeed" ; exit 61; }
   #      - run: yarn build --quiet && git diff --quiet dist || { echo "dist should be auto generated" ; git diff dist ; exit 62; }
 
-  orchestrator-integration:
-    name: Orchestrator Integration
-    if: github.event_name == 'push'
-    uses: ./.github/workflows/validate-orchestrator-integration.yml
+  cloud-runner:
+    name: Cloud Runner Integrity
+    uses: ./.github/workflows/cloud-runner-integrity.yml
     secrets: inherit
+

.github/workflows/temp-push-secrets.yml

@@ -1,41 +0,0 @@
-name: "TEMP: Push secrets to orchestrator repo"
-
-# One-shot workflow — run manually, then delete this file and branch.
-on:
-  workflow_dispatch:
-
-jobs:
-  push-secrets:
-    name: Push secrets to game-ci/orchestrator
-    runs-on: ubuntu-latest
-    steps:
-      - name: Push UNITY_EMAIL
-        run: gh secret set UNITY_EMAIL --repo game-ci/orchestrator --body "$SECRET_VALUE"
-        env:
-          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
-          SECRET_VALUE: ${{ secrets.UNITY_EMAIL }}
-
-      - name: Push UNITY_PASSWORD
-        run: gh secret set UNITY_PASSWORD --repo game-ci/orchestrator --body "$SECRET_VALUE"
-        env:
-          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
-          SECRET_VALUE: ${{ secrets.UNITY_PASSWORD }}
-
-      - name: Push UNITY_SERIAL
-        run: gh secret set UNITY_SERIAL --repo game-ci/orchestrator --body "$SECRET_VALUE"
-        env:
-          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
-          SECRET_VALUE: ${{ secrets.UNITY_SERIAL }}
-
-      - name: Push GIT_PRIVATE_TOKEN
-        run: gh secret set GIT_PRIVATE_TOKEN --repo game-ci/orchestrator --body "$SECRET_VALUE"
-        env:
-          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
-          SECRET_VALUE: ${{ secrets.GIT_PRIVATE_TOKEN }}
-
-      - name: Confirm
-        run: |
-          echo "Secrets pushed to game-ci/orchestrator:"
-          gh secret list --repo game-ci/orchestrator
-        env:
-          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}

.github/workflows/validate-community-plugins.yml

@@ -1,203 +0,0 @@
-name: Validate Community Plugins
-
-on:
-  schedule:
-    # Run weekly on Sunday at 02:00 UTC
-    - cron: '0 2 * * 0'
-  workflow_dispatch:
-    inputs:
-      plugin_filter:
-        description: 'Filter plugins by name (regex pattern, empty = all)'
-        required: false
-        default: ''
-      unity_version:
-        description: 'Override Unity version (empty = use plugin default)'
-        required: false
-        default: ''
-
-permissions:
-  contents: read
-  issues: write
-
-jobs:
-  load-plugins:
-    name: Load Plugin Registry
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.parse.outputs.matrix }}
-      plugin_count: ${{ steps.parse.outputs.count }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Parse plugin registry
-        id: parse
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-            const yaml = require('js-yaml');
-
-            const registry = yaml.load(fs.readFileSync('community-plugins.yml', 'utf8'));
-            let plugins = registry.plugins || [];
-
-            // Apply name filter if provided
-            const filter = '${{ github.event.inputs.plugin_filter }}';
-            if (filter) {
-              const regex = new RegExp(filter, 'i');
-              plugins = plugins.filter(p => regex.test(p.name));
-            }
-
-            // Expand platform matrix
-            const matrix = [];
-            for (const plugin of plugins) {
-              const platforms = plugin.platforms || ['StandaloneLinux64'];
-              for (const platform of platforms) {
-                matrix.push({
-                  name: plugin.name,
-                  package: plugin.package,
-                  source: plugin.source || 'git',
-                  unity: '${{ github.event.inputs.unity_version }}' || plugin.unity || '2021.3',
-                  platform: platform,
-                  timeout: plugin.timeout || 30
-                });
-              }
-            }
-
-            core.setOutput('matrix', JSON.stringify({ include: matrix }));
-            core.setOutput('count', matrix.length);
-            console.log(`Found ${matrix.length} plugin-platform combinations to validate`);
-
-  validate:
-    name: '${{ matrix.name }} (${{ matrix.platform }})'
-    needs: load-plugins
-    if: needs.load-plugins.outputs.plugin_count > 0
-    runs-on: ubuntu-latest
-    timeout-minutes: ${{ fromJson(matrix.timeout) }}
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.load-plugins.outputs.matrix) }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Create test project
-        run: |
-          mkdir -p test-project/Assets
-          mkdir -p test-project/Packages
-          mkdir -p test-project/ProjectSettings
-
-          # Create minimal manifest.json
-          if [ "${{ matrix.source }}" = "git" ]; then
-            cat > test-project/Packages/manifest.json << 'MANIFEST'
-          {
-            "dependencies": {
-              "com.unity.modules.imgui": "1.0.0",
-              "com.unity.modules.jsonserialize": "1.0.0"
-            }
-          }
-          MANIFEST
-
-            # Add git package via manifest
-            cd test-project
-            cat Packages/manifest.json | python3 -c "
-          import sys, json
-          manifest = json.load(sys.stdin)
-          manifest['dependencies']['${{ matrix.name }}'] = '${{ matrix.package }}'
-          json.dump(manifest, sys.stdout, indent=2)
-          " > Packages/manifest.tmp && mv Packages/manifest.tmp Packages/manifest.json
-            cd ..
-          fi
-
-          # Create minimal ProjectSettings
-          cat > test-project/ProjectSettings/ProjectVersion.txt << EOF
-          m_EditorVersion: ${{ matrix.unity }}
-          EOF
-
-      - name: Build with unity-builder
-        uses: ./
-        id: build
-        with:
-          projectPath: test-project
-          targetPlatform: ${{ matrix.platform }}
-          unityVersion: ${{ matrix.unity }}
-        continue-on-error: true
-
-      - name: Record result
-        if: always()
-        run: |
-          STATUS="${{ steps.build.outcome }}"
-          echo "## ${{ matrix.name }} — ${{ matrix.platform }}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "$STATUS" = "success" ]; then
-            echo "✅ **PASSED** — Compiled and built successfully" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "❌ **FAILED** — Build or compilation failed" >> $GITHUB_STEP_SUMMARY
-          fi
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "- Unity: ${{ matrix.unity }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Platform: ${{ matrix.platform }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Source: ${{ matrix.source }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Package: \`${{ matrix.package }}\`" >> $GITHUB_STEP_SUMMARY
-
-  report:
-    name: Validation Report
-    needs: [load-plugins, validate]
-    if: always()
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Generate summary
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const { data: run } = await github.rest.actions.listJobsForWorkflowRun({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              run_id: context.runId
-            });
-
-            const validateJobs = run.jobs.filter(j => j.name.startsWith('validate'));
-            const passed = validateJobs.filter(j => j.conclusion === 'success').length;
-            const failed = validateJobs.filter(j => j.conclusion === 'failure').length;
-            const total = validateJobs.length;
-
-            let summary = `# Community Plugin Validation Report\n\n`;
-            summary += `**${passed}/${total} passed** | ${failed} failed\n\n`;
-            summary += `| Plugin | Platform | Status |\n|--------|----------|--------|\n`;
-
-            for (const job of validateJobs) {
-              const icon = job.conclusion === 'success' ? '✅' : '❌';
-              summary += `| ${job.name} | | ${icon} ${job.conclusion} |\n`;
-            }
-
-            await core.summary.addRaw(summary).write();
-
-            // Create or update issue if there are failures
-            if (failed > 0) {
-              const title = `Community Plugin Validation: ${failed} failure(s) — ${new Date().toISOString().split('T')[0]}`;
-              const body = summary + `\n\n[Workflow Run](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})`;
-
-              const { data: issues } = await github.rest.issues.listForRepo({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                state: 'open',
-                labels: 'community-plugin-validation'
-              });
-
-              if (issues.length > 0) {
-                await github.rest.issues.createComment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: issues[0].number,
-                  body: body
-                });
-              } else {
-                await github.rest.issues.create({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  title: title,
-                  body: body,
-                  labels: ['community-plugin-validation']
-                });
-              }
-            }

.github/workflows/validate-orchestrator.yml

@@ -1,288 +0,0 @@
-name: Validate Orchestrator Compatibility
-
-# ==============================================================================
-# Essential plugin health checks — runs on every PR and push.
-# Fast (~5 min): compilation, unit tests, plugin interface, type declarations.
-#
-# For exhaustive integration tests (k8s, AWS, local-docker, rclone) see
-# validate-orchestrator-integration.yml which runs on a daily cron.
-# ==============================================================================
-
-on:
-  workflow_dispatch:
-  push:
-    branches: [main, 'release/**', 'feature/**', 'refactor/**']
-    paths:
-      - 'src/model/orchestrator-plugin.ts'
-      - 'src/model/build-parameters.ts'
-      - 'src/model/input.ts'
-      - 'src/model/github.ts'
-      - 'src/model/cli/cli.ts'
-      - 'src/model/input-readers/**'
-      - 'src/index.ts'
-      - 'src/types/game-ci-orchestrator.d.ts'
-      - 'action.yml'
-      - 'package.json'
-      - 'yarn.lock'
-      - '.github/workflows/validate-orchestrator.yml'
-  pull_request:
-    branches: [main, 'release/**']
-    paths:
-      - 'src/model/orchestrator-plugin.ts'
-      - 'src/model/build-parameters.ts'
-      - 'src/model/input.ts'
-      - 'src/model/github.ts'
-      - 'src/model/cli/cli.ts'
-      - 'src/model/input-readers/**'
-      - 'src/index.ts'
-      - 'src/types/game-ci-orchestrator.d.ts'
-      - 'action.yml'
-      - 'package.json'
-      - 'yarn.lock'
-      - '.github/workflows/validate-orchestrator.yml'
-
-permissions:
-  contents: read
-  packages: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  # ============================================================================
-  # PLUGIN ARCHITECTURE HEALTH CHECK
-  # ============================================================================
-  # Validates that:
-  #   1. unity-builder compiles and its unit tests pass
-  #   2. Plugin loader degrades gracefully without orchestrator
-  #   3. Orchestrator compiles and its unit tests pass
-  #   4. Plugin loader loads all services when orchestrator is installed
-  #   5. Type declarations match actual exports
-  # ============================================================================
-  plugin-health:
-    name: Plugin Architecture Health
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout unity-builder
-        uses: actions/checkout@v4
-
-      - name: Checkout orchestrator
-        uses: actions/checkout@v4
-        with:
-          repository: game-ci/orchestrator
-          path: orchestrator-standalone
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: yarn
-
-      # --- unity-builder compilation and tests ---
-      - name: Install unity-builder dependencies
-        run: yarn install --frozen-lockfile
-
-      - name: Build unity-builder
-        run: |
-          echo "Building unity-builder TypeScript..."
-          npx tsc
-          echo "✓ unity-builder compiles successfully"
-
-      - name: Run orchestrator-plugin unit tests
-        run: |
-          echo "Running orchestrator-plugin unit tests..."
-          npx jest orchestrator-plugin --verbose --detectOpenHandles --forceExit
-
-      # --- Plugin loader without orchestrator ---
-      - name: Verify plugin loader returns undefined without orchestrator
-        run: |
-          echo "Checking plugin loader handles missing @game-ci/orchestrator..."
-          node -e "
-            const { loadOrchestrator, loadPluginServices } = require('./lib/model/orchestrator-plugin');
-            (async () => {
-              const orch = await loadOrchestrator();
-              if (orch !== undefined) {
-                console.error('ERROR: loadOrchestrator should return undefined when package not installed');
-                process.exit(1);
-              }
-              console.log('✓ loadOrchestrator() returns undefined when package not installed');
-
-              const services = await loadPluginServices();
-              if (services !== undefined) {
-                console.error('ERROR: loadPluginServices should return undefined when package not installed');
-                process.exit(1);
-              }
-              console.log('✓ loadPluginServices() returns undefined when package not installed');
-            })();
-          "
-
-      - name: Verify orchestrator type declarations exist
-        run: |
-          if [ -f "src/types/game-ci-orchestrator.d.ts" ]; then
-            echo "✓ Type declarations for @game-ci/orchestrator exist"
-          else
-            echo "::error::Missing type declarations: src/types/game-ci-orchestrator.d.ts"
-            exit 1
-          fi
-
-      # --- Orchestrator compilation and tests ---
-      - name: Build and pack orchestrator
-        working-directory: orchestrator-standalone
-        run: |
-          yarn install --frozen-lockfile
-          echo "Building orchestrator..."
-          npx tsc
-          echo "✓ orchestrator compiles successfully"
-          echo "Packing orchestrator as tarball..."
-          npm pack
-
-      - name: Run orchestrator unit tests
-        working-directory: orchestrator-standalone
-        run: |
-          echo "Running orchestrator unit tests..."
-          npx jest --no-cache 2>&1 | tail -20
-
-      # --- Plugin loader with orchestrator installed ---
-      - name: Install orchestrator into unity-builder
-        run: |
-          echo "Installing orchestrator into unity-builder workspace..."
-          npm install ./orchestrator-standalone/game-ci-orchestrator-*.tgz --no-save --legacy-peer-deps
-
-      - name: Verify plugin loader returns exports with orchestrator installed
-        run: |
-          echo "Checking plugin loader returns defined exports..."
-          node -e "
-            const { loadOrchestrator, loadPluginServices } = require('./lib/model/orchestrator-plugin');
-            (async () => {
-              const orch = await loadOrchestrator();
-              if (orch === undefined) {
-                console.error('ERROR: loadOrchestrator should return defined exports when package is installed');
-                process.exit(1);
-              }
-              if (typeof orch.run !== 'function') {
-                console.error('ERROR: loadOrchestrator().run should be a function');
-                process.exit(1);
-              }
-              console.log('✓ loadOrchestrator() returns defined exports with orchestrator installed');
-
-              const services = await loadPluginServices();
-              if (services === undefined) {
-                console.error('ERROR: loadPluginServices should return defined exports when package is installed');
-                process.exit(1);
-              }
-              const expectedServices = [
-                'BuildReliabilityService', 'TestWorkflowService', 'HotRunnerService',
-                'OutputService', 'OutputTypeRegistry', 'ArtifactUploadHandler',
-                'IncrementalSyncService',
-              ];
-              for (const svc of expectedServices) {
-                if (services[svc] === undefined) {
-                  console.error('ERROR: ' + svc + ' should be defined');
-                  process.exit(1);
-                }
-              }
-              console.log('✓ loadPluginServices() returns all ' + expectedServices.length + ' services');
-
-              const lazyLoaders = [
-                'loadChildWorkspaceService', 'loadLocalCacheService',
-                'loadSubmoduleProfileService', 'loadLfsAgentService', 'loadGitHooksService',
-              ];
-              for (const loader of lazyLoaders) {
-                if (typeof services[loader] !== 'function') {
-                  console.error('ERROR: ' + loader + ' should be a function');
-                  process.exit(1);
-                }
-                const loaded = await services[loader]();
-                if (loaded === undefined) {
-                  console.error('ERROR: ' + loader + '() should return defined service');
-                  process.exit(1);
-                }
-              }
-              console.log('✓ All ' + lazyLoaders.length + ' lazy loaders return defined services');
-            })();
-          "
-
-      - name: Verify type declarations match orchestrator exports
-        run: |
-          echo "Checking type declarations align with orchestrator exports..."
-          node -e "
-            const orch = require('@game-ci/orchestrator');
-            const expectedExports = [
-              'Orchestrator', 'BuildReliabilityService', 'TestWorkflowService',
-              'HotRunnerService', 'OutputService', 'OutputTypeRegistry',
-              'ArtifactUploadHandler', 'IncrementalSyncService',
-              'ChildWorkspaceService', 'LocalCacheService', 'SubmoduleProfileService',
-              'LfsAgentService', 'GitHooksService',
-            ];
-            const missing = expectedExports.filter(e => orch[e] === undefined);
-            if (missing.length > 0) {
-              console.error('ERROR: Missing exports from @game-ci/orchestrator:', missing.join(', '));
-              process.exit(1);
-            }
-            console.log('✓ All ' + expectedExports.length + ' declared exports present in orchestrator package');
-          "
-
-      - name: Smoke test orchestrator build wiring
-        run: |
-          echo "Verifying orchestrator build wiring end-to-end..."
-          node -e "
-            const { loadOrchestrator, loadPluginServices } = require('./lib/model/orchestrator-plugin');
-            const { Orchestrator, BuildParameters } = require('@game-ci/orchestrator');
-
-            (async () => {
-              // Verify Orchestrator has the expected static API
-              const requiredMethods = ['setup', 'run'];
-              for (const m of requiredMethods) {
-                if (typeof Orchestrator[m] !== 'function') {
-                  console.error('ERROR: Orchestrator.' + m + ' should be a function, got ' + typeof Orchestrator[m]);
-                  process.exit(1);
-                }
-              }
-              console.log('✓ Orchestrator has setup() and run() methods');
-
-              // Verify BuildParameters.create() produces a valid config object
-              const params = await BuildParameters.create();
-              const requiredFields = [
-                'targetPlatform', 'projectPath', 'providerStrategy',
-                'editorVersion', 'buildPath', 'buildName',
-              ];
-              for (const f of requiredFields) {
-                if (params[f] === undefined) {
-                  console.error('ERROR: BuildParameters.' + f + ' is undefined');
-                  process.exit(1);
-                }
-              }
-              console.log('✓ BuildParameters.create() produces valid config with ' + requiredFields.length + ' required fields');
-
-              // Verify loadOrchestrator().run is wired to Orchestrator.run
-              const orch = await loadOrchestrator();
-              if (typeof orch.run !== 'function') {
-                console.error('ERROR: loadOrchestrator().run is not a function');
-                process.exit(1);
-              }
-
-              // Call run with a bad baseImage to confirm it reaches Orchestrator.run
-              // (Orchestrator.run throws 'baseImage is undefined' for images containing 'undefined')
-              try {
-                await orch.run(params, 'undefined-image');
-                console.error('ERROR: Expected Orchestrator.run to throw for undefined baseImage');
-                process.exit(1);
-              } catch (e) {
-                if (e.message.includes('baseImage is undefined')) {
-                  console.log('✓ loadOrchestrator().run() correctly wired to Orchestrator.run()');
-                } else {
-                  console.error('ERROR: Unexpected error from Orchestrator.run:', e.message);
-                  process.exit(1);
-                }
-              }
-
-              // Verify plugin services wire through to real service instances
-              const services = await loadPluginServices();
-              if (typeof services.BuildReliabilityService.configureGitEnvironment !== 'function') {
-                console.error('ERROR: BuildReliabilityService.configureGitEnvironment should be a function');
-                process.exit(1);
-              }
-              console.log('✓ Plugin services wire through to real orchestrator implementations');
-            })();
-          "

.gitignore

@@ -5,5 +5,3 @@ lib/
 .vsconfig
 yarn-error.log
 .orig
-$LOG_FILE
-temp/

action.yml

@@ -104,17 +104,11 @@ inputs:
   gitPrivateToken:
     required: false
     default: ''
-    description: '[Orchestrator] Github private token to pull from github'
-  gitAuthMode:
-    required: false
-    default: 'header'
-    description:
-      '[Orchestrator] How git authentication is configured. "header" (default) uses http.extraHeader so the token
-      never appears in clone URLs or git config. "url" embeds the token in clone URLs (legacy behavior).'
+    description: '[CloudRunner] Github private token to pull from github'
   githubOwner:
     required: false
     default: ''
-    description: '[Orchestrator] GitHub owner name or organization/team name'
+    description: '[CloudRunner] GitHub owner name or organization/team name'
   runAsHostUser:
     required: false
     default: 'false'
@@ -155,146 +149,97 @@ inputs:
   allowDirtyBuild:
     required: false
     default: ''
-    description: '[Orchestrator] Allows the branch of the build to be dirty, and still generate the build.'
+    description: '[CloudRunner] Allows the branch of the build to be dirty, and still generate the build.'
   postBuildSteps:
     required: false
     default: ''
     description:
-      '[Orchestrator] run a post build job in yaml format with the keys image, secrets (name, value object array),
+      '[CloudRunner] run a post build job in yaml format with the keys image, secrets (name, value object array),
       command string'
   preBuildSteps:
     required: false
     default: ''
     description:
-      '[Orchestrator] Run a pre build job after the repository setup but before the build job (in yaml format with the
+      '[CloudRunner] Run a pre build job after the repository setup but before the build job (in yaml format with the
       keys image, secrets (name, value object array), command line string)'
   containerHookFiles:
     required: false
     default: ''
     description:
-      '[Orchestrator] Specify the names (by file name) of custom steps to run before or after orchestrator jobs, must
+      '[CloudRunner] Specify the names (by file name) of custom steps to run before or after cloud runner jobs, must
       match a yaml step file inside your repo in the folder .game-ci/steps/'
   customHookFiles:
     required: false
     default: ''
     description:
-      '[Orchestrator] Specify the names (by file name) of custom hooks to run before or after orchestrator jobs, must
+      '[CloudRunner] Specify the names (by file name) of custom hooks to run before or after cloud runner jobs, must
       match a yaml step file inside your repo in the folder .game-ci/hooks/'
   customCommandHooks:
     required: false
     default: ''
-    description: '[Orchestrator] Specify custom commands and trigger hooks (injects commands into jobs)'
+    description: '[CloudRunner] Specify custom commands and trigger hooks (injects commands into jobs)'
   customJob:
     required: false
     default: ''
     description:
-      '[Orchestrator] Run a custom job instead of the standard build automation for orchestrator (in yaml format with
-      the keys image, secrets (name, value object array), command line string)'
+      '[CloudRunner] Run a custom job instead of the standard build automation for cloud runner (in yaml format with the
+      keys image, secrets (name, value object array), command line string)'
   awsStackName:
     default: 'game-ci'
     required: false
-    description: '[Orchestrator] The Cloud Formation stack name that must be setup before using this option.'
+    description: '[CloudRunner] The Cloud Formation stack name that must be setup before using this option.'
   providerStrategy:
     default: 'local'
     required: false
     description:
-      '[Orchestrator] Either local, k8s or aws can be used to run builds on a remote cluster. Additional parameters must
+      '[CloudRunner] Either local, k8s or aws can be used to run builds on a remote cluster. Additional parameters must
       be configured.'
-  fallbackProviderStrategy:
-    default: ''
-    required: false
-    description:
-      '[Orchestrator] Fallback provider when the primary is unavailable. Used with runnerCheckEnabled for automatic
-      failover, or as a catch-all if the primary provider fails to initialize.'
-  runnerCheckEnabled:
-    default: 'false'
-    required: false
-    description:
-      '[Orchestrator] Check GitHub Actions runner availability before starting a build. When no suitable runners are
-      available and fallbackProviderStrategy is set, automatically routes to the fallback provider.'
-  runnerCheckLabels:
-    default: ''
-    required: false
-    description:
-      '[Orchestrator] Comma-separated runner labels to filter when checking availability (e.g. self-hosted,linux).
-      When empty, checks all runners in the repository.'
-  runnerCheckMinAvailable:
-    default: '1'
-    required: false
-    description:
-      '[Orchestrator] Minimum number of idle runners required for the primary provider. If fewer are available,
-      routes to fallbackProviderStrategy.'
-  retryOnFallback:
-    default: 'false'
-    required: false
-    description:
-      '[Orchestrator] When true and fallbackProviderStrategy is set, automatically retry the build on the fallback
-      provider if the primary provider fails. Useful for long builds where transient cloud failures are common.'
-  providerInitTimeout:
-    default: '0'
-    required: false
-    description:
-      '[Orchestrator] Maximum seconds to wait for the primary provider to initialize (setupWorkflow). If exceeded
-      and fallbackProviderStrategy is set, switches to the fallback. Set to 0 to disable (default).'
-  secretSource:
-    default: ''
-    required: false
-    description:
-      '[Orchestrator] Premade secret source for pulling build secrets. Supported values: aws-secrets-manager,
-      aws-parameter-store, gcp-secret-manager, azure-key-vault, hashicorp-vault, hashicorp-vault-kv1,
-      vault (alias for hashicorp-vault), env. Can also be a custom shell command with {0} placeholder
-      for the key, or a path to a YAML file defining custom sources. Takes precedence over
-      inputPullCommand when set.'
-  resourceTracking:
-    default: 'false'
-    required: false
-    description: '[Orchestrator] Enable resource tracking logs for disk usage and allocation summaries.'
   containerCpu:
     default: ''
     required: false
-    description: '[Orchestrator] Amount of CPU time to assign the remote build container'
+    description: '[CloudRunner] Amount of CPU time to assign the remote build container'
   containerMemory:
     default: ''
     required: false
-    description: '[Orchestrator] Amount of memory to assign the remote build container'
+    description: '[CloudRunner] Amount of memory to assign the remote build container'
   readInputFromOverrideList:
     default: ''
     required: false
-    description: '[Orchestrator] Comma separated list of input value names to read from "input override command"'
+    description: '[CloudRunner] Comma separated list of input value names to read from "input override command"'
   readInputOverrideCommand:
     default: ''
     required: false
     description:
-      '[Orchestrator] Extend game ci by specifying a command to execute to pull input from external source e.g cloud
+      '[CloudRunner] Extend game ci by specifying a command to execute to pull input from external source e.g cloud
       provider secret managers'
   kubeConfig:
     default: ''
     required: false
     description:
-      '[Orchestrator] Supply a base64 encoded kubernetes config to run builds on kubernetes and stream logs until
+      '[CloudRunner] Supply a base64 encoded kubernetes config to run builds on kubernetes and stream logs until
       completion.'
   kubeVolume:
     default: ''
     required: false
-    description: '[Orchestrator] Supply a Persistent Volume Claim name to use for the Unity build.'
+    description: '[CloudRunner] Supply a Persistent Volume Claim name to use for the Unity build.'
   kubeStorageClass:
     default: ''
     required: false
     description:
-      '[Orchestrator] Kubernetes storage class to use for orchestrator jobs, leave empty to install rook cluster.'
+      '[CloudRunner] Kubernetes storage class to use for cloud runner jobs, leave empty to install rook cluster.'
   kubeVolumeSize:
     default: '5Gi'
     required: false
-    description: '[Orchestrator] Amount of disc space to assign the Kubernetes Persistent Volume'
+    description: '[CloudRunner] Amount of disc space to assign the Kubernetes Persistent Volume'
   cacheKey:
     default: ''
     required: false
-    description: '[Orchestrator] Cache key to indicate bucket for cache'
+    description: '[CloudRunner] Cache key to indicate bucket for cache'
   watchToEnd:
     default: 'true'
     required: false
     description:
-      '[Orchestrator] Whether or not to watch the build to the end. Can be used for especially long running jobs e.g
+      '[CloudRunner] Whether or not to watch the build to the end. Can be used for especially long running jobs e.g
       imports or self-hosted ephemeral runners.'
   cacheUnityInstallationOnMac:
     default: 'false'
@@ -320,408 +265,6 @@ inputs:
     default: 'false'
     required: false
     description: 'Skip the activation/deactivation of Unity. This assumes Unity is already activated.'
-  artifactOutputTypes:
-    description: 'Comma-separated list of output types to collect (build, logs, test-results, coverage, images, metrics, data-export, server-build, custom)'
-    required: false
-    default: 'build,logs,test-results'
-  artifactUploadTarget:
-    description: 'Where to upload artifacts: github-artifacts, storage, local, none'
-    required: false
-    default: 'github-artifacts'
-  artifactUploadPath:
-    description: 'Destination path for artifact upload (storage URI or local path)'
-    required: false
-  artifactCompression:
-    description: 'Compression for artifacts: none, gzip, lz4'
-    required: false
-    default: 'gzip'
-  artifactRetentionDays:
-    description: 'Retention period for uploaded artifacts in days'
-    required: false
-    default: '30'
-  artifactCustomTypes:
-    description: 'JSON string defining custom output types [{name, defaultPath, description}]'
-    required: false
-  cloneDepth:
-    default: '50'
-    required: false
-    description: '[Orchestrator] Specifies the depth of the git clone for the repository. Use 0 for full clone.'
-  orchestratorRepoName:
-    default: 'game-ci/unity-builder'
-    required: false
-    description:
-      '[Orchestrator] Specifies the repo for the unity builder. Useful if you forked the repo for testing, features, or
-      fixes.'
-  submoduleProfilePath:
-    required: false
-    default: ''
-    description:
-      'Path to a YAML submodule profile file (relative to repo root). Defines which submodules to initialize (branch:
-      main) or skip (branch: empty). See docs for format.'
-  submoduleVariantPath:
-    required: false
-    default: ''
-    description:
-      'Path to a YAML variant overlay file that modifies the base submodule profile. Used for server or debug build
-      variants.'
-  submoduleToken:
-    required: false
-    default: ''
-    description:
-      'Git token for authenticating submodule clones. Falls back to gitPrivateToken or GITHUB_TOKEN if empty.'
-  localCacheEnabled:
-    required: false
-    default: 'false'
-    description:
-      'Enable filesystem-based caching for local builds. Caches the Unity Library folder and optionally LFS objects
-      between builds without requiring actions/cache.'
-  localCacheRoot:
-    required: false
-    default: ''
-    description:
-      'Root directory for local build cache. Defaults to $RUNNER_TEMP/game-ci-cache or .game-ci/cache if RUNNER_TEMP is
-      not set.'
-  localCacheLibrary:
-    required: false
-    default: 'true'
-    description: 'Cache the Unity Library folder for local builds. Only effective when localCacheEnabled is true.'
-  localCacheLfs:
-    required: false
-    default: 'false'
-    description: 'Cache Git LFS objects for local builds. Only effective when localCacheEnabled is true.'
-  childWorkspacesEnabled:
-    required: false
-    default: 'false'
-    description:
-      'Enable child workspace isolation for multi-product builds. Uses atomic filesystem moves for O(1) workspace
-      restore instead of tar/download/extract. Ideal for 50GB+ workspaces on self-hosted runners.'
-  childWorkspaceName:
-    required: false
-    default: ''
-    description:
-      'Name for this child workspace (e.g., product name like "TurnOfWar"). Used as the cache key for workspace
-      isolation. Required when childWorkspacesEnabled is true.'
-  childWorkspaceCacheRoot:
-    required: false
-    default: ''
-    description:
-      'Parent directory for cached child workspaces. Should be on the same NTFS volume as the build directory for O(1)
-      atomic restore via filesystem rename. Defaults to $RUNNER_TEMP/game-ci-workspaces.'
-  childWorkspacePreserveGit:
-    required: false
-    default: 'true'
-    description:
-      'Preserve .git directory in cached child workspace. Enables delta operations on restore but increases cache size.
-      Set to false to save disk space at the cost of full re-clone on restore.'
-  childWorkspaceSeparateLibrary:
-    required: false
-    default: 'true'
-    description:
-      'Cache Unity Library folder separately from the child workspace. Allows independent Library restore even when
-      workspace cache is invalidated. Recommended for large projects.'
-  lfsTransferAgent:
-    required: false
-    default: ''
-    description:
-      'Custom Git LFS transfer agent. Set to "elastic-git-storage" for built-in support (auto-installs from GitHub
-      releases). Append @version for a specific release (e.g. "elastic-git-storage@v1.0.0"). Or provide a path to any
-      custom transfer agent executable. When set, the agent is registered via git config before LFS operations.'
-  lfsTransferAgentArgs:
-    required: false
-    default: ''
-    description: 'Additional arguments to pass to the custom LFS transfer agent.'
-  lfsStoragePaths:
-    required: false
-    default: ''
-    description:
-      'Semicolon-separated list of storage paths for the custom LFS transfer agent. Interpretation depends on the agent
-      (e.g. local paths, WebDAV URLs, rclone remotes).'
-  gitHooksEnabled:
-    required: false
-    default: 'false'
-    description:
-      'Install and run git hooks (lefthook, husky, or native) during builds. When false (default), hooks are disabled
-      for build performance.'
-  gitHooksSkipList:
-    required: false
-    default: ''
-    description:
-      'Comma-separated list of hook names to skip even when gitHooksEnabled is true. Example: pre-push,post-merge'
-  gitHooksRunBeforeBuild:
-    required: false
-    default: ''
-    description:
-      'Comma-separated list of lefthook hook groups to run before the Unity build. Allows CI to trigger checks that
-      normally only run on git events. Example: pre-commit,pre-push. Requires lefthook. Works with Unity Git Hooks
-      (com.frostebite.unitygithooks) when installed as a UPM package — the init script runs automatically.'
-  providerExecutable:
-    required: false
-    default: ''
-    description:
-      'Path to an external CLI executable that implements the provider protocol. Enables providers written in any
-      language (Go, Python, Rust, shell). Uses JSON-over-stdin/stdout communication.'
-  gcpProject:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] Google Cloud project ID for Cloud Run Jobs provider. Falls back to
-      GOOGLE_CLOUD_PROJECT env var.'
-  gcpRegion:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] Google Cloud region for Cloud Run Jobs (e.g. us-central1). Defaults to the region
-      input if empty.'
-  gcpStorageType:
-    required: false
-    default: 'gcs-fuse'
-    description:
-      '[Orchestrator] [Experimental] Storage type for Cloud Run Jobs. Options: gcs-fuse (mount GCS bucket as filesystem,
-      unlimited size, best for large sequential I/O), gcs-copy (copy artifacts in/out via gsutil, simpler, no FUSE
-      overhead), nfs (Filestore NFS mount, true POSIX, good random I/O, up to 100 TiB), in-memory (tmpfs, fastest but
-      volatile, up to 32 GiB).'
-  gcpBucket:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] GCS bucket name for build artifact storage. Used by gcs-fuse and gcs-copy storage
-      types.'
-  gcpFilestoreIp:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] Filestore instance IP address for NFS storage type. Required when gcpStorageType is
-      nfs.'
-  gcpFilestoreShare:
-    required: false
-    default: '/share1'
-    description:
-      '[Orchestrator] [Experimental] Filestore share name for NFS storage type. Defaults to /share1 (the Filestore
-      default).'
-  gcpMachineType:
-    required: false
-    default: 'e2-standard-4'
-    description: '[Orchestrator] [Experimental] Machine type for Cloud Run Jobs (e.g. e2-standard-4, e2-highmem-8).'
-  gcpDiskSizeGb:
-    required: false
-    default: '100'
-    description:
-      '[Orchestrator] [Experimental] Disk size in GB for Cloud Run Jobs in-memory volumes. Only applies to in-memory
-      storage type (max 32).'
-  gcpServiceAccount:
-    required: false
-    default: ''
-    description: '[Orchestrator] [Experimental] Google Cloud service account email for Cloud Run Jobs execution.'
-  gcpVpcConnector:
-    required: false
-    default: ''
-    description: '[Orchestrator] [Experimental] VPC connector name for Cloud Run Jobs private networking.'
-  azureResourceGroup:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] Azure resource group for Container Instances provider. Falls back to
-      AZURE_RESOURCE_GROUP env var.'
-  azureLocation:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] Azure region for Container Instances (e.g. eastus, westeurope). Defaults to the
-      region input if empty.'
-  azureStorageType:
-    required: false
-    default: 'azure-files'
-    description:
-      '[Orchestrator] [Experimental] Storage type for Azure Container Instances. Options: azure-files (SMB file share
-      mount, up to 100 TiB, premium throughput), blob-copy (copy artifacts in/out via az storage blob, no mount
-      overhead), azure-files-nfs (NFS 4.1 file share mount, true POSIX, no SMB lock overhead), in-memory (emptyDir
-      tmpfs, fastest but volatile, size limited by container memory).'
-  azureStorageAccount:
-    required: false
-    default: ''
-    description:
-      '[Orchestrator] [Experimental] Azure Storage Account name. Used by azure-files, azure-files-nfs, and blob-copy
-      storage types.'
-  azureFileShareName:
-    required: false
-    default: 'unity-builds'
-    description:
-      '[Orchestrator] [Experimental] Azure File Share name within the storage account. Used by azure-files and
-      azure-files-nfs storage types. Supports up to 100 TiB per share.'
-  azureBlobContainer:
-    required: false
-    default: 'unity-builds'
-    description: '[Orchestrator] [Experimental] Azure Blob container name for blob-copy storage type.'
-  azureSubscriptionId:
-    required: false
-    default: ''
-    description: '[Orchestrator] [Experimental] Azure subscription ID. Falls back to AZURE_SUBSCRIPTION_ID env var.'
-  azureCpu:
-    required: false
-    default: '4'
-    description: '[Orchestrator] [Experimental] CPU cores for Azure Container Instances (1-16).'
-  azureMemoryGb:
-    required: false
-    default: '16'
-    description: '[Orchestrator] [Experimental] Memory in GB for Azure Container Instances (1-16).'
-  azureDiskSizeGb:
-    required: false
-    default: '100'
-    description:
-      '[Orchestrator] [Experimental] File share quota in GB for Azure Container Instances. Premium shares support up to
-      102400 GB (100 TiB).'
-  azureSubnetId:
-    required: false
-    default: ''
-    description: '[Orchestrator] [Experimental] Azure subnet resource ID for VNet-integrated Container Instances.'
-  remotePowershellHost:
-    default: ''
-    required: false
-    description: '[Orchestrator] Remote PowerShell host (hostname or IP) for the remote-powershell provider'
-  remotePowershellCredential:
-    default: ''
-    required: false
-    description: '[Orchestrator] Remote PowerShell credential (username:password or certificate path)'
-  remotePowershellTransport:
-    default: 'wsman'
-    required: false
-    description: '[Orchestrator] Remote PowerShell transport protocol (wsman or ssh)'
-  githubActionsRepo:
-    default: ''
-    required: false
-    description: '[Orchestrator] Target repository (owner/repo) for the github-actions provider'
-  githubActionsWorkflow:
-    default: ''
-    required: false
-    description: '[Orchestrator] Workflow filename or ID to dispatch for the github-actions provider'
-  githubActionsToken:
-    default: ''
-    required: false
-    description: '[Orchestrator] PAT with actions:write scope for the github-actions provider'
-  githubActionsRef:
-    default: 'main'
-    required: false
-    description: '[Orchestrator] Branch/ref to run the workflow on for the github-actions provider'
-  gitlabProjectId:
-    default: ''
-    required: false
-    description: '[Orchestrator] GitLab project ID or URL-encoded path for the gitlab-ci provider'
-  gitlabTriggerToken:
-    default: ''
-    required: false
-    description: '[Orchestrator] Pipeline trigger token for the gitlab-ci provider'
-  gitlabApiUrl:
-    default: 'https://gitlab.com'
-    required: false
-    description: '[Orchestrator] GitLab API URL (for self-hosted instances) for the gitlab-ci provider'
-  gitlabRef:
-    default: 'main'
-    required: false
-    description: '[Orchestrator] Branch/ref to trigger the pipeline on for the gitlab-ci provider'
-  ansibleInventory:
-    default: ''
-    required: false
-    description: '[Orchestrator] Path to Ansible inventory file or dynamic inventory script'
-  ansiblePlaybook:
-    default: ''
-    required: false
-    description: '[Orchestrator] Path to Ansible playbook for Unity builds'
-  ansibleExtraVars:
-    default: ''
-    required: false
-    description: '[Orchestrator] Additional Ansible variables as JSON'
-  ansibleVaultPassword:
-    default: ''
-    required: false
-    description: '[Orchestrator] Path to Ansible vault password file'
-  gitIntegrityCheck:
-    description: 'Run git integrity checks before build (fsck, lock cleanup, submodule validation)'
-    required: false
-    default: 'false'
-  gitAutoRecover:
-    description: 'Attempt automatic recovery if git corruption is detected'
-    required: false
-    default: 'false'
-  cleanReservedFilenames:
-    description: 'Remove Windows reserved filenames that cause Unity import loops'
-    required: false
-    default: 'false'
-  buildArchiveEnabled:
-    description: 'Archive build output after successful build'
-    required: false
-    default: 'false'
-  buildArchivePath:
-    description: 'Path to store build archives'
-    required: false
-    default: './build-archives'
-  buildArchiveRetention:
-    description: 'Days to retain build archives before cleanup'
-    required: false
-    default: '30'
-  testSuitePath:
-    description: 'Path to YAML test suite definition file'
-    required: false
-  testSuiteEvent:
-    description: 'CI event name for suite selection (pr, push, release)'
-    required: false
-  testTaxonomyPath:
-    description: 'Path to custom taxonomy definition YAML'
-    required: false
-  testResultFormat:
-    description: 'Test result output format: junit, json, or both'
-    required: false
-    default: 'junit'
-  testResultPath:
-    description: 'Directory for structured test result output'
-    required: false
-    default: './test-results'
-
-  hotRunnerEnabled:
-    description: '[HotRunner] Use persistent hot runner for builds (requires pre-registered runners)'
-    required: false
-    default: 'false'
-  hotRunnerTransport:
-    description: '[HotRunner] Transport protocol for hot runner communication: websocket, grpc, named-pipe'
-    required: false
-    default: 'websocket'
-  hotRunnerHost:
-    description: '[HotRunner] Hot runner host address'
-    required: false
-    default: 'localhost'
-  hotRunnerPort:
-    description: '[HotRunner] Hot runner port number'
-    required: false
-    default: '9090'
-  hotRunnerHealthInterval:
-    description: '[HotRunner] Health check interval in seconds'
-    required: false
-    default: '30'
-  hotRunnerMaxIdle:
-    description: '[HotRunner] Maximum idle time in seconds before recycling runner'
-    required: false
-    default: '3600'
-  hotRunnerFallbackToCold:
-    description: '[HotRunner] Fall back to cold build if no hot runner available'
-    required: false
-    default: 'true'
-  syncStrategy:
-    description: 'Workspace sync strategy: full, git-delta, direct-input, storage-pull'
-    required: false
-    default: 'full'
-  syncInputRef:
-    description: 'URI for direct-input or storage-pull content (storage://remote/path or file path)'
-    required: false
-  syncStorageRemote:
-    description: 'rclone remote name for storage-backed inputs (defaults to rcloneRemote)'
-    required: false
-  syncRevertAfter:
-    description: 'Revert overlaid changes after job completion'
-    required: false
-    default: 'true'
-  syncStatePath:
-    description: 'Path to sync state file for delta tracking'
-    required: false
-    default: '.game-ci/sync-state.json'
 
 outputs:
   volume:
@@ -735,8 +278,6 @@ outputs:
       'Returns the exit code from the build scripts. This code is 0 if the build was successful. If there was an error
       during activation, the code is from the activation step. If activation is successful, the code is from the project
       build step.'
-  artifactManifestPath:
-    description: 'Path to the generated artifact manifest JSON file'
 branding:
   icon: 'box'
   color: 'gray-dark'

community-plugins.yml

@@ -1,27 +0,0 @@
-# Community Plugin Validation Registry
-# Packages listed here are automatically tested on a schedule
-# to ensure compatibility with unity-builder.
-#
-# Format:
-#   - name: Human-readable name
-#     package: UPM package name or git URL
-#     source: upm | git | asset-store
-#     unity: Minimum Unity version (optional, defaults to 2021.3)
-#     platforms: List of platforms to test (optional, defaults to [StandaloneLinux64])
-#     timeout: Build timeout in minutes (optional, defaults to 30)
-
-plugins:
-  # Example entries — community members can submit PRs to add their packages
-  - name: UniTask
-    package: https://github.com/Cysharp/UniTask.git?path=src/UniTask/Assets/Plugins/UniTask
-    source: git
-    platforms: [StandaloneLinux64, StandaloneWindows64]
-
-  - name: NaughtyAttributes
-    package: https://github.com/dbrizov/NaughtyAttributes.git?path=Assets/NaughtyAttributes
-    source: git
-
-  - name: Unity Atoms
-    package: https://github.com/unity-atoms/unity-atoms.git
-    source: git
-    platforms: [StandaloneLinux64]

dist/default-build-script/Assets/Editor/UnityBuilderAction/Builder.cs

@@ -56,19 +56,14 @@ namespace UnityBuilderAction
       // of either `UnityEditor.BuildPlayerOptions` or `UnityEditor.BuildPlayerWithProfileOptions`
       dynamic buildPlayerOptions;
 
-      if (options.TryGetValue("activeBuildProfile", out var buildProfilePath)) {
-        if (string.IsNullOrEmpty(buildProfilePath)) {
-          throw new Exception("`-activeBuildProfile` is set but with an empty value; this shouldn't happen");
-        }
+      if (options["customBuildProfile"] != "") {
 
 #if UNITY_6000_0_OR_NEWER
         // Load build profile from Assets folder
-        var buildProfile = AssetDatabase.LoadAssetAtPath<BuildProfile>(buildProfilePath)
-                           ?? throw new Exception("Build profile file not found at path: " + buildProfilePath);
+        BuildProfile buildProfile = AssetDatabase.LoadAssetAtPath<BuildProfile>(options["customBuildProfile"]);
 
-        // no need to set active profile, as already set by `-activeBuildProfile` CLI argument
-        // BuildProfile.SetActiveBuildProfile(buildProfile);
-        Debug.Log($"build profile: {buildProfile.name}");
+        // Set it as active
+        BuildProfile.SetActiveBuildProfile(buildProfile);
 
         // Define BuildPlayerWithProfileOptions
         buildPlayerOptions = new BuildPlayerWithProfileOptions {
@@ -76,16 +71,12 @@ namespace UnityBuilderAction
             locationPathName = options["customBuildPath"],
             options = buildOptions,
         };
-#else // UNITY_6000_0_OR_NEWER
+#else
         throw new Exception("Build profiles are not supported by this version of Unity (" + Application.unityVersion +")");
-#endif // UNITY_6000_0_OR_NEWER
+#endif
 
       } else {
 
-#if BUILD_PROFILE_LOADED
-        throw new Exception("Build profile's define symbol present; shouldn't happen");
-#endif // BUILD_PROFILE_LOADED
-
         // Gather values from project
         var scenes = EditorBuildSettings.scenes.Where(scene => scene.enabled).Select(s => s.path).ToArray();
 

dist/default-build-script/Assets/Editor/UnityBuilderAction/Input/AndroidSettings.cs

@@ -115,7 +115,6 @@ namespace UnityBuilderAction.Input
       }
     }
 
-#if UNITY_6000_0_OR_NEWER
     private static void SetDebugSymbols(string enumValueName)
     {
       // UnityEditor.Android.UserBuildSettings and Unity.Android.Types.DebugSymbolLevel are part of the Unity Android module.
@@ -145,6 +144,5 @@ namespace UnityBuilderAction.Input
       }
       levelProp.SetValue(null, enumValue);
     }
-#endif
   }
 }

dist/default-build-script/Assets/Editor/UnityBuilderAction/Input/ArgumentsParser.cs

@@ -21,19 +21,6 @@ namespace UnityBuilderAction.Input
         EditorApplication.Exit(110);
       }
 
-#if UNITY_6000_0_OR_NEWER
-      var buildProfileSupport = true;
-#else
-      var buildProfileSupport = false;
-#endif // UNITY_6000_0_OR_NEWER
-
-      string buildProfile;
-      if (buildProfileSupport && validatedOptions.TryGetValue("activeBuildProfile", out buildProfile)) {
-        if (validatedOptions.ContainsKey("buildTarget")) {
-          Console.WriteLine("Extra argument -buildTarget");
-          EditorApplication.Exit(122);
-        }
-      } else {
       string buildTarget;
       if (!validatedOptions.TryGetValue("buildTarget", out buildTarget)) {
         Console.WriteLine("Missing argument -buildTarget");
@@ -44,7 +31,6 @@ namespace UnityBuilderAction.Input
         Console.WriteLine(buildTarget + " is not a defined " + typeof(BuildTarget).Name);
         EditorApplication.Exit(121);
       }
-      }
 
       string customBuildPath;
       if (!validatedOptions.TryGetValue("customBuildPath", out customBuildPath)) {

dist/platforms/mac/steps/activate.sh

@@ -4,69 +4,21 @@
 echo "Changing to \"$ACTIVATE_LICENSE_PATH\" directory."
 pushd "$ACTIVATE_LICENSE_PATH"
 
-if [[ -n "$UNITY_SERIAL" && -n "$UNITY_EMAIL" && -n "$UNITY_PASSWORD" ]]; then
-  #
-  # SERIAL LICENSE MODE
-  #
-  # This will activate unity, using the serial activation process.
-  #
+echo "Requesting activation"
 
-  echo "Requesting activation"
+# Activate license
+/Applications/Unity/Hub/Editor/$UNITY_VERSION/Unity.app/Contents/MacOS/Unity \
+  -logFile - \
+  -batchmode \
+  -nographics \
+  -quit \
+  -serial "$UNITY_SERIAL" \
+  -username "$UNITY_EMAIL" \
+  -password "$UNITY_PASSWORD" \
+  -projectPath "$ACTIVATE_LICENSE_PATH"
 
-  # Activate license
-  /Applications/Unity/Hub/Editor/$UNITY_VERSION/Unity.app/Contents/MacOS/Unity \
-    -logFile - \
-    -batchmode \
-    -nographics \
-    -quit \
-    -serial "$UNITY_SERIAL" \
-    -username "$UNITY_EMAIL" \
-    -password "$UNITY_PASSWORD" \
-    -projectPath "$ACTIVATE_LICENSE_PATH"
-
-  # Store the exit code from the verify command
-  UNITY_EXIT_CODE=$?
-
-elif [[ -n "$UNITY_LICENSING_SERVER" ]]; then
-  #
-  # Custom Unity License Server
-  #
-  echo "Adding licensing server config"
-  mkdir -p "$UNITY_LICENSE_PATH/config/"
-  cp "$ACTION_FOLDER/unity-config/services-config.json" "$UNITY_LICENSE_PATH/config/services-config.json"
-
-  /Applications/Unity/Hub/Editor/$UNITY_VERSION/Unity.app/Contents/Frameworks/UnityLicensingClient.app/Contents/MacOS/Unity.Licensing.Client \
-    --acquire-floating > license.txt
-
-  # Store the exit code from the verify command
-  UNITY_EXIT_CODE=$?
-
-  if [ $UNITY_EXIT_CODE -eq 0 ]; then
-    PARSEDFILE=$(grep -oE '\"[^"]*\"' < license.txt | tr -d '"')
-    export FLOATING_LICENSE
-    FLOATING_LICENSE=$(sed -n 2p <<< "$PARSEDFILE")
-    FLOATING_LICENSE_TIMEOUT=$(sed -n 4p <<< "$PARSEDFILE")
-
-    echo "Acquired floating license: \"$FLOATING_LICENSE\" with timeout $FLOATING_LICENSE_TIMEOUT"
-  fi
-else
-  #
-  # NO LICENSE ACTIVATION STRATEGY MATCHED
-  #
-  # This will exit since no activation strategies could be matched.
-  #
-  echo "License activation strategy could not be determined."
-  echo ""
-  echo "Visit https://game.ci/docs/github/activation for more"
-  echo "details on how to set up one of the possible activation strategies."
-
-  echo "::error ::No valid license activation strategy could be determined. Make sure to provide UNITY_EMAIL, UNITY_PASSWORD, and either a UNITY_SERIAL \
-or UNITY_LICENSE. Otherwise please use UNITY_LICENSING_SERVER. See more info at https://game.ci/docs/github/activation"
-
-  # Immediately exit as no UNITY_EXIT_CODE can be derived.
-  exit 1;
-
-fi
+# Store the exit code from the verify command
+UNITY_EXIT_CODE=$?
 
 #
 # Display information about the result

dist/platforms/mac/steps/build.sh

@@ -149,13 +149,14 @@ echo ""
   $( [ "${MANUAL_EXIT}" == "true" ] || echo "-quit" ) \
   -batchmode \
   $( [ "${ENABLE_GPU}" == "true" ] || echo "-nographics" ) \
+  -username "$UNITY_EMAIL" \
+  -password "$UNITY_PASSWORD" \
   -customBuildName "$BUILD_NAME" \
   -projectPath "$UNITY_PROJECT_PATH" \
-  $( [ -z "$BUILD_PROFILE" ] && echo "-buildTarget $BUILD_TARGET") \
+  -buildTarget "$BUILD_TARGET" \
   -customBuildTarget "$BUILD_TARGET" \
   -customBuildPath "$CUSTOM_BUILD_PATH" \
   -customBuildProfile "$BUILD_PROFILE" \
-  ${BUILD_PROFILE:+-activeBuildProfile} ${BUILD_PROFILE:+"$BUILD_PROFILE"} \
   -executeMethod "$BUILD_METHOD" \
   -buildVersion "$VERSION" \
   -androidVersionCode "$ANDROID_VERSION_CODE" \

dist/platforms/mac/steps/return_license.sh

@@ -4,29 +4,15 @@
 echo "Changing to \"$ACTIVATE_LICENSE_PATH\" directory."
 pushd "$ACTIVATE_LICENSE_PATH"
 
-if [[ -n "$UNITY_LICENSING_SERVER" ]]; then
-  #
-  # Return any floating license used.
-  #
-  echo "Returning floating license: \"$FLOATING_LICENSE\""
-  /Applications/Unity/Hub/Editor/$UNITY_VERSION/Unity.app/Contents/Frameworks/UnityLicensingClient.app/Contents/MacOS/Unity.Licensing.Client \
-    --return-floating "$FLOATING_LICENSE"
-elif [[ -n "$UNITY_SERIAL" ]]; then
-  #
-  # SERIAL LICENSE MODE
-  #
-  # This will return the license that is currently in use.
-  #
-  /Applications/Unity/Hub/Editor/$UNITY_VERSION/Unity.app/Contents/MacOS/Unity \
-    -logFile - \
-    -batchmode \
-    -nographics \
-    -quit \
-    -username "$UNITY_EMAIL" \
-    -password "$UNITY_PASSWORD" \
-    -returnlicense \
-    -projectPath "$ACTIVATE_LICENSE_PATH"
-fi
+/Applications/Unity/Hub/Editor/$UNITY_VERSION/Unity.app/Contents/MacOS/Unity \
+  -logFile - \
+  -batchmode \
+  -nographics \
+  -quit \
+  -username "$UNITY_EMAIL" \
+  -password "$UNITY_PASSWORD" \
+  -returnlicense \
+  -projectPath "$ACTIVATE_LICENSE_PATH"
 
 # Return to previous working directory
 popd

dist/platforms/ubuntu/steps/activate.sh

@@ -68,18 +68,14 @@ elif [[ -n "$UNITY_LICENSING_SERVER" ]]; then
   echo "Adding licensing server config"
 
   /opt/unity/Editor/Data/Resources/Licensing/Client/Unity.Licensing.Client --acquire-floating > license.txt #is this accessible in a env variable?
+  PARSEDFILE=$(grep -oP '\".*?\"' < license.txt | tr -d '"')
+  export FLOATING_LICENSE
+  FLOATING_LICENSE=$(sed -n 2p <<< "$PARSEDFILE")
+  FLOATING_LICENSE_TIMEOUT=$(sed -n 4p <<< "$PARSEDFILE")
 
+  echo "Acquired floating license: \"$FLOATING_LICENSE\" with timeout $FLOATING_LICENSE_TIMEOUT"
   # Store the exit code from the verify command
   UNITY_EXIT_CODE=$?
-
-  if [ $UNITY_EXIT_CODE -eq 0 ]; then
-    PARSEDFILE=$(grep -oP '\".*?\"' < license.txt | tr -d '"')
-    export FLOATING_LICENSE
-    FLOATING_LICENSE=$(sed -n 2p <<< "$PARSEDFILE")
-    FLOATING_LICENSE_TIMEOUT=$(sed -n 4p <<< "$PARSEDFILE")
-
-    echo "Acquired floating license: \"$FLOATING_LICENSE\" with timeout $FLOATING_LICENSE_TIMEOUT"
-  fi
 else
   #
   # NO LICENSE ACTIVATION STRATEGY MATCHED

dist/platforms/ubuntu/steps/build.sh

@@ -125,11 +125,10 @@ unity-editor \
   $( [ "${MANUAL_EXIT}" == "true" ] || echo "-quit" ) \
   -customBuildName "$BUILD_NAME" \
   -projectPath "$UNITY_PROJECT_PATH" \
-  $( [ -z "$BUILD_PROFILE" ] && echo "-buildTarget $BUILD_TARGET" ) \
+  -buildTarget "$BUILD_TARGET" \
   -customBuildTarget "$BUILD_TARGET" \
   -customBuildPath "$CUSTOM_BUILD_PATH" \
   -customBuildProfile "$BUILD_PROFILE" \
-  ${BUILD_PROFILE:+-activeBuildProfile} ${BUILD_PROFILE:+"$BUILD_PROFILE"} \
   -executeMethod "$BUILD_METHOD" \
   -buildVersion "$VERSION" \
   -androidVersionCode "$ANDROID_VERSION_CODE" \

dist/platforms/windows/build.ps1

@@ -166,6 +166,7 @@ $unityArgs = @(
     "-customBuildName", "`"$Env:BUILD_NAME`"",
     "-projectPath", "`"$Env:UNITY_PROJECT_PATH`"",
     "-executeMethod", "`"$Env:BUILD_METHOD`"",
+    "-buildTarget", "`"$Env:BUILD_TARGET`"",
     "-customBuildTarget", "`"$Env:BUILD_TARGET`"",
     "-customBuildPath", "`"$Env:CUSTOM_BUILD_PATH`"",
     "-customBuildProfile", "`"$Env:BUILD_PROFILE`"",
@@ -180,13 +181,6 @@ $unityArgs = @(
     "-logfile", "-"
 ) + $customParametersArray
 
-if (-not $Env:BUILD_PROFILE) {
-    $unityArgs += @("-buildTarget", "`"$Env:BUILD_TARGET`"")
-}
-if ($Env:BUILD_PROFILE) {
-    $unityArgs += @("-activeBuildProfile", "`"$Env:BUILD_PROFILE`"")
-}
-
 # Remove null items as that will fail the Start-Process call
 $unityArgs = $unityArgs | Where-Object { $_ -ne $null }
 

dist/platforms/windows/entrypoint.ps1

@@ -18,9 +18,6 @@ regsvr32 C:\ProgramData\Microsoft\VisualStudio\Setup\x64\Microsoft.VisualStudio.
 # Kill the regsvr process
 Get-Process -Name regsvr32 | ForEach-Object { Stop-Process -Id $_.Id -Force }
 
-# Install Visual C++ 2013 Redistributables
-. "c:\steps\install_vcredist13.ps1"
-
 # Setup Git Credentials
 . "c:\steps\set_gitcredential.ps1"
 

dist/platforms/windows/install_vcredist13.ps1

@@ -1,11 +0,0 @@
-# For some reason, Unity is failing in github actions windows runners
-# due to missing Visual C++ 2013 redistributables.
-# This script downloads and installs the required redistributables.
-Write-Output ""
-Write-Output "#########################################################"
-Write-Output "#     Installing Visual C++ Redistributables (2013)     #"
-Write-Output "#########################################################"
-Write-Output ""
-
-
-choco install vcredist2013 -y --no-progress

package.json

@@ -11,8 +11,19 @@
     "build": "yarn && tsc && ncc build lib --source-map --license licenses.txt",
     "lint": "prettier --check \"src/**/*.{js,ts}\" && eslint src/**/*.ts",
     "format": "prettier --write \"src/**/*.{js,ts}\"",
+    "cli": "yarn ts-node src/index.ts -m cli",
+    "gcp-secrets-tests": "cross-env providerStrategy=aws cloudRunnerTests=true inputPullCommand=\"gcp-secret-manager\" populateOverride=true pullInputList=UNITY_EMAIL,UNITY_SERIAL,UNITY_PASSWORD yarn test -i -t \"cloud runner\"",
+    "gcp-secrets-cli": "cross-env cloudRunnerTests=true USE_IL2CPP=false inputPullCommand=\"gcp-secret-manager\" yarn ts-node src/index.ts -m cli --populateOverride true --pullInputList UNITY_EMAIL,UNITY_SERIAL,UNITY_PASSWORD",
+    "aws-secrets-cli": "cross-env cloudRunnerTests=true inputPullCommand=\"aws-secret-manager\" yarn ts-node src/index.ts -m cli --populateOverride true --pullInputList UNITY_EMAIL,UNITY_SERIAL,UNITY_PASSWORD",
+    "cli-aws": "cross-env providerStrategy=aws yarn run test-cli",
+    "cli-k8s": "cross-env providerStrategy=k8s yarn run test-cli",
+    "test-cli": "cross-env cloudRunnerTests=true yarn ts-node src/index.ts -m cli --projectPath test-project",
     "test": "jest",
-    "test:ci": "jest --config=jest.ci.config.js --runInBand"
+    "test:ci": "jest --config=jest.ci.config.js --runInBand",
+    "test-i": "cross-env cloudRunnerTests=true yarn test -i -t \"cloud runner\"",
+    "test-i-*": "yarn run test-i-aws && yarn run test-i-k8s",
+    "test-i-aws": "cross-env cloudRunnerTests=true providerStrategy=aws yarn test -i -t \"cloud runner\"",
+    "test-i-k8s": "cross-env cloudRunnerTests=true providerStrategy=k8s yarn test -i -t \"cloud runner\""
   },
   "engines": {
     "node": ">=18.x"
@@ -22,20 +33,34 @@
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
     "@actions/github": "^6.0.0",
+    "@aws-sdk/client-cloudformation": "^3.777.0",
+    "@aws-sdk/client-cloudwatch-logs": "^3.777.0",
+    "@aws-sdk/client-ecs": "^3.778.0",
+    "@aws-sdk/client-kinesis": "^3.777.0",
+    "@aws-sdk/client-s3": "^3.779.0",
+    "@kubernetes/client-node": "^0.16.3",
+    "@octokit/core": "^5.1.0",
+    "async-wait-until": "^2.0.12",
+    "aws-sdk": "^2.1081.0",
+    "base-64": "^1.0.0",
     "commander": "^9.0.0",
     "commander-ts": "^0.2.0",
+    "kubernetes-client": "^9.0.0",
     "md5": "^2.3.0",
-    "reflect-metadata": "^0.1.13",
     "nanoid": "^3.3.1",
+    "reflect-metadata": "^0.1.13",
     "semver": "^7.5.2",
     "ts-md5": "^1.3.1",
-    "unity-changeset": "^3.1.0",
+    "unity-changeset": "^2.0.0",
+    "uuid": "^9.0.0",
     "yaml": "^2.2.2"
   },
   "devDependencies": {
+    "@types/base-64": "^1.0.0",
     "@types/jest": "^27.4.1",
     "@types/node": "^17.0.23",
     "@types/semver": "^7.3.9",
+    "@types/uuid": "^9.0.0",
     "@typescript-eslint/parser": "4.8.1",
     "@vercel/ncc": "^0.36.1",
     "cross-env": "^7.0.3",

src/index-plugin-features.test.ts

@@ -1,648 +0,0 @@
-/**
- * Integration wiring tests for plugin features in index.ts
- *
- * These tests verify the conditional gating logic in runMain():
- * - Each plugin feature is only invoked when its gate condition is met
- * - Services are NOT called when their feature is disabled (the default)
- * - The order of operations is correct (restore before build, save after build)
- */
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-import { BuildParameters } from './model';
-
-// ---------------------------------------------------------------------------
-// Service mocks — must be declared before importing index.ts (jest hoists them)
-// ---------------------------------------------------------------------------
-
-const mockChildWorkspaceService = {
-  buildConfig: jest.fn().mockReturnValue({ enabled: true, workspaceName: 'Test' }),
-  initializeWorkspace: jest.fn().mockReturnValue(false),
-  getWorkspaceSize: jest.fn().mockReturnValue('0 B'),
-  saveWorkspace: jest.fn(),
-};
-
-const mockSubmoduleProfileService = {
-  createInitPlan: jest.fn().mockResolvedValue([]),
-  execute: jest.fn().mockResolvedValue(''),
-};
-
-const mockLfsAgentService = {
-  configure: jest.fn().mockResolvedValue(''),
-};
-
-const mockLocalCacheService = {
-  resolveCacheRoot: jest.fn().mockReturnValue('/cache'),
-  generateCacheKey: jest.fn().mockReturnValue('key-1'),
-  restoreLfsCache: jest.fn().mockResolvedValue(true),
-  restoreLibraryCache: jest.fn().mockResolvedValue(true),
-  saveLibraryCache: jest.fn().mockResolvedValue(''),
-  saveLfsCache: jest.fn().mockResolvedValue(''),
-};
-
-const mockGitHooksService = {
-  installHooks: jest.fn().mockResolvedValue(''),
-  configureSkipList: jest.fn().mockReturnValue({ LEFTHOOK_EXCLUDE: 'pre-commit' }),
-};
-
-const mockBuildReliabilityService = {
-  configureGitEnvironment: jest.fn(),
-  checkGitIntegrity: jest.fn().mockReturnValue(true),
-  cleanStaleLockFiles: jest.fn(),
-  validateSubmoduleBackingStores: jest.fn(),
-  cleanReservedFilenames: jest.fn(),
-  recoverCorruptedRepo: jest.fn().mockReturnValue(true),
-  archiveBuildOutput: jest.fn(),
-  enforceRetention: jest.fn(),
-};
-
-const mockTestWorkflowService = {
-  executeTestSuite: jest.fn().mockResolvedValue([]),
-};
-
-const mockHotRunnerService = jest.fn();
-
-const mockIncrementalSyncService = {
-  resolveStrategy: jest.fn().mockReturnValue('full'),
-  syncGitDelta: jest.fn().mockResolvedValue(0),
-  applyDirectInput: jest.fn().mockResolvedValue([]),
-  syncStoragePull: jest.fn().mockResolvedValue([]),
-  revertOverlays: jest.fn().mockImplementation(() => Promise.resolve()),
-};
-
-const mockOutputService = {
-  collectOutputs: jest.fn().mockImplementation(() => Promise.resolve()),
-};
-
-const mockOutputTypeRegistry = {
-  registerType: jest.fn(),
-};
-
-const mockArtifactUploadHandler = {
-  parseConfig: jest.fn().mockImplementation(() => {
-    /* no config */
-  }),
-  uploadArtifacts: jest.fn().mockResolvedValue({ success: true, entries: [] }),
-};
-
-const mockOrchestrator = {
-  run: jest.fn().mockImplementation(() => Promise.resolve()),
-};
-
-// Mock the orchestrator-plugin module to directly return our mock services.
-// This avoids any issues with dynamic imports inside loadPluginServices().
-jest.mock('./model/orchestrator-plugin', () => ({
-  loadOrchestrator: jest.fn().mockResolvedValue({
-    run: mockOrchestrator.run,
-  }),
-  loadPluginServices: jest.fn().mockResolvedValue({
-    BuildReliabilityService: mockBuildReliabilityService,
-    TestWorkflowService: mockTestWorkflowService,
-    HotRunnerService: mockHotRunnerService,
-    OutputService: mockOutputService,
-    OutputTypeRegistry: mockOutputTypeRegistry,
-    ArtifactUploadHandler: mockArtifactUploadHandler,
-    IncrementalSyncService: mockIncrementalSyncService,
-
-    // Lazy-loaded services (matching the plugin loader API)
-    loadChildWorkspaceService: jest.fn().mockResolvedValue(mockChildWorkspaceService),
-    loadLocalCacheService: jest.fn().mockResolvedValue(mockLocalCacheService),
-    loadSubmoduleProfileService: jest.fn().mockResolvedValue(mockSubmoduleProfileService),
-    loadLfsAgentService: jest.fn().mockResolvedValue(mockLfsAgentService),
-    loadGitHooksService: jest.fn().mockResolvedValue(mockGitHooksService),
-  }),
-}));
-
-// Mock all non-plugin dependencies to isolate the wiring logic
-jest.mock('@actions/core');
-jest.mock('./model', () => ({
-  Action: {
-    checkCompatibility: jest.fn(),
-    workspace: '/workspace',
-    actionFolder: '/action',
-  },
-  BuildParameters: {
-    create: jest.fn(),
-  },
-  Cache: {
-    verify: jest.fn(),
-  },
-  Docker: {
-    run: jest.fn().mockResolvedValue(0),
-  },
-  ImageTag: jest.fn().mockImplementation(() => ({
-    toString: () => 'mock-image:latest',
-  })),
-  Output: {
-    setBuildVersion: jest.fn().mockResolvedValue(''),
-    setAndroidVersionCode: jest.fn().mockResolvedValue(''),
-    setEngineExitCode: jest.fn().mockResolvedValue(''),
-  },
-}));
-
-jest.mock('./model/cli/cli', () => ({
-  Cli: {
-    InitCliMode: jest.fn().mockReturnValue(false),
-  },
-}));
-
-jest.mock('./model/mac-builder', () => ({
-  __esModule: true,
-  default: {
-    run: jest.fn().mockResolvedValue(0),
-  },
-}));
-
-jest.mock('./model/platform-setup', () => ({
-  __esModule: true,
-  default: {
-    setup: jest.fn().mockResolvedValue(''),
-  },
-}));
-
-const mockedBuildParametersCreate = BuildParameters.create as jest.Mock;
-
-interface PluginBuildParametersOverrides {
-  providerStrategy?: string;
-  childWorkspacesEnabled?: boolean;
-  childWorkspaceName?: string;
-  childWorkspaceCacheRoot?: string;
-  childWorkspacePreserveGit?: boolean;
-  childWorkspaceSeparateLibrary?: boolean;
-  submoduleProfilePath?: string;
-  submoduleVariantPath?: string;
-  submoduleToken?: string;
-  gitPrivateToken?: string;
-  lfsTransferAgent?: string;
-  lfsTransferAgentArgs?: string;
-  lfsStoragePaths?: string;
-  localCacheEnabled?: boolean;
-  localCacheRoot?: string;
-  localCacheLibrary?: boolean;
-  localCacheLfs?: boolean;
-  gitHooksEnabled?: boolean;
-  gitHooksSkipList?: string;
-  gitHooksRunBeforeBuild?: string;
-}
-
-function createMockBuildParameters(overrides: PluginBuildParametersOverrides = {}) {
-  return {
-    // Required base properties
-    providerStrategy: 'local',
-    targetPlatform: 'StandaloneLinux64',
-    editorVersion: '2021.3.1f1',
-    buildVersion: '1.0.0',
-    androidVersionCode: '1',
-    projectPath: '.',
-    branch: 'main',
-    runnerTempPath: '/tmp',
-
-    // Plugin features - all disabled by default
-    childWorkspacesEnabled: false,
-    childWorkspaceName: '',
-    childWorkspaceCacheRoot: '',
-    childWorkspacePreserveGit: true,
-    childWorkspaceSeparateLibrary: true,
-    submoduleProfilePath: '',
-    submoduleVariantPath: '',
-    submoduleToken: '',
-    gitPrivateToken: '',
-    lfsTransferAgent: '',
-    lfsTransferAgentArgs: '',
-    lfsStoragePaths: '',
-    localCacheEnabled: false,
-    localCacheRoot: '',
-    localCacheLibrary: true,
-    localCacheLfs: false,
-    gitHooksEnabled: false,
-    gitHooksSkipList: '',
-    gitHooksRunBeforeBuild: '',
-
-    ...overrides,
-  };
-}
-
-/**
- * The entry point (runMain) is invoked by importing index.ts.
- * Since it calls `runMain()` at module scope, we need to re-import it
- * for each test. jest.isolateModules() handles this.
- */
-async function runIndex(overrides: PluginBuildParametersOverrides = {}): Promise<void> {
-  mockedBuildParametersCreate.mockResolvedValue(createMockBuildParameters(overrides));
-
-  return new Promise<void>((resolve) => {
-    jest.isolateModules(() => {
-      require('./index');
-
-      // runMain() is async; give it a tick to complete
-      // We use setImmediate to ensure all microtasks from the dynamic imports resolve
-    });
-
-    // Allow all promises and microtasks to settle
-    setTimeout(resolve, 100);
-  });
-}
-
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-
-describe('index.ts plugin feature wiring', () => {
-  const originalPlatform = process.platform;
-  const originalEnvironment = { ...process.env };
-
-  beforeEach(() => {
-    jest.clearAllMocks();
-    process.env.GITHUB_WORKSPACE = '/workspace';
-
-    // Force linux platform so Docker.run is used (not MacBuilder)
-    Object.defineProperty(process, 'platform', { value: 'linux' });
-  });
-
-  afterEach(() => {
-    Object.defineProperty(process, 'platform', { value: originalPlatform });
-    process.env = { ...originalEnvironment };
-  });
-
-  // -----------------------------------------------------------------------
-  // GitHooksService gating
-  // -----------------------------------------------------------------------
-
-  describe('GitHooksService gating', () => {
-    it('should NOT call GitHooksService when gitHooksEnabled is false (default)', async () => {
-      await runIndex({ gitHooksEnabled: false });
-
-      expect(mockGitHooksService.installHooks).not.toHaveBeenCalled();
-      expect(mockGitHooksService.configureSkipList).not.toHaveBeenCalled();
-    });
-
-    it('should call installHooks when gitHooksEnabled is true', async () => {
-      await runIndex({ gitHooksEnabled: true });
-
-      expect(mockGitHooksService.installHooks).toHaveBeenCalledWith('/workspace');
-    });
-
-    it('should call configureSkipList when gitHooksEnabled and gitHooksSkipList is set', async () => {
-      await runIndex({
-        gitHooksEnabled: true,
-        gitHooksSkipList: 'pre-commit,pre-push',
-      });
-
-      expect(mockGitHooksService.configureSkipList).toHaveBeenCalledWith(['pre-commit', 'pre-push']);
-    });
-
-    it('should NOT call configureSkipList when gitHooksSkipList is empty', async () => {
-      await runIndex({
-        gitHooksEnabled: true,
-        gitHooksSkipList: '',
-      });
-
-      expect(mockGitHooksService.installHooks).toHaveBeenCalled();
-      expect(mockGitHooksService.configureSkipList).not.toHaveBeenCalled();
-    });
-  });
-
-  // -----------------------------------------------------------------------
-  // LocalCacheService gating
-  // -----------------------------------------------------------------------
-
-  describe('LocalCacheService gating', () => {
-    it('should NOT call LocalCacheService when localCacheEnabled is false (default)', async () => {
-      await runIndex({ localCacheEnabled: false });
-
-      expect(mockLocalCacheService.resolveCacheRoot).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.generateCacheKey).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.restoreLibraryCache).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.restoreLfsCache).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLibraryCache).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLfsCache).not.toHaveBeenCalled();
-    });
-
-    it('should call restore and save operations when localCacheEnabled is true', async () => {
-      await runIndex({
-        localCacheEnabled: true,
-        localCacheLibrary: true,
-        localCacheLfs: true,
-      });
-
-      expect(mockLocalCacheService.resolveCacheRoot).toHaveBeenCalled();
-      expect(mockLocalCacheService.generateCacheKey).toHaveBeenCalled();
-      expect(mockLocalCacheService.restoreLibraryCache).toHaveBeenCalled();
-      expect(mockLocalCacheService.restoreLfsCache).toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLibraryCache).toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLfsCache).toHaveBeenCalled();
-    });
-
-    it('should only cache Library when localCacheLibrary is true and localCacheLfs is false', async () => {
-      await runIndex({
-        localCacheEnabled: true,
-        localCacheLibrary: true,
-        localCacheLfs: false,
-      });
-
-      expect(mockLocalCacheService.restoreLibraryCache).toHaveBeenCalled();
-      expect(mockLocalCacheService.restoreLfsCache).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLibraryCache).toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLfsCache).not.toHaveBeenCalled();
-    });
-
-    it('should only cache LFS when localCacheLfs is true and localCacheLibrary is false', async () => {
-      await runIndex({
-        localCacheEnabled: true,
-        localCacheLibrary: false,
-        localCacheLfs: true,
-      });
-
-      expect(mockLocalCacheService.restoreLibraryCache).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.restoreLfsCache).toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLibraryCache).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.saveLfsCache).toHaveBeenCalled();
-    });
-  });
-
-  // -----------------------------------------------------------------------
-  // ChildWorkspaceService gating
-  // -----------------------------------------------------------------------
-
-  describe('ChildWorkspaceService gating', () => {
-    it('should NOT call ChildWorkspaceService when childWorkspacesEnabled is false (default)', async () => {
-      await runIndex({ childWorkspacesEnabled: false });
-
-      expect(mockChildWorkspaceService.buildConfig).not.toHaveBeenCalled();
-      expect(mockChildWorkspaceService.initializeWorkspace).not.toHaveBeenCalled();
-      expect(mockChildWorkspaceService.saveWorkspace).not.toHaveBeenCalled();
-    });
-
-    it('should NOT call ChildWorkspaceService when childWorkspacesEnabled is true but childWorkspaceName is empty', async () => {
-      await runIndex({
-        childWorkspacesEnabled: true,
-        childWorkspaceName: '',
-      });
-
-      expect(mockChildWorkspaceService.buildConfig).not.toHaveBeenCalled();
-    });
-
-    it('should call buildConfig, initializeWorkspace, and saveWorkspace when enabled with a name', async () => {
-      mockChildWorkspaceService.buildConfig.mockReturnValue({ enabled: true, workspaceName: 'TurnOfWar' });
-
-      await runIndex({
-        childWorkspacesEnabled: true,
-        childWorkspaceName: 'TurnOfWar',
-        childWorkspaceCacheRoot: '/cache/workspaces',
-      });
-
-      expect(mockChildWorkspaceService.buildConfig).toHaveBeenCalledWith(
-        expect.objectContaining({
-          childWorkspacesEnabled: true,
-          childWorkspaceName: 'TurnOfWar',
-        }),
-      );
-      expect(mockChildWorkspaceService.initializeWorkspace).toHaveBeenCalled();
-      expect(mockChildWorkspaceService.getWorkspaceSize).toHaveBeenCalled();
-      expect(mockChildWorkspaceService.saveWorkspace).toHaveBeenCalled();
-    });
-  });
-
-  // -----------------------------------------------------------------------
-  // SubmoduleProfileService gating
-  // -----------------------------------------------------------------------
-
-  describe('SubmoduleProfileService gating', () => {
-    it('should NOT call SubmoduleProfileService when submoduleProfilePath is empty (default)', async () => {
-      await runIndex({ submoduleProfilePath: '' });
-
-      expect(mockSubmoduleProfileService.createInitPlan).not.toHaveBeenCalled();
-      expect(mockSubmoduleProfileService.execute).not.toHaveBeenCalled();
-    });
-
-    it('should call createInitPlan and execute when submoduleProfilePath is set', async () => {
-      await runIndex({
-        submoduleProfilePath: '/path/to/profile.yml',
-        submoduleVariantPath: '',
-        submoduleToken: 'my-token',
-      });
-
-      expect(mockSubmoduleProfileService.createInitPlan).toHaveBeenCalledWith('/path/to/profile.yml', '', '/workspace');
-      expect(mockSubmoduleProfileService.execute).toHaveBeenCalled();
-    });
-
-    it('should pass variant path when provided', async () => {
-      await runIndex({
-        submoduleProfilePath: '/path/to/profile.yml',
-        submoduleVariantPath: '/path/to/variant.yml',
-      });
-
-      expect(mockSubmoduleProfileService.createInitPlan).toHaveBeenCalledWith(
-        '/path/to/profile.yml',
-        '/path/to/variant.yml',
-        '/workspace',
-      );
-    });
-
-    it('should use submoduleToken for auth, falling back to gitPrivateToken', async () => {
-      await runIndex({
-        submoduleProfilePath: '/path/to/profile.yml',
-        submoduleToken: '',
-        gitPrivateToken: 'fallback-token',
-      });
-
-      expect(mockSubmoduleProfileService.execute).toHaveBeenCalledWith(
-        expect.anything(),
-        '/workspace',
-        'fallback-token',
-      );
-    });
-
-    it('should prefer submoduleToken over gitPrivateToken', async () => {
-      await runIndex({
-        submoduleProfilePath: '/path/to/profile.yml',
-        submoduleToken: 'specific-token',
-        gitPrivateToken: 'fallback-token',
-      });
-
-      expect(mockSubmoduleProfileService.execute).toHaveBeenCalledWith(
-        expect.anything(),
-        '/workspace',
-        'specific-token',
-      );
-    });
-  });
-
-  // -----------------------------------------------------------------------
-  // LfsAgentService gating
-  // -----------------------------------------------------------------------
-
-  describe('LfsAgentService gating', () => {
-    it('should NOT call LfsAgentService when lfsTransferAgent is empty (default)', async () => {
-      await runIndex({ lfsTransferAgent: '' });
-
-      expect(mockLfsAgentService.configure).not.toHaveBeenCalled();
-    });
-
-    it('should call configure when lfsTransferAgent is set', async () => {
-      await runIndex({
-        lfsTransferAgent: '/tools/elastic-git-storage',
-        lfsTransferAgentArgs: '--verbose',
-        lfsStoragePaths: '/path/a;/path/b',
-      });
-
-      expect(mockLfsAgentService.configure).toHaveBeenCalledWith(
-        '/tools/elastic-git-storage',
-        '--verbose',
-        ['/path/a', '/path/b'],
-        '/workspace',
-      );
-    });
-
-    it('should pass empty array when lfsStoragePaths is empty', async () => {
-      await runIndex({
-        lfsTransferAgent: '/tools/agent',
-        lfsStoragePaths: '',
-      });
-
-      expect(mockLfsAgentService.configure).toHaveBeenCalledWith('/tools/agent', '', [], '/workspace');
-    });
-  });
-
-  // -----------------------------------------------------------------------
-  // Order of operations (restore before build, save after build)
-  // -----------------------------------------------------------------------
-
-  describe('order of operations', () => {
-    it('should execute restore operations before build and save operations after build', async () => {
-      const callOrder: string[] = [];
-
-      // Track call order for each relevant operation
-      mockChildWorkspaceService.buildConfig.mockReturnValue({ enabled: true, workspaceName: 'Test' });
-      mockChildWorkspaceService.initializeWorkspace.mockImplementation(() => {
-        callOrder.push('child-workspace-restore');
-
-        return false;
-      });
-      mockChildWorkspaceService.getWorkspaceSize.mockImplementation(() => {
-        callOrder.push('child-workspace-size');
-
-        return '0 B';
-      });
-      mockSubmoduleProfileService.createInitPlan.mockImplementation(async () => {
-        callOrder.push('submodule-profile-plan');
-
-        return [];
-      });
-      mockSubmoduleProfileService.execute.mockImplementation(async () => {
-        callOrder.push('submodule-profile-execute');
-      });
-      mockLfsAgentService.configure.mockImplementation(async () => {
-        callOrder.push('lfs-agent-configure');
-      });
-      mockLocalCacheService.resolveCacheRoot.mockImplementation(() => {
-        callOrder.push('local-cache-resolve');
-
-        return '/cache';
-      });
-      mockLocalCacheService.generateCacheKey.mockImplementation(() => {
-        callOrder.push('local-cache-keygen');
-
-        return 'key-1';
-      });
-      mockLocalCacheService.restoreLfsCache.mockImplementation(async () => {
-        callOrder.push('local-cache-restore-lfs');
-
-        return true;
-      });
-      mockLocalCacheService.restoreLibraryCache.mockImplementation(async () => {
-        callOrder.push('local-cache-restore-library');
-
-        return true;
-      });
-      mockGitHooksService.installHooks.mockImplementation(async () => {
-        callOrder.push('git-hooks-install');
-      });
-      mockLocalCacheService.saveLibraryCache.mockImplementation(async () => {
-        callOrder.push('local-cache-save-library');
-      });
-      mockLocalCacheService.saveLfsCache.mockImplementation(async () => {
-        callOrder.push('local-cache-save-lfs');
-      });
-      mockChildWorkspaceService.saveWorkspace.mockImplementation(() => {
-        callOrder.push('child-workspace-save');
-      });
-
-      await runIndex({
-        childWorkspacesEnabled: true,
-        childWorkspaceName: 'TurnOfWar',
-        submoduleProfilePath: '/profile.yml',
-        lfsTransferAgent: '/tools/agent',
-        localCacheEnabled: true,
-        localCacheLfs: true,
-        localCacheLibrary: true,
-        gitHooksEnabled: true,
-      });
-
-      // Verify restore operations happen before save operations.
-      // The expected order from index.ts is:
-      // 1. Child workspace restore
-      // 2. Submodule profile init
-      // 3. LFS agent configure
-      // 4. Local cache restore (LFS then Library)
-      // 5. Git hooks install
-      // 6. [BUILD happens here - Docker.run or MacBuilder.run]
-      // 7. Local cache save (Library then LFS)
-      // 8. Child workspace save
-
-      const restoreOps = [
-        'child-workspace-restore',
-        'submodule-profile-plan',
-        'submodule-profile-execute',
-        'lfs-agent-configure',
-        'local-cache-restore-lfs',
-        'local-cache-restore-library',
-        'git-hooks-install',
-      ];
-
-      const saveOps = ['local-cache-save-library', 'local-cache-save-lfs', 'child-workspace-save'];
-
-      // All restore ops should appear before all save ops
-      for (const restoreOp of restoreOps) {
-        if (!callOrder.includes(restoreOp)) continue; // Skip if the operation wasn't called
-        for (const saveOp of saveOps) {
-          if (!callOrder.includes(saveOp)) continue;
-          expect(callOrder.indexOf(restoreOp)).toBeLessThan(callOrder.indexOf(saveOp));
-        }
-      }
-
-      // Child workspace save should be last
-      if (callOrder.includes('child-workspace-save') && callOrder.includes('local-cache-save-lfs')) {
-        expect(callOrder.indexOf('local-cache-save-lfs')).toBeLessThan(callOrder.indexOf('child-workspace-save'));
-      }
-    });
-  });
-
-  // -----------------------------------------------------------------------
-  // Non-local provider strategy
-  // -----------------------------------------------------------------------
-
-  describe('non-local provider strategy', () => {
-    it('should skip all plugin features when providerStrategy is not local', async () => {
-      await runIndex({
-        providerStrategy: 'aws',
-        childWorkspacesEnabled: true,
-        childWorkspaceName: 'Test',
-        submoduleProfilePath: '/profile.yml',
-        lfsTransferAgent: '/tools/agent',
-        localCacheEnabled: true,
-        gitHooksEnabled: true,
-      });
-
-      // None of the plugin services should be called because
-      // they are inside the `if (providerStrategy === 'local')` block
-      expect(mockChildWorkspaceService.buildConfig).not.toHaveBeenCalled();
-      expect(mockSubmoduleProfileService.createInitPlan).not.toHaveBeenCalled();
-      expect(mockLfsAgentService.configure).not.toHaveBeenCalled();
-      expect(mockLocalCacheService.resolveCacheRoot).not.toHaveBeenCalled();
-      expect(mockGitHooksService.installHooks).not.toHaveBeenCalled();
-    });
-  });
-});

src/index.ts

@@ -1,13 +1,8 @@
 import * as core from '@actions/core';
-import path from 'node:path';
-import { Action, BuildParameters, Cache, Docker, ImageTag, Output } from './model';
+import { Action, BuildParameters, Cache, CloudRunner, Docker, ImageTag, Output } from './model';
 import { Cli } from './model/cli/cli';
 import MacBuilder from './model/mac-builder';
 import PlatformSetup from './model/platform-setup';
-import { loadOrchestrator, loadPluginServices } from './model/orchestrator-plugin';
-type SyncStrategy = 'full' | 'git-delta' | 'direct-input' | 'storage-pull';
-
-type PluginServices = Exclude<ReturnType<typeof loadPluginServices> extends Promise<infer T> ? T : never, undefined>;
 
 async function runMain() {
   try {
@@ -19,210 +14,15 @@ async function runMain() {
     Action.checkCompatibility();
     Cache.verify();
 
-    const plugin = await loadPluginServices();
-
-    // Always configure git environment for CI reliability
-    plugin?.BuildReliabilityService.configureGitEnvironment();
-
     const { workspace, actionFolder } = Action;
 
     const buildParameters = await BuildParameters.create();
-
-    // If a test suite path is provided, use the test workflow engine
-    // instead of the standard build execution path
-    if (buildParameters.testSuitePath) {
-      core.info('[TestWorkflow] Test suite path detected, using test workflow engine');
-      const results = await plugin?.TestWorkflowService.executeTestSuite(
-        buildParameters.testSuitePath,
-        buildParameters,
-      );
-
-      let totalFailed = 0;
-      for (const result of results || []) {
-        totalFailed += result.failed;
-      }
-
-      if (totalFailed > 0) {
-        core.setFailed(`Test workflow completed with ${totalFailed} failure(s)`);
-      } else {
-        core.info('[TestWorkflow] All test runs passed');
-      }
-
-      return;
-    }
-
     const baseImage = new ImageTag(buildParameters);
 
-    // Pre-build reliability checks
-    if (buildParameters.gitIntegrityCheck) {
-      core.info('Running git integrity checks...');
-
-      const isHealthy = plugin?.BuildReliabilityService.checkGitIntegrity(workspace);
-      plugin?.BuildReliabilityService.cleanStaleLockFiles(workspace);
-      plugin?.BuildReliabilityService.validateSubmoduleBackingStores(workspace);
-
-      if (buildParameters.cleanReservedFilenames) {
-        plugin?.BuildReliabilityService.cleanReservedFilenames(buildParameters.projectPath);
-      }
-
-      if (!isHealthy && buildParameters.gitAutoRecover) {
-        core.info('Git corruption detected, attempting automatic recovery...');
-        const recovered = plugin?.BuildReliabilityService.recoverCorruptedRepo(workspace);
-        if (!recovered) {
-          core.warning('Automatic recovery failed. Build may encounter issues.');
-        }
-      }
-    } else if (buildParameters.cleanReservedFilenames) {
-      // cleanReservedFilenames can run independently of gitIntegrityCheck
-      plugin?.BuildReliabilityService.cleanReservedFilenames(buildParameters.projectPath);
-    }
-
     let exitCode = -1;
 
-    // Hot runner path: attempt to use a persistent Unity editor instance
-    if (buildParameters.hotRunnerEnabled) {
-      core.info('[HotRunner] Hot runner mode enabled, attempting hot build...');
-
-      const hotRunnerConfig = {
-        enabled: true,
-        transport: buildParameters.hotRunnerTransport,
-        host: buildParameters.hotRunnerHost,
-        port: buildParameters.hotRunnerPort,
-        healthCheckInterval: buildParameters.hotRunnerHealthInterval,
-        maxIdleTime: buildParameters.hotRunnerMaxIdle,
-        maxJobsBeforeRecycle: 0, // no automatic recycle by job count
-      };
-
-      if (!plugin?.HotRunnerService) {
-        throw new Error('[HotRunner] Orchestrator plugin required for hot runner mode');
-      }
-
-      const hotRunnerService = new plugin.HotRunnerService();
-
-      try {
-        await hotRunnerService.initialize(hotRunnerConfig);
-        const result = await hotRunnerService.submitBuild(buildParameters, (output: string) => {
-          core.info(output);
-        });
-
-        exitCode = result.exitCode;
-        core.info(`[HotRunner] Build completed with exit code ${exitCode}`);
-        await hotRunnerService.shutdown();
-      } catch (hotRunnerError) {
-        await hotRunnerService.shutdown();
-
-        if (buildParameters.hotRunnerFallbackToCold) {
-          core.warning(
-            `[HotRunner] Hot runner failed: ${(hotRunnerError as Error).message}. Falling back to cold build.`,
-          );
-          exitCode = await runColdBuild(buildParameters, baseImage, workspace, actionFolder);
-        } else {
-          throw hotRunnerError;
-        }
-      }
-    } else if (buildParameters.providerStrategy === 'local') {
+    if (buildParameters.providerStrategy === 'local') {
       core.info('Building locally');
-
-      // Child workspace isolation - restore cached workspace before any other setup
-      let childWorkspaceConfig: any;
-      if (buildParameters.childWorkspacesEnabled && buildParameters.childWorkspaceName) {
-        const ChildWorkspaceService = await plugin?.loadChildWorkspaceService();
-        const cacheRoot =
-          buildParameters.childWorkspaceCacheRoot ||
-          path.join(buildParameters.runnerTempPath || process.env.RUNNER_TEMP || '', 'game-ci-workspaces');
-        childWorkspaceConfig = ChildWorkspaceService?.buildConfig({
-          childWorkspacesEnabled: buildParameters.childWorkspacesEnabled,
-          childWorkspaceName: buildParameters.childWorkspaceName,
-          childWorkspaceCacheRoot: cacheRoot,
-          childWorkspacePreserveGit: buildParameters.childWorkspacePreserveGit,
-          childWorkspaceSeparateLibrary: buildParameters.childWorkspaceSeparateLibrary,
-        });
-        const projectFullPath = path.join(workspace, buildParameters.projectPath);
-        const restored = ChildWorkspaceService?.initializeWorkspace(projectFullPath, childWorkspaceConfig);
-        core.info(
-          `Child workspace "${buildParameters.childWorkspaceName}": ${
-            restored ? 'restored from cache' : 'starting fresh'
-          }`,
-        );
-
-        // Log workspace size for resource tracking
-        const size = ChildWorkspaceService?.getWorkspaceSize(projectFullPath);
-        core.info(`Child workspace size after restore: ${size}`);
-      }
-
-      // Submodule profile initialization
-      if (buildParameters.submoduleProfilePath) {
-        core.info('Initializing submodules from profile...');
-        const SubmoduleProfileService = await plugin?.loadSubmoduleProfileService();
-        const plan = await SubmoduleProfileService?.createInitPlan(
-          buildParameters.submoduleProfilePath,
-          buildParameters.submoduleVariantPath,
-          workspace,
-        );
-
-        if (plan) {
-          await SubmoduleProfileService?.execute(
-            plan,
-            workspace,
-            buildParameters.submoduleToken || buildParameters.gitPrivateToken,
-          );
-        }
-      }
-
-      // Configure custom LFS transfer agent
-      if (buildParameters.lfsTransferAgent) {
-        core.info('Configuring custom LFS transfer agent...');
-        const LfsAgentService = await plugin?.loadLfsAgentService();
-        await LfsAgentService?.configure(
-          buildParameters.lfsTransferAgent,
-          buildParameters.lfsTransferAgentArgs,
-          buildParameters.lfsStoragePaths ? buildParameters.lfsStoragePaths.split(';') : [],
-          workspace,
-        );
-      }
-
-      // Local build caching - restore
-      let cacheRoot = '';
-      let cacheKey = '';
-      // eslint-disable-next-line no-undef
-      let LocalCacheService: Awaited<ReturnType<NonNullable<typeof plugin>['loadLocalCacheService']>> | undefined;
-      if (buildParameters.localCacheEnabled) {
-        LocalCacheService = await plugin?.loadLocalCacheService();
-        cacheRoot = LocalCacheService?.resolveCacheRoot(buildParameters) || '';
-        cacheKey =
-          LocalCacheService?.generateCacheKey(
-            buildParameters.targetPlatform,
-            buildParameters.editorVersion,
-            buildParameters.branch || '',
-          ) || '';
-        if (buildParameters.localCacheLfs) {
-          await LocalCacheService?.restoreLfsCache(workspace, cacheRoot, cacheKey);
-        }
-        if (buildParameters.localCacheLibrary) {
-          const projectFullPath = path.join(workspace, buildParameters.projectPath);
-          await LocalCacheService?.restoreLibraryCache(projectFullPath, cacheRoot, cacheKey);
-        }
-      }
-
-      // Git hooks — opt-in only. When disabled (default), do not touch hooks at all.
-      if (buildParameters.gitHooksEnabled) {
-        const GitHooksService = await plugin?.loadGitHooksService();
-        await GitHooksService?.installHooks(workspace);
-        if (buildParameters.gitHooksSkipList) {
-          const environment = GitHooksService?.configureSkipList(buildParameters.gitHooksSkipList.split(','));
-          if (environment) {
-            Object.assign(process.env, environment);
-          }
-        }
-      }
-
-      // Apply incremental sync strategy before build
-      const syncStrategy = buildParameters.syncStrategy as SyncStrategy;
-      if (syncStrategy !== 'full') {
-        core.info(`[Sync] Applying sync strategy: ${syncStrategy}`);
-        await applySyncStrategy(buildParameters, workspace, plugin);
-      }
-
       await PlatformSetup.setup(buildParameters, actionFolder);
       exitCode =
         process.platform === 'darwin'
@@ -232,126 +32,16 @@ async function runMain() {
               actionFolder,
               ...buildParameters,
             });
-
-      // Local build caching - save
-      if (buildParameters.localCacheEnabled && LocalCacheService) {
-        if (buildParameters.localCacheLibrary) {
-          const projectFullPath = path.join(workspace, buildParameters.projectPath);
-          await LocalCacheService.saveLibraryCache(projectFullPath, cacheRoot, cacheKey);
-        }
-        if (buildParameters.localCacheLfs) {
-          await LocalCacheService.saveLfsCache(workspace, cacheRoot, cacheKey);
-        }
-      }
-
-      // Child workspace isolation - save workspace for next run
-      if (childWorkspaceConfig && childWorkspaceConfig.enabled) {
-        const ChildWorkspaceService = await plugin?.loadChildWorkspaceService();
-        const projectFullPath = path.join(workspace, buildParameters.projectPath);
-        const preSaveSize = ChildWorkspaceService?.getWorkspaceSize(projectFullPath);
-        core.info(`Child workspace size before save: ${preSaveSize}`);
-
-        ChildWorkspaceService?.saveWorkspace(projectFullPath, childWorkspaceConfig);
-        core.info(`Child workspace "${buildParameters.childWorkspaceName}" saved to cache`);
-      }
-
-      // Revert overlays after job completion if configured
-      if (buildParameters.syncRevertAfter && syncStrategy !== 'full') {
-        core.info('[Sync] Reverting overlay changes after job completion');
-        try {
-          await plugin?.IncrementalSyncService.revertOverlays(workspace, buildParameters.syncStatePath);
-        } catch (revertError) {
-          core.warning(`[Sync] Overlay revert failed: ${(revertError as Error).message}`);
-        }
-      }
     } else {
-      const orchestrator = await loadOrchestrator();
-      if (!orchestrator) {
-        throw new Error(
-          'Orchestrator package not available. Install @game-ci/orchestrator or use providerStrategy=local.',
-        );
-      }
-      await orchestrator.run(buildParameters, baseImage.toString());
+      await CloudRunner.run(buildParameters, baseImage.toString());
       exitCode = 0;
     }
 
-    // Post-build: archive and enforce retention
-    if (buildParameters.buildArchiveEnabled && exitCode === 0) {
-      core.info('Archiving build output...');
-      plugin?.BuildReliabilityService.archiveBuildOutput(buildParameters.buildPath, buildParameters.buildArchivePath);
-      plugin?.BuildReliabilityService.enforceRetention(
-        buildParameters.buildArchivePath,
-        buildParameters.buildArchiveRetention,
-      );
-    }
-
     // Set output
     await Output.setBuildVersion(buildParameters.buildVersion);
     await Output.setAndroidVersionCode(buildParameters.androidVersionCode);
     await Output.setEngineExitCode(exitCode);
 
-    // Artifact collection and upload (runs on both success and failure)
-    try {
-      // Register custom output types if provided
-      if (buildParameters.artifactCustomTypes) {
-        try {
-          const customTypes = JSON.parse(buildParameters.artifactCustomTypes);
-          if (Array.isArray(customTypes)) {
-            for (const ct of customTypes) {
-              plugin?.OutputTypeRegistry.registerType({
-                name: ct.name,
-                defaultPath: ct.defaultPath || ct.pattern || `./${ct.name}/`,
-                description: ct.description || `Custom output type: ${ct.name}`,
-                builtIn: false,
-              });
-            }
-          }
-        } catch (parseError) {
-          core.warning(`Failed to parse artifactCustomTypes: ${(parseError as Error).message}`);
-        }
-      }
-
-      // Collect outputs and generate manifest
-      const manifestPath = path.join(buildParameters.projectPath, 'output-manifest.json');
-      const manifest = await plugin?.OutputService.collectOutputs(
-        buildParameters.projectPath,
-        buildParameters.buildGuid,
-        buildParameters.artifactOutputTypes,
-        manifestPath,
-      );
-
-      core.setOutput('artifactManifestPath', manifestPath);
-
-      if (manifest) {
-        // Upload artifacts
-        const uploadConfig = plugin?.ArtifactUploadHandler.parseConfig(
-          buildParameters.artifactUploadTarget,
-          buildParameters.artifactUploadPath || undefined,
-          buildParameters.artifactCompression,
-          buildParameters.artifactRetentionDays,
-        );
-
-        if (uploadConfig) {
-          const uploadResult = await plugin?.ArtifactUploadHandler.uploadArtifacts(
-            manifest,
-            uploadConfig,
-            buildParameters.projectPath,
-          );
-
-          if (uploadResult && !uploadResult.success) {
-            core.warning(
-              `Artifact upload completed with errors: ${uploadResult.entries
-                .filter((entry: any) => !entry.success)
-                .map((entry: any) => `${entry.type}: ${entry.error}`)
-                .join('; ')}`,
-            );
-          }
-        }
-      }
-    } catch (artifactError) {
-      core.warning(`Artifact collection/upload failed: ${(artifactError as Error).message}`);
-    }
-
     if (exitCode !== 0) {
       core.setFailed(`Build failed with exit code ${exitCode}`);
     }
@@ -360,99 +50,4 @@ async function runMain() {
   }
 }
 
-async function runColdBuild(
-  buildParameters: BuildParameters,
-  baseImage: ImageTag,
-  workspace: string,
-  actionFolder: string,
-): Promise<number> {
-  if (buildParameters.providerStrategy === 'local') {
-    core.info('Building locally');
-    await PlatformSetup.setup(buildParameters, actionFolder);
-
-    return process.platform === 'darwin'
-      ? await MacBuilder.run(actionFolder)
-      : await Docker.run(baseImage.toString(), {
-          workspace,
-          actionFolder,
-          ...buildParameters,
-        });
-  } else {
-    const orchestrator = await loadOrchestrator();
-    if (!orchestrator) {
-      throw new Error(
-        'Orchestrator package not available. Install @game-ci/orchestrator or use providerStrategy=local.',
-      );
-    }
-    await orchestrator.run(buildParameters, baseImage.toString());
-
-    return 0;
-  }
-}
-
-/**
- * Apply the configured sync strategy to the workspace before build.
- */
-async function applySyncStrategy(
-  buildParameters: BuildParameters,
-  workspace: string,
-  plugin?: PluginServices | undefined,
-): Promise<void> {
-  if (!plugin?.IncrementalSyncService) {
-    core.warning('[Sync] Orchestrator plugin not available, skipping sync strategy');
-
-    return;
-  }
-
-  const { IncrementalSyncService } = plugin;
-  const strategy = buildParameters.syncStrategy as SyncStrategy;
-  const resolvedStrategy = IncrementalSyncService.resolveStrategy(strategy, workspace, buildParameters.syncStatePath);
-
-  if (resolvedStrategy === 'full') {
-    core.info('[Sync] Resolved to full sync (no incremental state available)');
-
-    return;
-  }
-
-  switch (resolvedStrategy) {
-    case 'git-delta': {
-      const targetReference = buildParameters.gitSha || buildParameters.branch;
-      const changedFiles = await IncrementalSyncService.syncGitDelta(
-        workspace,
-        targetReference,
-        buildParameters.syncStatePath,
-      );
-      core.info(`[Sync] Git delta sync applied: ${changedFiles} file(s) changed`);
-      break;
-    }
-    case 'direct-input': {
-      if (!buildParameters.syncInputRef) {
-        throw new Error('[Sync] direct-input strategy requires syncInputRef to be set');
-      }
-      const overlays = await IncrementalSyncService.applyDirectInput(
-        workspace,
-        buildParameters.syncInputRef,
-        buildParameters.syncStorageRemote || undefined,
-        buildParameters.syncStatePath,
-      );
-      core.info(`[Sync] Direct input applied: ${overlays.length} overlay(s)`);
-      break;
-    }
-    case 'storage-pull': {
-      if (!buildParameters.syncInputRef) {
-        throw new Error('[Sync] storage-pull strategy requires syncInputRef to be set');
-      }
-      const pulledFiles = await IncrementalSyncService.syncStoragePull(workspace, buildParameters.syncInputRef, {
-        rcloneRemote: buildParameters.syncStorageRemote || undefined,
-        syncRevertAfter: buildParameters.syncRevertAfter,
-        statePath: buildParameters.syncStatePath,
-      });
-      core.info(`[Sync] Storage pull complete: ${pulledFiles.length} file(s)`);
-      break;
-    }
-    default:
-      core.warning(`[Sync] Unknown sync strategy: ${resolvedStrategy}`);
-  }
-}
-
 runMain();

src/integration/cloud-runner-github-checks-integration-test.ts

@@ -0,0 +1,29 @@
+// Integration test for exercising real GitHub check creation and updates.
+import CloudRunner from '../model/cloud-runner/cloud-runner';
+import UnityVersioning from '../model/unity-versioning';
+import GitHub from '../model/github';
+import { TIMEOUT_INFINITE, createParameters } from '../test-utils/cloud-runner-test-helpers';
+
+const runIntegration = process.env.RUN_GITHUB_INTEGRATION_TESTS === 'true';
+const describeOrSkip = runIntegration ? describe : describe.skip;
+
+describeOrSkip('Cloud Runner Github Checks Integration', () => {
+  it(
+    'creates and updates a real GitHub check',
+    async () => {
+      const buildParameter = await createParameters({
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.read('test-project'),
+        asyncCloudRunner: `true`,
+        githubChecks: `true`,
+      });
+      await CloudRunner.setup(buildParameter);
+      const checkId = await GitHub.createGitHubCheck(`integration create`);
+      expect(checkId).not.toEqual('');
+      await GitHub.updateGitHubCheck(`1 ${new Date().toISOString()}`, `integration`);
+      await GitHub.updateGitHubCheck(`2 ${new Date().toISOString()}`, `integration`, `success`, `completed`);
+    },
+    TIMEOUT_INFINITE,
+  );
+});

src/model/build-parameters.ts

@@ -1,5 +1,7 @@
 import { customAlphabet } from 'nanoid';
 import AndroidVersioning from './android-versioning';
+import CloudRunnerConstants from './cloud-runner/options/cloud-runner-constants';
+import CloudRunnerBuildGuid from './cloud-runner/options/cloud-runner-guid';
 import Input from './input';
 import Platform from './platform';
 import UnityVersioning from './unity-versioning';
@@ -8,6 +10,8 @@ import { GitRepoReader } from './input-readers/git-repo';
 import { GithubCliReader } from './input-readers/github-cli';
 import { Cli } from './cli/cli';
 import GitHub from './github';
+import CloudRunnerOptions from './cloud-runner/options/cloud-runner-options';
+import CloudRunner from './cloud-runner/cloud-runner';
 import * as core from '@actions/core';
 
 class BuildParameters {
@@ -50,13 +54,6 @@ class BuildParameters {
   public sshAgent!: string;
   public sshPublicKeysDirectoryPath!: string;
   public providerStrategy!: string;
-  public fallbackProviderStrategy!: string;
-  public runnerCheckEnabled!: boolean;
-  public runnerCheckLabels!: string[];
-  public runnerCheckMinAvailable!: number;
-  public retryOnFallback!: boolean;
-  public providerInitTimeout!: number;
-  public gitAuthMode!: string;
   public gitPrivateToken!: string;
   public awsStackName!: string;
   public awsEndpoint?: string;
@@ -70,7 +67,6 @@ class BuildParameters {
   public kubeConfig!: string;
   public containerMemory!: string;
   public containerCpu!: string;
-  public containerNamespace!: string;
   public kubeVolumeSize!: string;
   public kubeVolume!: string;
   public kubeStorageClass!: string;
@@ -87,13 +83,11 @@ class BuildParameters {
   public runNumber!: string;
   public branch!: string;
   public githubRepo!: string;
-  public orchestratorRepoName!: string;
-  public cloneDepth!: number;
   public gitSha!: string;
   public logId!: string;
   public buildGuid!: string;
-  public orchestratorBranch!: string;
-  public orchestratorDebug!: boolean | undefined;
+  public cloudRunnerBranch!: string;
+  public cloudRunnerDebug!: boolean | undefined;
   public buildPlatform!: string | undefined;
   public isCliMode!: boolean;
   public maxRetainedWorkspaces!: number;
@@ -109,103 +103,10 @@ class BuildParameters {
   public cacheUnityInstallationOnMac!: boolean;
   public unityHubVersionOnMac!: string;
   public dockerWorkspacePath!: string;
-  public submoduleProfilePath!: string;
-  public submoduleVariantPath!: string;
-  public submoduleToken!: string;
-  public localCacheEnabled!: boolean;
-  public localCacheRoot!: string;
-  public localCacheLibrary!: boolean;
-  public localCacheLfs!: boolean;
-  public childWorkspacesEnabled!: boolean;
-  public childWorkspaceName!: string;
-  public childWorkspaceCacheRoot!: string;
-  public childWorkspacePreserveGit!: boolean;
-  public childWorkspaceSeparateLibrary!: boolean;
-  public lfsTransferAgent!: string;
-  public lfsTransferAgentArgs!: string;
-  public lfsStoragePaths!: string;
-  public gitHooksEnabled!: boolean;
-  public gitHooksSkipList!: string;
-  public gitHooksRunBeforeBuild!: string;
-  public providerExecutable!: string;
 
-  // GCP Cloud Run (Experimental)
-  public gcpProject!: string;
-  public gcpRegion!: string;
-  public gcpStorageType!: string;
-  public gcpBucket!: string;
-  public gcpFilestoreIp!: string;
-  public gcpFilestoreShare!: string;
-  public gcpMachineType!: string;
-  public gcpDiskSizeGb!: string;
-  public gcpServiceAccount!: string;
-  public gcpVpcConnector!: string;
-
-  // Azure Container Instances (Experimental)
-  public azureResourceGroup!: string;
-  public azureLocation!: string;
-  public azureStorageType!: string;
-  public azureStorageAccount!: string;
-  public azureBlobContainer!: string;
-  public azureFileShareName!: string;
-  public azureSubscriptionId!: string;
-  public azureCpu!: string;
-  public azureMemoryGb!: string;
-  public azureDiskSizeGb!: string;
-  public azureSubnetId!: string;
-
-  // Remote PowerShell provider
-  public remotePowershellHost!: string;
-  public remotePowershellCredential!: string;
-  public remotePowershellTransport!: string;
-
-  // GitHub Actions provider
-  public githubActionsRepo!: string;
-  public githubActionsWorkflow!: string;
-  public githubActionsToken!: string;
-  public githubActionsRef!: string;
-
-  // GitLab CI provider
-  public gitlabProjectId!: string;
-  public gitlabTriggerToken!: string;
-  public gitlabApiUrl!: string;
-  public gitlabRef!: string;
-
-  // Ansible provider
-  public ansibleInventory!: string;
-  public ansiblePlaybook!: string;
-  public ansibleExtraVars!: string;
-  public ansibleVaultPassword!: string;
-  public gitIntegrityCheck!: boolean;
-  public gitAutoRecover!: boolean;
-  public cleanReservedFilenames!: boolean;
-  public buildArchiveEnabled!: boolean;
-  public buildArchivePath!: string;
-  public buildArchiveRetention!: number;
-
-  public testSuitePath!: string;
-  public testSuiteEvent!: string;
-  public testTaxonomyPath!: string;
-  public testResultFormat!: string;
-  public testResultPath!: string;
-  public hotRunnerEnabled!: boolean;
-  public hotRunnerTransport!: 'websocket' | 'grpc' | 'named-pipe';
-  public hotRunnerHost!: string;
-  public hotRunnerPort!: number;
-  public hotRunnerHealthInterval!: number;
-  public hotRunnerMaxIdle!: number;
-  public hotRunnerFallbackToCold!: boolean;
-  public artifactOutputTypes!: string;
-  public artifactUploadTarget!: string;
-  public artifactUploadPath!: string;
-  public artifactCompression!: string;
-  public artifactRetentionDays!: string;
-  public artifactCustomTypes!: string;
-  public syncStrategy!: string;
-  public syncInputRef!: string;
-  public syncStorageRemote!: string;
-  public syncRevertAfter!: boolean;
-  public syncStatePath!: string;
+  public static shouldUseRetainedWorkspaceMode(buildParameters: BuildParameters) {
+    return buildParameters.maxRetainedWorkspaces > 0 && CloudRunner.lockedWorkspace !== ``;
+  }
 
   static async create(): Promise<BuildParameters> {
     const buildFile = this.parseBuildFile(Input.buildName, Input.targetPlatform, Input.androidExportType);
@@ -289,166 +190,52 @@ class BuildParameters {
       dockerIsolationMode: Input.dockerIsolationMode,
       containerRegistryRepository: Input.containerRegistryRepository,
       containerRegistryImageVersion: Input.containerRegistryImageVersion,
-      providerStrategy: Input.getInput('providerStrategy') || (Cli.isCliMode ? 'aws' : 'local'),
-      fallbackProviderStrategy: Input.getInput('fallbackProviderStrategy') || '',
-      runnerCheckEnabled: Input.getInput('runnerCheckEnabled') === 'true',
-      runnerCheckLabels: (Input.getInput('runnerCheckLabels') || '')
-        .split(',')
-        .map((l: string) => l.trim())
-        .filter(Boolean),
-      runnerCheckMinAvailable: Number(Input.getInput('runnerCheckMinAvailable')) || 1,
-      retryOnFallback: Input.getInput('retryOnFallback') === 'true',
-      providerInitTimeout: Number(Input.getInput('providerInitTimeout')) || 0,
-      gitAuthMode: Input.getInput('gitAuthMode') || 'header',
-      buildPlatform:
-        Input.getInput('buildPlatform') ||
-        ((Input.getInput('providerStrategy') || 'local') !== 'local' ? 'linux' : process.platform),
-      kubeConfig: Input.getInput('kubeConfig') || '',
-      containerMemory: Input.getInput('containerMemory') || '3072',
-      containerCpu: Input.getInput('containerCpu') || '1024',
-      containerNamespace: Input.getInput('containerNamespace') || 'default',
-      kubeVolumeSize: Input.getInput('kubeVolumeSize') || '25Gi',
-      kubeVolume: Input.getInput('kubeVolume') || '',
-      postBuildContainerHooks: Input.getInput('postBuildContainerHooks') || '',
-      preBuildContainerHooks: Input.getInput('preBuildContainerHooks') || '',
-      customJob: Input.getInput('customJob') || '',
+      providerStrategy: CloudRunnerOptions.providerStrategy,
+      buildPlatform: CloudRunnerOptions.buildPlatform,
+      kubeConfig: CloudRunnerOptions.kubeConfig,
+      containerMemory: CloudRunnerOptions.containerMemory,
+      containerCpu: CloudRunnerOptions.containerCpu,
+      kubeVolumeSize: CloudRunnerOptions.kubeVolumeSize,
+      kubeVolume: CloudRunnerOptions.kubeVolume,
+      postBuildContainerHooks: CloudRunnerOptions.postBuildContainerHooks,
+      preBuildContainerHooks: CloudRunnerOptions.preBuildContainerHooks,
+      customJob: CloudRunnerOptions.customJob,
       runNumber: Input.runNumber,
       branch: Input.branch.replace('/head', '') || (await GitRepoReader.GetBranch()),
-      orchestratorBranch: (Input.getInput('orchestratorBranch') || 'main').split('/').reverse()[0],
-      orchestratorDebug:
-        Input.getInput('orchestratorDebug') === 'true' || Input.getInput('orchestratorTests') === 'true',
-      githubRepo:
-        (Input.githubRepo ?? (await GitRepoReader.GetRemote())) ||
-        Input.getInput('orchestratorRepoName') ||
-        'game-ci/unity-builder',
-      orchestratorRepoName: Input.getInput('orchestratorRepoName') || 'game-ci/unity-builder',
-      cloneDepth: Number.parseInt(Input.getInput('cloneDepth') || '50'),
+      cloudRunnerBranch: CloudRunnerOptions.cloudRunnerBranch.split('/').reverse()[0],
+      cloudRunnerDebug: CloudRunnerOptions.cloudRunnerDebug,
+      githubRepo: (Input.githubRepo ?? (await GitRepoReader.GetRemote())) || 'game-ci/unity-builder',
       isCliMode: Cli.isCliMode,
-      awsStackName: Input.getInput('awsStackName') || 'game-ci',
-      awsEndpoint: Input.getInput('awsEndpoint'),
-      awsCloudFormationEndpoint: Input.getInput('awsCloudFormationEndpoint') || Input.getInput('awsEndpoint'),
-      awsEcsEndpoint: Input.getInput('awsEcsEndpoint') || Input.getInput('awsEndpoint'),
-      awsKinesisEndpoint: Input.getInput('awsKinesisEndpoint') || Input.getInput('awsEndpoint'),
-      awsCloudWatchLogsEndpoint: Input.getInput('awsCloudWatchLogsEndpoint') || Input.getInput('awsEndpoint'),
-      awsS3Endpoint: Input.getInput('awsS3Endpoint') || Input.getInput('awsEndpoint'),
-      storageProvider: Input.getInput('storageProvider') || 's3',
-      rcloneRemote: Input.getInput('rcloneRemote') || '',
+      awsStackName: CloudRunnerOptions.awsStackName,
+      awsEndpoint: CloudRunnerOptions.awsEndpoint,
+      awsCloudFormationEndpoint: CloudRunnerOptions.awsCloudFormationEndpoint,
+      awsEcsEndpoint: CloudRunnerOptions.awsEcsEndpoint,
+      awsKinesisEndpoint: CloudRunnerOptions.awsKinesisEndpoint,
+      awsCloudWatchLogsEndpoint: CloudRunnerOptions.awsCloudWatchLogsEndpoint,
+      awsS3Endpoint: CloudRunnerOptions.awsS3Endpoint,
+      storageProvider: CloudRunnerOptions.storageProvider,
+      rcloneRemote: CloudRunnerOptions.rcloneRemote,
       gitSha: Input.gitSha,
-      logId: customAlphabet('0123456789abcdefghijklmnopqrstuvwxyz', 9)(),
-      buildGuid: `${Input.runNumber}-${Input.targetPlatform.toLowerCase().replace('standalone', '')}-${customAlphabet(
-        '0123456789abcdefghijklmnopqrstuvwxyz',
-        4,
-      )()}`,
-      commandHooks: Input.getInput('commandHooks') || '',
-      inputPullCommand: Input.getInput('inputPullCommand') || '',
-      pullInputList: (Input.getInput('pullInputList') || '').split(',').filter(Boolean),
-      kubeStorageClass: Input.getInput('kubeStorageClass') || '',
-      gcpProject: Input.gcpProject,
-      gcpRegion: Input.gcpRegion,
-      gcpStorageType: Input.gcpStorageType,
-      gcpBucket: Input.gcpBucket,
-      gcpFilestoreIp: Input.gcpFilestoreIp,
-      gcpFilestoreShare: Input.gcpFilestoreShare,
-      gcpMachineType: Input.gcpMachineType,
-      gcpDiskSizeGb: Input.gcpDiskSizeGb,
-      gcpServiceAccount: Input.gcpServiceAccount,
-      gcpVpcConnector: Input.gcpVpcConnector,
-      azureResourceGroup: Input.azureResourceGroup,
-      azureLocation: Input.azureLocation,
-      azureStorageType: Input.azureStorageType,
-      azureStorageAccount: Input.azureStorageAccount,
-      azureBlobContainer: Input.azureBlobContainer,
-      azureFileShareName: Input.azureFileShareName,
-      azureSubscriptionId: Input.azureSubscriptionId,
-      azureCpu: Input.azureCpu,
-      azureMemoryGb: Input.azureMemoryGb,
-      azureDiskSizeGb: Input.azureDiskSizeGb,
-      azureSubnetId: Input.azureSubnetId,
-      cacheKey: Input.getInput('cacheKey') || Input.branch,
-      maxRetainedWorkspaces: Number.parseInt(Input.getInput('maxRetainedWorkspaces') || '0'),
-      useLargePackages: Input.getInput('useLargePackages') === 'true',
-      useCompressionStrategy: Input.getInput('useCompressionStrategy') === 'true',
-      garbageMaxAge: Number(Input.getInput('garbageMaxAge')) || 24,
-      githubChecks: Input.getInput('githubChecks') === 'true',
-      asyncWorkflow: Input.getInput('asyncOrchestrator') === 'true',
-      githubCheckId: Input.getInput('githubCheckId') || '',
-      finalHooks: (Input.getInput('finalHooks') || '').split(',').filter(Boolean),
-      skipLfs: Input.getInput('skipLfs') === 'true',
-      skipCache: Input.getInput('skipCache') === 'true',
+      logId: customAlphabet(CloudRunnerConstants.alphabet, 9)(),
+      buildGuid: CloudRunnerBuildGuid.generateGuid(Input.runNumber, Input.targetPlatform),
+      commandHooks: CloudRunnerOptions.commandHooks,
+      inputPullCommand: CloudRunnerOptions.inputPullCommand,
+      pullInputList: CloudRunnerOptions.pullInputList,
+      kubeStorageClass: CloudRunnerOptions.kubeStorageClass,
+      cacheKey: CloudRunnerOptions.cacheKey,
+      maxRetainedWorkspaces: Number.parseInt(CloudRunnerOptions.maxRetainedWorkspaces),
+      useLargePackages: CloudRunnerOptions.useLargePackages,
+      useCompressionStrategy: CloudRunnerOptions.useCompressionStrategy,
+      garbageMaxAge: CloudRunnerOptions.garbageMaxAge,
+      githubChecks: CloudRunnerOptions.githubChecks,
+      asyncWorkflow: CloudRunnerOptions.asyncCloudRunner,
+      githubCheckId: CloudRunnerOptions.githubCheckId,
+      finalHooks: CloudRunnerOptions.finalHooks,
+      skipLfs: CloudRunnerOptions.skipLfs,
+      skipCache: CloudRunnerOptions.skipCache,
       cacheUnityInstallationOnMac: Input.cacheUnityInstallationOnMac,
       unityHubVersionOnMac: Input.unityHubVersionOnMac,
       dockerWorkspacePath: Input.dockerWorkspacePath,
-      submoduleProfilePath: Input.submoduleProfilePath,
-      submoduleVariantPath: Input.submoduleVariantPath,
-      submoduleToken: Input.submoduleToken,
-      localCacheEnabled: Input.localCacheEnabled,
-      localCacheRoot: Input.localCacheRoot,
-      localCacheLibrary: Input.localCacheLibrary,
-      localCacheLfs: Input.localCacheLfs,
-      childWorkspacesEnabled: Input.childWorkspacesEnabled,
-      childWorkspaceName: Input.childWorkspaceName,
-      childWorkspaceCacheRoot: Input.childWorkspaceCacheRoot,
-      childWorkspacePreserveGit: Input.childWorkspacePreserveGit,
-      childWorkspaceSeparateLibrary: Input.childWorkspaceSeparateLibrary,
-      lfsTransferAgent: Input.lfsTransferAgent,
-      lfsTransferAgentArgs: Input.lfsTransferAgentArgs,
-      lfsStoragePaths: Input.lfsStoragePaths,
-      gitHooksEnabled: Input.gitHooksEnabled,
-      gitHooksSkipList: Input.gitHooksSkipList,
-      gitHooksRunBeforeBuild: Input.gitHooksRunBeforeBuild,
-      providerExecutable: Input.providerExecutable,
-
-      // Remote PowerShell provider
-      remotePowershellHost: Input.remotePowershellHost,
-      remotePowershellCredential: Input.remotePowershellCredential,
-      remotePowershellTransport: Input.remotePowershellTransport,
-
-      // GitHub Actions provider
-      githubActionsRepo: Input.githubActionsRepo,
-      githubActionsWorkflow: Input.githubActionsWorkflow,
-      githubActionsToken: Input.githubActionsToken,
-      githubActionsRef: Input.githubActionsRef,
-
-      // GitLab CI provider
-      gitlabProjectId: Input.gitlabProjectId,
-      gitlabTriggerToken: Input.gitlabTriggerToken,
-      gitlabApiUrl: Input.gitlabApiUrl,
-      gitlabRef: Input.gitlabRef,
-
-      // Ansible provider
-      ansibleInventory: Input.ansibleInventory,
-      ansiblePlaybook: Input.ansiblePlaybook,
-      ansibleExtraVars: Input.ansibleExtraVars,
-      ansibleVaultPassword: Input.ansibleVaultPassword,
-      gitIntegrityCheck: Input.gitIntegrityCheck,
-      gitAutoRecover: Input.gitAutoRecover,
-      cleanReservedFilenames: Input.cleanReservedFilenames,
-      buildArchiveEnabled: Input.buildArchiveEnabled,
-      buildArchivePath: Input.buildArchivePath,
-      buildArchiveRetention: Input.buildArchiveRetention,
-      testSuitePath: Input.testSuitePath,
-      testSuiteEvent: Input.testSuiteEvent,
-      testTaxonomyPath: Input.testTaxonomyPath,
-      testResultFormat: Input.testResultFormat,
-      testResultPath: Input.testResultPath,
-      hotRunnerEnabled: Input.hotRunnerEnabled,
-      hotRunnerTransport: Input.hotRunnerTransport,
-      hotRunnerHost: Input.hotRunnerHost,
-      hotRunnerPort: Input.hotRunnerPort,
-      hotRunnerHealthInterval: Input.hotRunnerHealthInterval,
-      hotRunnerMaxIdle: Input.hotRunnerMaxIdle,
-      hotRunnerFallbackToCold: Input.hotRunnerFallbackToCold,
-      artifactOutputTypes: Input.artifactOutputTypes,
-      artifactUploadTarget: Input.artifactUploadTarget,
-      artifactUploadPath: Input.artifactUploadPath,
-      artifactCompression: Input.artifactCompression,
-      artifactRetentionDays: Input.artifactRetentionDays,
-      artifactCustomTypes: Input.artifactCustomTypes,
-      syncStrategy: Input.syncStrategy,
-      syncInputRef: Input.syncInputRef,
-      syncStorageRemote: Input.syncStorageRemote,
-      syncRevertAfter: Input.syncRevertAfter,
-      syncStatePath: Input.syncStatePath,
     };
   }
 

src/model/cli/cli.ts

@@ -1,8 +1,15 @@
 import { Command } from 'commander-ts';
-import { Input } from '..';
+import { BuildParameters, CloudRunner, ImageTag, Input } from '..';
 import * as core from '@actions/core';
 import { ActionYamlReader } from '../input-readers/action-yaml';
+import CloudRunnerLogger from '../cloud-runner/services/core/cloud-runner-logger';
+import CloudRunnerQueryOverride from '../cloud-runner/options/cloud-runner-query-override';
 import { CliFunction, CliFunctionsRepository } from './cli-functions-repository';
+import { Caching } from '../cloud-runner/remote-client/caching';
+import { LfsHashing } from '../cloud-runner/services/utility/lfs-hashing';
+import { RemoteClient } from '../cloud-runner/remote-client';
+import CloudRunnerOptionsReader from '../cloud-runner/options/cloud-runner-options-reader';
+import GitHub from '../github';
 import { OptionValues } from 'commander';
 import { InputKey } from '../input';
 
@@ -23,13 +30,14 @@ export class Cli {
   }
 
   public static InitCliMode() {
+    CliFunctionsRepository.PushCliFunctionSource(RemoteClient);
+    CliFunctionsRepository.PushCliFunctionSource(Caching);
+    CliFunctionsRepository.PushCliFunctionSource(LfsHashing);
     const program = new Command();
     program.version('0.0.1');
 
+    const properties = CloudRunnerOptionsReader.GetProperties();
     const actionYamlReader: ActionYamlReader = new ActionYamlReader();
-    const properties = Object.getOwnPropertyNames(Input).filter(
-      (p) => p !== 'length' && p !== 'prototype' && p !== 'name',
-    );
     for (const element of properties) {
       program.option(`--${element} <${element}>`, actionYamlReader.GetActionYamlValue(element));
     }
@@ -45,11 +53,6 @@ export class Cli {
     program.option('--artifactName <artifactName>', 'caching artifact name');
     program.option('--select <select>', 'select a particular resource');
     program.option('--logFile <logFile>', 'output to log file (log stream only)');
-    program.option('--profilePath <profilePath>', 'path to submodule profile YAML');
-    program.option('--variantPath <variantPath>', 'path to submodule variant YAML');
-    program.option('--agentPath <agentPath>', 'path to custom LFS transfer agent');
-    program.option('--agentArgs <agentArgs>', 'arguments for custom LFS transfer agent');
-    program.option('--storagePaths <storagePaths>', 'semicolon-separated storage paths for LFS agent');
     program.parse(process.argv);
     Cli.options = program.opts();
 
@@ -57,15 +60,26 @@ export class Cli {
   }
 
   static async RunCli(): Promise<void> {
-    const results = CliFunctionsRepository.GetCliFunctions(Cli.options?.mode);
-    if (!results) {
-      throw new Error(
-        `Unknown CLI mode: ${Cli.options?.mode}. Orchestrator CLI features require @game-ci/orchestrator.`,
-      );
+    GitHub.githubInputEnabled = false;
+    if (Cli.options!['populateOverride'] === `true`) {
+      await CloudRunnerQueryOverride.PopulateQueryOverrideInput();
     }
-    core.info(`Entrypoint: ${results.key}`);
+    if (Cli.options!['logInput']) {
+      Cli.logInput();
+    }
+    const results = CliFunctionsRepository.GetCliFunctions(Cli.options?.mode);
+    CloudRunnerLogger.log(`Entrypoint: ${results.key}`);
     Cli.options!.versioning = 'None';
 
+    CloudRunner.buildParameters = await BuildParameters.create();
+    CloudRunner.buildParameters.buildGuid = process.env.BUILD_GUID || ``;
+    CloudRunnerLogger.log(`Build Params:
+      ${JSON.stringify(CloudRunner.buildParameters, undefined, 4)}
+    `);
+    CloudRunner.lockedWorkspace = process.env.LOCKED_WORKSPACE || ``;
+    CloudRunnerLogger.log(`Locked Workspace: ${CloudRunner.lockedWorkspace}`);
+    await CloudRunner.setup(CloudRunner.buildParameters);
+
     return await results.target[results.propertyKey](Cli.options);
   }
 
@@ -73,9 +87,7 @@ export class Cli {
   private static logInput() {
     core.info(`\n`);
     core.info(`INPUT:`);
-    const properties = Object.getOwnPropertyNames(Input).filter(
-      (p) => p !== 'length' && p !== 'prototype' && p !== 'name',
-    );
+    const properties = CloudRunnerOptionsReader.GetProperties();
     for (const element of properties) {
       if (
         element in Input &&
@@ -91,4 +103,73 @@ export class Cli {
     }
     core.info(`\n`);
   }
+
+  @CliFunction(`cli-build`, `runs a cloud runner build`)
+  public static async CLIBuild(): Promise<string> {
+    const buildParameter = await BuildParameters.create();
+    const baseImage = new ImageTag(buildParameter);
+
+    return (await CloudRunner.run(buildParameter, baseImage.toString())).BuildResults;
+  }
+
+  @CliFunction(`async-workflow`, `runs a cloud runner build`)
+  public static async asyncronousWorkflow(): Promise<string> {
+    const buildParameter = await BuildParameters.create();
+    const baseImage = new ImageTag(buildParameter);
+    await CloudRunner.setup(buildParameter);
+
+    return (await CloudRunner.run(buildParameter, baseImage.toString())).BuildResults;
+  }
+
+  @CliFunction(`checks-update`, `runs a cloud runner build`)
+  public static async checksUpdate() {
+    const buildParameter = await BuildParameters.create();
+
+    await CloudRunner.setup(buildParameter);
+    const input = JSON.parse(process.env.CHECKS_UPDATE || ``);
+    core.info(`Checks Update ${process.env.CHECKS_UPDATE}`);
+    if (input.mode === `create`) {
+      throw new Error(`Not supported: only use update`);
+    } else if (input.mode === `update`) {
+      await GitHub.updateGitHubCheckRequest(input.data);
+    }
+  }
+
+  @CliFunction(`garbage-collect`, `runs garbage collection`)
+  public static async GarbageCollect(): Promise<string> {
+    const buildParameter = await BuildParameters.create();
+
+    await CloudRunner.setup(buildParameter);
+
+    return await CloudRunner.Provider.garbageCollect(``, false, 0, false, false);
+  }
+
+  @CliFunction(`list-resources`, `lists active resources`)
+  public static async ListResources(): Promise<string[]> {
+    const buildParameter = await BuildParameters.create();
+
+    await CloudRunner.setup(buildParameter);
+    const result = await CloudRunner.Provider.listResources();
+    CloudRunnerLogger.log(JSON.stringify(result, undefined, 4));
+
+    return result.map((x) => x.Name);
+  }
+
+  @CliFunction(`list-worfklow`, `lists running workflows`)
+  public static async ListWorfklow(): Promise<string[]> {
+    const buildParameter = await BuildParameters.create();
+
+    await CloudRunner.setup(buildParameter);
+
+    return (await CloudRunner.Provider.listWorkflow()).map((x) => x.Name);
+  }
+
+  @CliFunction(`watch`, `follows logs of a running workflow`)
+  public static async Watch(): Promise<string> {
+    const buildParameter = await BuildParameters.create();
+
+    await CloudRunner.setup(buildParameter);
+
+    return await CloudRunner.Provider.watchWorkflow();
+  }
 }

src/model/cloud-runner/cloud-runner.ts

@@ -0,0 +1,227 @@
+import AwsBuildPlatform from './providers/aws';
+import { BuildParameters, Input } from '..';
+import Kubernetes from './providers/k8s';
+import CloudRunnerLogger from './services/core/cloud-runner-logger';
+import { CloudRunnerStepParameters } from './options/cloud-runner-step-parameters';
+import { WorkflowCompositionRoot } from './workflows/workflow-composition-root';
+import { CloudRunnerError } from './error/cloud-runner-error';
+import { TaskParameterSerializer } from './services/core/task-parameter-serializer';
+import * as core from '@actions/core';
+import CloudRunnerSecret from './options/cloud-runner-secret';
+import { ProviderInterface } from './providers/provider-interface';
+import CloudRunnerEnvironmentVariable from './options/cloud-runner-environment-variable';
+import TestCloudRunner from './providers/test';
+import LocalCloudRunner from './providers/local';
+import LocalDockerCloudRunner from './providers/docker';
+import loadProvider from './providers/provider-loader';
+import GitHub from '../github';
+import SharedWorkspaceLocking from './services/core/shared-workspace-locking';
+import { FollowLogStreamService } from './services/core/follow-log-stream-service';
+import CloudRunnerResult from './services/core/cloud-runner-result';
+import CloudRunnerOptions from './options/cloud-runner-options';
+
+class CloudRunner {
+  public static Provider: ProviderInterface;
+  public static buildParameters: BuildParameters;
+  private static defaultSecrets: CloudRunnerSecret[];
+  private static cloudRunnerEnvironmentVariables: CloudRunnerEnvironmentVariable[];
+  static lockedWorkspace: string = ``;
+  public static readonly retainedWorkspacePrefix: string = `retained-workspace`;
+  public static get isCloudRunnerEnvironment() {
+    return process.env[`GITHUB_ACTIONS`] !== `true`;
+  }
+  public static get isCloudRunnerAsyncEnvironment() {
+    return process.env[`ASYNC_WORKFLOW`] === `true`;
+  }
+  public static async setup(buildParameters: BuildParameters) {
+    CloudRunnerLogger.setup();
+    CloudRunnerLogger.log(`Setting up cloud runner`);
+    CloudRunner.buildParameters = buildParameters;
+    if (CloudRunner.buildParameters.githubCheckId === ``) {
+      CloudRunner.buildParameters.githubCheckId = await GitHub.createGitHubCheck(CloudRunner.buildParameters.buildGuid);
+    }
+    await CloudRunner.setupSelectedBuildPlatform();
+    CloudRunner.defaultSecrets = TaskParameterSerializer.readDefaultSecrets();
+    CloudRunner.cloudRunnerEnvironmentVariables =
+      TaskParameterSerializer.createCloudRunnerEnvironmentVariables(buildParameters);
+    if (GitHub.githubInputEnabled) {
+      const buildParameterPropertyNames = Object.getOwnPropertyNames(buildParameters);
+      for (const element of CloudRunner.cloudRunnerEnvironmentVariables) {
+        // CloudRunnerLogger.log(`Cloud Runner output ${Input.ToEnvVarFormat(element.name)} = ${element.value}`);
+        core.setOutput(Input.ToEnvVarFormat(element.name), element.value);
+      }
+      for (const element of buildParameterPropertyNames) {
+        // CloudRunnerLogger.log(`Cloud Runner output ${Input.ToEnvVarFormat(element)} = ${buildParameters[element]}`);
+        core.setOutput(Input.ToEnvVarFormat(element), buildParameters[element]);
+      }
+      core.setOutput(
+        Input.ToEnvVarFormat(`buildArtifact`),
+        `build-${CloudRunner.buildParameters.buildGuid}.tar${
+          CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+        }`,
+      );
+    }
+    FollowLogStreamService.Reset();
+  }
+
+  private static async setupSelectedBuildPlatform() {
+    CloudRunnerLogger.log(`Cloud Runner platform selected ${CloudRunner.buildParameters.providerStrategy}`);
+
+    // Detect LocalStack endpoints and reroute AWS provider to local-docker for CI tests that only need S3
+    const endpointsToCheck = [
+      process.env.AWS_ENDPOINT,
+      process.env.AWS_S3_ENDPOINT,
+      process.env.AWS_CLOUD_FORMATION_ENDPOINT,
+      process.env.AWS_ECS_ENDPOINT,
+      process.env.AWS_KINESIS_ENDPOINT,
+      process.env.AWS_CLOUD_WATCH_LOGS_ENDPOINT,
+      CloudRunnerOptions.awsEndpoint,
+      CloudRunnerOptions.awsS3Endpoint,
+      CloudRunnerOptions.awsCloudFormationEndpoint,
+      CloudRunnerOptions.awsEcsEndpoint,
+      CloudRunnerOptions.awsKinesisEndpoint,
+      CloudRunnerOptions.awsCloudWatchLogsEndpoint,
+    ]
+      .filter((x) => typeof x === 'string')
+      .join(' ');
+    const isLocalStack = /localstack|localhost|127\.0\.0\.1/i.test(endpointsToCheck);
+    let provider = CloudRunner.buildParameters.providerStrategy;
+    if (provider === 'aws' && isLocalStack) {
+      CloudRunnerLogger.log('LocalStack endpoints detected; routing provider to local-docker for this run');
+      provider = 'local-docker';
+    }
+
+    switch (provider) {
+      case 'k8s':
+        CloudRunner.Provider = new Kubernetes(CloudRunner.buildParameters);
+        break;
+      case 'aws':
+        CloudRunner.Provider = new AwsBuildPlatform(CloudRunner.buildParameters);
+        break;
+      case 'test':
+        CloudRunner.Provider = new TestCloudRunner();
+        break;
+      case 'local-docker':
+        CloudRunner.Provider = new LocalDockerCloudRunner();
+        break;
+      case 'local-system':
+        CloudRunner.Provider = new LocalCloudRunner();
+        break;
+      case 'local':
+        CloudRunner.Provider = new LocalCloudRunner();
+        break;
+      default:
+        // Try to load provider using the dynamic loader for unknown providers
+        try {
+          CloudRunner.Provider = await loadProvider(provider, CloudRunner.buildParameters);
+        } catch (error: any) {
+          CloudRunnerLogger.log(`Failed to load provider '${provider}' using dynamic loader: ${error.message}`);
+          CloudRunnerLogger.log('Falling back to local provider...');
+          CloudRunner.Provider = new LocalCloudRunner();
+        }
+        break;
+    }
+  }
+
+  static async run(buildParameters: BuildParameters, baseImage: string) {
+    if (baseImage.includes(`undefined`)) {
+      throw new Error(`baseImage is undefined`);
+    }
+    await CloudRunner.setup(buildParameters);
+    await CloudRunner.Provider.setupWorkflow(
+      CloudRunner.buildParameters.buildGuid,
+      CloudRunner.buildParameters,
+      CloudRunner.buildParameters.branch,
+      CloudRunner.defaultSecrets,
+    );
+    try {
+      if (buildParameters.maxRetainedWorkspaces > 0) {
+        CloudRunner.lockedWorkspace = SharedWorkspaceLocking.NewWorkspaceName();
+
+        const result = await SharedWorkspaceLocking.GetLockedWorkspace(
+          CloudRunner.lockedWorkspace,
+          CloudRunner.buildParameters.buildGuid,
+          CloudRunner.buildParameters,
+        );
+
+        if (result) {
+          CloudRunnerLogger.logLine(`Using retained workspace ${CloudRunner.lockedWorkspace}`);
+          CloudRunner.cloudRunnerEnvironmentVariables = [
+            ...CloudRunner.cloudRunnerEnvironmentVariables,
+            { name: `LOCKED_WORKSPACE`, value: CloudRunner.lockedWorkspace },
+          ];
+        } else {
+          CloudRunnerLogger.log(`Max retained workspaces reached ${buildParameters.maxRetainedWorkspaces}`);
+          buildParameters.maxRetainedWorkspaces = 0;
+          CloudRunner.lockedWorkspace = ``;
+        }
+      }
+      await CloudRunner.updateStatusWithBuildParameters();
+      const output = await new WorkflowCompositionRoot().run(
+        new CloudRunnerStepParameters(
+          baseImage,
+          CloudRunner.cloudRunnerEnvironmentVariables,
+          CloudRunner.defaultSecrets,
+        ),
+      );
+      await CloudRunner.Provider.cleanupWorkflow(
+        CloudRunner.buildParameters,
+        CloudRunner.buildParameters.branch,
+        CloudRunner.defaultSecrets,
+      );
+      if (!CloudRunner.buildParameters.isCliMode) core.endGroup();
+      if (buildParameters.asyncWorkflow && this.isCloudRunnerEnvironment && this.isCloudRunnerAsyncEnvironment) {
+        await GitHub.updateGitHubCheck(CloudRunner.buildParameters.buildGuid, `success`, `success`, `completed`);
+      }
+
+      if (BuildParameters.shouldUseRetainedWorkspaceMode(buildParameters)) {
+        const workspace = CloudRunner.lockedWorkspace || ``;
+        await SharedWorkspaceLocking.ReleaseWorkspace(
+          workspace,
+          CloudRunner.buildParameters.buildGuid,
+          CloudRunner.buildParameters,
+        );
+        const isLocked = await SharedWorkspaceLocking.IsWorkspaceLocked(workspace, CloudRunner.buildParameters);
+        if (isLocked) {
+          throw new Error(
+            `still locked after releasing ${await SharedWorkspaceLocking.GetAllLocksForWorkspace(
+              workspace,
+              buildParameters,
+            )}`,
+          );
+        }
+        CloudRunner.lockedWorkspace = ``;
+      }
+
+      await GitHub.triggerWorkflowOnComplete(CloudRunner.buildParameters.finalHooks);
+
+      if (buildParameters.constantGarbageCollection) {
+        CloudRunner.Provider.garbageCollect(``, true, buildParameters.garbageMaxAge, true, true);
+      }
+
+      return new CloudRunnerResult(buildParameters, output, true, true, false);
+    } catch (error: any) {
+      CloudRunnerLogger.log(JSON.stringify(error, undefined, 4));
+      await GitHub.updateGitHubCheck(
+        CloudRunner.buildParameters.buildGuid,
+        `Failed - Error ${error?.message || error}`,
+        `failure`,
+        `completed`,
+      );
+      if (!CloudRunner.buildParameters.isCliMode) core.endGroup();
+      await CloudRunnerError.handleException(error, CloudRunner.buildParameters, CloudRunner.defaultSecrets);
+      throw error;
+    }
+  }
+
+  private static async updateStatusWithBuildParameters() {
+    const content = { ...CloudRunner.buildParameters };
+    content.gitPrivateToken = ``;
+    content.unitySerial = ``;
+    content.unityEmail = ``;
+    content.unityPassword = ``;
+    const jsonContent = JSON.stringify(content, undefined, 4);
+    await GitHub.updateGitHubCheck(jsonContent, CloudRunner.buildParameters.buildGuid);
+  }
+}
+export default CloudRunner;

src/model/cloud-runner/error/cloud-runner-error.ts

@@ -0,0 +1,15 @@
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import * as core from '@actions/core';
+import CloudRunner from '../cloud-runner';
+import CloudRunnerSecret from '../options/cloud-runner-secret';
+import BuildParameters from '../../build-parameters';
+
+export class CloudRunnerError {
+  public static async handleException(error: unknown, buildParameters: BuildParameters, secrets: CloudRunnerSecret[]) {
+    CloudRunnerLogger.error(JSON.stringify(error, undefined, 4));
+    core.setFailed('Cloud Runner failed');
+    if (CloudRunner.Provider !== undefined) {
+      await CloudRunner.Provider.cleanupWorkflow(buildParameters, buildParameters.branch, secrets);
+    }
+  }
+}

src/model/cloud-runner/options/cloud-runner-constants.ts

@@ -0,0 +1,4 @@
+class CloudRunnerConstants {
+  static alphabet = '0123456789abcdefghijklmnopqrstuvwxyz';
+}
+export default CloudRunnerConstants;

src/model/cloud-runner/options/cloud-runner-environment-variable.ts

@@ -0,0 +1,5 @@
+class CloudRunnerEnvironmentVariable {
+  public name!: string;
+  public value!: string;
+}
+export default CloudRunnerEnvironmentVariable;

src/model/cloud-runner/options/cloud-runner-folders.ts

@@ -0,0 +1,90 @@
+import path from 'node:path';
+import CloudRunnerOptions from './cloud-runner-options';
+import CloudRunner from '../cloud-runner';
+import BuildParameters from '../../build-parameters';
+
+export class CloudRunnerFolders {
+  public static readonly repositoryFolder = 'repo';
+
+  public static ToLinuxFolder(folder: string) {
+    return folder.replace(/\\/g, `/`);
+  }
+
+  // Only the following paths that do not start a path.join with another "Full" suffixed property need to start with an absolute /
+
+  public static get uniqueCloudRunnerJobFolderAbsolute(): string {
+    return CloudRunner.buildParameters && BuildParameters.shouldUseRetainedWorkspaceMode(CloudRunner.buildParameters)
+      ? path.join(`/`, CloudRunnerFolders.buildVolumeFolder, CloudRunner.lockedWorkspace)
+      : path.join(`/`, CloudRunnerFolders.buildVolumeFolder, CloudRunner.buildParameters.buildGuid);
+  }
+
+  public static get cacheFolderForAllFull(): string {
+    return path.join('/', CloudRunnerFolders.buildVolumeFolder, CloudRunnerFolders.cacheFolder);
+  }
+
+  public static get cacheFolderForCacheKeyFull(): string {
+    return path.join(
+      '/',
+      CloudRunnerFolders.buildVolumeFolder,
+      CloudRunnerFolders.cacheFolder,
+      CloudRunner.buildParameters.cacheKey,
+    );
+  }
+
+  public static get builderPathAbsolute(): string {
+    return path.join(
+      CloudRunnerOptions.useSharedBuilder
+        ? `/${CloudRunnerFolders.buildVolumeFolder}`
+        : CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute,
+      `builder`,
+    );
+  }
+
+  public static get repoPathAbsolute(): string {
+    return path.join(CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute, CloudRunnerFolders.repositoryFolder);
+  }
+
+  public static get projectPathAbsolute(): string {
+    return path.join(CloudRunnerFolders.repoPathAbsolute, CloudRunner.buildParameters.projectPath);
+  }
+
+  public static get libraryFolderAbsolute(): string {
+    return path.join(CloudRunnerFolders.projectPathAbsolute, `Library`);
+  }
+
+  public static get projectBuildFolderAbsolute(): string {
+    return path.join(CloudRunnerFolders.repoPathAbsolute, CloudRunner.buildParameters.buildPath);
+  }
+
+  public static get lfsFolderAbsolute(): string {
+    return path.join(CloudRunnerFolders.repoPathAbsolute, `.git`, `lfs`);
+  }
+
+  public static get purgeRemoteCaching(): boolean {
+    return process.env.PURGE_REMOTE_BUILDER_CACHE !== undefined;
+  }
+
+  public static get lfsCacheFolderFull() {
+    return path.join(CloudRunnerFolders.cacheFolderForCacheKeyFull, `lfs`);
+  }
+
+  public static get libraryCacheFolderFull() {
+    return path.join(CloudRunnerFolders.cacheFolderForCacheKeyFull, `Library`);
+  }
+
+  public static get unityBuilderRepoUrl(): string {
+    return `https://${CloudRunner.buildParameters.gitPrivateToken}@github.com/game-ci/unity-builder.git`;
+  }
+
+  public static get targetBuildRepoUrl(): string {
+    return `https://${CloudRunner.buildParameters.gitPrivateToken}@github.com/${CloudRunner.buildParameters.githubRepo}.git`;
+  }
+
+  public static get buildVolumeFolder() {
+    return 'data';
+  }
+
+  public static get cacheFolder() {
+    return 'cache';
+  }
+}

src/model/cloud-runner/options/cloud-runner-guid.ts

@@ -0,0 +1,11 @@
+import { customAlphabet } from 'nanoid';
+import CloudRunnerConstants from './cloud-runner-constants';
+
+class CloudRunnerNamespace {
+  static generateGuid(runNumber: string | number, platform: string) {
+    const nanoid = customAlphabet(CloudRunnerConstants.alphabet, 4);
+
+    return `${runNumber}-${platform.toLowerCase().replace('standalone', '')}-${nanoid()}`;
+  }
+}
+export default CloudRunnerNamespace;

src/model/cloud-runner/options/cloud-runner-options-reader.ts

@@ -0,0 +1,10 @@
+import Input from '../../input';
+import CloudRunnerOptions from './cloud-runner-options';
+
+class CloudRunnerOptionsReader {
+  static GetProperties() {
+    return [...Object.getOwnPropertyNames(Input), ...Object.getOwnPropertyNames(CloudRunnerOptions)];
+  }
+}
+
+export default CloudRunnerOptionsReader;

src/model/cloud-runner/options/cloud-runner-options.ts

@@ -0,0 +1,319 @@
+import { Cli } from '../../cli/cli';
+import CloudRunnerQueryOverride from './cloud-runner-query-override';
+import GitHub from '../../github';
+import * as core from '@actions/core';
+
+class CloudRunnerOptions {
+  // ### ### ###
+  // Input Handling
+  // ### ### ###
+  public static getInput(query: string): string | undefined {
+    if (GitHub.githubInputEnabled) {
+      const coreInput = core.getInput(query);
+      if (coreInput && coreInput !== '') {
+        return coreInput;
+      }
+    }
+    const alternativeQuery = CloudRunnerOptions.ToEnvVarFormat(query);
+
+    // Query input sources
+    if (Cli.query(query, alternativeQuery)) {
+      return Cli.query(query, alternativeQuery);
+    }
+
+    if (CloudRunnerQueryOverride.query(query, alternativeQuery)) {
+      return CloudRunnerQueryOverride.query(query, alternativeQuery);
+    }
+
+    if (process.env[query] !== undefined) {
+      return process.env[query];
+    }
+
+    if (alternativeQuery !== query && process.env[alternativeQuery] !== undefined) {
+      return process.env[alternativeQuery];
+    }
+  }
+
+  public static ToEnvVarFormat(input: string): string {
+    if (input.toUpperCase() === input) {
+      return input;
+    }
+
+    return input
+      .replace(/([A-Z])/g, ' $1')
+      .trim()
+      .toUpperCase()
+      .replace(/ /g, '_');
+  }
+
+  // ### ### ###
+  // Provider parameters
+  // ### ### ###
+
+  static get region(): string {
+    return CloudRunnerOptions.getInput('region') || 'eu-west-2';
+  }
+
+  // ### ### ###
+  // GitHub  parameters
+  // ### ### ###
+  static get githubChecks(): boolean {
+    const value = CloudRunnerOptions.getInput('githubChecks');
+
+    return value === `true` || false;
+  }
+  static get githubCheckId(): string {
+    return CloudRunnerOptions.getInput('githubCheckId') || ``;
+  }
+
+  static get githubOwner(): string {
+    return CloudRunnerOptions.getInput('githubOwner') || CloudRunnerOptions.githubRepo?.split(`/`)[0] || '';
+  }
+
+  static get githubRepoName(): string {
+    return CloudRunnerOptions.getInput('githubRepoName') || CloudRunnerOptions.githubRepo?.split(`/`)[1] || '';
+  }
+
+  static get finalHooks(): string[] {
+    return CloudRunnerOptions.getInput('finalHooks')?.split(',') || [];
+  }
+
+  // ### ### ###
+  // Git syncronization parameters
+  // ### ### ###
+
+  static get githubRepo(): string | undefined {
+    return CloudRunnerOptions.getInput('GITHUB_REPOSITORY') || CloudRunnerOptions.getInput('GITHUB_REPO') || undefined;
+  }
+  static get branch(): string {
+    if (CloudRunnerOptions.getInput(`GITHUB_REF`)) {
+      return (
+        CloudRunnerOptions.getInput(`GITHUB_REF`)?.replace('refs/', '').replace(`head/`, '').replace(`heads/`, '') || ``
+      );
+    } else if (CloudRunnerOptions.getInput('branch')) {
+      return CloudRunnerOptions.getInput('branch') || ``;
+    } else {
+      return '';
+    }
+  }
+
+  // ### ### ###
+  // Cloud Runner parameters
+  // ### ### ###
+
+  static get buildPlatform(): string {
+    const input = CloudRunnerOptions.getInput('buildPlatform');
+    if (input && input !== '') {
+      return input;
+    }
+    if (CloudRunnerOptions.providerStrategy !== 'local') {
+      return 'linux';
+    }
+
+    return process.platform;
+  }
+
+  static get cloudRunnerBranch(): string {
+    return CloudRunnerOptions.getInput('cloudRunnerBranch') || 'main';
+  }
+
+  static get providerStrategy(): string {
+    const provider =
+      CloudRunnerOptions.getInput('cloudRunnerCluster') || CloudRunnerOptions.getInput('providerStrategy');
+    if (Cli.isCliMode) {
+      return provider || 'aws';
+    }
+
+    return provider || 'local';
+  }
+
+  static get containerCpu(): string {
+    return CloudRunnerOptions.getInput('containerCpu') || `1024`;
+  }
+
+  static get containerMemory(): string {
+    return CloudRunnerOptions.getInput('containerMemory') || `3072`;
+  }
+
+  static get customJob(): string {
+    return CloudRunnerOptions.getInput('customJob') || '';
+  }
+
+  // ### ### ###
+  // Custom commands from files parameters
+  // ### ### ###
+
+  static get containerHookFiles(): string[] {
+    return CloudRunnerOptions.getInput('containerHookFiles')?.split(`,`) || [];
+  }
+
+  static get commandHookFiles(): string[] {
+    return CloudRunnerOptions.getInput('commandHookFiles')?.split(`,`) || [];
+  }
+
+  // ### ### ###
+  // Custom commands from yaml parameters
+  // ### ### ###
+
+  static get commandHooks(): string {
+    return CloudRunnerOptions.getInput('commandHooks') || '';
+  }
+
+  static get postBuildContainerHooks(): string {
+    return CloudRunnerOptions.getInput('postBuildContainerHooks') || '';
+  }
+
+  static get preBuildContainerHooks(): string {
+    return CloudRunnerOptions.getInput('preBuildContainerHooks') || '';
+  }
+
+  // ### ### ###
+  // Input override handling
+  // ### ### ###
+
+  static get pullInputList(): string[] {
+    return CloudRunnerOptions.getInput('pullInputList')?.split(`,`) || [];
+  }
+
+  static get inputPullCommand(): string {
+    const value = CloudRunnerOptions.getInput('inputPullCommand');
+
+    if (value === 'gcp-secret-manager') {
+      return 'gcloud secrets versions access 1 --secret="{0}"';
+    } else if (value === 'aws-secret-manager') {
+      return 'aws secretsmanager get-secret-value --secret-id {0}';
+    }
+
+    return value || '';
+  }
+
+  // ### ### ###
+  // Aws
+  // ### ### ###
+
+  static get awsStackName() {
+    return CloudRunnerOptions.getInput('awsStackName') || 'game-ci';
+  }
+
+  static get awsEndpoint(): string | undefined {
+    return CloudRunnerOptions.getInput('awsEndpoint');
+  }
+
+  static get awsCloudFormationEndpoint(): string | undefined {
+    return CloudRunnerOptions.getInput('awsCloudFormationEndpoint') || CloudRunnerOptions.awsEndpoint;
+  }
+
+  static get awsEcsEndpoint(): string | undefined {
+    return CloudRunnerOptions.getInput('awsEcsEndpoint') || CloudRunnerOptions.awsEndpoint;
+  }
+
+  static get awsKinesisEndpoint(): string | undefined {
+    return CloudRunnerOptions.getInput('awsKinesisEndpoint') || CloudRunnerOptions.awsEndpoint;
+  }
+
+  static get awsCloudWatchLogsEndpoint(): string | undefined {
+    return CloudRunnerOptions.getInput('awsCloudWatchLogsEndpoint') || CloudRunnerOptions.awsEndpoint;
+  }
+
+  static get awsS3Endpoint(): string | undefined {
+    return CloudRunnerOptions.getInput('awsS3Endpoint') || CloudRunnerOptions.awsEndpoint;
+  }
+
+  // ### ### ###
+  // Storage
+  // ### ### ###
+
+  static get storageProvider(): string {
+    return CloudRunnerOptions.getInput('storageProvider') || 's3';
+  }
+
+  static get rcloneRemote(): string {
+    return CloudRunnerOptions.getInput('rcloneRemote') || '';
+  }
+
+  // ### ### ###
+  // K8s
+  // ### ### ###
+
+  static get kubeConfig(): string {
+    return CloudRunnerOptions.getInput('kubeConfig') || '';
+  }
+
+  static get kubeVolume(): string {
+    return CloudRunnerOptions.getInput('kubeVolume') || '';
+  }
+
+  static get kubeVolumeSize(): string {
+    return CloudRunnerOptions.getInput('kubeVolumeSize') || '25Gi';
+  }
+
+  static get kubeStorageClass(): string {
+    return CloudRunnerOptions.getInput('kubeStorageClass') || '';
+  }
+
+  // ### ### ###
+  // Caching
+  // ### ### ###
+
+  static get cacheKey(): string {
+    return CloudRunnerOptions.getInput('cacheKey') || CloudRunnerOptions.branch;
+  }
+
+  // ### ### ###
+  // Utility Parameters
+  // ### ### ###
+
+  static get cloudRunnerDebug(): boolean {
+    return (
+      CloudRunnerOptions.getInput(`cloudRunnerTests`) === `true` ||
+      CloudRunnerOptions.getInput(`cloudRunnerDebug`) === `true` ||
+      CloudRunnerOptions.getInput(`cloudRunnerDebugTree`) === `true` ||
+      CloudRunnerOptions.getInput(`cloudRunnerDebugEnv`) === `true` ||
+      false
+    );
+  }
+  static get skipLfs(): boolean {
+    return CloudRunnerOptions.getInput(`skipLfs`) === `true`;
+  }
+  static get skipCache(): boolean {
+    return CloudRunnerOptions.getInput(`skipCache`) === `true`;
+  }
+
+  public static get asyncCloudRunner(): boolean {
+    return CloudRunnerOptions.getInput('asyncCloudRunner') === 'true';
+  }
+
+  public static get useLargePackages(): boolean {
+    return CloudRunnerOptions.getInput(`useLargePackages`) === `true`;
+  }
+
+  public static get useSharedBuilder(): boolean {
+    return CloudRunnerOptions.getInput(`useSharedBuilder`) === `true`;
+  }
+
+  public static get useCompressionStrategy(): boolean {
+    return CloudRunnerOptions.getInput(`useCompressionStrategy`) === `true`;
+  }
+
+  public static get useCleanupCron(): boolean {
+    return (CloudRunnerOptions.getInput(`useCleanupCron`) || 'true') === 'true';
+  }
+
+  // ### ### ###
+  // Retained Workspace
+  // ### ### ###
+
+  public static get maxRetainedWorkspaces(): string {
+    return CloudRunnerOptions.getInput(`maxRetainedWorkspaces`) || `0`;
+  }
+
+  // ### ### ###
+  // Garbage Collection
+  // ### ### ###
+
+  static get garbageMaxAge(): number {
+    return Number(CloudRunnerOptions.getInput(`garbageMaxAge`)) || 24;
+  }
+}
+
+export default CloudRunnerOptions;

src/model/cloud-runner/options/cloud-runner-query-override.ts

@@ -0,0 +1,67 @@
+import Input from '../../input';
+import { GenericInputReader } from '../../input-readers/generic-input-reader';
+import CloudRunnerOptions from './cloud-runner-options';
+
+const formatFunction = (value: string, arguments_: any[]) => {
+  for (const element of arguments_) {
+    value = value.replace(`{${element.key}}`, element.value);
+  }
+
+  return value;
+};
+
+class CloudRunnerQueryOverride {
+  static queryOverrides: { [key: string]: string } | undefined;
+
+  // TODO accept premade secret sources or custom secret source definition yamls
+
+  public static query(key: string, alternativeKey: string) {
+    if (CloudRunnerQueryOverride.queryOverrides && CloudRunnerQueryOverride.queryOverrides[key] !== undefined) {
+      return CloudRunnerQueryOverride.queryOverrides[key];
+    }
+    if (
+      CloudRunnerQueryOverride.queryOverrides &&
+      alternativeKey &&
+      CloudRunnerQueryOverride.queryOverrides[alternativeKey] !== undefined
+    ) {
+      return CloudRunnerQueryOverride.queryOverrides[alternativeKey];
+    }
+
+    return;
+  }
+
+  private static shouldUseOverride(query: string) {
+    if (CloudRunnerOptions.inputPullCommand !== '') {
+      if (CloudRunnerOptions.pullInputList.length > 0) {
+        const doesInclude =
+          CloudRunnerOptions.pullInputList.includes(query) ||
+          CloudRunnerOptions.pullInputList.includes(Input.ToEnvVarFormat(query));
+
+        return doesInclude ? true : false;
+      } else {
+        return true;
+      }
+    }
+  }
+
+  private static async queryOverride(query: string) {
+    if (!this.shouldUseOverride(query)) {
+      throw new Error(`Should not be trying to run override query on ${query}`);
+    }
+
+    return await GenericInputReader.Run(
+      formatFunction(CloudRunnerOptions.inputPullCommand, [{ key: 0, value: query }]),
+    );
+  }
+
+  public static async PopulateQueryOverrideInput() {
+    const queries = CloudRunnerOptions.pullInputList;
+    CloudRunnerQueryOverride.queryOverrides = {};
+    for (const element of queries) {
+      if (CloudRunnerQueryOverride.shouldUseOverride(element)) {
+        CloudRunnerQueryOverride.queryOverrides[element] = await CloudRunnerQueryOverride.queryOverride(element);
+      }
+    }
+  }
+}
+export default CloudRunnerQueryOverride;

src/model/cloud-runner/options/cloud-runner-secret.ts

@@ -0,0 +1,6 @@
+class CloudRunnerSecret {
+  public ParameterKey!: string;
+  public EnvironmentVariable!: string;
+  public ParameterValue!: string;
+}
+export default CloudRunnerSecret;

src/model/cloud-runner/options/cloud-runner-statics.ts

@@ -0,0 +1,3 @@
+export class CloudRunnerStatics {
+  public static readonly logPrefix = `Cloud-Runner`;
+}

src/model/cloud-runner/options/cloud-runner-step-parameters.ts

@@ -0,0 +1,13 @@
+import CloudRunnerEnvironmentVariable from './cloud-runner-environment-variable';
+import CloudRunnerSecret from './cloud-runner-secret';
+
+export class CloudRunnerStepParameters {
+  public image: string;
+  public environment: CloudRunnerEnvironmentVariable[];
+  public secrets: CloudRunnerSecret[];
+  constructor(image: string, environmentVariables: CloudRunnerEnvironmentVariable[], secrets: CloudRunnerSecret[]) {
+    this.image = image;
+    this.environment = environmentVariables;
+    this.secrets = secrets;
+  }
+}

src/model/cloud-runner/providers/README.md

@@ -0,0 +1,250 @@
+# Provider Loader Dynamic Imports
+
+The provider loader now supports dynamic loading of providers from multiple sources including local file paths, GitHub
+repositories, and NPM packages.
+
+## What is a Provider?
+
+A provider is a pluggable backend that Cloud Runner uses to run builds and workflows. Examples include AWS, Kubernetes,
+or local execution. Each provider implements the `ProviderInterface`, which defines the common lifecycle methods (setup,
+run, cleanup, garbage collection, etc.).
+
+This abstraction makes Cloud Runner flexible: you can switch execution environments or add your own provider (via npm
+package, GitHub repo, or local path) without changing the rest of your pipeline.
+
+## Features
+
+- **Local File Paths**: Load providers from relative or absolute file paths
+- **GitHub URLs**: Clone and load providers from GitHub repositories with automatic updates
+- **NPM Packages**: Load providers from installed NPM packages
+- **Automatic Updates**: GitHub repositories are automatically updated when changes are available
+- **Caching**: Local caching of cloned repositories for improved performance
+- **Fallback Support**: Graceful fallback to local provider if loading fails
+
+## Usage Examples
+
+### Loading Built-in Providers
+
+```typescript
+import { ProviderLoader } from './provider-loader';
+
+// Load built-in providers
+const awsProvider = await ProviderLoader.loadProvider('aws', buildParameters);
+const k8sProvider = await ProviderLoader.loadProvider('k8s', buildParameters);
+```
+
+### Loading Local Providers
+
+```typescript
+// Load from relative path
+const localProvider = await ProviderLoader.loadProvider('./my-local-provider', buildParameters);
+
+// Load from absolute path
+const absoluteProvider = await ProviderLoader.loadProvider('/path/to/provider', buildParameters);
+```
+
+### Loading GitHub Providers
+
+```typescript
+// Load from GitHub URL
+const githubProvider = await ProviderLoader.loadProvider('https://github.com/user/my-provider', buildParameters);
+
+// Load from specific branch
+const branchProvider = await ProviderLoader.loadProvider(
+  'https://github.com/user/my-provider/tree/develop',
+  buildParameters,
+);
+
+// Load from specific path in repository
+const pathProvider = await ProviderLoader.loadProvider(
+  'https://github.com/user/my-provider/tree/main/src/providers',
+  buildParameters,
+);
+
+// Shorthand notation
+const shorthandProvider = await ProviderLoader.loadProvider('user/repo', buildParameters);
+const branchShorthand = await ProviderLoader.loadProvider('user/repo@develop', buildParameters);
+```
+
+### Loading NPM Packages
+
+```typescript
+// Load from NPM package
+const npmProvider = await ProviderLoader.loadProvider('my-provider-package', buildParameters);
+
+// Load from scoped NPM package
+const scopedProvider = await ProviderLoader.loadProvider('@scope/my-provider', buildParameters);
+```
+
+## Provider Interface
+
+All providers must implement the `ProviderInterface`:
+
+```typescript
+interface ProviderInterface {
+  cleanupWorkflow(): Promise<void>;
+  setupWorkflow(
+    buildGuid: string,
+    buildParameters: BuildParameters,
+    branchName: string,
+    defaultSecretsArray: any[],
+  ): Promise<void>;
+  runTaskInWorkflow(
+    buildGuid: string,
+    task: string,
+    workingDirectory: string,
+    buildVolumeFolder: string,
+    environmentVariables: any[],
+    secrets: any[],
+  ): Promise<string>;
+  garbageCollect(): Promise<void>;
+  listResources(): Promise<ProviderResource[]>;
+  listWorkflow(): Promise<ProviderWorkflow[]>;
+  watchWorkflow(): Promise<void>;
+}
+```
+
+## Example Provider Implementation
+
+```typescript
+// my-provider.ts
+import { ProviderInterface } from './provider-interface';
+import BuildParameters from './build-parameters';
+
+export default class MyProvider implements ProviderInterface {
+  constructor(private buildParameters: BuildParameters) {}
+
+  async cleanupWorkflow(): Promise<void> {
+    // Cleanup logic
+  }
+
+  async setupWorkflow(
+    buildGuid: string,
+    buildParameters: BuildParameters,
+    branchName: string,
+    defaultSecretsArray: any[],
+  ): Promise<void> {
+    // Setup logic
+  }
+
+  async runTaskInWorkflow(
+    buildGuid: string,
+    task: string,
+    workingDirectory: string,
+    buildVolumeFolder: string,
+    environmentVariables: any[],
+    secrets: any[],
+  ): Promise<string> {
+    // Task execution logic
+    return 'Task completed';
+  }
+
+  async garbageCollect(): Promise<void> {
+    // Garbage collection logic
+  }
+
+  async listResources(): Promise<ProviderResource[]> {
+    return [];
+  }
+
+  async listWorkflow(): Promise<ProviderWorkflow[]> {
+    return [];
+  }
+
+  async watchWorkflow(): Promise<void> {
+    // Watch logic
+  }
+}
+```
+
+## Utility Methods
+
+### Analyze Provider Source
+
+```typescript
+// Analyze a provider source without loading it
+const sourceInfo = ProviderLoader.analyzeProviderSource('https://github.com/user/repo');
+console.log(sourceInfo.type); // 'github'
+console.log(sourceInfo.owner); // 'user'
+console.log(sourceInfo.repo); // 'repo'
+```
+
+### Clean Up Cache
+
+```typescript
+// Clean up old cached repositories (older than 30 days)
+await ProviderLoader.cleanupCache();
+
+// Clean up repositories older than 7 days
+await ProviderLoader.cleanupCache(7);
+```
+
+### Get Available Providers
+
+```typescript
+// Get list of built-in providers
+const providers = ProviderLoader.getAvailableProviders();
+console.log(providers); // ['aws', 'k8s', 'test', 'local-docker', 'local-system', 'local']
+```
+
+## Supported URL Formats
+
+### GitHub URLs
+
+- `https://github.com/user/repo`
+- `https://github.com/user/repo.git`
+- `https://github.com/user/repo/tree/branch`
+- `https://github.com/user/repo/tree/branch/path/to/provider`
+- `git@github.com:user/repo.git`
+
+### Shorthand GitHub References
+
+- `user/repo`
+- `user/repo@branch`
+- `user/repo@branch/path/to/provider`
+
+### Local Paths
+
+- `./relative/path`
+- `../relative/path`
+- `/absolute/path`
+- `C:\\path\\to\\provider` (Windows)
+
+### NPM Packages
+
+- `package-name`
+- `@scope/package-name`
+
+## Caching
+
+GitHub repositories are automatically cached in the `.provider-cache` directory. The cache key is generated based on the
+repository owner, name, and branch. This ensures that:
+
+1. Repositories are only cloned once
+2. Updates are checked and applied automatically
+3. Performance is improved for repeated loads
+4. Storage is managed efficiently
+
+## Error Handling
+
+The provider loader includes comprehensive error handling:
+
+- **Missing packages**: Clear error messages when providers cannot be found
+- **Interface validation**: Ensures providers implement the required interface
+- **Git operations**: Handles network issues and repository access problems
+- **Fallback mechanism**: Falls back to local provider if loading fails
+
+## Configuration
+
+The provider loader can be configured through environment variables:
+
+- `PROVIDER_CACHE_DIR`: Custom cache directory (default: `.provider-cache`)
+- `GIT_TIMEOUT`: Git operation timeout in milliseconds (default: 30000)
+
+## Best Practices
+
+1. **Use specific branches or versions**: Always specify the branch or specific tag when loading from GitHub
+2. **Implement proper error handling**: Wrap provider loading in try-catch blocks
+3. **Clean up regularly**: Use the cleanup utility to manage cache size
+4. **Test locally first**: Test providers locally before deploying
+5. **Use semantic versioning**: Tag your provider repositories for stable versions

src/model/cloud-runner/providers/aws/aws-base-stack.ts

@@ -0,0 +1,127 @@
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import * as core from '@actions/core';
+import {
+  CloudFormation,
+  CreateStackCommand,
+  CreateStackCommandInput,
+  DescribeStacksCommand,
+  DescribeStacksCommandInput,
+  ListStacksCommand,
+  Parameter,
+  UpdateStackCommand,
+  UpdateStackCommandInput,
+  waitUntilStackCreateComplete,
+  waitUntilStackUpdateComplete,
+} from '@aws-sdk/client-cloudformation';
+import { BaseStackFormation } from './cloud-formations/base-stack-formation';
+import crypto from 'node:crypto';
+
+export class AWSBaseStack {
+  constructor(baseStackName: string) {
+    this.baseStackName = baseStackName;
+  }
+  private baseStackName: string;
+
+  async setupBaseStack(CF: CloudFormation) {
+    const baseStackName = this.baseStackName;
+
+    const baseStack = BaseStackFormation.formation;
+
+    // Cloud Formation Input
+    const describeStackInput: DescribeStacksCommandInput = {
+      StackName: baseStackName,
+    };
+    const parametersWithoutHash: Parameter[] = [{ ParameterKey: 'EnvironmentName', ParameterValue: baseStackName }];
+    const parametersHash = crypto
+      .createHash('md5')
+      .update(baseStack + JSON.stringify(parametersWithoutHash))
+      .digest('hex');
+    const parameters: Parameter[] = [
+      ...parametersWithoutHash,
+      ...[{ ParameterKey: 'Version', ParameterValue: parametersHash }],
+    ];
+    const updateInput: UpdateStackCommandInput = {
+      StackName: baseStackName,
+      TemplateBody: baseStack,
+      Parameters: parameters,
+      Capabilities: ['CAPABILITY_IAM'],
+    };
+    const createStackInput: CreateStackCommandInput = {
+      StackName: baseStackName,
+      TemplateBody: baseStack,
+      Parameters: parameters,
+      Capabilities: ['CAPABILITY_IAM'],
+    };
+
+    const stacks = await CF.send(
+      new ListStacksCommand({ StackStatusFilter: ['UPDATE_COMPLETE', 'CREATE_COMPLETE', 'ROLLBACK_COMPLETE'] }),
+    );
+    const stackNames = stacks.StackSummaries?.map((x) => x.StackName) || [];
+    const stackExists: Boolean = stackNames.includes(baseStackName) || false;
+    const describeStack = async () => {
+      return await CF.send(new DescribeStacksCommand(describeStackInput));
+    };
+    try {
+      if (!stackExists) {
+        CloudRunnerLogger.log(`${baseStackName} stack does not exist (${JSON.stringify(stackNames)})`);
+        await CF.send(new CreateStackCommand(createStackInput));
+        CloudRunnerLogger.log(`created stack (version: ${parametersHash})`);
+      }
+      const CFState = await describeStack();
+      let stack = CFState.Stacks?.[0];
+      if (!stack) {
+        throw new Error(`Base stack doesn't exist, even after creation, stackExists check: ${stackExists}`);
+      }
+      const stackVersion = stack.Parameters?.find((x) => x.ParameterKey === 'Version')?.ParameterValue;
+
+      if (stack.StackStatus === 'CREATE_IN_PROGRESS') {
+        await waitUntilStackCreateComplete(
+          {
+            client: CF,
+            maxWaitTime: 200,
+          },
+          describeStackInput,
+        );
+      }
+
+      if (stackExists) {
+        CloudRunnerLogger.log(`Base stack exists (version: ${stackVersion}, local version: ${parametersHash})`);
+        if (parametersHash !== stackVersion) {
+          CloudRunnerLogger.log(`Attempting update of base stack`);
+          try {
+            await CF.send(new UpdateStackCommand(updateInput));
+          } catch (error: any) {
+            if (error['message'].includes('No updates are to be performed')) {
+              CloudRunnerLogger.log(`No updates are to be performed`);
+            } else {
+              CloudRunnerLogger.log(`Update Failed (Stack name: ${baseStackName})`);
+              CloudRunnerLogger.log(error['message']);
+            }
+            CloudRunnerLogger.log(`Continuing...`);
+          }
+        } else {
+          CloudRunnerLogger.log(`No update required`);
+        }
+        stack = (await describeStack()).Stacks?.[0];
+        if (!stack) {
+          throw new Error(
+            `Base stack doesn't exist, even after updating and creation, stackExists check: ${stackExists}`,
+          );
+        }
+        if (stack.StackStatus === 'UPDATE_IN_PROGRESS') {
+          await waitUntilStackUpdateComplete(
+            {
+              client: CF,
+              maxWaitTime: 200,
+            },
+            describeStackInput,
+          );
+        }
+      }
+      CloudRunnerLogger.log('base stack is now ready');
+    } catch (error) {
+      core.error(JSON.stringify(await describeStack(), undefined, 4));
+      throw error;
+    }
+  }
+}

src/model/cloud-runner/providers/aws/aws-client-factory.ts

@@ -0,0 +1,71 @@
+import { CloudFormation } from '@aws-sdk/client-cloudformation';
+import { ECS } from '@aws-sdk/client-ecs';
+import { Kinesis } from '@aws-sdk/client-kinesis';
+import { CloudWatchLogs } from '@aws-sdk/client-cloudwatch-logs';
+import { S3 } from '@aws-sdk/client-s3';
+import { Input } from '../../..';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+
+export class AwsClientFactory {
+  private static cloudFormation: CloudFormation;
+  private static ecs: ECS;
+  private static kinesis: Kinesis;
+  private static cloudWatchLogs: CloudWatchLogs;
+  private static s3: S3;
+
+  static getCloudFormation(): CloudFormation {
+    if (!this.cloudFormation) {
+      this.cloudFormation = new CloudFormation({
+        region: Input.region,
+        endpoint: CloudRunnerOptions.awsCloudFormationEndpoint,
+      });
+    }
+
+    return this.cloudFormation;
+  }
+
+  static getECS(): ECS {
+    if (!this.ecs) {
+      this.ecs = new ECS({
+        region: Input.region,
+        endpoint: CloudRunnerOptions.awsEcsEndpoint,
+      });
+    }
+
+    return this.ecs;
+  }
+
+  static getKinesis(): Kinesis {
+    if (!this.kinesis) {
+      this.kinesis = new Kinesis({
+        region: Input.region,
+        endpoint: CloudRunnerOptions.awsKinesisEndpoint,
+      });
+    }
+
+    return this.kinesis;
+  }
+
+  static getCloudWatchLogs(): CloudWatchLogs {
+    if (!this.cloudWatchLogs) {
+      this.cloudWatchLogs = new CloudWatchLogs({
+        region: Input.region,
+        endpoint: CloudRunnerOptions.awsCloudWatchLogsEndpoint,
+      });
+    }
+
+    return this.cloudWatchLogs;
+  }
+
+  static getS3(): S3 {
+    if (!this.s3) {
+      this.s3 = new S3({
+        region: Input.region,
+        endpoint: CloudRunnerOptions.awsS3Endpoint,
+        forcePathStyle: true,
+      });
+    }
+
+    return this.s3;
+  }
+}

src/model/cloud-runner/providers/aws/aws-cloud-formation-templates.ts

@@ -0,0 +1,39 @@
+import { TaskDefinitionFormation } from './cloud-formations/task-definition-formation';
+
+export class AWSCloudFormationTemplates {
+  public static getParameterTemplate(p1: string) {
+    return `
+  ${p1}:
+    Type: String
+    Default: ''
+`;
+  }
+
+  public static getSecretTemplate(p1: string) {
+    return `
+  ${p1}Secret:
+    Type: AWS::SecretsManager::Secret
+    Properties:
+      Name: '${p1}'
+      SecretString: !Ref ${p1}
+`;
+  }
+
+  public static getSecretDefinitionTemplate(p1: string, p2: string) {
+    return `
+            - Name: '${p1}'
+              ValueFrom: !Ref ${p2}Secret
+`;
+  }
+
+  public static insertAtTemplate(template: string, insertionKey: string, insertion: string) {
+    const index = template.search(insertionKey) + insertionKey.length + '\n'.length;
+    template = [template.slice(0, index), insertion, template.slice(index)].join('');
+
+    return template;
+  }
+
+  public static readTaskCloudFormationTemplate(): string {
+    return TaskDefinitionFormation.formation;
+  }
+}

src/model/cloud-runner/providers/aws/aws-error.ts

@@ -0,0 +1,16 @@
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { CloudFormation, DescribeStackEventsCommand } from '@aws-sdk/client-cloudformation';
+import * as core from '@actions/core';
+import CloudRunner from '../../cloud-runner';
+
+export class AWSError {
+  static async handleStackCreationFailure(error: any, CF: CloudFormation, taskDefStackName: string) {
+    CloudRunnerLogger.log('aws error: ');
+    core.error(JSON.stringify(error, undefined, 4));
+    if (CloudRunner.buildParameters.cloudRunnerDebug) {
+      CloudRunnerLogger.log('Getting events and resources for task stack');
+      const events = (await CF.send(new DescribeStackEventsCommand({ StackName: taskDefStackName }))).StackEvents;
+      CloudRunnerLogger.log(JSON.stringify(events, undefined, 4));
+    }
+  }
+}

src/model/cloud-runner/providers/aws/aws-job-stack.ts

@@ -0,0 +1,227 @@
+import {
+  CloudFormation,
+  CreateStackCommand,
+  CreateStackCommandInput,
+  DescribeStackResourcesCommand,
+  DescribeStacksCommand,
+  ListStacksCommand,
+  waitUntilStackCreateComplete,
+} from '@aws-sdk/client-cloudformation';
+import CloudRunnerAWSTaskDef from './cloud-runner-aws-task-def';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import { AWSCloudFormationTemplates } from './aws-cloud-formation-templates';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { AWSError } from './aws-error';
+import CloudRunner from '../../cloud-runner';
+import { CleanupCronFormation } from './cloud-formations/cleanup-cron-formation';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+import { TaskDefinitionFormation } from './cloud-formations/task-definition-formation';
+
+export class AWSJobStack {
+  private baseStackName: string;
+  constructor(baseStackName: string) {
+    this.baseStackName = baseStackName;
+  }
+
+  public async setupCloudFormations(
+    CF: CloudFormation,
+    buildGuid: string,
+    image: string,
+    entrypoint: string[],
+    commands: string,
+    mountdir: string,
+    workingdir: string,
+    secrets: CloudRunnerSecret[],
+  ): Promise<CloudRunnerAWSTaskDef> {
+    const taskDefStackName = `${this.baseStackName}-${buildGuid}`;
+    let taskDefCloudFormation = AWSCloudFormationTemplates.readTaskCloudFormationTemplate();
+    taskDefCloudFormation = taskDefCloudFormation.replace(
+      `ContainerCpu:
+    Default: 1024`,
+      `ContainerCpu:
+    Default: ${Number.parseInt(CloudRunner.buildParameters.containerCpu)}`,
+    );
+    taskDefCloudFormation = taskDefCloudFormation.replace(
+      `ContainerMemory:
+    Default: 2048`,
+      `ContainerMemory:
+    Default: ${Number.parseInt(CloudRunner.buildParameters.containerMemory)}`,
+    );
+    if (!CloudRunnerOptions.asyncCloudRunner) {
+      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
+        taskDefCloudFormation,
+        '# template resources logstream',
+        TaskDefinitionFormation.streamLogs,
+      );
+    }
+    for (const secret of secrets) {
+      secret.ParameterKey = `${buildGuid.replace(/[^\dA-Za-z]/g, '')}${secret.ParameterKey.replace(
+        /[^\dA-Za-z]/g,
+        '',
+      )}`;
+      if (typeof secret.ParameterValue == 'number') {
+        secret.ParameterValue = `${secret.ParameterValue}`;
+      }
+      if (!secret.ParameterValue || secret.ParameterValue === '') {
+        secrets = secrets.filter((x) => x !== secret);
+        continue;
+      }
+      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
+        taskDefCloudFormation,
+        'p1 - input',
+        AWSCloudFormationTemplates.getParameterTemplate(secret.ParameterKey),
+      );
+      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
+        taskDefCloudFormation,
+        '# template resources secrets',
+        AWSCloudFormationTemplates.getSecretTemplate(`${secret.ParameterKey}`),
+      );
+      taskDefCloudFormation = AWSCloudFormationTemplates.insertAtTemplate(
+        taskDefCloudFormation,
+        'p3 - container def',
+        AWSCloudFormationTemplates.getSecretDefinitionTemplate(secret.EnvironmentVariable, secret.ParameterKey),
+      );
+    }
+    const secretsMappedToCloudFormationParameters = secrets.map((x) => {
+      return { ParameterKey: x.ParameterKey.replace(/[^\dA-Za-z]/g, ''), ParameterValue: x.ParameterValue };
+    });
+    const logGroupName = `${this.baseStackName}/${taskDefStackName}`;
+    const parameters = [
+      {
+        ParameterKey: 'EnvironmentName',
+        ParameterValue: this.baseStackName,
+      },
+      {
+        ParameterKey: 'ImageUrl',
+        ParameterValue: image,
+      },
+      {
+        ParameterKey: 'ServiceName',
+        ParameterValue: taskDefStackName,
+      },
+      {
+        ParameterKey: 'LogGroupName',
+        ParameterValue: logGroupName,
+      },
+      {
+        ParameterKey: 'Command',
+        ParameterValue: 'echo "this template should be overwritten when running a task"',
+      },
+      {
+        ParameterKey: 'EntryPoint',
+        ParameterValue: entrypoint.join(','),
+      },
+      {
+        ParameterKey: 'WorkingDirectory',
+        ParameterValue: workingdir,
+      },
+      {
+        ParameterKey: 'EFSMountDirectory',
+        ParameterValue: mountdir,
+      },
+      ...secretsMappedToCloudFormationParameters,
+    ];
+    CloudRunnerLogger.log(
+      `Starting AWS job with memory: ${CloudRunner.buildParameters.containerMemory} cpu: ${CloudRunner.buildParameters.containerCpu}`,
+    );
+    let previousStackExists = true;
+    while (previousStackExists) {
+      previousStackExists = false;
+      const stacks = await CF.send(new ListStacksCommand({}));
+      if (!stacks.StackSummaries) {
+        throw new Error('Faild to get stacks');
+      }
+      for (let index = 0; index < stacks.StackSummaries.length; index++) {
+        const element = stacks.StackSummaries[index];
+        if (element.StackName === taskDefStackName && element.StackStatus !== 'DELETE_COMPLETE') {
+          previousStackExists = true;
+          CloudRunnerLogger.log(`Previous stack still exists: ${JSON.stringify(element)}`);
+          await new Promise((promise) => setTimeout(promise, 5000));
+        }
+      }
+    }
+    const createStackInput: CreateStackCommandInput = {
+      StackName: taskDefStackName,
+      TemplateBody: taskDefCloudFormation,
+      Capabilities: ['CAPABILITY_IAM'],
+      Parameters: parameters,
+    };
+    try {
+      CloudRunnerLogger.log(`Creating job aws formation ${taskDefStackName}`);
+      await CF.send(new CreateStackCommand(createStackInput));
+      await waitUntilStackCreateComplete(
+        {
+          client: CF,
+          maxWaitTime: 200,
+        },
+        { StackName: taskDefStackName },
+      );
+      const describeStack = await CF.send(new DescribeStacksCommand({ StackName: taskDefStackName }));
+      for (const parameter of parameters) {
+        if (!describeStack.Stacks?.[0].Parameters?.some((x) => x.ParameterKey === parameter.ParameterKey)) {
+          throw new Error(`Parameter ${parameter.ParameterKey} not found in stack`);
+        }
+      }
+    } catch (error) {
+      await AWSError.handleStackCreationFailure(error, CF, taskDefStackName);
+      throw error;
+    }
+
+    const createCleanupStackInput: CreateStackCommandInput = {
+      StackName: `${taskDefStackName}-cleanup`,
+      TemplateBody: CleanupCronFormation.formation,
+      Capabilities: ['CAPABILITY_IAM'],
+      Parameters: [
+        {
+          ParameterKey: 'StackName',
+          ParameterValue: taskDefStackName,
+        },
+        {
+          ParameterKey: 'DeleteStackName',
+          ParameterValue: `${taskDefStackName}-cleanup`,
+        },
+        {
+          ParameterKey: 'TTL',
+          ParameterValue: `1080`,
+        },
+        {
+          ParameterKey: 'BUILDGUID',
+          ParameterValue: CloudRunner.buildParameters.buildGuid,
+        },
+        {
+          ParameterKey: 'EnvironmentName',
+          ParameterValue: this.baseStackName,
+        },
+      ],
+    };
+    if (CloudRunnerOptions.useCleanupCron) {
+      try {
+        CloudRunnerLogger.log(`Creating job cleanup formation`);
+        await CF.send(new CreateStackCommand(createCleanupStackInput));
+
+        // await CF.waitFor('stackCreateComplete', { StackName: createCleanupStackInput.StackName }).promise();
+      } catch (error) {
+        await AWSError.handleStackCreationFailure(error, CF, taskDefStackName);
+        throw error;
+      }
+    }
+
+    const taskDefResources = (
+      await CF.send(
+        new DescribeStackResourcesCommand({
+          StackName: taskDefStackName,
+        }),
+      )
+    ).StackResources;
+
+    const baseResources = (await CF.send(new DescribeStackResourcesCommand({ StackName: this.baseStackName })))
+      .StackResources;
+
+    return {
+      taskDefStackName,
+      taskDefCloudFormation,
+      taskDefResources,
+      baseResources,
+    };
+  }
+}

src/model/cloud-runner/providers/aws/aws-task-runner.ts

@@ -0,0 +1,293 @@
+import { DescribeTasksCommand, RunTaskCommand, waitUntilTasksRunning } from '@aws-sdk/client-ecs';
+import { DescribeStreamCommand, GetRecordsCommand, GetShardIteratorCommand } from '@aws-sdk/client-kinesis';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import * as core from '@actions/core';
+import CloudRunnerAWSTaskDef from './cloud-runner-aws-task-def';
+import * as zlib from 'node:zlib';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { Input } from '../../..';
+import CloudRunner from '../../cloud-runner';
+import { CommandHookService } from '../../services/hooks/command-hook-service';
+import { FollowLogStreamService } from '../../services/core/follow-log-stream-service';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+import GitHub from '../../../github';
+import { AwsClientFactory } from './aws-client-factory';
+
+class AWSTaskRunner {
+  private static readonly encodedUnderscore = `$252F`;
+  static async runTask(
+    taskDef: CloudRunnerAWSTaskDef,
+    environment: CloudRunnerEnvironmentVariable[],
+    commands: string,
+  ): Promise<{ output: string; shouldCleanup: boolean }> {
+    const cluster = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ECSCluster')?.PhysicalResourceId || '';
+    const taskDefinition =
+      taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'TaskDefinition')?.PhysicalResourceId || '';
+    const SubnetOne =
+      taskDef.baseResources?.find((x) => x.LogicalResourceId === 'PublicSubnetOne')?.PhysicalResourceId || '';
+    const SubnetTwo =
+      taskDef.baseResources?.find((x) => x.LogicalResourceId === 'PublicSubnetTwo')?.PhysicalResourceId || '';
+    const ContainerSecurityGroup =
+      taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ContainerSecurityGroup')?.PhysicalResourceId || '';
+    const streamName =
+      taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'KinesisStream')?.PhysicalResourceId || '';
+
+    const runParameters = {
+      cluster,
+      taskDefinition,
+      platformVersion: '1.4.0',
+      overrides: {
+        containerOverrides: [
+          {
+            name: taskDef.taskDefStackName,
+            environment,
+            command: ['-c', CommandHookService.ApplyHooksToCommands(commands, CloudRunner.buildParameters)],
+          },
+        ],
+      },
+      launchType: 'FARGATE',
+      networkConfiguration: {
+        awsvpcConfiguration: {
+          subnets: [SubnetOne, SubnetTwo],
+          assignPublicIp: 'ENABLED',
+          securityGroups: [ContainerSecurityGroup],
+        },
+      },
+    };
+
+    if (JSON.stringify(runParameters.overrides.containerOverrides).length > 8192) {
+      CloudRunnerLogger.log(JSON.stringify(runParameters.overrides.containerOverrides, undefined, 4));
+      throw new Error(`Container Overrides length must be at most 8192`);
+    }
+
+    const task = await AwsClientFactory.getECS().send(new RunTaskCommand(runParameters as any));
+    const taskArn = task.tasks?.[0].taskArn || '';
+    CloudRunnerLogger.log('Cloud runner job is starting');
+    await AWSTaskRunner.waitUntilTaskRunning(taskArn, cluster);
+    CloudRunnerLogger.log(
+      `Cloud runner job status is running ${(await AWSTaskRunner.describeTasks(cluster, taskArn))?.lastStatus} Async:${
+        CloudRunnerOptions.asyncCloudRunner
+      }`,
+    );
+    if (CloudRunnerOptions.asyncCloudRunner) {
+      const shouldCleanup: boolean = false;
+      const output: string = '';
+      CloudRunnerLogger.log(`Watch Cloud Runner To End: false`);
+
+      return { output, shouldCleanup };
+    }
+
+    CloudRunnerLogger.log(`Streaming...`);
+    const { output, shouldCleanup } = await this.streamLogsUntilTaskStops(cluster, taskArn, streamName);
+    let exitCode;
+    let containerState;
+    let taskData;
+    while (exitCode === undefined) {
+      await new Promise((resolve) => setTimeout(resolve, 10000));
+      taskData = await AWSTaskRunner.describeTasks(cluster, taskArn);
+      const containers = taskData?.containers as any[] | undefined;
+      if (!containers || containers.length === 0) {
+        continue;
+      }
+      containerState = containers[0];
+      exitCode = containerState?.exitCode;
+    }
+    CloudRunnerLogger.log(`Container State: ${JSON.stringify(containerState, undefined, 4)}`);
+    if (exitCode === undefined) {
+      CloudRunnerLogger.logWarning(`Undefined exitcode for container`);
+    }
+    const wasSuccessful = exitCode === 0;
+    if (wasSuccessful) {
+      CloudRunnerLogger.log(`Cloud runner job has finished successfully`);
+
+      return { output, shouldCleanup };
+    }
+
+    if (taskData?.stoppedReason === 'Essential container in task exited' && exitCode === 1) {
+      throw new Error('Container exited with code 1');
+    }
+
+    throw new Error(`Task failed`);
+  }
+
+  private static async waitUntilTaskRunning(taskArn: string, cluster: string) {
+    try {
+      await waitUntilTasksRunning(
+        {
+          client: AwsClientFactory.getECS(),
+          maxWaitTime: 300,
+          minDelay: 5,
+          maxDelay: 30,
+        },
+        { tasks: [taskArn], cluster },
+      );
+    } catch (error_) {
+      const error = error_ as Error;
+      await new Promise((resolve) => setTimeout(resolve, 3000));
+      const taskAfterError = await AWSTaskRunner.describeTasks(cluster, taskArn);
+      CloudRunnerLogger.log(`Cloud runner job has ended ${taskAfterError?.containers?.[0]?.lastStatus}`);
+
+      core.setFailed(error);
+      core.error(error);
+    }
+  }
+
+  static async describeTasks(clusterName: string, taskArn: string) {
+    const maxAttempts = 10;
+    let delayMs = 1000;
+    const maxDelayMs = 60000;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+      try {
+        const tasks = await AwsClientFactory.getECS().send(
+          new DescribeTasksCommand({ cluster: clusterName, tasks: [taskArn] }),
+        );
+        if (tasks.tasks?.[0]) {
+          return tasks.tasks?.[0];
+        }
+        throw new Error('No task found');
+      } catch (error: any) {
+        const isThrottle = error?.name === 'ThrottlingException' || /rate exceeded/i.test(String(error?.message));
+        if (!isThrottle || attempt === maxAttempts) {
+          throw error;
+        }
+        const jitterMs = Math.floor(Math.random() * Math.min(1000, delayMs));
+        const sleepMs = delayMs + jitterMs;
+        CloudRunnerLogger.log(
+          `AWS throttled DescribeTasks (attempt ${attempt}/${maxAttempts}), backing off ${sleepMs}ms (${delayMs} + jitter ${jitterMs})`,
+        );
+        await new Promise((r) => setTimeout(r, sleepMs));
+        delayMs = Math.min(delayMs * 2, maxDelayMs);
+      }
+    }
+  }
+
+  static async streamLogsUntilTaskStops(clusterName: string, taskArn: string, kinesisStreamName: string) {
+    await new Promise((resolve) => setTimeout(resolve, 3000));
+    CloudRunnerLogger.log(`Streaming...`);
+    const stream = await AWSTaskRunner.getLogStream(kinesisStreamName);
+    let iterator = await AWSTaskRunner.getLogIterator(stream);
+
+    const logBaseUrl = `https://${Input.region}.console.aws.amazon.com/cloudwatch/home?region=${Input.region}#logsV2:log-groups/log-group/${CloudRunner.buildParameters.awsStackName}${AWSTaskRunner.encodedUnderscore}${CloudRunner.buildParameters.awsStackName}-${CloudRunner.buildParameters.buildGuid}`;
+    CloudRunnerLogger.log(`You view the log stream on AWS Cloud Watch: ${logBaseUrl}`);
+    await GitHub.updateGitHubCheck(`You view the log stream on AWS Cloud Watch:  ${logBaseUrl}`, ``);
+    let shouldReadLogs = true;
+    let shouldCleanup = true;
+    let timestamp: number = 0;
+    let output = '';
+    while (shouldReadLogs) {
+      await new Promise((resolve) => setTimeout(resolve, 1500));
+      const taskData = await AWSTaskRunner.describeTasks(clusterName, taskArn);
+      ({ timestamp, shouldReadLogs } = AWSTaskRunner.checkStreamingShouldContinue(taskData, timestamp, shouldReadLogs));
+      if (taskData?.lastStatus !== 'RUNNING') {
+        await new Promise((resolve) => setTimeout(resolve, 3500));
+      }
+      ({ iterator, shouldReadLogs, output, shouldCleanup } = await AWSTaskRunner.handleLogStreamIteration(
+        iterator,
+        shouldReadLogs,
+        output,
+        shouldCleanup,
+      ));
+    }
+
+    return { output, shouldCleanup };
+  }
+
+  private static async handleLogStreamIteration(
+    iterator: string,
+    shouldReadLogs: boolean,
+    output: string,
+    shouldCleanup: boolean,
+  ) {
+    let records: any;
+    try {
+      records = await AwsClientFactory.getKinesis().send(new GetRecordsCommand({ ShardIterator: iterator }));
+    } catch (error: any) {
+      const isThrottle = error?.name === 'ThrottlingException' || /rate exceeded/i.test(String(error?.message));
+      if (isThrottle) {
+        const baseBackoffMs = 1000;
+        const jitterMs = Math.floor(Math.random() * 1000);
+        const sleepMs = baseBackoffMs + jitterMs;
+        CloudRunnerLogger.log(`AWS throttled GetRecords, backing off ${sleepMs}ms (1000 + jitter ${jitterMs})`);
+        await new Promise((r) => setTimeout(r, sleepMs));
+        return { iterator, shouldReadLogs, output, shouldCleanup };
+      }
+      throw error;
+    }
+    iterator = records.NextShardIterator || '';
+    ({ shouldReadLogs, output, shouldCleanup } = AWSTaskRunner.logRecords(
+      records,
+      iterator,
+      shouldReadLogs,
+      output,
+      shouldCleanup,
+    ));
+
+    return { iterator, shouldReadLogs, output, shouldCleanup };
+  }
+
+  private static checkStreamingShouldContinue(taskData: any, timestamp: number, shouldReadLogs: boolean) {
+    if (taskData?.lastStatus === 'UNKNOWN') {
+      CloudRunnerLogger.log('## Cloud runner job unknwon');
+    }
+    if (taskData?.lastStatus !== 'RUNNING') {
+      if (timestamp === 0) {
+        CloudRunnerLogger.log('## Cloud runner job stopped, streaming end of logs');
+        timestamp = Date.now();
+      }
+      if (timestamp !== 0 && Date.now() - timestamp > 30000) {
+        CloudRunnerLogger.log('## Cloud runner status is not RUNNING for 30 seconds, last query for logs');
+        shouldReadLogs = false;
+      }
+      CloudRunnerLogger.log(`## Status of job: ${taskData.lastStatus}`);
+    }
+
+    return { timestamp, shouldReadLogs };
+  }
+
+  private static logRecords(
+    records: any,
+    iterator: string,
+    shouldReadLogs: boolean,
+    output: string,
+    shouldCleanup: boolean,
+  ) {
+    if ((records.Records ?? []).length > 0 && iterator) {
+      for (const record of records.Records ?? []) {
+        const json = JSON.parse(
+          zlib.gunzipSync(Buffer.from(record.Data as unknown as string, 'base64')).toString('utf8'),
+        );
+        if (json.messageType === 'DATA_MESSAGE') {
+          for (const logEvent of json.logEvents) {
+            ({ shouldReadLogs, shouldCleanup, output } = FollowLogStreamService.handleIteration(
+              logEvent.message,
+              shouldReadLogs,
+              shouldCleanup,
+              output,
+            ));
+          }
+        }
+      }
+    }
+
+    return { shouldReadLogs, output, shouldCleanup };
+  }
+
+  private static async getLogStream(kinesisStreamName: string) {
+    return await AwsClientFactory.getKinesis().send(new DescribeStreamCommand({ StreamName: kinesisStreamName }));
+  }
+
+  private static async getLogIterator(stream: any) {
+    return (
+      (
+        await AwsClientFactory.getKinesis().send(
+          new GetShardIteratorCommand({
+            ShardIteratorType: 'TRIM_HORIZON',
+            StreamName: stream.StreamDescription?.StreamName ?? '',
+            ShardId: stream.StreamDescription?.Shards?.[0]?.ShardId || '',
+          }),
+        )
+      ).ShardIterator || ''
+    );
+  }
+}
+export default AWSTaskRunner;

src/model/cloud-runner/providers/aws/cloud-formations/base-stack-formation.ts

@@ -0,0 +1,397 @@
+export class BaseStackFormation {
+  public static readonly baseStackDecription = `Game-CI base stack`;
+  public static readonly formation: string = `AWSTemplateFormatVersion: '2010-09-09'
+Description: ${BaseStackFormation.baseStackDecription}
+Parameters:
+  EnvironmentName:
+    Type: String
+    Default: development
+    Description: 'Your deployment environment: DEV, QA , PROD'
+  Version:
+    Type: String
+    Description: 'hash of template'
+
+  # ContainerPort:
+  #   Type: Number
+  #   Default: 80
+  #   Description: What port number the application inside the docker container is binding to
+
+Mappings:
+  # Hard values for the subnet masks. These masks define
+  # the range of internal IP addresses that can be assigned.
+  # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255
+  # There are four subnets which cover the ranges:
+  #
+  # 10.0.0.0 - 10.0.0.255
+  # 10.0.1.0 - 10.0.1.255
+  # 10.0.2.0 - 10.0.2.255
+  # 10.0.3.0 - 10.0.3.255
+
+  SubnetConfig:
+    VPC:
+      CIDR: '10.0.0.0/16'
+    PublicOne:
+      CIDR: '10.0.0.0/24'
+    PublicTwo:
+      CIDR: '10.0.1.0/24'
+
+Resources:
+  # VPC in which containers will be networked.
+  # It has two public subnets, and two private subnets.
+  # We distribute the subnets across the first two available subnets
+  # for the region, for high availability.
+  VPC:
+    Type: AWS::EC2::VPC
+    Properties:
+      EnableDnsSupport: true
+      EnableDnsHostnames: true
+      CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
+
+  MainBucket:
+    Type: "AWS::S3::Bucket"
+    Properties:
+      BucketName: !Ref EnvironmentName
+
+  EFSServerSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: 'efs-server-endpoints'
+      GroupDescription: Which client ip addrs are allowed to access EFS server
+      VpcId: !Ref 'VPC'
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 2049
+          ToPort: 2049
+          SourceSecurityGroupId: !Ref ContainerSecurityGroup
+          #CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
+  # A security group for the containers we will run in Fargate.
+  # Rules are added to this security group based on what ingress you
+  # add for the cluster.
+  ContainerSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: 'task security group'
+      GroupDescription: Access to the Fargate containers
+      VpcId: !Ref 'VPC'
+      # SecurityGroupIngress:
+      #   - IpProtocol: tcp
+      #     FromPort: !Ref ContainerPort
+      #     ToPort: !Ref ContainerPort
+      #     CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: -1
+          FromPort: 2049
+          ToPort: 2049
+          CidrIp: '0.0.0.0/0'
+
+  # Two public subnets, where containers can have public IP addresses
+  PublicSubnetOne:
+    Type: AWS::EC2::Subnet
+    Properties:
+      AvailabilityZone: !Select
+        - 0
+        - Fn::GetAZs: !Ref 'AWS::Region'
+      VpcId: !Ref 'VPC'
+      CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
+      #  MapPublicIpOnLaunch: true
+
+  PublicSubnetTwo:
+    Type: AWS::EC2::Subnet
+    Properties:
+      AvailabilityZone: !Select
+        - 1
+        - Fn::GetAZs: !Ref 'AWS::Region'
+      VpcId: !Ref 'VPC'
+      CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']
+      #  MapPublicIpOnLaunch: true
+
+  # Setup networking resources for the public subnets. Containers
+  # in the public subnets have public IP addresses and the routing table
+  # sends network traffic via the internet gateway.
+  InternetGateway:
+    Type: AWS::EC2::InternetGateway
+  GatewayAttachement:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId: !Ref 'VPC'
+      InternetGatewayId: !Ref 'InternetGateway'
+
+  # Attaching a Internet Gateway to route table makes it public.
+  PublicRouteTable:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId: !Ref 'VPC'
+  PublicRoute:
+    Type: AWS::EC2::Route
+    DependsOn: GatewayAttachement
+    Properties:
+      RouteTableId: !Ref 'PublicRouteTable'
+      DestinationCidrBlock: '0.0.0.0/0'
+      GatewayId: !Ref 'InternetGateway'
+
+  # Attaching a public route table makes a subnet public.
+  PublicSubnetOneRouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref PublicSubnetOne
+      RouteTableId: !Ref PublicRouteTable
+  PublicSubnetTwoRouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref PublicSubnetTwo
+      RouteTableId: !Ref PublicRouteTable
+
+  # ECS Resources
+  ECSCluster:
+    Type: AWS::ECS::Cluster
+
+  # A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets
+  # on your AWS account
+  AutoscalingRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: [application-autoscaling.amazonaws.com]
+            Action: ['sts:AssumeRole']
+      Path: /
+      Policies:
+        - PolicyName: service-autoscaling
+          PolicyDocument:
+            Statement:
+              - Effect: Allow
+                Action:
+                  - 'application-autoscaling:*'
+                  - 'cloudwatch:DescribeAlarms'
+                  - 'cloudwatch:PutMetricAlarm'
+                  - 'ecs:DescribeServices'
+                  - 'ecs:UpdateService'
+                Resource: '*'
+
+  # This is an IAM role which authorizes ECS to manage resources on your
+  # account on your behalf, such as updating your load balancer with the
+  # details of where your containers are, so that traffic can reach your
+  # containers.
+  ECSRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: [ecs.amazonaws.com]
+            Action: ['sts:AssumeRole']
+      Path: /
+      Policies:
+        - PolicyName: ecs-service
+          PolicyDocument:
+            Statement:
+              - Effect: Allow
+                Action:
+                  # Rules which allow ECS to attach network interfaces to instances
+                  # on your behalf in order for awsvpc networking mode to work right
+                  - 'ec2:AttachNetworkInterface'
+                  - 'ec2:CreateNetworkInterface'
+                  - 'ec2:CreateNetworkInterfacePermission'
+                  - 'ec2:DeleteNetworkInterface'
+                  - 'ec2:DeleteNetworkInterfacePermission'
+                  - 'ec2:Describe*'
+                  - 'ec2:DetachNetworkInterface'
+
+                  # Rules which allow ECS to update load balancers on your behalf
+                  # with the information sabout how to send traffic to your containers
+                  - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
+                  - 'elasticloadbalancing:DeregisterTargets'
+                  - 'elasticloadbalancing:Describe*'
+                  - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
+                  - 'elasticloadbalancing:RegisterTargets'
+                Resource: '*'
+
+  # This is a role which is used by the ECS tasks themselves.
+  ECSTaskExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: [ecs-tasks.amazonaws.com]
+            Action: ['sts:AssumeRole']
+      Path: /
+      Policies:
+        - PolicyName: AmazonECSTaskExecutionRolePolicy
+          PolicyDocument:
+            Statement:
+              - Effect: Allow
+                Action:
+                  # Allow the use of secret manager
+                  - 'secretsmanager:GetSecretValue'
+                  - 'kms:Decrypt'
+
+                  # Allow the ECS Tasks to download images from ECR
+                  - 'ecr:GetAuthorizationToken'
+                  - 'ecr:BatchCheckLayerAvailability'
+                  - 'ecr:GetDownloadUrlForLayer'
+                  - 'ecr:BatchGetImage'
+
+                  # Allow the ECS tasks to upload logs to CloudWatch
+                  - 'logs:CreateLogStream'
+                  - 'logs:PutLogEvents'
+                Resource: '*'
+
+  DeleteCFNLambdaExecutionRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: 'Allow'
+            Principal:
+              Service: ['lambda.amazonaws.com']
+            Action: 'sts:AssumeRole'
+      Path: '/'
+      Policies:
+        - PolicyName: DeleteCFNLambdaExecutionRole
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: 'Allow'
+                Action:
+                  - 'logs:CreateLogGroup'
+                  - 'logs:CreateLogStream'
+                  - 'logs:PutLogEvents'
+                Resource: 'arn:aws:logs:*:*:*'
+              - Effect: 'Allow'
+                Action:
+                  - 'cloudformation:DeleteStack'
+                  - 'kinesis:DeleteStream'
+                  - 'secretsmanager:DeleteSecret'
+                  - 'kinesis:DescribeStreamSummary'
+                  - 'logs:DeleteLogGroup'
+                  - 'logs:DeleteSubscriptionFilter'
+                  - 'ecs:DeregisterTaskDefinition'
+                  - 'lambda:DeleteFunction'
+                  - 'lambda:InvokeFunction'
+                  - 'events:RemoveTargets'
+                  - 'events:DeleteRule'
+                  - 'lambda:RemovePermission'
+                Resource: '*'
+
+  ### cloud watch to kinesis role
+  CloudWatchIAMRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: [logs.amazonaws.com]
+            Action: ['sts:AssumeRole']
+      Path: /
+      Policies:
+        - PolicyName: service-autoscaling
+          PolicyDocument:
+            Statement:
+              - Effect: Allow
+                Action:
+                  - 'kinesis:PutRecord'
+                Resource: '*'
+
+  #####################EFS#####################
+  EfsFileStorage:
+    Type: 'AWS::EFS::FileSystem'
+    Properties:
+      BackupPolicy:
+        Status: ENABLED
+      PerformanceMode: maxIO
+      Encrypted: false
+
+      FileSystemPolicy:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: 'Allow'
+            Action:
+              - 'elasticfilesystem:ClientMount'
+              - 'elasticfilesystem:ClientWrite'
+              - 'elasticfilesystem:ClientRootAccess'
+            Principal:
+              AWS: '*'
+
+  MountTargetResource1:
+    Type: AWS::EFS::MountTarget
+    Properties:
+      FileSystemId: !Ref EfsFileStorage
+      SubnetId: !Ref PublicSubnetOne
+      SecurityGroups:
+        - !Ref EFSServerSecurityGroup
+
+  MountTargetResource2:
+    Type: AWS::EFS::MountTarget
+    Properties:
+      FileSystemId: !Ref EfsFileStorage
+      SubnetId: !Ref PublicSubnetTwo
+      SecurityGroups:
+        - !Ref EFSServerSecurityGroup
+
+Outputs:
+  EfsFileStorageId:
+    Description: 'The connection endpoint for the database.'
+    Value: !Ref EfsFileStorage
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
+  ClusterName:
+    Description: The name of the ECS cluster
+    Value: !Ref 'ECSCluster'
+    Export:
+      Name: !Sub${' ${EnvironmentName}'}:ClusterName
+  AutoscalingRole:
+    Description: The ARN of the role used for autoscaling
+    Value: !GetAtt 'AutoscalingRole.Arn'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
+  ECSRole:
+    Description: The ARN of the ECS role
+    Value: !GetAtt 'ECSRole.Arn'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:ECSRole
+  ECSTaskExecutionRole:
+    Description: The ARN of the ECS role tsk execution role
+    Value: !GetAtt 'ECSTaskExecutionRole.Arn'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
+
+  DeleteCFNLambdaExecutionRole:
+    Description: Lambda execution role for cleaning up cloud formations
+    Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole
+
+  CloudWatchIAMRole:
+    Description: The ARN of the CloudWatch role for subscription filter
+    Value: !GetAtt 'CloudWatchIAMRole.Arn'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole
+  VpcId:
+    Description: The ID of the VPC that this stack is deployed in
+    Value: !Ref 'VPC'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:VpcId
+  PublicSubnetOne:
+    Description: Public subnet one
+    Value: !Ref 'PublicSubnetOne'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne
+  PublicSubnetTwo:
+    Description: Public subnet two
+    Value: !Ref 'PublicSubnetTwo'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
+  ContainerSecurityGroup:
+    Description: A security group used to allow Fargate containers to receive traffic
+    Value: !Ref 'ContainerSecurityGroup'
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
+`;
+}

src/model/cloud-runner/providers/aws/cloud-formations/cleanup-cron-formation.ts

@@ -0,0 +1,146 @@
+export class CleanupCronFormation {
+  public static readonly formation: string = `AWSTemplateFormatVersion: '2010-09-09'
+Description: Schedule automatic deletion of CloudFormation stacks
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: Input configuration
+        Parameters:
+          - StackName
+          - TTL
+    ParameterLabels:
+      StackName:
+        default: Stack name
+      TTL:
+        default: Time-to-live
+Parameters:
+  EnvironmentName:
+    Type: String
+    Default: development
+    Description: 'Your deployment environment: DEV, QA , PROD'
+  BUILDGUID:
+    Type: String
+    Default: ''
+  StackName:
+    Type: String
+    Description: Stack name that will be deleted.
+  DeleteStackName:
+    Type: String
+    Description: Stack name that will be deleted.
+  TTL:
+    Type: Number
+    Description: Time-to-live in minutes for the stack.
+Resources:
+  DeleteCFNLambda:
+    Type: "AWS::Lambda::Function"
+    Properties:
+      FunctionName: !Join [ "", [ 'DeleteCFNLambda', !Ref BUILDGUID ] ]
+      Code:
+        ZipFile: |
+          import boto3
+          import os
+          import json
+
+          stack_name = os.environ['stackName']
+          delete_stack_name = os.environ['deleteStackName']
+
+          def delete_cfn(stack_name):
+              try:
+                  cfn = boto3.resource('cloudformation')
+                  stack = cfn.Stack(stack_name)
+                  stack.delete()
+                  return "SUCCESS"
+              except:
+                  return "ERROR"
+
+          def handler(event, context):
+              print("Received event:")
+              print(json.dumps(event))
+              result = delete_cfn(stack_name)
+              delete_cfn(delete_stack_name)
+              return result
+      Environment:
+        Variables:
+          stackName: !Ref 'StackName'
+          deleteStackName: !Ref 'DeleteStackName'
+      Handler: "index.handler"
+      Runtime: "python3.9"
+      Timeout: "5"
+      Role:
+       'Fn::ImportValue': !Sub '\${EnvironmentName}:DeleteCFNLambdaExecutionRole'
+  DeleteStackEventRule:
+     DependsOn:
+       - DeleteCFNLambda
+       - GenerateCronExpression
+     Type: "AWS::Events::Rule"
+     Properties:
+       Name: !Join [ "", [ 'DeleteStackEventRule', !Ref BUILDGUID ] ]
+       Description: Delete stack event
+       ScheduleExpression: !GetAtt GenerateCronExpression.cron_exp
+       State: "ENABLED"
+       Targets:
+          -
+            Arn: !GetAtt DeleteCFNLambda.Arn
+            Id: 'DeleteCFNLambda'
+  PermissionForDeleteCFNLambda:
+    Type: "AWS::Lambda::Permission"
+    DependsOn:
+      - DeleteStackEventRule
+    Properties:
+      FunctionName: !Join [ "", [ 'DeleteCFNLambda', !Ref BUILDGUID ] ]
+      Action: "lambda:InvokeFunction"
+      Principal: "events.amazonaws.com"
+      SourceArn: !GetAtt DeleteStackEventRule.Arn
+  GenerateCronExpLambda:
+    Type: "AWS::Lambda::Function"
+    Properties:
+      FunctionName: !Join [ "", [ 'GenerateCronExpressionLambda', !Ref BUILDGUID ] ]
+      Code:
+        ZipFile: |
+          from datetime import datetime, timedelta
+          import os
+          import logging
+          import json
+          import cfnresponse
+
+          def deletion_time(ttl):
+              delete_at_time = datetime.now() + timedelta(minutes=int(ttl))
+              hh = delete_at_time.hour
+              mm = delete_at_time.minute
+              yyyy = delete_at_time.year
+              month = delete_at_time.month
+              dd = delete_at_time.day
+              # minutes hours day month day-of-week year
+              cron_exp = "cron({} {} {} {} ? {})".format(mm, hh, dd, month, yyyy)
+              return cron_exp
+
+          def handler(event, context):
+            print('Received event: %s' % json.dumps(event))
+            status = cfnresponse.SUCCESS
+            try:
+                if event['RequestType'] == 'Delete':
+                    cfnresponse.send(event, context, status, {})
+                else:
+                    ttl = event['ResourceProperties']['ttl']
+                    responseData = {}
+                    responseData['cron_exp'] = deletion_time(ttl)
+                    cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData)
+            except Exception as e:
+                logging.error('Exception: %s' % e, exc_info=True)
+                status = cfnresponse.FAILED
+                cfnresponse.send(event, context, status, {}, None)
+      Handler: "index.handler"
+      Runtime: "python3.9"
+      Timeout: "5"
+      Role:
+       'Fn::ImportValue': !Sub '\${EnvironmentName}:DeleteCFNLambdaExecutionRole'
+  GenerateCronExpression:
+    Type: "Custom::GenerateCronExpression"
+    Version: "1.0"
+    Properties:
+      Name: !Join [ "", [ 'GenerateCronExpression', !Ref BUILDGUID ] ]
+      ServiceToken: !GetAtt GenerateCronExpLambda.Arn
+      ttl: !Ref 'TTL'
+`;
+}

src/model/cloud-runner/providers/aws/cloud-formations/task-definition-formation.ts

@@ -0,0 +1,169 @@
+import CloudRunner from '../../../cloud-runner';
+
+export class TaskDefinitionFormation {
+  public static readonly description: string = `Game CI Cloud Runner Task Stack`;
+  public static get formation(): string {
+    return `AWSTemplateFormatVersion: 2010-09-09
+Description: ${TaskDefinitionFormation.description}
+Parameters:
+  EnvironmentName:
+    Type: String
+    Default: development
+    Description: 'Your deployment environment: DEV, QA , PROD'
+  ServiceName:
+    Type: String
+    Default: example
+    Description: A name for the service
+  LogGroupName:
+    Type: String
+    Default: example
+    Description: Name to use for the log group created for this task
+  ImageUrl:
+    Type: String
+    Default: nginx
+    Description: >-
+      The url of a docker image that contains the application process that will
+      handle the traffic for this service
+  ContainerPort:
+    Type: Number
+    Default: 80
+    Description: What port number the application inside the docker container is binding to
+  ContainerCpu:
+    Default: ${CloudRunner.buildParameters.containerCpu}
+    Type: Number
+    Description: How much CPU to give the container. 1024 is 1 CPU
+  ContainerMemory:
+    Default: ${CloudRunner.buildParameters.containerMemory}
+    Type: Number
+    Description: How much memory in megabytes to give the container
+  BUILDGUID:
+    Type: String
+    Default: ''
+  Command:
+    Type: String
+    Default: 'ls'
+  EntryPoint:
+    Type: String
+    Default: '/bin/sh'
+  WorkingDirectory:
+    Type: String
+    Default: '/efsdata/'
+  Role:
+    Type: String
+    Default: ''
+    Description: >-
+      (Optional) An IAM role to give the service's containers if the code within
+      needs to access other AWS resources like S3 buckets, DynamoDB tables, etc
+  EFSMountDirectory:
+    Type: String
+    Default: '/efsdata'
+  # template secrets p1 - input
+Mappings:
+  SubnetConfig:
+    VPC:
+      CIDR: 10.0.0.0/16
+    PublicOne:
+      CIDR: 10.0.0.0/24
+    PublicTwo:
+      CIDR: 10.0.1.0/24
+Conditions:
+  HasCustomRole: !Not
+    - !Equals
+      - Ref: Role
+      - ''
+Resources:
+  LogGroup:
+    Type: 'AWS::Logs::LogGroup'
+    Properties:
+      LogGroupName: !Ref LogGroupName
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: aece53ae-b82d-4267-bc16-ed964b05db27
+  # template resources secrets
+
+  # template resources logstream
+
+  TaskDefinition:
+    Type: 'AWS::ECS::TaskDefinition'
+    Properties:
+      Family: !Ref ServiceName
+      Cpu: !Ref ContainerCpu
+      Memory: !Ref ContainerMemory
+      NetworkMode: awsvpc
+      Volumes:
+        - Name: efs-data
+          EFSVolumeConfiguration:
+            FilesystemId:
+              'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:EfsFileStorageId'
+            TransitEncryption: DISABLED
+      RequiresCompatibilities:
+        - FARGATE
+      ExecutionRoleArn:
+        'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:ECSTaskExecutionRole'
+      TaskRoleArn:
+        'Fn::If':
+          - HasCustomRole
+          - !Ref Role
+          - !Ref 'AWS::NoValue'
+      ContainerDefinitions:
+        - Name: !Ref ServiceName
+          Cpu: !Ref ContainerCpu
+          Memory: !Ref ContainerMemory
+          Image: !Ref ImageUrl
+          EntryPoint:
+            Fn::Split:
+              - ','
+              - !Ref EntryPoint
+          Command:
+            Fn::Split:
+              - ','
+              - !Ref Command
+          WorkingDirectory: !Ref WorkingDirectory
+          Environment:
+            - Name: ALLOW_EMPTY_PASSWORD
+              Value: 'yes'
+            # template - env vars
+          MountPoints:
+            - SourceVolume: efs-data
+              ContainerPath: !Ref EFSMountDirectory
+              ReadOnly: false
+          Secrets:
+            # template secrets p3 - container def
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-group: !Ref LogGroupName
+              awslogs-region: !Ref 'AWS::Region'
+              awslogs-stream-prefix: !Ref ServiceName
+    DependsOn:
+      - LogGroup
+`;
+  }
+  public static streamLogs = `
+  SubscriptionFilter:
+    Type: 'AWS::Logs::SubscriptionFilter'
+    Properties:
+      FilterPattern: ''
+      RoleArn:
+        'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:CloudWatchIAMRole'
+      LogGroupName: !Ref LogGroupName
+      DestinationArn:
+        'Fn::GetAtt':
+          - KinesisStream
+          - Arn
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: 7f809e91-9e5d-4678-98c1-c5085956c480
+    DependsOn:
+      - LogGroup
+      - KinesisStream
+  KinesisStream:
+    Type: 'AWS::Kinesis::Stream'
+    Properties:
+      Name: !Ref ServiceName
+      ShardCount: 1
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: c6f18447-b879-4696-8873-f981b2cedd2b
+`;
+}

src/model/cloud-runner/providers/aws/cloud-runner-aws-task-def.ts

@@ -0,0 +1,9 @@
+import { StackResource } from '@aws-sdk/client-cloudformation';
+
+class CloudRunnerAWSTaskDef {
+  public taskDefStackName!: string;
+  public taskDefCloudFormation!: string;
+  public taskDefResources: StackResource[] | undefined;
+  public baseResources: StackResource[] | undefined;
+}
+export default CloudRunnerAWSTaskDef;

src/model/cloud-runner/providers/aws/index.ts

@@ -0,0 +1,161 @@
+import { CloudFormation, DeleteStackCommand, waitUntilStackDeleteComplete } from '@aws-sdk/client-cloudformation';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import CloudRunnerAWSTaskDef from './cloud-runner-aws-task-def';
+import AwsTaskRunner from './aws-task-runner';
+import { ProviderInterface } from '../provider-interface';
+import BuildParameters from '../../../build-parameters';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { AWSJobStack as AwsJobStack } from './aws-job-stack';
+import { AWSBaseStack as AwsBaseStack } from './aws-base-stack';
+import { Input } from '../../..';
+import { GarbageCollectionService } from './services/garbage-collection-service';
+import { ProviderResource } from '../provider-resource';
+import { ProviderWorkflow } from '../provider-workflow';
+import { TaskService } from './services/task-service';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+import { AwsClientFactory } from './aws-client-factory';
+
+class AWSBuildEnvironment implements ProviderInterface {
+  private baseStackName: string;
+
+  constructor(buildParameters: BuildParameters) {
+    this.baseStackName = buildParameters.awsStackName;
+  }
+  async listResources(): Promise<ProviderResource[]> {
+    await TaskService.getCloudFormationJobStacks();
+    await TaskService.getLogGroups();
+    await TaskService.getTasks();
+
+    return [];
+  }
+  listWorkflow(): Promise<ProviderWorkflow[]> {
+    throw new Error('Method not implemented.');
+  }
+  async watchWorkflow(): Promise<string> {
+    return await TaskService.watch();
+  }
+
+  async listOtherResources(): Promise<string> {
+    await TaskService.getLogGroups();
+
+    return '';
+  }
+
+  async garbageCollect(
+    filter: string,
+    previewOnly: boolean,
+    // eslint-disable-next-line no-unused-vars
+    olderThan: Number,
+    // eslint-disable-next-line no-unused-vars
+    fullCache: boolean,
+    // eslint-disable-next-line no-unused-vars
+    baseDependencies: boolean,
+  ): Promise<string> {
+    await GarbageCollectionService.cleanup(!previewOnly);
+
+    return ``;
+  }
+
+  async cleanupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {}
+  async setupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildGuid: string,
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {
+    process.env.AWS_REGION = Input.region;
+    const CF = AwsClientFactory.getCloudFormation();
+    await new AwsBaseStack(this.baseStackName).setupBaseStack(CF);
+  }
+
+  async runTaskInWorkflow(
+    buildGuid: string,
+    image: string,
+    commands: string,
+    mountdir: string,
+    workingdir: string,
+    environment: CloudRunnerEnvironmentVariable[],
+    secrets: CloudRunnerSecret[],
+  ): Promise<string> {
+    process.env.AWS_REGION = Input.region;
+    AwsClientFactory.getECS();
+    const CF = AwsClientFactory.getCloudFormation();
+    AwsClientFactory.getKinesis();
+    CloudRunnerLogger.log(`AWS Region: ${CF.config.region}`);
+    const entrypoint = ['/bin/sh'];
+    const startTimeMs = Date.now();
+    const taskDef = await new AwsJobStack(this.baseStackName).setupCloudFormations(
+      CF,
+      buildGuid,
+      image,
+      entrypoint,
+      commands,
+      mountdir,
+      workingdir,
+      secrets,
+    );
+
+    let postRunTaskTimeMs;
+    try {
+      const postSetupStacksTimeMs = Date.now();
+      CloudRunnerLogger.log(`Setup job time: ${Math.floor((postSetupStacksTimeMs - startTimeMs) / 1000)}s`);
+      const { output, shouldCleanup } = await AwsTaskRunner.runTask(taskDef, environment, commands);
+      postRunTaskTimeMs = Date.now();
+      CloudRunnerLogger.log(`Run job time: ${Math.floor((postRunTaskTimeMs - postSetupStacksTimeMs) / 1000)}s`);
+      if (shouldCleanup) {
+        await this.cleanupResources(CF, taskDef);
+      }
+      const postCleanupTimeMs = Date.now();
+      if (postRunTaskTimeMs !== undefined)
+        CloudRunnerLogger.log(`Cleanup job time: ${Math.floor((postCleanupTimeMs - postRunTaskTimeMs) / 1000)}s`);
+
+      return output;
+    } catch (error) {
+      CloudRunnerLogger.log(`error running task ${error}`);
+      await this.cleanupResources(CF, taskDef);
+      throw error;
+    }
+  }
+
+  async cleanupResources(CF: CloudFormation, taskDef: CloudRunnerAWSTaskDef) {
+    CloudRunnerLogger.log('Cleanup starting');
+    await CF.send(new DeleteStackCommand({ StackName: taskDef.taskDefStackName }));
+    if (CloudRunnerOptions.useCleanupCron) {
+      await CF.send(new DeleteStackCommand({ StackName: `${taskDef.taskDefStackName}-cleanup` }));
+    }
+
+    await waitUntilStackDeleteComplete(
+      {
+        client: CF,
+        maxWaitTime: 200,
+      },
+      {
+        StackName: taskDef.taskDefStackName,
+      },
+    );
+    await waitUntilStackDeleteComplete(
+      {
+        client: CF,
+        maxWaitTime: 200,
+      },
+      {
+        StackName: `${taskDef.taskDefStackName}-cleanup`,
+      },
+    );
+    CloudRunnerLogger.log(`Deleted Stack: ${taskDef.taskDefStackName}`);
+    CloudRunnerLogger.log('Cleanup complete');
+  }
+}
+export default AWSBuildEnvironment;

src/model/cloud-runner/providers/aws/services/garbage-collection-service.ts

@@ -0,0 +1,75 @@
+import { DeleteStackCommand, DescribeStackResourcesCommand } from '@aws-sdk/client-cloudformation';
+import { DeleteLogGroupCommand } from '@aws-sdk/client-cloudwatch-logs';
+import { StopTaskCommand } from '@aws-sdk/client-ecs';
+import Input from '../../../../input';
+import CloudRunnerLogger from '../../../services/core/cloud-runner-logger';
+import { TaskService } from './task-service';
+import { AwsClientFactory } from '../aws-client-factory';
+
+export class GarbageCollectionService {
+  static isOlderThan1day(date: Date) {
+    const ageDate = new Date(date.getTime() - Date.now());
+
+    return ageDate.getDay() > 0;
+  }
+
+  public static async cleanup(deleteResources = false, OneDayOlderOnly: boolean = false) {
+    process.env.AWS_REGION = Input.region;
+    const CF = AwsClientFactory.getCloudFormation();
+    const ecs = AwsClientFactory.getECS();
+    const cwl = AwsClientFactory.getCloudWatchLogs();
+    const taskDefinitionsInUse = new Array();
+    const tasks = await TaskService.getTasks();
+
+    for (const task of tasks) {
+      const { taskElement, element } = task;
+      taskDefinitionsInUse.push(taskElement.taskDefinitionArn);
+      if (deleteResources && (!OneDayOlderOnly || GarbageCollectionService.isOlderThan1day(taskElement.createdAt!))) {
+        CloudRunnerLogger.log(`Stopping task ${taskElement.containers?.[0].name}`);
+        await ecs.send(new StopTaskCommand({ task: taskElement.taskArn || '', cluster: element }));
+      }
+    }
+
+    const jobStacks = await TaskService.getCloudFormationJobStacks();
+    for (const element of jobStacks) {
+      if (
+        (await CF.send(new DescribeStackResourcesCommand({ StackName: element.StackName }))).StackResources?.some(
+          (x) => x.ResourceType === 'AWS::ECS::TaskDefinition' && taskDefinitionsInUse.includes(x.PhysicalResourceId),
+        )
+      ) {
+        CloudRunnerLogger.log(`Skipping ${element.StackName} - active task was running not deleting`);
+
+        return;
+      }
+
+      if (
+        deleteResources &&
+        (!OneDayOlderOnly || (element.CreationTime && GarbageCollectionService.isOlderThan1day(element.CreationTime)))
+      ) {
+        if (element.StackName === 'game-ci' || element.TemplateDescription === 'Game-CI base stack') {
+          CloudRunnerLogger.log(`Skipping ${element.StackName} ignore list`);
+
+          return;
+        }
+
+        CloudRunnerLogger.log(`Deleting ${element.StackName}`);
+        await CF.send(new DeleteStackCommand({ StackName: element.StackName }));
+      }
+    }
+    const logGroups = await TaskService.getLogGroups();
+    for (const element of logGroups) {
+      if (
+        deleteResources &&
+        (!OneDayOlderOnly || GarbageCollectionService.isOlderThan1day(new Date(element.creationTime!)))
+      ) {
+        CloudRunnerLogger.log(`Deleting ${element.logGroupName}`);
+        await cwl.send(new DeleteLogGroupCommand({ logGroupName: element.logGroupName || '' }));
+      }
+    }
+
+    const locks = await TaskService.getLocks();
+    for (const element of locks) {
+      CloudRunnerLogger.log(`Lock: ${element.Key}`);
+    }
+  }
+}

src/model/cloud-runner/providers/aws/services/task-service.ts

@@ -0,0 +1,213 @@
+import {
+  DescribeStackResourcesCommand,
+  DescribeStacksCommand,
+  ListStacksCommand,
+} from '@aws-sdk/client-cloudformation';
+import type { ListStacksCommandOutput } from '@aws-sdk/client-cloudformation';
+import { DescribeLogGroupsCommand } from '@aws-sdk/client-cloudwatch-logs';
+import type { DescribeLogGroupsCommandInput, DescribeLogGroupsCommandOutput } from '@aws-sdk/client-cloudwatch-logs';
+import { DescribeTasksCommand, ListClustersCommand, ListTasksCommand } from '@aws-sdk/client-ecs';
+import type { DescribeTasksCommandOutput } from '@aws-sdk/client-ecs';
+import { ListObjectsCommand } from '@aws-sdk/client-s3';
+import Input from '../../../../input';
+import CloudRunnerLogger from '../../../services/core/cloud-runner-logger';
+import { BaseStackFormation } from '../cloud-formations/base-stack-formation';
+import AwsTaskRunner from '../aws-task-runner';
+import CloudRunner from '../../../cloud-runner';
+import { AwsClientFactory } from '../aws-client-factory';
+import SharedWorkspaceLocking from '../../../services/core/shared-workspace-locking';
+
+type StackSummary = NonNullable<ListStacksCommandOutput['StackSummaries']>[number];
+type LogGroup = NonNullable<DescribeLogGroupsCommandOutput['logGroups']>[number];
+type Task = NonNullable<DescribeTasksCommandOutput['tasks']>[number];
+
+export class TaskService {
+  static async watch() {
+    // eslint-disable-next-line no-unused-vars
+    const { output, shouldCleanup } = await AwsTaskRunner.streamLogsUntilTaskStops(
+      process.env.cluster || ``,
+      process.env.taskArn || ``,
+      process.env.streamName || ``,
+    );
+
+    return output;
+  }
+  public static async getCloudFormationJobStacks() {
+    const result: StackSummary[] = [];
+    CloudRunnerLogger.log(``);
+    CloudRunnerLogger.log(`List Cloud Formation Stacks`);
+    process.env.AWS_REGION = Input.region;
+    const CF = AwsClientFactory.getCloudFormation();
+    const stacks =
+      (await CF.send(new ListStacksCommand({}))).StackSummaries?.filter(
+        (_x) =>
+          _x.StackStatus !== 'DELETE_COMPLETE' && _x.TemplateDescription !== BaseStackFormation.baseStackDecription,
+      ) || [];
+    CloudRunnerLogger.log(``);
+    CloudRunnerLogger.log(`Cloud Formation Stacks ${stacks.length}`);
+    for (const element of stacks) {
+      if (!element.CreationTime) {
+        CloudRunnerLogger.log(`${element.StackName} due to undefined CreationTime`);
+      }
+
+      const ageDate: Date = new Date(Date.now() - (element.CreationTime?.getTime() ?? 0));
+
+      CloudRunnerLogger.log(
+        `Task Stack ${element.StackName} - Age D${Math.floor(
+          ageDate.getHours() / 24,
+        )} H${ageDate.getHours()} M${ageDate.getMinutes()}`,
+      );
+      result.push(element);
+    }
+    const baseStacks =
+      (await CF.send(new ListStacksCommand({}))).StackSummaries?.filter(
+        (_x) =>
+          _x.StackStatus !== 'DELETE_COMPLETE' && _x.TemplateDescription === BaseStackFormation.baseStackDecription,
+      ) || [];
+    CloudRunnerLogger.log(``);
+    CloudRunnerLogger.log(`Base Stacks ${baseStacks.length}`);
+    for (const element of baseStacks) {
+      if (!element.CreationTime) {
+        CloudRunnerLogger.log(`${element.StackName} due to undefined CreationTime`);
+      }
+
+      const ageDate: Date = new Date(Date.now() - (element.CreationTime?.getTime() ?? 0));
+
+      CloudRunnerLogger.log(
+        `Task Stack ${element.StackName} - Age D${Math.floor(
+          ageDate.getHours() / 24,
+        )} H${ageDate.getHours()} M${ageDate.getMinutes()}`,
+      );
+      result.push(element);
+    }
+    CloudRunnerLogger.log(``);
+
+    return result;
+  }
+  public static async getTasks() {
+    // Extended Task type to include custom properties added in this method
+    type ExtendedTask = Task & {
+      overrides?: Record<string, unknown>;
+      attachments?: unknown[];
+    };
+    const result: { taskElement: ExtendedTask; element: string }[] = [];
+    CloudRunnerLogger.log(``);
+    CloudRunnerLogger.log(`List Tasks`);
+    process.env.AWS_REGION = Input.region;
+    const ecs = AwsClientFactory.getECS();
+    const clusters = (await ecs.send(new ListClustersCommand({}))).clusterArns || [];
+    CloudRunnerLogger.log(`Task Clusters ${clusters.length}`);
+    for (const element of clusters) {
+      const input = {
+        cluster: element,
+      };
+      const list = (await ecs.send(new ListTasksCommand(input))).taskArns || [];
+      if (list.length > 0) {
+        const describeInput = { tasks: list, cluster: element };
+        const describeList = (await ecs.send(new DescribeTasksCommand(describeInput))).tasks || [];
+        if (describeList.length === 0) {
+          CloudRunnerLogger.log(`No Tasks`);
+          continue;
+        }
+        CloudRunnerLogger.log(`Tasks ${describeList.length}`);
+        for (const taskElement of describeList) {
+          if (taskElement === undefined) {
+            continue;
+          }
+          const extendedTask = taskElement as ExtendedTask;
+          extendedTask.overrides = {};
+          extendedTask.attachments = [];
+          if (extendedTask.createdAt === undefined) {
+            CloudRunnerLogger.log(`Skipping ${extendedTask.taskDefinitionArn} no createdAt date`);
+            continue;
+          }
+          result.push({ taskElement: extendedTask, element });
+        }
+      }
+    }
+    CloudRunnerLogger.log(``);
+
+    return result;
+  }
+  public static async awsDescribeJob(job: string) {
+    process.env.AWS_REGION = Input.region;
+    const CF = AwsClientFactory.getCloudFormation();
+    try {
+      const stack =
+        (await CF.send(new ListStacksCommand({}))).StackSummaries?.find((_x) => _x.StackName === job) || undefined;
+      const stackInfo = (await CF.send(new DescribeStackResourcesCommand({ StackName: job }))) || undefined;
+      const stackInfo2 = (await CF.send(new DescribeStacksCommand({ StackName: job }))) || undefined;
+      if (stack === undefined) {
+        throw new Error('stack not defined');
+      }
+      if (!stack.CreationTime) {
+        CloudRunnerLogger.log(`${stack.StackName} due to undefined CreationTime`);
+      }
+      const ageDate: Date = new Date(Date.now() - (stack.CreationTime?.getTime() ?? 0));
+      const message = `
+    Task Stack ${stack.StackName}
+    Age D${Math.floor(ageDate.getHours() / 24)} H${ageDate.getHours()} M${ageDate.getMinutes()}
+    ${JSON.stringify(stack, undefined, 4)}
+    ${JSON.stringify(stackInfo, undefined, 4)}
+    ${JSON.stringify(stackInfo2, undefined, 4)}
+    `;
+      CloudRunnerLogger.log(message);
+
+      return message;
+    } catch (error) {
+      CloudRunnerLogger.error(
+        `Failed to describe job ${job}: ${error instanceof Error ? error.message : String(error)}`,
+      );
+      throw error;
+    }
+  }
+  public static async getLogGroups() {
+    const result: LogGroup[] = [];
+    process.env.AWS_REGION = Input.region;
+    const ecs = AwsClientFactory.getCloudWatchLogs();
+    let logStreamInput: DescribeLogGroupsCommandInput = {
+      /* logGroupNamePrefix: 'game-ci' */
+    };
+    let logGroupsDescribe = await ecs.send(new DescribeLogGroupsCommand(logStreamInput));
+    const logGroups = logGroupsDescribe.logGroups || [];
+    while (logGroupsDescribe.nextToken) {
+      logStreamInput = { /* logGroupNamePrefix: 'game-ci',*/ nextToken: logGroupsDescribe.nextToken };
+      logGroupsDescribe = await ecs.send(new DescribeLogGroupsCommand(logStreamInput));
+      logGroups.push(...(logGroupsDescribe?.logGroups || []));
+    }
+
+    CloudRunnerLogger.log(`Log Groups ${logGroups.length}`);
+    for (const element of logGroups) {
+      if (element.creationTime === undefined) {
+        CloudRunnerLogger.log(`Skipping ${element.logGroupName} no createdAt date`);
+        continue;
+      }
+      const ageDate: Date = new Date(Date.now() - element.creationTime);
+
+      CloudRunnerLogger.log(
+        `Task Stack ${element.logGroupName} - Age D${Math.floor(
+          ageDate.getHours() / 24,
+        )} H${ageDate.getHours()} M${ageDate.getMinutes()}`,
+      );
+      result.push(element);
+    }
+
+    return result;
+  }
+  public static async getLocks() {
+    process.env.AWS_REGION = Input.region;
+    if (CloudRunner.buildParameters.storageProvider === 'rclone') {
+      const objects = await (SharedWorkspaceLocking as any).listObjects('');
+
+      return objects.map((x: string) => ({ Key: x }));
+    }
+    const s3 = AwsClientFactory.getS3();
+    const listRequest = {
+      Bucket: CloudRunner.buildParameters.awsStackName,
+    };
+
+    const results = await s3.send(new ListObjectsCommand(listRequest));
+
+    return results.Contents || [];
+  }
+}

src/model/cloud-runner/providers/docker/index.ts

@@ -0,0 +1,163 @@
+import BuildParameters from '../../../build-parameters';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { ProviderInterface } from '../provider-interface';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import Docker from '../../../docker';
+import { Action } from '../../..';
+import { writeFileSync } from 'node:fs';
+import CloudRunner from '../../cloud-runner';
+import { ProviderResource } from '../provider-resource';
+import { ProviderWorkflow } from '../provider-workflow';
+import { CloudRunnerSystem } from '../../services/core/cloud-runner-system';
+import * as fs from 'node:fs';
+import { CommandHookService } from '../../services/hooks/command-hook-service';
+import { StringKeyValuePair } from '../../../shared-types';
+
+class LocalDockerCloudRunner implements ProviderInterface {
+  public buildParameters!: BuildParameters;
+
+  listResources(): Promise<ProviderResource[]> {
+    return new Promise((resolve) => resolve([]));
+  }
+  listWorkflow(): Promise<ProviderWorkflow[]> {
+    throw new Error('Method not implemented.');
+  }
+  watchWorkflow(): Promise<string> {
+    throw new Error('Method not implemented.');
+  }
+  garbageCollect(
+    // eslint-disable-next-line no-unused-vars
+    filter: string,
+    // eslint-disable-next-line no-unused-vars
+    previewOnly: boolean,
+    // eslint-disable-next-line no-unused-vars
+    olderThan: Number,
+    // eslint-disable-next-line no-unused-vars
+    fullCache: boolean,
+    // eslint-disable-next-line no-unused-vars
+    baseDependencies: boolean,
+  ): Promise<string> {
+    return new Promise((result) => result(``));
+  }
+  async cleanupWorkflow(
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {
+    const { workspace } = Action;
+    if (
+      fs.existsSync(
+        `${workspace}/cloud-runner-cache/cache/build/build-${buildParameters.buildGuid}.tar${
+          CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+        }`,
+      )
+    ) {
+      await CloudRunnerSystem.Run(`ls ${workspace}/cloud-runner-cache/cache/build/`);
+      await CloudRunnerSystem.Run(
+        `rm -r ${workspace}/cloud-runner-cache/cache/build/build-${buildParameters.buildGuid}.tar${
+          CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+        }`,
+      );
+    }
+  }
+  setupWorkflow(
+    buildGuid: string,
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {
+    this.buildParameters = buildParameters;
+  }
+
+  public async runTaskInWorkflow(
+    buildGuid: string,
+    image: string,
+    commands: string,
+    mountdir: string,
+    workingdir: string,
+    environment: CloudRunnerEnvironmentVariable[],
+    secrets: CloudRunnerSecret[],
+  ): Promise<string> {
+    CloudRunnerLogger.log(buildGuid);
+    CloudRunnerLogger.log(commands);
+
+    const { workspace, actionFolder } = Action;
+    const content: StringKeyValuePair[] = [];
+    for (const x of secrets) {
+      content.push({ name: x.EnvironmentVariable, value: x.ParameterValue });
+    }
+    for (const x of environment) {
+      content.push({ name: x.name, value: x.value });
+    }
+
+    // if (this.buildParameters?.cloudRunnerIntegrationTests) {
+    //   core.info(JSON.stringify(content, undefined, 4));
+    //   core.info(JSON.stringify(secrets, undefined, 4));
+    //   core.info(JSON.stringify(environment, undefined, 4));
+    // }
+
+    // eslint-disable-next-line unicorn/no-for-loop
+    for (let index = 0; index < content.length; index++) {
+      if (content[index] === undefined) {
+        delete content[index];
+      }
+    }
+    let myOutput = '';
+    const sharedFolder = `/data/`;
+
+    // core.info(JSON.stringify({ workspace, actionFolder, ...this.buildParameters, ...content }, undefined, 4));
+    const entrypointFilePath = `start.sh`;
+    const fileContents = `#!/bin/bash
+set -e
+
+mkdir -p /github/workspace/cloud-runner-cache
+mkdir -p /data/cache
+cp -a /github/workspace/cloud-runner-cache/. ${sharedFolder}
+${CommandHookService.ApplyHooksToCommands(commands, this.buildParameters)}
+cp -a ${sharedFolder}. /github/workspace/cloud-runner-cache/
+`;
+    writeFileSync(`${workspace}/${entrypointFilePath}`, fileContents, {
+      flag: 'w',
+    });
+
+    if (CloudRunner.buildParameters.cloudRunnerDebug) {
+      CloudRunnerLogger.log(`Running local-docker: \n ${fileContents}`);
+    }
+
+    if (fs.existsSync(`${workspace}/cloud-runner-cache`)) {
+      await CloudRunnerSystem.Run(`ls ${workspace}/cloud-runner-cache && du -sh ${workspace}/cloud-runner-cache`);
+    }
+    const exitCode = await Docker.run(
+      image,
+      { workspace, actionFolder, ...this.buildParameters },
+      false,
+      `chmod +x /github/workspace/${entrypointFilePath} && /github/workspace/${entrypointFilePath}`,
+      content,
+      {
+        listeners: {
+          stdout: (data: Buffer) => {
+            myOutput += data.toString();
+          },
+          stderr: (data: Buffer) => {
+            myOutput += `[LOCAL-DOCKER-ERROR]${data.toString()}`;
+          },
+        },
+      },
+      true,
+    );
+
+    // Docker doesn't exit on fail now so adding this to ensure behavior is unchanged
+    // TODO: Is there a helpful way to consume the exit code or is it best to except
+    if (exitCode !== 0) {
+      throw new Error(`Build failed with exit code ${exitCode}`);
+    }
+
+    return myOutput;
+  }
+}
+export default LocalDockerCloudRunner;

src/model/cloud-runner/providers/k8s/index.ts

@@ -0,0 +1,337 @@
+import * as k8s from '@kubernetes/client-node';
+import { BuildParameters } from '../../..';
+import * as core from '@actions/core';
+import { ProviderInterface } from '../provider-interface';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import KubernetesStorage from './kubernetes-storage';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import KubernetesTaskRunner from './kubernetes-task-runner';
+import KubernetesSecret from './kubernetes-secret';
+import KubernetesJobSpecFactory from './kubernetes-job-spec-factory';
+import KubernetesServiceAccount from './kubernetes-service-account';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { CoreV1Api } from '@kubernetes/client-node';
+import CloudRunner from '../../cloud-runner';
+import { ProviderResource } from '../provider-resource';
+import { ProviderWorkflow } from '../provider-workflow';
+import { RemoteClientLogger } from '../../remote-client/remote-client-logger';
+import { KubernetesRole } from './kubernetes-role';
+import { CloudRunnerSystem } from '../../services/core/cloud-runner-system';
+
+class Kubernetes implements ProviderInterface {
+  public static Instance: Kubernetes;
+  public kubeConfig!: k8s.KubeConfig;
+  public kubeClient!: k8s.CoreV1Api;
+  public kubeClientApps!: k8s.AppsV1Api;
+  public kubeClientBatch!: k8s.BatchV1Api;
+  public rbacAuthorizationV1Api!: k8s.RbacAuthorizationV1Api;
+  public buildGuid: string = '';
+  public buildParameters!: BuildParameters;
+  public pvcName: string = '';
+  public secretName: string = '';
+  public jobName: string = '';
+  public namespace!: string;
+  public podName: string = '';
+  public containerName: string = '';
+  public cleanupCronJobName: string = '';
+  public serviceAccountName: string = '';
+  public ip: string = '';
+
+  // eslint-disable-next-line no-unused-vars
+  constructor(buildParameters: BuildParameters) {
+    Kubernetes.Instance = this;
+    this.kubeConfig = new k8s.KubeConfig();
+    this.kubeConfig.loadFromDefault();
+    this.kubeClient = this.kubeConfig.makeApiClient(k8s.CoreV1Api);
+    this.kubeClientApps = this.kubeConfig.makeApiClient(k8s.AppsV1Api);
+    this.kubeClientBatch = this.kubeConfig.makeApiClient(k8s.BatchV1Api);
+    this.rbacAuthorizationV1Api = this.kubeConfig.makeApiClient(k8s.RbacAuthorizationV1Api);
+    this.namespace = 'default';
+    CloudRunnerLogger.log('Loaded default Kubernetes configuration for this environment');
+  }
+
+  async PushLogUpdate(logs: string) {
+    // push logs to nginx file server via 'LOG_SERVICE_IP' env var
+    const ip = process.env[`LOG_SERVICE_IP`];
+    if (ip === undefined) {
+      RemoteClientLogger.logWarning(`LOG_SERVICE_IP not set, skipping log push`);
+
+      return;
+    }
+    const url = `http://${ip}/api/log`;
+    RemoteClientLogger.log(`Pushing logs to ${url}`);
+
+    // logs to base64
+    logs = Buffer.from(logs).toString('base64');
+    const response = await CloudRunnerSystem.Run(`curl -X POST -d "${logs}" ${url}`, false, true);
+    RemoteClientLogger.log(`Pushed logs to ${url} ${response}`);
+  }
+
+  async listResources(): Promise<ProviderResource[]> {
+    const pods = await this.kubeClient.listNamespacedPod(this.namespace);
+    const serviceAccounts = await this.kubeClient.listNamespacedServiceAccount(this.namespace);
+    const secrets = await this.kubeClient.listNamespacedSecret(this.namespace);
+    const jobs = await this.kubeClientBatch.listNamespacedJob(this.namespace);
+
+    return [
+      ...pods.body.items.map((x) => {
+        return { Name: x.metadata?.name || `` };
+      }),
+      ...serviceAccounts.body.items.map((x) => {
+        return { Name: x.metadata?.name || `` };
+      }),
+      ...secrets.body.items.map((x) => {
+        return { Name: x.metadata?.name || `` };
+      }),
+      ...jobs.body.items.map((x) => {
+        return { Name: x.metadata?.name || `` };
+      }),
+    ];
+  }
+  listWorkflow(): Promise<ProviderWorkflow[]> {
+    throw new Error('Method not implemented.');
+  }
+  watchWorkflow(): Promise<string> {
+    throw new Error('Method not implemented.');
+  }
+  garbageCollect(
+    // eslint-disable-next-line no-unused-vars
+    filter: string,
+    // eslint-disable-next-line no-unused-vars
+    previewOnly: boolean,
+    // eslint-disable-next-line no-unused-vars
+    olderThan: Number,
+    // eslint-disable-next-line no-unused-vars
+    fullCache: boolean,
+    // eslint-disable-next-line no-unused-vars
+    baseDependencies: boolean,
+  ): Promise<string> {
+    return new Promise((result) => result(``));
+  }
+  public async setupWorkflow(
+    buildGuid: string,
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {
+    try {
+      this.buildParameters = buildParameters;
+      this.cleanupCronJobName = `unity-builder-cronjob-${buildParameters.buildGuid}`;
+      this.serviceAccountName = `service-account-${buildParameters.buildGuid}`;
+
+      await KubernetesServiceAccount.createServiceAccount(this.serviceAccountName, this.namespace, this.kubeClient);
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  async runTaskInWorkflow(
+    buildGuid: string,
+    image: string,
+    commands: string,
+    mountdir: string,
+    workingdir: string,
+    environment: CloudRunnerEnvironmentVariable[],
+    secrets: CloudRunnerSecret[],
+  ): Promise<string> {
+    try {
+      CloudRunnerLogger.log('Cloud Runner K8s workflow!');
+
+      // Setup
+      const id =
+        BuildParameters && BuildParameters.shouldUseRetainedWorkspaceMode(this.buildParameters)
+          ? CloudRunner.lockedWorkspace
+          : this.buildParameters.buildGuid;
+      this.pvcName = `unity-builder-pvc-${id}`;
+      await KubernetesStorage.createPersistentVolumeClaim(
+        this.buildParameters,
+        this.pvcName,
+        this.kubeClient,
+        this.namespace,
+      );
+      this.buildGuid = buildGuid;
+      this.secretName = `build-credentials-${this.buildGuid}`;
+      this.jobName = `unity-builder-job-${this.buildGuid}`;
+      this.containerName = `main`;
+      await KubernetesSecret.createSecret(secrets, this.secretName, this.namespace, this.kubeClient);
+      let output = '';
+      try {
+        CloudRunnerLogger.log('Job does not exist');
+        await this.createJob(commands, image, mountdir, workingdir, environment, secrets);
+        CloudRunnerLogger.log('Watching pod until running');
+        await KubernetesTaskRunner.watchUntilPodRunning(this.kubeClient, this.podName, this.namespace);
+
+        CloudRunnerLogger.log('Pod is running');
+        output += await KubernetesTaskRunner.runTask(
+          this.kubeConfig,
+          this.kubeClient,
+          this.jobName,
+          this.podName,
+          this.containerName,
+          this.namespace,
+        );
+      } catch (error: any) {
+        CloudRunnerLogger.log(`error running k8s workflow ${error}`);
+        await new Promise((resolve) => setTimeout(resolve, 3000));
+        CloudRunnerLogger.log(
+          JSON.stringify(
+            (await this.kubeClient.listNamespacedEvent(this.namespace)).body.items
+              .map((x) => {
+                return {
+                  message: x.message || ``,
+                  name: x.metadata.name || ``,
+                  reason: x.reason || ``,
+                };
+              })
+              .filter((x) => x.name.includes(this.podName)),
+            undefined,
+            4,
+          ),
+        );
+        await this.cleanupTaskResources();
+        throw error;
+      }
+
+      await this.cleanupTaskResources();
+
+      return output;
+    } catch (error) {
+      CloudRunnerLogger.log('Running job failed');
+      core.error(JSON.stringify(error, undefined, 4));
+
+      // await this.cleanupTaskResources();
+      throw error;
+    }
+  }
+
+  private async createJob(
+    commands: string,
+    image: string,
+    mountdir: string,
+    workingdir: string,
+    environment: CloudRunnerEnvironmentVariable[],
+    secrets: CloudRunnerSecret[],
+  ) {
+    await this.createNamespacedJob(commands, image, mountdir, workingdir, environment, secrets);
+    const find = await Kubernetes.findPodFromJob(this.kubeClient, this.jobName, this.namespace);
+    this.setPodNameAndContainerName(find);
+  }
+
+  private async doesJobExist(name: string) {
+    const jobs = await this.kubeClientBatch.listNamespacedJob(this.namespace);
+
+    return jobs.body.items.some((x) => x.metadata?.name === name);
+  }
+
+  private async doesFailedJobExist() {
+    const podStatus = await this.kubeClient.readNamespacedPodStatus(this.podName, this.namespace);
+
+    return podStatus.body.status?.phase === `Failed`;
+  }
+
+  private async createNamespacedJob(
+    commands: string,
+    image: string,
+    mountdir: string,
+    workingdir: string,
+    environment: CloudRunnerEnvironmentVariable[],
+    secrets: CloudRunnerSecret[],
+  ) {
+    for (let index = 0; index < 3; index++) {
+      try {
+        const jobSpec = KubernetesJobSpecFactory.getJobSpec(
+          commands,
+          image,
+          mountdir,
+          workingdir,
+          environment,
+          secrets,
+          this.buildGuid,
+          this.buildParameters,
+          this.secretName,
+          this.pvcName,
+          this.jobName,
+          k8s,
+          this.containerName,
+          this.ip,
+        );
+        await new Promise((promise) => setTimeout(promise, 15000));
+
+        // await KubernetesRole.createRole(this.serviceAccountName, this.namespace, this.rbacAuthorizationV1Api);
+
+        const result = await this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec);
+        CloudRunnerLogger.log(`Build job created`);
+        await new Promise((promise) => setTimeout(promise, 5000));
+        CloudRunnerLogger.log('Job created');
+
+        return result.body.metadata?.name;
+      } catch (error) {
+        CloudRunnerLogger.log(`Error occured creating job: ${error}`);
+        throw error;
+      }
+    }
+  }
+
+  setPodNameAndContainerName(pod: k8s.V1Pod) {
+    this.podName = pod.metadata?.name || '';
+    this.containerName = pod.status?.containerStatuses?.[0].name || this.containerName;
+  }
+
+  async cleanupTaskResources() {
+    CloudRunnerLogger.log('cleaning up');
+    try {
+      await this.kubeClientBatch.deleteNamespacedJob(this.jobName, this.namespace);
+      await this.kubeClient.deleteNamespacedPod(this.podName, this.namespace);
+      await KubernetesRole.deleteRole(this.serviceAccountName, this.namespace, this.rbacAuthorizationV1Api);
+    } catch (error: any) {
+      CloudRunnerLogger.log(`Failed to cleanup`);
+      if (error.response.body.reason !== `NotFound`) {
+        CloudRunnerLogger.log(`Wasn't a not found error: ${error.response.body.reason}`);
+        throw error;
+      }
+    }
+    try {
+      await this.kubeClient.deleteNamespacedSecret(this.secretName, this.namespace);
+    } catch (error: any) {
+      CloudRunnerLogger.log(`Failed to cleanup secret`);
+      CloudRunnerLogger.log(error.response.body.reason);
+    }
+    CloudRunnerLogger.log('cleaned up Secret, Job and Pod');
+    CloudRunnerLogger.log('cleaning up finished');
+  }
+
+  async cleanupWorkflow(
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {
+    if (BuildParameters && BuildParameters.shouldUseRetainedWorkspaceMode(buildParameters)) {
+      return;
+    }
+    CloudRunnerLogger.log(`deleting PVC`);
+
+    try {
+      await this.kubeClient.deleteNamespacedPersistentVolumeClaim(this.pvcName, this.namespace);
+      await this.kubeClient.deleteNamespacedServiceAccount(this.serviceAccountName, this.namespace);
+      CloudRunnerLogger.log('cleaned up PVC and Service Account');
+    } catch (error: any) {
+      CloudRunnerLogger.log(`Cleanup failed ${JSON.stringify(error, undefined, 4)}`);
+      throw error;
+    }
+  }
+
+  static async findPodFromJob(kubeClient: CoreV1Api, jobName: string, namespace: string) {
+    const namespacedPods = await kubeClient.listNamespacedPod(namespace);
+    const pod = namespacedPods.body.items.find((x) => x.metadata?.labels?.['job-name'] === jobName);
+    if (pod === undefined) {
+      throw new Error("pod with job-name label doesn't exist");
+    }
+
+    return pod;
+  }
+}
+export default Kubernetes;

src/model/cloud-runner/providers/k8s/kubernetes-job-spec-factory.ts

@@ -0,0 +1,151 @@
+import { V1EnvVar, V1EnvVarSource, V1SecretKeySelector } from '@kubernetes/client-node';
+import BuildParameters from '../../../build-parameters';
+import { CommandHookService } from '../../services/hooks/command-hook-service';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import CloudRunner from '../../cloud-runner';
+
+class KubernetesJobSpecFactory {
+  static getJobSpec(
+    command: string,
+    image: string,
+    mountdir: string,
+    workingDirectory: string,
+    environment: CloudRunnerEnvironmentVariable[],
+    secrets: CloudRunnerSecret[],
+    buildGuid: string,
+    buildParameters: BuildParameters,
+    secretName: string,
+    pvcName: string,
+    jobName: string,
+    k8s: any,
+    containerName: string,
+    ip: string = '',
+  ) {
+    const endpointEnvNames = new Set([
+      'AWS_S3_ENDPOINT',
+      'AWS_ENDPOINT',
+      'AWS_CLOUD_FORMATION_ENDPOINT',
+      'AWS_ECS_ENDPOINT',
+      'AWS_KINESIS_ENDPOINT',
+      'AWS_CLOUD_WATCH_LOGS_ENDPOINT',
+      'INPUT_AWSS3ENDPOINT',
+      'INPUT_AWSENDPOINT',
+    ]);
+    const adjustedEnvironment = environment.map((x) => {
+      let value = x.value;
+      if (
+        typeof value === 'string' &&
+        endpointEnvNames.has(x.name) &&
+        (value.startsWith('http://localhost') || value.startsWith('http://127.0.0.1'))
+      ) {
+        value = value
+          .replace('http://localhost', 'http://host.k3d.internal')
+          .replace('http://127.0.0.1', 'http://host.k3d.internal');
+      }
+      return { name: x.name, value } as CloudRunnerEnvironmentVariable;
+    });
+
+    const job = new k8s.V1Job();
+    job.apiVersion = 'batch/v1';
+    job.kind = 'Job';
+    job.metadata = {
+      name: jobName,
+      labels: {
+        app: 'unity-builder',
+        buildGuid,
+      },
+    };
+    job.spec = {
+      ttlSecondsAfterFinished: 9999,
+      backoffLimit: 0,
+      template: {
+        spec: {
+          volumes: [
+            {
+              name: 'build-mount',
+              persistentVolumeClaim: {
+                claimName: pvcName,
+              },
+            },
+          ],
+          containers: [
+            {
+              ttlSecondsAfterFinished: 9999,
+              name: containerName,
+              image,
+              command: ['/bin/sh'],
+              args: [
+                '-c',
+                `${CommandHookService.ApplyHooksToCommands(`${command}\nsleep 2m`, CloudRunner.buildParameters)}`,
+              ],
+
+              workingDir: `${workingDirectory}`,
+              resources: {
+                requests: {
+                  memory: `${Number.parseInt(buildParameters.containerMemory) / 1024}G` || '750M',
+                  cpu: Number.parseInt(buildParameters.containerCpu) / 1024 || '1',
+                },
+              },
+              env: [
+                ...adjustedEnvironment.map((x) => {
+                  const environmentVariable = new V1EnvVar();
+                  environmentVariable.name = x.name;
+                  environmentVariable.value = x.value;
+
+                  return environmentVariable;
+                }),
+                ...secrets.map((x) => {
+                  const secret = new V1EnvVarSource();
+                  secret.secretKeyRef = new V1SecretKeySelector();
+                  secret.secretKeyRef.key = x.ParameterKey;
+                  secret.secretKeyRef.name = secretName;
+                  const environmentVariable = new V1EnvVar();
+                  environmentVariable.name = x.EnvironmentVariable;
+                  environmentVariable.valueFrom = secret;
+
+                  return environmentVariable;
+                }),
+                { name: 'LOG_SERVICE_IP', value: ip },
+              ],
+              volumeMounts: [
+                {
+                  name: 'build-mount',
+                  mountPath: `${mountdir}`,
+                },
+              ],
+              lifecycle: {
+                preStop: {
+                  exec: {
+                    command: [
+                      `wait 60s;
+                      cd /data/builder/action/steps;
+                      chmod +x /return_license.sh;
+                      /return_license.sh;`,
+                    ],
+                  },
+                },
+              },
+            },
+          ],
+          restartPolicy: 'Never',
+        },
+      },
+    };
+
+    if (process.env['CLOUD_RUNNER_MINIKUBE']) {
+      job.spec.template.spec.volumes[0] = {
+        name: 'build-mount',
+        hostPath: {
+          path: `/data`,
+          type: `Directory`,
+        },
+      };
+    }
+
+    job.spec.template.spec.containers[0].resources.requests[`ephemeral-storage`] = '10Gi';
+
+    return job;
+  }
+}
+export default KubernetesJobSpecFactory;

src/model/cloud-runner/providers/k8s/kubernetes-pods.ts

@@ -0,0 +1,23 @@
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { CoreV1Api } from '@kubernetes/client-node';
+class KubernetesPods {
+  public static async IsPodRunning(podName: string, namespace: string, kubeClient: CoreV1Api) {
+    const pods = (await kubeClient.listNamespacedPod(namespace)).body.items.filter((x) => podName === x.metadata?.name);
+    const running = pods.length > 0 && (pods[0].status?.phase === `Running` || pods[0].status?.phase === `Pending`);
+    const phase = pods[0]?.status?.phase || 'undefined status';
+    CloudRunnerLogger.log(`Getting pod status: ${phase}`);
+    if (phase === `Failed`) {
+      throw new Error(`K8s pod failed`);
+    }
+
+    return running;
+  }
+  public static async GetPodStatus(podName: string, namespace: string, kubeClient: CoreV1Api) {
+    const pods = (await kubeClient.listNamespacedPod(namespace)).body.items.find((x) => podName === x.metadata?.name);
+    const phase = pods?.status?.phase || 'undefined status';
+
+    return phase;
+  }
+}
+
+export default KubernetesPods;

src/model/cloud-runner/providers/k8s/kubernetes-role.ts

@@ -0,0 +1,53 @@
+import { RbacAuthorizationV1Api } from '@kubernetes/client-node';
+
+class KubernetesRole {
+  static async createRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {
+    // create admin kubernetes role and role binding
+    const roleBinding = {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'RoleBinding',
+      metadata: {
+        name: `${serviceAccountName}-admin`,
+        namespace,
+      },
+      subjects: [
+        {
+          kind: 'ServiceAccount',
+          name: serviceAccountName,
+          namespace,
+        },
+      ],
+      roleRef: {
+        apiGroup: 'rbac.authorization.k8s.io',
+        kind: 'Role',
+        name: `${serviceAccountName}-admin`,
+      },
+    };
+
+    const role = {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'Role',
+      metadata: {
+        name: `${serviceAccountName}-admin`,
+        namespace,
+      },
+      rules: [
+        {
+          apiGroups: ['*'],
+          resources: ['*'],
+          verbs: ['*'],
+        },
+      ],
+    };
+    const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding);
+    const roleResponse = await rbac.createNamespacedRole(namespace, role);
+
+    return { roleBindingResponse, roleResponse };
+  }
+
+  public static async deleteRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {
+    await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace);
+    await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace);
+  }
+}
+export { KubernetesRole };

src/model/cloud-runner/providers/k8s/kubernetes-secret.ts

@@ -0,0 +1,45 @@
+import { CoreV1Api } from '@kubernetes/client-node';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import * as k8s from '@kubernetes/client-node';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import * as base64 from 'base-64';
+
+class KubernetesSecret {
+  static async createSecret(
+    secrets: CloudRunnerSecret[],
+    secretName: string,
+    namespace: string,
+    kubeClient: CoreV1Api,
+  ) {
+    try {
+      const secret = new k8s.V1Secret();
+      secret.apiVersion = 'v1';
+      secret.kind = 'Secret';
+      secret.type = 'Opaque';
+      secret.metadata = {
+        name: secretName,
+      };
+      secret.data = {};
+      for (const buildSecret of secrets) {
+        secret.data[buildSecret.ParameterKey] = base64.encode(buildSecret.ParameterValue);
+      }
+      CloudRunnerLogger.log(`Creating secret: ${secretName}`);
+      const existingSecrets = await kubeClient.listNamespacedSecret(namespace);
+      const mappedSecrets = existingSecrets.body.items.map((x) => {
+        return x.metadata?.name || `no name`;
+      });
+
+      CloudRunnerLogger.log(
+        `ExistsAlready: ${mappedSecrets.includes(secretName)} SecretsCount: ${mappedSecrets.length}`,
+      );
+      await new Promise((promise) => setTimeout(promise, 15000));
+      await kubeClient.createNamespacedSecret(namespace, secret);
+      CloudRunnerLogger.log('Created secret');
+    } catch (error) {
+      CloudRunnerLogger.log(`Created secret failed ${error}`);
+      throw new Error(`Failed to create kubernetes secret`);
+    }
+  }
+}
+
+export default KubernetesSecret;

src/model/cloud-runner/providers/k8s/kubernetes-service-account.ts

@@ -0,0 +1,18 @@
+import { CoreV1Api } from '@kubernetes/client-node';
+import * as k8s from '@kubernetes/client-node';
+
+class KubernetesServiceAccount {
+  static async createServiceAccount(serviceAccountName: string, namespace: string, kubeClient: CoreV1Api) {
+    const serviceAccount = new k8s.V1ServiceAccount();
+    serviceAccount.apiVersion = 'v1';
+    serviceAccount.kind = 'ServiceAccount';
+    serviceAccount.metadata = {
+      name: serviceAccountName,
+    };
+    serviceAccount.automountServiceAccountToken = true;
+
+    return kubeClient.createNamespacedServiceAccount(namespace, serviceAccount);
+  }
+}
+
+export default KubernetesServiceAccount;

src/model/cloud-runner/providers/k8s/kubernetes-storage.ts

@@ -0,0 +1,116 @@
+import { waitUntil } from 'async-wait-until';
+import * as core from '@actions/core';
+import * as k8s from '@kubernetes/client-node';
+import BuildParameters from '../../../build-parameters';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { IncomingMessage } from 'node:http';
+import GitHub from '../../../github';
+
+class KubernetesStorage {
+  public static async createPersistentVolumeClaim(
+    buildParameters: BuildParameters,
+    pvcName: string,
+    kubeClient: k8s.CoreV1Api,
+    namespace: string,
+  ) {
+    if (buildParameters.kubeVolume !== ``) {
+      CloudRunnerLogger.log(`Kube Volume was input was set ${buildParameters.kubeVolume} overriding ${pvcName}`);
+      pvcName = buildParameters.kubeVolume;
+
+      return;
+    }
+    const allPvc = (await kubeClient.listNamespacedPersistentVolumeClaim(namespace)).body.items;
+    const pvcList = allPvc.map((x) => x.metadata?.name);
+    CloudRunnerLogger.log(`Current PVCs in namespace ${namespace}`);
+    CloudRunnerLogger.log(JSON.stringify(pvcList, undefined, 4));
+    if (pvcList.includes(pvcName)) {
+      CloudRunnerLogger.log(`pvc ${pvcName} already exists`);
+      if (GitHub.githubInputEnabled) {
+        core.setOutput('volume', pvcName);
+      }
+
+      return;
+    }
+    CloudRunnerLogger.log(`Creating PVC ${pvcName} (does not exist)`);
+    const result = await KubernetesStorage.createPVC(pvcName, buildParameters, kubeClient, namespace);
+    await KubernetesStorage.handleResult(result, kubeClient, namespace, pvcName);
+  }
+
+  public static async getPVCPhase(kubeClient: k8s.CoreV1Api, name: string, namespace: string) {
+    try {
+      return (await kubeClient.readNamespacedPersistentVolumeClaim(name, namespace)).body.status?.phase;
+    } catch (error) {
+      core.error('Failed to get PVC phase');
+      core.error(JSON.stringify(error, undefined, 4));
+      throw error;
+    }
+  }
+
+  public static async watchUntilPVCNotPending(kubeClient: k8s.CoreV1Api, name: string, namespace: string) {
+    try {
+      CloudRunnerLogger.log(`watch Until PVC Not Pending ${name} ${namespace}`);
+      CloudRunnerLogger.log(`${await this.getPVCPhase(kubeClient, name, namespace)}`);
+      await waitUntil(
+        async () => {
+          return (await this.getPVCPhase(kubeClient, name, namespace)) === 'Pending';
+        },
+        {
+          timeout: 750000,
+          intervalBetweenAttempts: 15000,
+        },
+      );
+    } catch (error: any) {
+      core.error('Failed to watch PVC');
+      core.error(error.toString());
+      core.error(
+        `PVC Body: ${JSON.stringify(
+          (await kubeClient.readNamespacedPersistentVolumeClaim(name, namespace)).body,
+          undefined,
+          4,
+        )}`,
+      );
+      throw error;
+    }
+  }
+
+  private static async createPVC(
+    pvcName: string,
+    buildParameters: BuildParameters,
+    kubeClient: k8s.CoreV1Api,
+    namespace: string,
+  ) {
+    const pvc = new k8s.V1PersistentVolumeClaim();
+    pvc.apiVersion = 'v1';
+    pvc.kind = 'PersistentVolumeClaim';
+    pvc.metadata = {
+      name: pvcName,
+    };
+    pvc.spec = {
+      accessModes: ['ReadWriteOnce'],
+      storageClassName: buildParameters.kubeStorageClass === '' ? 'standard' : buildParameters.kubeStorageClass,
+      resources: {
+        requests: {
+          storage: buildParameters.kubeVolumeSize,
+        },
+      },
+    };
+    const result = await kubeClient.createNamespacedPersistentVolumeClaim(namespace, pvc);
+
+    return result;
+  }
+
+  private static async handleResult(
+    result: { response: IncomingMessage; body: k8s.V1PersistentVolumeClaim },
+    kubeClient: k8s.CoreV1Api,
+    namespace: string,
+    pvcName: string,
+  ) {
+    const name = result.body.metadata?.name || '';
+    CloudRunnerLogger.log(`PVC ${name} created`);
+    await this.watchUntilPVCNotPending(kubeClient, name, namespace);
+    CloudRunnerLogger.log(`PVC ${name} is ready and not pending`);
+    core.setOutput('volume', pvcName);
+  }
+}
+
+export default KubernetesStorage;

src/model/cloud-runner/providers/k8s/kubernetes-task-runner.ts

@@ -0,0 +1,119 @@
+import { CoreV1Api, KubeConfig } from '@kubernetes/client-node';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { waitUntil } from 'async-wait-until';
+import { CloudRunnerSystem } from '../../services/core/cloud-runner-system';
+import CloudRunner from '../../cloud-runner';
+import KubernetesPods from './kubernetes-pods';
+import { FollowLogStreamService } from '../../services/core/follow-log-stream-service';
+
+class KubernetesTaskRunner {
+  static readonly maxRetry: number = 3;
+  static lastReceivedMessage: string = ``;
+
+  static async runTask(
+    kubeConfig: KubeConfig,
+    kubeClient: CoreV1Api,
+    jobName: string,
+    podName: string,
+    containerName: string,
+    namespace: string,
+  ) {
+    let output = '';
+    let shouldReadLogs = true;
+    let shouldCleanup = true;
+    let retriesAfterFinish = 0;
+    // eslint-disable-next-line no-constant-condition
+    while (true) {
+      await new Promise((resolve) => setTimeout(resolve, 3000));
+      CloudRunnerLogger.log(
+        `Streaming logs from pod: ${podName} container: ${containerName} namespace: ${namespace} ${CloudRunner.buildParameters.kubeVolumeSize}/${CloudRunner.buildParameters.containerCpu}/${CloudRunner.buildParameters.containerMemory}`,
+      );
+      let extraFlags = ``;
+      extraFlags += (await KubernetesPods.IsPodRunning(podName, namespace, kubeClient))
+        ? ` -f -c ${containerName}`
+        : ` --previous`;
+
+      const callback = (outputChunk: string) => {
+        output += outputChunk;
+
+        // split output chunk and handle per line
+        for (const chunk of outputChunk.split(`\n`)) {
+          ({ shouldReadLogs, shouldCleanup, output } = FollowLogStreamService.handleIteration(
+            chunk,
+            shouldReadLogs,
+            shouldCleanup,
+            output,
+          ));
+        }
+      };
+      try {
+        await CloudRunnerSystem.Run(`kubectl logs ${podName}${extraFlags}`, false, true, callback);
+      } catch (error: any) {
+        await new Promise((resolve) => setTimeout(resolve, 3000));
+        const continueStreaming = await KubernetesPods.IsPodRunning(podName, namespace, kubeClient);
+        CloudRunnerLogger.log(`K8s logging error ${error} ${continueStreaming}`);
+        if (continueStreaming) {
+          continue;
+        }
+        if (retriesAfterFinish < KubernetesTaskRunner.maxRetry) {
+          retriesAfterFinish++;
+
+          continue;
+        }
+        throw error;
+      }
+      if (FollowLogStreamService.DidReceiveEndOfTransmission) {
+        CloudRunnerLogger.log('end of log stream');
+        break;
+      }
+    }
+
+    return output;
+  }
+
+  static async watchUntilPodRunning(kubeClient: CoreV1Api, podName: string, namespace: string) {
+    let waitComplete: boolean = false;
+    let message = ``;
+    CloudRunnerLogger.log(`Watching ${podName} ${namespace}`);
+    await waitUntil(
+      async () => {
+        const status = await kubeClient.readNamespacedPodStatus(podName, namespace);
+        const phase = status?.body.status?.phase;
+        waitComplete = phase !== 'Pending';
+        message = `Phase:${status.body.status?.phase} \n Reason:${
+          status.body.status?.conditions?.[0].reason || ''
+        } \n Message:${status.body.status?.conditions?.[0].message || ''}`;
+
+        // CloudRunnerLogger.log(
+        //   JSON.stringify(
+        //     (await kubeClient.listNamespacedEvent(namespace)).body.items
+        //       .map((x) => {
+        //         return {
+        //           message: x.message || ``,
+        //           name: x.metadata.name || ``,
+        //           reason: x.reason || ``,
+        //         };
+        //       })
+        //       .filter((x) => x.name.includes(podName)),
+        //     undefined,
+        //     4,
+        //   ),
+        // );
+        if (waitComplete || phase !== 'Pending') return true;
+
+        return false;
+      },
+      {
+        timeout: 2000000,
+        intervalBetweenAttempts: 15000,
+      },
+    );
+    if (!waitComplete) {
+      CloudRunnerLogger.log(message);
+    }
+
+    return waitComplete;
+  }
+}
+
+export default KubernetesTaskRunner;

src/model/cloud-runner/providers/local/index.ts

@@ -0,0 +1,109 @@
+import BuildParameters from '../../../build-parameters';
+import { CloudRunnerSystem } from '../../services/core/cloud-runner-system';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { ProviderInterface } from '../provider-interface';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import { ProviderResource } from '../provider-resource';
+import { ProviderWorkflow } from '../provider-workflow';
+
+class LocalCloudRunner implements ProviderInterface {
+  listResources(): Promise<ProviderResource[]> {
+    throw new Error('Method not implemented.');
+  }
+  listWorkflow(): Promise<ProviderWorkflow[]> {
+    throw new Error('Method not implemented.');
+  }
+  watchWorkflow(): Promise<string> {
+    throw new Error('Method not implemented.');
+  }
+  garbageCollect(
+    // eslint-disable-next-line no-unused-vars
+    filter: string,
+    // eslint-disable-next-line no-unused-vars
+    previewOnly: boolean,
+    // eslint-disable-next-line no-unused-vars
+    olderThan: Number,
+    // eslint-disable-next-line no-unused-vars
+    fullCache: boolean,
+    // eslint-disable-next-line no-unused-vars
+    baseDependencies: boolean,
+  ): Promise<string> {
+    throw new Error('Method not implemented.');
+  }
+  cleanupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {}
+  public setupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildGuid: string,
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {}
+  public async runTaskInWorkflow(
+    buildGuid: string,
+    image: string,
+    commands: string,
+    // eslint-disable-next-line no-unused-vars
+    mountdir: string,
+    // eslint-disable-next-line no-unused-vars
+    workingdir: string,
+    // eslint-disable-next-line no-unused-vars
+    environment: CloudRunnerEnvironmentVariable[],
+    // eslint-disable-next-line no-unused-vars
+    secrets: CloudRunnerSecret[],
+  ): Promise<string> {
+    CloudRunnerLogger.log(image);
+    CloudRunnerLogger.log(buildGuid);
+    CloudRunnerLogger.log(commands);
+
+    // On Windows, many built-in hooks use POSIX shell syntax. Execute via bash if available.
+    if (process.platform === 'win32') {
+      // Properly escape the command string for embedding in a double-quoted bash string.
+      // Order matters: backslashes must be escaped first to avoid double-escaping.
+      const escapeForBashDoubleQuotes = (stringValue: string): string => {
+        return stringValue
+          .replace(/\\/g, '\\\\') // Escape backslashes first
+          .replace(/\$/g, '\\$') // Escape dollar signs to prevent variable expansion
+          .replace(/`/g, '\\`') // Escape backticks to prevent command substitution
+          .replace(/"/g, '\\"'); // Escape double quotes
+      };
+
+      // Split commands by newlines and escape each line
+      const lines = commands
+        .replace(/\r/g, '')
+        .split('\n')
+        .filter((x) => x.trim().length > 0)
+        .map((line) => escapeForBashDoubleQuotes(line));
+
+      // Join with semicolons, but don't add semicolon after control flow keywords
+      // Control flow keywords that shouldn't be followed by semicolons: then, else, do, fi, done, esac
+      const controlFlowKeywords = /\b(then|else|do|fi|done|esac)\s*$/;
+      const inline = lines
+        .map((line, index) => {
+          // Don't add semicolon if this line ends with a control flow keyword
+          if (controlFlowKeywords.test(line.trim()) || index === lines.length - 1) {
+            return line;
+          }
+
+          return `${line} ;`;
+        })
+        .join(' ');
+      const bashWrapped = `bash -lc "${inline}"`;
+
+      return await CloudRunnerSystem.Run(bashWrapped);
+    }
+
+    return await CloudRunnerSystem.Run(commands);
+  }
+}
+export default LocalCloudRunner;

src/model/cloud-runner/providers/provider-git-manager.ts

@@ -0,0 +1,278 @@
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import * as fs from 'fs';
+import path from 'path';
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import { GitHubUrlInfo, generateCacheKey } from './provider-url-parser';
+
+const execAsync = promisify(exec);
+
+export interface GitCloneResult {
+  success: boolean;
+  localPath: string;
+  error?: string;
+}
+
+export interface GitUpdateResult {
+  success: boolean;
+  updated: boolean;
+  error?: string;
+}
+
+/**
+ * Manages git operations for provider repositories
+ */
+export class ProviderGitManager {
+  private static readonly CACHE_DIR = path.join(process.cwd(), '.provider-cache');
+  private static readonly GIT_TIMEOUT = 30000; // 30 seconds
+
+  /**
+   * Ensures the cache directory exists
+   */
+  private static ensureCacheDir(): void {
+    if (!fs.existsSync(this.CACHE_DIR)) {
+      fs.mkdirSync(this.CACHE_DIR, { recursive: true });
+      CloudRunnerLogger.log(`Created provider cache directory: ${this.CACHE_DIR}`);
+    }
+  }
+
+  /**
+   * Gets the local path for a cached repository
+   * @param urlInfo GitHub URL information
+   * @returns Local path to the repository
+   */
+  private static getLocalPath(urlInfo: GitHubUrlInfo): string {
+    const cacheKey = generateCacheKey(urlInfo);
+
+    return path.join(this.CACHE_DIR, cacheKey);
+  }
+
+  /**
+   * Checks if a repository is already cloned locally
+   * @param urlInfo GitHub URL information
+   * @returns True if repository exists locally
+   */
+  private static isRepositoryCloned(urlInfo: GitHubUrlInfo): boolean {
+    const localPath = this.getLocalPath(urlInfo);
+
+    return fs.existsSync(localPath) && fs.existsSync(path.join(localPath, '.git'));
+  }
+
+  /**
+   * Clones a GitHub repository to the local cache
+   * @param urlInfo GitHub URL information
+   * @returns Clone result with success status and local path
+   */
+  static async cloneRepository(urlInfo: GitHubUrlInfo): Promise<GitCloneResult> {
+    this.ensureCacheDir();
+    const localPath = this.getLocalPath(urlInfo);
+
+    // Remove existing directory if it exists
+    if (fs.existsSync(localPath)) {
+      CloudRunnerLogger.log(`Removing existing directory: ${localPath}`);
+      fs.rmSync(localPath, { recursive: true, force: true });
+    }
+
+    try {
+      CloudRunnerLogger.log(`Cloning repository: ${urlInfo.url} to ${localPath}`);
+
+      const cloneCommand = `git clone --depth 1 --branch ${urlInfo.branch} ${urlInfo.url} "${localPath}"`;
+      CloudRunnerLogger.log(`Executing: ${cloneCommand}`);
+
+      const { stderr } = await execAsync(cloneCommand, {
+        timeout: this.GIT_TIMEOUT,
+        cwd: this.CACHE_DIR,
+      });
+
+      if (stderr && !stderr.includes('warning')) {
+        CloudRunnerLogger.log(`Git clone stderr: ${stderr}`);
+      }
+
+      CloudRunnerLogger.log(`Successfully cloned repository to: ${localPath}`);
+
+      return {
+        success: true,
+        localPath,
+      };
+    } catch (error: any) {
+      const errorMessage = `Failed to clone repository ${urlInfo.url}: ${error.message}`;
+      CloudRunnerLogger.log(`Error: ${errorMessage}`);
+
+      return {
+        success: false,
+        localPath,
+        error: errorMessage,
+      };
+    }
+  }
+
+  /**
+   * Updates a locally cloned repository
+   * @param urlInfo GitHub URL information
+   * @returns Update result with success status and whether it was updated
+   */
+  static async updateRepository(urlInfo: GitHubUrlInfo): Promise<GitUpdateResult> {
+    const localPath = this.getLocalPath(urlInfo);
+
+    if (!this.isRepositoryCloned(urlInfo)) {
+      return {
+        success: false,
+        updated: false,
+        error: 'Repository not found locally',
+      };
+    }
+
+    try {
+      CloudRunnerLogger.log(`Updating repository: ${localPath}`);
+
+      // Fetch latest changes
+      await execAsync('git fetch origin', {
+        timeout: this.GIT_TIMEOUT,
+        cwd: localPath,
+      });
+
+      // Check if there are updates
+      const { stdout: statusOutput } = await execAsync(`git status -uno`, {
+        timeout: this.GIT_TIMEOUT,
+        cwd: localPath,
+      });
+
+      const hasUpdates =
+        statusOutput.includes('Your branch is behind') || statusOutput.includes('can be fast-forwarded');
+
+      if (hasUpdates) {
+        CloudRunnerLogger.log(`Updates available, pulling latest changes...`);
+
+        // Reset to origin/branch to get latest changes
+        await execAsync(`git reset --hard origin/${urlInfo.branch}`, {
+          timeout: this.GIT_TIMEOUT,
+          cwd: localPath,
+        });
+
+        CloudRunnerLogger.log(`Repository updated successfully`);
+
+        return {
+          success: true,
+          updated: true,
+        };
+      } else {
+        CloudRunnerLogger.log(`Repository is already up to date`);
+
+        return {
+          success: true,
+          updated: false,
+        };
+      }
+    } catch (error: any) {
+      const errorMessage = `Failed to update repository ${localPath}: ${error.message}`;
+      CloudRunnerLogger.log(`Error: ${errorMessage}`);
+
+      return {
+        success: false,
+        updated: false,
+        error: errorMessage,
+      };
+    }
+  }
+
+  /**
+   * Ensures a repository is available locally (clone if needed, update if exists)
+   * @param urlInfo GitHub URL information
+   * @returns Local path to the repository
+   */
+  static async ensureRepositoryAvailable(urlInfo: GitHubUrlInfo): Promise<string> {
+    this.ensureCacheDir();
+
+    if (this.isRepositoryCloned(urlInfo)) {
+      CloudRunnerLogger.log(`Repository already exists locally, checking for updates...`);
+      const updateResult = await this.updateRepository(urlInfo);
+
+      if (!updateResult.success) {
+        CloudRunnerLogger.log(`Failed to update repository, attempting fresh clone...`);
+        const cloneResult = await this.cloneRepository(urlInfo);
+        if (!cloneResult.success) {
+          throw new Error(`Failed to ensure repository availability: ${cloneResult.error}`);
+        }
+
+        return cloneResult.localPath;
+      }
+
+      return this.getLocalPath(urlInfo);
+    } else {
+      CloudRunnerLogger.log(`Repository not found locally, cloning...`);
+      const cloneResult = await this.cloneRepository(urlInfo);
+
+      if (!cloneResult.success) {
+        throw new Error(`Failed to clone repository: ${cloneResult.error}`);
+      }
+
+      return cloneResult.localPath;
+    }
+  }
+
+  /**
+   * Gets the path to the provider module within a repository
+   * @param urlInfo GitHub URL information
+   * @param localPath Local path to the repository
+   * @returns Path to the provider module
+   */
+  static getProviderModulePath(urlInfo: GitHubUrlInfo, localPath: string): string {
+    if (urlInfo.path) {
+      return path.join(localPath, urlInfo.path);
+    }
+
+    // Look for common provider entry points
+    const commonEntryPoints = [
+      'index.js',
+      'index.ts',
+      'src/index.js',
+      'src/index.ts',
+      'lib/index.js',
+      'lib/index.ts',
+      'dist/index.js',
+      'dist/index.js.map',
+    ];
+
+    for (const entryPoint of commonEntryPoints) {
+      const fullPath = path.join(localPath, entryPoint);
+      if (fs.existsSync(fullPath)) {
+        CloudRunnerLogger.log(`Found provider entry point: ${entryPoint}`);
+
+        return fullPath;
+      }
+    }
+
+    // Default to repository root
+    CloudRunnerLogger.log(`No specific entry point found, using repository root`);
+
+    return localPath;
+  }
+
+  /**
+   * Cleans up old cached repositories (optional maintenance)
+   * @param maxAgeDays Maximum age in days for cached repositories
+   */
+  static async cleanupOldRepositories(maxAgeDays: number = 30): Promise<void> {
+    this.ensureCacheDir();
+
+    try {
+      const entries = fs.readdirSync(this.CACHE_DIR, { withFileTypes: true });
+      const now = Date.now();
+      const maxAge = maxAgeDays * 24 * 60 * 60 * 1000; // Convert to milliseconds
+
+      for (const entry of entries) {
+        if (entry.isDirectory()) {
+          const entryPath = path.join(this.CACHE_DIR, entry.name);
+          const stats = fs.statSync(entryPath);
+
+          if (now - stats.mtime.getTime() > maxAge) {
+            CloudRunnerLogger.log(`Cleaning up old repository: ${entry.name}`);
+            fs.rmSync(entryPath, { recursive: true, force: true });
+          }
+        }
+      }
+    } catch (error: any) {
+      CloudRunnerLogger.log(`Error during cleanup: ${error.message}`);
+    }
+  }
+}

src/model/cloud-runner/providers/provider-interface.ts

@@ -0,0 +1,57 @@
+import BuildParameters from '../../build-parameters';
+import CloudRunnerEnvironmentVariable from '../options/cloud-runner-environment-variable';
+import CloudRunnerSecret from '../options/cloud-runner-secret';
+import { ProviderResource } from './provider-resource';
+import { ProviderWorkflow } from './provider-workflow';
+
+export interface ProviderInterface {
+  cleanupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ): any;
+  setupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildGuid: string,
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ): any;
+  runTaskInWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildGuid: string,
+    // eslint-disable-next-line no-unused-vars
+    image: string,
+    // eslint-disable-next-line no-unused-vars
+    commands: string,
+    // eslint-disable-next-line no-unused-vars
+    mountdir: string,
+    // eslint-disable-next-line no-unused-vars
+    workingdir: string,
+    // eslint-disable-next-line no-unused-vars
+    environment: CloudRunnerEnvironmentVariable[],
+    // eslint-disable-next-line no-unused-vars
+    secrets: CloudRunnerSecret[],
+  ): Promise<string>;
+  garbageCollect(
+    // eslint-disable-next-line no-unused-vars
+    filter: string,
+    // eslint-disable-next-line no-unused-vars
+    previewOnly: boolean,
+    // eslint-disable-next-line no-unused-vars
+    olderThan: Number,
+    // eslint-disable-next-line no-unused-vars
+    fullCache: boolean,
+    // eslint-disable-next-line no-unused-vars
+    baseDependencies: boolean,
+  ): Promise<string>;
+  listResources(): Promise<ProviderResource[]>;
+  listWorkflow(): Promise<ProviderWorkflow[]>;
+  watchWorkflow(): Promise<string>;
+}

src/model/cloud-runner/providers/provider-loader.ts

@@ -0,0 +1,158 @@
+import { ProviderInterface } from './provider-interface';
+import BuildParameters from '../../build-parameters';
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import { parseProviderSource, logProviderSource, ProviderSourceInfo } from './provider-url-parser';
+import { ProviderGitManager } from './provider-git-manager';
+
+// import path from 'path'; // Not currently used
+
+/**
+ * Dynamically load a provider package by name, URL, or path.
+ * @param providerSource Provider source (name, URL, or path)
+ * @param buildParameters Build parameters passed to the provider constructor
+ * @throws Error when the provider cannot be loaded or does not implement ProviderInterface
+ */
+export default async function loadProvider(
+  providerSource: string,
+  buildParameters: BuildParameters,
+): Promise<ProviderInterface> {
+  CloudRunnerLogger.log(`Loading provider: ${providerSource}`);
+
+  // Parse the provider source to determine its type
+  const sourceInfo = parseProviderSource(providerSource);
+  logProviderSource(providerSource, sourceInfo);
+
+  let modulePath: string;
+  let importedModule: any;
+
+  try {
+    // Handle different source types
+    switch (sourceInfo.type) {
+      case 'github': {
+        CloudRunnerLogger.log(`Processing GitHub repository: ${sourceInfo.owner}/${sourceInfo.repo}`);
+
+        // Ensure the repository is available locally
+        const localRepoPath = await ProviderGitManager.ensureRepositoryAvailable(sourceInfo);
+
+        // Get the path to the provider module within the repository
+        modulePath = ProviderGitManager.getProviderModulePath(sourceInfo, localRepoPath);
+
+        CloudRunnerLogger.log(`Loading provider from: ${modulePath}`);
+        break;
+      }
+
+      case 'local': {
+        modulePath = sourceInfo.path;
+        CloudRunnerLogger.log(`Loading provider from local path: ${modulePath}`);
+        break;
+      }
+
+      case 'npm': {
+        modulePath = sourceInfo.packageName;
+        CloudRunnerLogger.log(`Loading provider from NPM package: ${modulePath}`);
+        break;
+      }
+
+      default: {
+        // Fallback to built-in providers or direct import
+        const providerModuleMap: Record<string, string> = {
+          aws: './aws',
+          k8s: './k8s',
+          test: './test',
+          'local-docker': './docker',
+          'local-system': './local',
+          local: './local',
+        };
+
+        modulePath = providerModuleMap[providerSource] || providerSource;
+        CloudRunnerLogger.log(`Loading provider from module path: ${modulePath}`);
+        break;
+      }
+    }
+
+    // Import the module
+    importedModule = await import(modulePath);
+  } catch (error) {
+    throw new Error(`Failed to load provider package '${providerSource}': ${(error as Error).message}`);
+  }
+
+  // Extract the provider class/function
+  const Provider = importedModule.default || importedModule;
+
+  // Validate that we have a constructor
+  if (typeof Provider !== 'function') {
+    throw new TypeError(`Provider package '${providerSource}' does not export a constructor function`);
+  }
+
+  // Instantiate the provider
+  let instance: any;
+  try {
+    instance = new Provider(buildParameters);
+  } catch (error) {
+    throw new Error(`Failed to instantiate provider '${providerSource}': ${(error as Error).message}`);
+  }
+
+  // Validate that the instance implements the required interface
+  const requiredMethods = [
+    'cleanupWorkflow',
+    'setupWorkflow',
+    'runTaskInWorkflow',
+    'garbageCollect',
+    'listResources',
+    'listWorkflow',
+    'watchWorkflow',
+  ];
+
+  for (const method of requiredMethods) {
+    if (typeof instance[method] !== 'function') {
+      throw new TypeError(
+        `Provider package '${providerSource}' does not implement ProviderInterface. Missing method '${method}'.`,
+      );
+    }
+  }
+
+  CloudRunnerLogger.log(`Successfully loaded provider: ${providerSource}`);
+
+  return instance as ProviderInterface;
+}
+
+/**
+ * ProviderLoader class for backward compatibility and additional utilities
+ */
+export class ProviderLoader {
+  /**
+   * Dynamically loads a provider by name, URL, or path (wrapper around loadProvider function)
+   * @param providerSource - The provider source (name, URL, or path) to load
+   * @param buildParameters - Build parameters to pass to the provider constructor
+   * @returns Promise<ProviderInterface> - The loaded provider instance
+   * @throws Error if provider package is missing or doesn't implement ProviderInterface
+   */
+  static async loadProvider(providerSource: string, buildParameters: BuildParameters): Promise<ProviderInterface> {
+    return loadProvider(providerSource, buildParameters);
+  }
+
+  /**
+   * Gets a list of available provider names
+   * @returns string[] - Array of available provider names
+   */
+  static getAvailableProviders(): string[] {
+    return ['aws', 'k8s', 'test', 'local-docker', 'local-system', 'local'];
+  }
+
+  /**
+   * Cleans up old cached repositories
+   * @param maxAgeDays Maximum age in days for cached repositories (default: 30)
+   */
+  static async cleanupCache(maxAgeDays: number = 30): Promise<void> {
+    await ProviderGitManager.cleanupOldRepositories(maxAgeDays);
+  }
+
+  /**
+   * Gets information about a provider source without loading it
+   * @param providerSource The provider source to analyze
+   * @returns ProviderSourceInfo object with parsed details
+   */
+  static analyzeProviderSource(providerSource: string): ProviderSourceInfo {
+    return parseProviderSource(providerSource);
+  }
+}

src/model/cloud-runner/providers/provider-resource.ts

@@ -0,0 +1,3 @@
+export class ProviderResource {
+  public Name!: string;
+}

src/model/cloud-runner/providers/provider-url-parser.ts

@@ -0,0 +1,138 @@
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+
+export interface GitHubUrlInfo {
+  type: 'github';
+  owner: string;
+  repo: string;
+  branch?: string;
+  path?: string;
+  url: string;
+}
+
+export interface LocalPathInfo {
+  type: 'local';
+  path: string;
+}
+
+export interface NpmPackageInfo {
+  type: 'npm';
+  packageName: string;
+}
+
+export type ProviderSourceInfo = GitHubUrlInfo | LocalPathInfo | NpmPackageInfo;
+
+/**
+ * Parses a provider source string and determines its type and details
+ * @param source The provider source string (URL, path, or package name)
+ * @returns ProviderSourceInfo object with parsed details
+ */
+export function parseProviderSource(source: string): ProviderSourceInfo {
+  // Check if it's a GitHub URL
+  const githubMatch = source.match(
+    /^https?:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?(?:tree\/([^/]+))?(?:\/(.+))?$/,
+  );
+  if (githubMatch) {
+    const [, owner, repo, branch, path] = githubMatch;
+
+    return {
+      type: 'github',
+      owner,
+      repo,
+      branch: branch || 'main',
+      path: path || '',
+      url: `https://github.com/${owner}/${repo}`,
+    };
+  }
+
+  // Check if it's a GitHub SSH URL
+  const githubSshMatch = source.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?\/?(?:tree\/([^/]+))?(?:\/(.+))?$/);
+  if (githubSshMatch) {
+    const [, owner, repo, branch, path] = githubSshMatch;
+
+    return {
+      type: 'github',
+      owner,
+      repo,
+      branch: branch || 'main',
+      path: path || '',
+      url: `https://github.com/${owner}/${repo}`,
+    };
+  }
+
+  // Check if it's a shorthand GitHub reference (owner/repo)
+  const shorthandMatch = source.match(/^([^/@]+)\/([^/@]+)(?:@([^/]+))?(?:\/(.+))?$/);
+  if (shorthandMatch && !source.startsWith('.') && !source.startsWith('/') && !source.includes('\\')) {
+    const [, owner, repo, branch, path] = shorthandMatch;
+
+    return {
+      type: 'github',
+      owner,
+      repo,
+      branch: branch || 'main',
+      path: path || '',
+      url: `https://github.com/${owner}/${repo}`,
+    };
+  }
+
+  // Check if it's a local path
+  if (source.startsWith('./') || source.startsWith('../') || source.startsWith('/') || source.includes('\\')) {
+    return {
+      type: 'local',
+      path: source,
+    };
+  }
+
+  // Default to npm package
+  return {
+    type: 'npm',
+    packageName: source,
+  };
+}
+
+/**
+ * Generates a cache key for a GitHub repository
+ * @param urlInfo GitHub URL information
+ * @returns Cache key string
+ */
+export function generateCacheKey(urlInfo: GitHubUrlInfo): string {
+  return `github_${urlInfo.owner}_${urlInfo.repo}_${urlInfo.branch}`.replace(/[^\w-]/g, '_');
+}
+
+/**
+ * Validates if a string looks like a valid GitHub URL or reference
+ * @param source The source string to validate
+ * @returns True if it looks like a GitHub reference
+ */
+export function isGitHubSource(source: string): boolean {
+  const parsed = parseProviderSource(source);
+
+  return parsed.type === 'github';
+}
+
+/**
+ * Logs the parsed provider source information
+ * @param source The original source string
+ * @param parsed The parsed source information
+ */
+export function logProviderSource(source: string, parsed: ProviderSourceInfo): void {
+  CloudRunnerLogger.log(`Provider source: ${source}`);
+  switch (parsed.type) {
+    case 'github':
+      CloudRunnerLogger.log(`  Type: GitHub repository`);
+      CloudRunnerLogger.log(`  Owner: ${parsed.owner}`);
+      CloudRunnerLogger.log(`  Repository: ${parsed.repo}`);
+      CloudRunnerLogger.log(`  Branch: ${parsed.branch}`);
+      if (parsed.path) {
+        CloudRunnerLogger.log(`  Path: ${parsed.path}`);
+      }
+      break;
+    case 'local':
+      CloudRunnerLogger.log(`  Type: Local path`);
+      CloudRunnerLogger.log(`  Path: ${parsed.path}`);
+      break;
+    case 'npm':
+      CloudRunnerLogger.log(`  Type: NPM package`);
+      CloudRunnerLogger.log(`  Package: ${parsed.packageName}`);
+      break;
+  }
+}

src/model/cloud-runner/providers/provider-workflow.ts

@@ -0,0 +1,3 @@
+export class ProviderWorkflow {
+  public Name!: string;
+}

src/model/cloud-runner/providers/test/index.ts

@@ -0,0 +1,67 @@
+import BuildParameters from '../../../build-parameters';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import CloudRunnerLogger from '../../services/core/cloud-runner-logger';
+import { ProviderInterface } from '../provider-interface';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import { ProviderResource } from '../provider-resource';
+import { ProviderWorkflow } from '../provider-workflow';
+
+class TestCloudRunner implements ProviderInterface {
+  listResources(): Promise<ProviderResource[]> {
+    throw new Error('Method not implemented.');
+  }
+  listWorkflow(): Promise<ProviderWorkflow[]> {
+    throw new Error('Method not implemented.');
+  }
+  watchWorkflow(): Promise<string> {
+    throw new Error('Method not implemented.');
+  }
+  garbageCollect(
+    // eslint-disable-next-line no-unused-vars
+    filter: string,
+    // eslint-disable-next-line no-unused-vars
+    previewOnly: boolean,
+  ): Promise<string> {
+    throw new Error('Method not implemented.');
+  }
+  cleanupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {}
+  setupWorkflow(
+    // eslint-disable-next-line no-unused-vars
+    buildGuid: string,
+    // eslint-disable-next-line no-unused-vars
+    buildParameters: BuildParameters,
+    // eslint-disable-next-line no-unused-vars
+    branchName: string,
+    // eslint-disable-next-line no-unused-vars
+    defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
+  ) {}
+  public async runTaskInWorkflow(
+    commands: string,
+    buildGuid: string,
+    image: string,
+    // eslint-disable-next-line no-unused-vars
+    mountdir: string,
+    // eslint-disable-next-line no-unused-vars
+    workingdir: string,
+    // eslint-disable-next-line no-unused-vars
+    environment: CloudRunnerEnvironmentVariable[],
+    // eslint-disable-next-line no-unused-vars
+    secrets: CloudRunnerSecret[],
+  ): Promise<string> {
+    CloudRunnerLogger.log(image);
+    CloudRunnerLogger.log(buildGuid);
+    CloudRunnerLogger.log(commands);
+
+    return await new Promise((result) => {
+      result(commands);
+    });
+  }
+}
+export default TestCloudRunner;

src/model/cloud-runner/remote-client/caching.ts

@@ -0,0 +1,181 @@
+import { assert } from 'node:console';
+import fs from 'node:fs';
+import path from 'node:path';
+import CloudRunner from '../cloud-runner';
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import { CloudRunnerFolders } from '../options/cloud-runner-folders';
+import { CloudRunnerSystem } from '../services/core/cloud-runner-system';
+import { LfsHashing } from '../services/utility/lfs-hashing';
+import { RemoteClientLogger } from './remote-client-logger';
+import { Cli } from '../../cli/cli';
+import { CliFunction } from '../../cli/cli-functions-repository';
+// eslint-disable-next-line github/no-then
+const fileExists = async (fpath: fs.PathLike) => !!(await fs.promises.stat(fpath).catch(() => false));
+
+export class Caching {
+  @CliFunction(`cache-push`, `push to cache`)
+  static async cachePush() {
+    try {
+      const buildParameter = JSON.parse(process.env.BUILD_PARAMETERS || '{}');
+      CloudRunner.buildParameters = buildParameter;
+      await Caching.PushToCache(
+        Cli.options!['cachePushTo'],
+        Cli.options!['cachePushFrom'],
+        Cli.options!['artifactName'] || '',
+      );
+    } catch (error: any) {
+      CloudRunnerLogger.log(`${error}`);
+    }
+  }
+
+  @CliFunction(`cache-pull`, `pull from cache`)
+  static async cachePull() {
+    try {
+      const buildParameter = JSON.parse(process.env.BUILD_PARAMETERS || '{}');
+      CloudRunner.buildParameters = buildParameter;
+      await Caching.PullFromCache(
+        Cli.options!['cachePushFrom'],
+        Cli.options!['cachePushTo'],
+        Cli.options!['artifactName'] || '',
+      );
+    } catch (error: any) {
+      CloudRunnerLogger.log(`${error}`);
+    }
+  }
+
+  public static async PushToCache(cacheFolder: string, sourceFolder: string, cacheArtifactName: string) {
+    CloudRunnerLogger.log(`Pushing to cache ${sourceFolder}`);
+    cacheArtifactName = cacheArtifactName.replace(' ', '');
+    const startPath = process.cwd();
+    let compressionSuffix = '';
+    if (CloudRunner.buildParameters.useCompressionStrategy === true) {
+      compressionSuffix = `.lz4`;
+    }
+    CloudRunnerLogger.log(`Compression: ${CloudRunner.buildParameters.useCompressionStrategy} ${compressionSuffix}`);
+    try {
+      if (!(await fileExists(cacheFolder))) {
+        await CloudRunnerSystem.Run(`mkdir -p ${cacheFolder}`);
+      }
+      process.chdir(path.resolve(sourceFolder, '..'));
+
+      if (CloudRunner.buildParameters.cloudRunnerDebug === true) {
+        CloudRunnerLogger.log(
+          `Hashed cache folder ${await LfsHashing.hashAllFiles(sourceFolder)} ${sourceFolder} ${path.basename(
+            sourceFolder,
+          )}`,
+        );
+      }
+      const contents = await fs.promises.readdir(path.basename(sourceFolder));
+      CloudRunnerLogger.log(
+        `There is ${contents.length} files/dir in the source folder ${path.basename(sourceFolder)}`,
+      );
+
+      if (contents.length === 0) {
+        CloudRunnerLogger.log(
+          `Did not push source folder to cache because it was empty ${path.basename(sourceFolder)}`,
+        );
+        process.chdir(`${startPath}`);
+
+        return;
+      }
+
+      await CloudRunnerSystem.Run(
+        `tar -cf ${cacheArtifactName}.tar${compressionSuffix} "${path.basename(sourceFolder)}"`,
+      );
+      await CloudRunnerSystem.Run(`du ${cacheArtifactName}.tar${compressionSuffix}`);
+      assert(await fileExists(`${cacheArtifactName}.tar${compressionSuffix}`), 'cache archive exists');
+      assert(await fileExists(path.basename(sourceFolder)), 'source folder exists');
+      await CloudRunnerSystem.Run(`mv ${cacheArtifactName}.tar${compressionSuffix} ${cacheFolder}`);
+      RemoteClientLogger.log(`moved cache entry ${cacheArtifactName} to ${cacheFolder}`);
+      assert(
+        await fileExists(`${path.join(cacheFolder, cacheArtifactName)}.tar${compressionSuffix}`),
+        'cache archive exists inside cache folder',
+      );
+    } catch (error) {
+      process.chdir(`${startPath}`);
+      throw error;
+    }
+    process.chdir(`${startPath}`);
+  }
+  public static async PullFromCache(cacheFolder: string, destinationFolder: string, cacheArtifactName: string = ``) {
+    CloudRunnerLogger.log(`Pulling from cache ${destinationFolder} ${CloudRunner.buildParameters.skipCache}`);
+    if (`${CloudRunner.buildParameters.skipCache}` === `true`) {
+      CloudRunnerLogger.log(`Skipping cache debugSkipCache is true`);
+
+      return;
+    }
+    cacheArtifactName = cacheArtifactName.replace(' ', '');
+    let compressionSuffix = '';
+    if (CloudRunner.buildParameters.useCompressionStrategy === true) {
+      compressionSuffix = `.lz4`;
+    }
+    const startPath = process.cwd();
+    RemoteClientLogger.log(`Caching for (lz4 ${compressionSuffix}) ${path.basename(destinationFolder)}`);
+    try {
+      if (!(await fileExists(cacheFolder))) {
+        await fs.promises.mkdir(cacheFolder);
+      }
+
+      if (!(await fileExists(destinationFolder))) {
+        await fs.promises.mkdir(destinationFolder);
+      }
+
+      const latestInBranch = await (
+        await CloudRunnerSystem.Run(`ls -t "${cacheFolder}" | grep .tar${compressionSuffix}$ | head -1`)
+      )
+        .replace(/\n/g, ``)
+        .replace(`.tar${compressionSuffix}`, '');
+
+      process.chdir(cacheFolder);
+
+      const cacheSelection =
+        cacheArtifactName !== `` && (await fileExists(`${cacheArtifactName}.tar${compressionSuffix}`))
+          ? cacheArtifactName
+          : latestInBranch;
+      await CloudRunnerLogger.log(`cache key ${cacheArtifactName} selection ${cacheSelection}`);
+
+      if (await fileExists(`${cacheSelection}.tar${compressionSuffix}`)) {
+        const resultsFolder = `results${CloudRunner.buildParameters.buildGuid}`;
+        await CloudRunnerSystem.Run(`mkdir -p ${resultsFolder}`);
+        RemoteClientLogger.log(`cache item exists ${cacheFolder}/${cacheSelection}.tar${compressionSuffix}`);
+        const fullResultsFolder = path.join(cacheFolder, resultsFolder);
+        await CloudRunnerSystem.Run(`tar -xf ${cacheSelection}.tar${compressionSuffix} -C ${fullResultsFolder}`);
+        RemoteClientLogger.log(`cache item extracted to ${fullResultsFolder}`);
+        assert(await fileExists(fullResultsFolder), `cache extraction results folder exists`);
+        const destinationParentFolder = path.resolve(destinationFolder, '..');
+
+        if (await fileExists(destinationFolder)) {
+          await fs.promises.rmdir(destinationFolder, { recursive: true });
+        }
+        await CloudRunnerSystem.Run(
+          `mv "${path.join(fullResultsFolder, path.basename(destinationFolder))}" "${destinationParentFolder}"`,
+        );
+        const contents = await fs.promises.readdir(
+          path.join(destinationParentFolder, path.basename(destinationFolder)),
+        );
+        CloudRunnerLogger.log(
+          `There is ${contents.length} files/dir in the cache pulled contents for ${path.basename(destinationFolder)}`,
+        );
+      } else {
+        RemoteClientLogger.logWarning(`cache item ${cacheArtifactName} doesn't exist ${destinationFolder}`);
+        if (cacheSelection !== ``) {
+          RemoteClientLogger.logWarning(
+            `cache item ${cacheArtifactName}.tar${compressionSuffix} doesn't exist ${destinationFolder}`,
+          );
+          throw new Error(`Failed to get cache item, but cache hit was found: ${cacheSelection}`);
+        }
+      }
+    } catch (error) {
+      process.chdir(startPath);
+      throw error;
+    }
+    process.chdir(startPath);
+  }
+
+  public static async handleCachePurging() {
+    if (process.env.PURGE_REMOTE_BUILDER_CACHE !== undefined) {
+      RemoteClientLogger.log(`purging ${CloudRunnerFolders.purgeRemoteCaching}`);
+      fs.promises.rmdir(CloudRunnerFolders.cacheFolder, { recursive: true });
+    }
+  }
+}

src/model/cloud-runner/remote-client/index.ts

@@ -0,0 +1,404 @@
+import fs from 'node:fs';
+import CloudRunner from '../cloud-runner';
+import { CloudRunnerFolders } from '../options/cloud-runner-folders';
+import { Caching } from './caching';
+import { LfsHashing } from '../services/utility/lfs-hashing';
+import { RemoteClientLogger } from './remote-client-logger';
+import path from 'node:path';
+import { assert } from 'node:console';
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import { CliFunction } from '../../cli/cli-functions-repository';
+import { CloudRunnerSystem } from '../services/core/cloud-runner-system';
+import YAML from 'yaml';
+import GitHub from '../../github';
+import BuildParameters from '../../build-parameters';
+import { Cli } from '../../cli/cli';
+import CloudRunnerOptions from '../options/cloud-runner-options';
+
+export class RemoteClient {
+  @CliFunction(`remote-cli-pre-build`, `sets up a repository, usually before a game-ci build`)
+  static async setupRemoteClient() {
+    CloudRunnerLogger.log(`bootstrap game ci cloud runner...`);
+    if (!(await RemoteClient.handleRetainedWorkspace())) {
+      await RemoteClient.bootstrapRepository();
+    }
+    await RemoteClient.replaceLargePackageReferencesWithSharedReferences();
+    await RemoteClient.runCustomHookFiles(`before-build`);
+  }
+
+  @CliFunction('remote-cli-log-stream', `log stream from standard input`)
+  public static async remoteClientLogStream() {
+    const logFile = Cli.options!['logFile'];
+    process.stdin.resume();
+    process.stdin.setEncoding('utf8');
+
+    let lingeringLine = '';
+
+    process.stdin.on('data', (chunk) => {
+      const lines = chunk.toString().split('\n');
+
+      lines[0] = lingeringLine + lines[0];
+      lingeringLine = lines.pop() || '';
+
+      for (const element of lines) {
+        if (CloudRunnerOptions.providerStrategy !== 'k8s') {
+          CloudRunnerLogger.log(element);
+        } else {
+          fs.appendFileSync(logFile, element);
+          CloudRunnerLogger.log(element);
+        }
+      }
+    });
+
+    process.stdin.on('end', () => {
+      if (CloudRunnerOptions.providerStrategy !== 'k8s') {
+        CloudRunnerLogger.log(lingeringLine);
+      } else {
+        fs.appendFileSync(logFile, lingeringLine);
+        CloudRunnerLogger.log(lingeringLine);
+      }
+    });
+  }
+
+  @CliFunction(`remote-cli-post-build`, `runs a cloud runner build`)
+  public static async remoteClientPostBuild(): Promise<string> {
+    RemoteClientLogger.log(`Running POST build tasks`);
+    // Ensure cache key is present in logs for assertions
+    RemoteClientLogger.log(`CACHE_KEY=${CloudRunner.buildParameters.cacheKey}`);
+    CloudRunnerLogger.log(`${CloudRunner.buildParameters.cacheKey}`);
+
+    // Guard: only push Library cache if the folder exists and has contents
+    try {
+      const libraryFolderHost = CloudRunnerFolders.libraryFolderAbsolute;
+      if (fs.existsSync(libraryFolderHost)) {
+        const libraryEntries = await fs.promises.readdir(libraryFolderHost).catch(() => [] as string[]);
+        if (libraryEntries.length > 0) {
+          await Caching.PushToCache(
+            CloudRunnerFolders.ToLinuxFolder(`${CloudRunnerFolders.cacheFolderForCacheKeyFull}/Library`),
+            CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.libraryFolderAbsolute),
+            `lib-${CloudRunner.buildParameters.buildGuid}`,
+          );
+        } else {
+          RemoteClientLogger.log(`Skipping Library cache push (folder is empty)`);
+        }
+      } else {
+        RemoteClientLogger.log(`Skipping Library cache push (folder missing)`);
+      }
+    } catch (error: any) {
+      RemoteClientLogger.logWarning(`Library cache push skipped with error: ${error.message}`);
+    }
+
+    // Guard: only push Build cache if the folder exists and has contents
+    try {
+      const buildFolderHost = CloudRunnerFolders.projectBuildFolderAbsolute;
+      if (fs.existsSync(buildFolderHost)) {
+        const buildEntries = await fs.promises.readdir(buildFolderHost).catch(() => [] as string[]);
+        if (buildEntries.length > 0) {
+          await Caching.PushToCache(
+            CloudRunnerFolders.ToLinuxFolder(`${CloudRunnerFolders.cacheFolderForCacheKeyFull}/build`),
+            CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.projectBuildFolderAbsolute),
+            `build-${CloudRunner.buildParameters.buildGuid}`,
+          );
+        } else {
+          RemoteClientLogger.log(`Skipping Build cache push (folder is empty)`);
+        }
+      } else {
+        RemoteClientLogger.log(`Skipping Build cache push (folder missing)`);
+      }
+    } catch (error: any) {
+      RemoteClientLogger.logWarning(`Build cache push skipped with error: ${error.message}`);
+    }
+
+    if (!BuildParameters.shouldUseRetainedWorkspaceMode(CloudRunner.buildParameters)) {
+      const uniqueJobFolderLinux = CloudRunnerFolders.ToLinuxFolder(
+        CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute,
+      );
+      if (fs.existsSync(CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute) || fs.existsSync(uniqueJobFolderLinux)) {
+        await CloudRunnerSystem.Run(`rm -r ${uniqueJobFolderLinux} || true`);
+      } else {
+        RemoteClientLogger.log(`Skipping cleanup; unique job folder missing`);
+      }
+    }
+
+    await RemoteClient.runCustomHookFiles(`after-build`);
+
+    // WIP - need to give the pod permissions to create config map
+    await RemoteClientLogger.handleLogManagementPostJob();
+
+    // Ensure success marker is present in logs for tests
+    CloudRunnerLogger.log(`Activation successful`);
+
+    return new Promise((result) => result(``));
+  }
+  static async runCustomHookFiles(hookLifecycle: string) {
+    RemoteClientLogger.log(`RunCustomHookFiles: ${hookLifecycle}`);
+    const gameCiCustomHooksPath = path.join(CloudRunnerFolders.repoPathAbsolute, `game-ci`, `hooks`);
+    try {
+      const files = fs.readdirSync(gameCiCustomHooksPath);
+      for (const file of files) {
+        const fileContents = fs.readFileSync(path.join(gameCiCustomHooksPath, file), `utf8`);
+        const fileContentsObject = YAML.parse(fileContents.toString());
+        if (fileContentsObject.hook === hookLifecycle) {
+          RemoteClientLogger.log(`Active Hook File ${file} \n \n file contents: \n ${fileContents}`);
+          await CloudRunnerSystem.Run(fileContentsObject.commands);
+        }
+      }
+    } catch (error) {
+      RemoteClientLogger.log(JSON.stringify(error, undefined, 4));
+    }
+  }
+  public static async bootstrapRepository() {
+    await CloudRunnerSystem.Run(
+      `mkdir -p ${CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute)}`,
+    );
+    await CloudRunnerSystem.Run(
+      `mkdir -p ${CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.cacheFolderForCacheKeyFull)}`,
+    );
+    await RemoteClient.cloneRepoWithoutLFSFiles();
+    await RemoteClient.sizeOfFolder(
+      'repo before lfs cache pull',
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.repoPathAbsolute),
+    );
+    const lfsHashes = await LfsHashing.createLFSHashFiles();
+    if (fs.existsSync(CloudRunnerFolders.libraryFolderAbsolute)) {
+      RemoteClientLogger.logWarning(`!Warning!: The Unity library was included in the git repository`);
+    }
+    await Caching.PullFromCache(
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.lfsCacheFolderFull),
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.lfsFolderAbsolute),
+      `${lfsHashes.lfsGuidSum}`,
+    );
+    await RemoteClient.sizeOfFolder('repo after lfs cache pull', CloudRunnerFolders.repoPathAbsolute);
+    await RemoteClient.pullLatestLFS();
+    await RemoteClient.sizeOfFolder('repo before lfs git pull', CloudRunnerFolders.repoPathAbsolute);
+    await Caching.PushToCache(
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.lfsCacheFolderFull),
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.lfsFolderAbsolute),
+      `${lfsHashes.lfsGuidSum}`,
+    );
+    await Caching.PullFromCache(
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.libraryCacheFolderFull),
+      CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.libraryFolderAbsolute),
+    );
+    await RemoteClient.sizeOfFolder('repo after library cache pull', CloudRunnerFolders.repoPathAbsolute);
+    await Caching.handleCachePurging();
+  }
+
+  private static async sizeOfFolder(message: string, folder: string) {
+    if (CloudRunner.buildParameters.cloudRunnerDebug) {
+      CloudRunnerLogger.log(`Size of ${message}`);
+      await CloudRunnerSystem.Run(`du -sh ${folder}`);
+    }
+  }
+
+  private static async cloneRepoWithoutLFSFiles() {
+    process.chdir(`${CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute}`);
+    if (
+      fs.existsSync(CloudRunnerFolders.repoPathAbsolute) &&
+      !fs.existsSync(path.join(CloudRunnerFolders.repoPathAbsolute, `.git`))
+    ) {
+      await CloudRunnerSystem.Run(`rm -r ${CloudRunnerFolders.repoPathAbsolute}`);
+      CloudRunnerLogger.log(`${CloudRunnerFolders.repoPathAbsolute} repo exists, but no git folder, cleaning up`);
+    }
+
+    if (
+      BuildParameters.shouldUseRetainedWorkspaceMode(CloudRunner.buildParameters) &&
+      fs.existsSync(path.join(CloudRunnerFolders.repoPathAbsolute, `.git`))
+    ) {
+      process.chdir(CloudRunnerFolders.repoPathAbsolute);
+      RemoteClientLogger.log(
+        `${
+          CloudRunnerFolders.repoPathAbsolute
+        } repo exists - skipping clone - retained workspace mode ${BuildParameters.shouldUseRetainedWorkspaceMode(
+          CloudRunner.buildParameters,
+        )}`,
+      );
+      await CloudRunnerSystem.Run(`git fetch && git reset --hard ${CloudRunner.buildParameters.gitSha}`);
+
+      return;
+    }
+
+    RemoteClientLogger.log(`Initializing source repository for cloning with caching of LFS files`);
+    await CloudRunnerSystem.Run(`git config --global advice.detachedHead false`);
+    RemoteClientLogger.log(`Cloning the repository being built:`);
+    await CloudRunnerSystem.Run(`git config --global filter.lfs.smudge "git-lfs smudge --skip -- %f"`);
+    await CloudRunnerSystem.Run(`git config --global filter.lfs.process "git-lfs filter-process --skip"`);
+    try {
+      await CloudRunnerSystem.Run(
+        `git clone ${CloudRunnerFolders.targetBuildRepoUrl} ${path.basename(CloudRunnerFolders.repoPathAbsolute)}`,
+      );
+    } catch (error: any) {
+      throw error;
+    }
+    process.chdir(CloudRunnerFolders.repoPathAbsolute);
+    await CloudRunnerSystem.Run(`git lfs install`);
+    assert(fs.existsSync(`.git`), 'git folder exists');
+    RemoteClientLogger.log(`${CloudRunner.buildParameters.branch}`);
+    // Ensure refs exist (tags and PR refs)
+    await CloudRunnerSystem.Run(`git fetch --all --tags || true`);
+    if ((CloudRunner.buildParameters.branch || '').startsWith('pull/')) {
+      await CloudRunnerSystem.Run(`git fetch origin +refs/pull/*:refs/remotes/origin/pull/* || true`);
+    }
+    const targetSha = CloudRunner.buildParameters.gitSha;
+    const targetBranch = CloudRunner.buildParameters.branch;
+    if (targetSha) {
+      try {
+        await CloudRunnerSystem.Run(`git checkout ${targetSha}`);
+      } catch (_error) {
+        try {
+          await CloudRunnerSystem.Run(`git fetch origin ${targetSha} || true`);
+          await CloudRunnerSystem.Run(`git checkout ${targetSha}`);
+        } catch (_error2) {
+          RemoteClientLogger.logWarning(`Falling back to branch checkout; SHA not found: ${targetSha}`);
+          try {
+            await CloudRunnerSystem.Run(`git checkout ${targetBranch}`);
+          } catch (_error3) {
+            if ((targetBranch || '').startsWith('pull/')) {
+              await CloudRunnerSystem.Run(`git checkout origin/${targetBranch}`);
+            } else {
+              throw _error2;
+            }
+          }
+        }
+      }
+    } else {
+      try {
+        await CloudRunnerSystem.Run(`git checkout ${targetBranch}`);
+      } catch (_error) {
+        if ((targetBranch || '').startsWith('pull/')) {
+          await CloudRunnerSystem.Run(`git checkout origin/${targetBranch}`);
+        } else {
+          throw _error;
+        }
+      }
+      RemoteClientLogger.log(`buildParameter Git Sha is empty`);
+    }
+
+    assert(fs.existsSync(path.join(`.git`, `lfs`)), 'LFS folder should not exist before caching');
+    RemoteClientLogger.log(`Checked out ${CloudRunner.buildParameters.branch}`);
+  }
+
+  static async replaceLargePackageReferencesWithSharedReferences() {
+    CloudRunnerLogger.log(`Use Shared Pkgs ${CloudRunner.buildParameters.useLargePackages}`);
+    GitHub.updateGitHubCheck(`Use Shared Pkgs ${CloudRunner.buildParameters.useLargePackages}`, ``);
+    if (CloudRunner.buildParameters.useLargePackages) {
+      const filePath = path.join(CloudRunnerFolders.projectPathAbsolute, `Packages/manifest.json`);
+      let manifest = fs.readFileSync(filePath, 'utf8');
+      manifest = manifest.replace(/LargeContent/g, '../../../LargeContent');
+      fs.writeFileSync(filePath, manifest);
+      CloudRunnerLogger.log(`Package Manifest \n ${manifest}`);
+      GitHub.updateGitHubCheck(`Package Manifest \n ${manifest}`, ``);
+    }
+  }
+
+  private static async pullLatestLFS() {
+    process.chdir(CloudRunnerFolders.repoPathAbsolute);
+    await CloudRunnerSystem.Run(`git config --global filter.lfs.smudge "git-lfs smudge -- %f"`);
+    await CloudRunnerSystem.Run(`git config --global filter.lfs.process "git-lfs filter-process"`);
+    if (CloudRunner.buildParameters.skipLfs) {
+      RemoteClientLogger.log(`Skipping LFS pull (skipLfs=true)`);
+
+      return;
+    }
+
+    // Best effort: try plain pull first (works for public repos or pre-configured auth)
+    try {
+      await CloudRunnerSystem.Run(`git lfs pull`, true);
+      await CloudRunnerSystem.Run(`git lfs checkout || true`, true);
+      RemoteClientLogger.log(`Pulled LFS files without explicit token configuration`);
+
+      return;
+    } catch (_error) {
+      /* no-op: best-effort git lfs pull without tokens may fail */
+      void 0;
+    }
+
+    // Try with GIT_PRIVATE_TOKEN
+    try {
+      const gitPrivateToken = process.env.GIT_PRIVATE_TOKEN;
+      if (gitPrivateToken) {
+        RemoteClientLogger.log(`Attempting to pull LFS files with GIT_PRIVATE_TOKEN...`);
+        await CloudRunnerSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
+        await CloudRunnerSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
+        await CloudRunnerSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
+        await CloudRunnerSystem.Run(
+          `git config --global url."https://${gitPrivateToken}@github.com/".insteadOf "https://github.com/"`,
+        );
+        await CloudRunnerSystem.Run(`git lfs pull`, true);
+        await CloudRunnerSystem.Run(`git lfs checkout || true`, true);
+        RemoteClientLogger.log(`Successfully pulled LFS files with GIT_PRIVATE_TOKEN`);
+
+        return;
+      }
+    } catch (error: any) {
+      RemoteClientLogger.logCliError(`Failed with GIT_PRIVATE_TOKEN: ${error.message}`);
+    }
+
+    // Try with GITHUB_TOKEN
+    try {
+      const githubToken = process.env.GITHUB_TOKEN;
+      if (githubToken) {
+        RemoteClientLogger.log(`Attempting to pull LFS files with GITHUB_TOKEN fallback...`);
+        await CloudRunnerSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
+        await CloudRunnerSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
+        await CloudRunnerSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
+        await CloudRunnerSystem.Run(
+          `git config --global url."https://${githubToken}@github.com/".insteadOf "https://github.com/"`,
+        );
+        await CloudRunnerSystem.Run(`git lfs pull`, true);
+        await CloudRunnerSystem.Run(`git lfs checkout || true`, true);
+        RemoteClientLogger.log(`Successfully pulled LFS files with GITHUB_TOKEN`);
+
+        return;
+      }
+    } catch (error: any) {
+      RemoteClientLogger.logCliError(`Failed with GITHUB_TOKEN: ${error.message}`);
+    }
+
+    // If we get here, all strategies failed; continue without failing the build
+    RemoteClientLogger.logWarning(`Proceeding without LFS files (no tokens or pull failed)`);
+  }
+  static async handleRetainedWorkspace() {
+    RemoteClientLogger.log(
+      `Retained Workspace: ${BuildParameters.shouldUseRetainedWorkspaceMode(CloudRunner.buildParameters)}`,
+    );
+
+    // Log cache key explicitly to aid debugging and assertions
+    CloudRunnerLogger.log(`Cache Key: ${CloudRunner.buildParameters.cacheKey}`);
+    if (
+      BuildParameters.shouldUseRetainedWorkspaceMode(CloudRunner.buildParameters) &&
+      fs.existsSync(CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.uniqueCloudRunnerJobFolderAbsolute)) &&
+      fs.existsSync(CloudRunnerFolders.ToLinuxFolder(path.join(CloudRunnerFolders.repoPathAbsolute, `.git`)))
+    ) {
+      CloudRunnerLogger.log(`Retained Workspace Already Exists!`);
+      process.chdir(CloudRunnerFolders.ToLinuxFolder(CloudRunnerFolders.repoPathAbsolute));
+      await CloudRunnerSystem.Run(`git fetch --all --tags || true`);
+      if ((CloudRunner.buildParameters.branch || '').startsWith('pull/')) {
+        await CloudRunnerSystem.Run(`git fetch origin +refs/pull/*:refs/remotes/origin/pull/* || true`);
+      }
+      await CloudRunnerSystem.Run(`git lfs pull`);
+      await CloudRunnerSystem.Run(`git lfs checkout || true`);
+      const sha = CloudRunner.buildParameters.gitSha;
+      const branch = CloudRunner.buildParameters.branch;
+      try {
+        await CloudRunnerSystem.Run(`git reset --hard "${sha}"`);
+        await CloudRunnerSystem.Run(`git checkout ${sha}`);
+      } catch (_error) {
+        RemoteClientLogger.logWarning(`Retained workspace: SHA not found, falling back to branch ${branch}`);
+        try {
+          await CloudRunnerSystem.Run(`git checkout ${branch}`);
+        } catch (_error2) {
+          if ((branch || '').startsWith('pull/')) {
+            await CloudRunnerSystem.Run(`git checkout origin/${branch}`);
+          } else {
+            throw _error2;
+          }
+        }
+      }
+
+      return true;
+    }
+
+    return false;
+  }
+}

src/model/cloud-runner/remote-client/remote-client-logger.ts

@@ -0,0 +1,93 @@
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import fs from 'node:fs';
+import path from 'node:path';
+import CloudRunner from '../cloud-runner';
+import CloudRunnerOptions from '../options/cloud-runner-options';
+
+export class RemoteClientLogger {
+  private static get LogFilePath() {
+    // Use a cross-platform temporary directory for local development
+    if (process.platform === 'win32') {
+      return path.join(process.cwd(), 'temp', 'job-log.txt');
+    }
+
+    return path.join(`/home`, `job-log.txt`);
+  }
+
+  public static log(message: string) {
+    const finalMessage = `[Client] ${message}`;
+    this.appendToFile(finalMessage);
+    CloudRunnerLogger.log(finalMessage);
+  }
+
+  public static logCliError(message: string) {
+    CloudRunnerLogger.log(`[Client][Error] ${message}`);
+  }
+
+  public static logCliDiagnostic(message: string) {
+    CloudRunnerLogger.log(`[Client][Diagnostic] ${message}`);
+  }
+
+  public static logWarning(message: string) {
+    CloudRunnerLogger.logWarning(message);
+  }
+
+  public static appendToFile(message: string) {
+    if (CloudRunner.isCloudRunnerEnvironment) {
+      // Ensure the directory exists before writing
+      const logDirectory = path.dirname(RemoteClientLogger.LogFilePath);
+      if (!fs.existsSync(logDirectory)) {
+        fs.mkdirSync(logDirectory, { recursive: true });
+      }
+
+      fs.appendFileSync(RemoteClientLogger.LogFilePath, `${message}\n`);
+    }
+  }
+
+  public static async handleLogManagementPostJob() {
+    if (CloudRunnerOptions.providerStrategy !== 'k8s') {
+      return;
+    }
+    CloudRunnerLogger.log(`Collected Logs`);
+
+    // check for log file not existing
+    if (!fs.existsSync(RemoteClientLogger.LogFilePath)) {
+      CloudRunnerLogger.log(`Log file does not exist`);
+
+      // check if CloudRunner.isCloudRunnerEnvironment is true, log
+      if (!CloudRunner.isCloudRunnerEnvironment) {
+        CloudRunnerLogger.log(`Cloud Runner is not running in a cloud environment, not collecting logs`);
+      }
+
+      return;
+    }
+    CloudRunnerLogger.log(`Log file exist`);
+    await new Promise((resolve) => setTimeout(resolve, 1));
+
+    // let hashedLogs = fs.readFileSync(RemoteClientLogger.LogFilePath).toString();
+    //
+    // hashedLogs = md5(hashedLogs);
+    //
+    // for (let index = 0; index < 3; index++) {
+    //   CloudRunnerLogger.log(`LOGHASH: ${hashedLogs}`);
+    //   const logs = fs.readFileSync(RemoteClientLogger.LogFilePath).toString();
+    //   CloudRunnerLogger.log(`LOGS: ${Buffer.from(logs).toString('base64')}`);
+    //   CloudRunnerLogger.log(
+    //     `Game CI's "Cloud Runner System" will cancel the log when it has successfully received the log data to verify all logs have been received.`,
+    //   );
+    //
+    //   // wait for 15 seconds to allow the log to be sent
+    //   await new Promise((resolve) => setTimeout(resolve, 15000));
+    // }
+  }
+  public static HandleLog(message: string): boolean {
+    if (RemoteClientLogger.value !== '') {
+      RemoteClientLogger.value += `\n`;
+    }
+
+    RemoteClientLogger.value += message;
+
+    return false;
+  }
+  static value: string = '';
+}

src/model/cloud-runner/services/core/cloud-runner-logger.ts

@@ -0,0 +1,47 @@
+import * as core from '@actions/core';
+
+class CloudRunnerLogger {
+  private static timestamp: number;
+  private static globalTimestamp: number;
+
+  public static setup() {
+    this.timestamp = this.createTimestamp();
+    this.globalTimestamp = this.timestamp;
+  }
+
+  public static log(message: string) {
+    core.info(message);
+  }
+
+  public static logWarning(message: string) {
+    core.warning(message);
+  }
+
+  public static logLine(message: string) {
+    core.info(`${message}\n`);
+  }
+
+  public static error(message: string) {
+    core.error(message);
+  }
+
+  public static logWithTime(message: string) {
+    const newTimestamp = this.createTimestamp();
+    core.info(
+      `${message} (Since previous: ${this.calculateTimeDiff(
+        newTimestamp,
+        this.timestamp,
+      )}, Total time: ${this.calculateTimeDiff(newTimestamp, this.globalTimestamp)})`,
+    );
+    this.timestamp = newTimestamp;
+  }
+
+  private static calculateTimeDiff(x: number, y: number) {
+    return Math.floor((x - y) / 1000);
+  }
+
+  private static createTimestamp() {
+    return Date.now();
+  }
+}
+export default CloudRunnerLogger;

src/model/cloud-runner/services/core/cloud-runner-result.ts

@@ -0,0 +1,24 @@
+import BuildParameters from '../../../build-parameters';
+
+class CloudRunnerResult {
+  public BuildParameters: BuildParameters;
+  public BuildResults: string;
+  public BuildSucceeded: boolean;
+  public BuildFinished: boolean;
+  public LibraryCacheUsed: boolean;
+
+  public constructor(
+    buildParameters: BuildParameters,
+    buildResults: string,
+    buildSucceeded: boolean,
+    buildFinished: boolean,
+    libraryCacheUsed: boolean,
+  ) {
+    this.BuildParameters = buildParameters;
+    this.BuildResults = buildResults;
+    this.BuildSucceeded = buildSucceeded;
+    this.BuildFinished = buildFinished;
+    this.LibraryCacheUsed = libraryCacheUsed;
+  }
+}
+export default CloudRunnerResult;

src/model/cloud-runner/services/core/cloud-runner-system.ts

@@ -0,0 +1,69 @@
+import { exec } from 'child_process';
+import { RemoteClientLogger } from '../../remote-client/remote-client-logger';
+
+export class CloudRunnerSystem {
+  public static async RunAndReadLines(command: string): Promise<string[]> {
+    const result = await CloudRunnerSystem.Run(command, false, true);
+
+    return result
+      .split(`\n`)
+      .map((x) => x.replace(`\r`, ``))
+      .filter((x) => x !== ``)
+      .map((x) => {
+        const lineValues = x.split(` `);
+
+        return lineValues[lineValues.length - 1];
+      });
+  }
+
+  public static async Run(
+    command: string,
+    suppressError = false,
+    suppressLogs = false,
+    // eslint-disable-next-line no-unused-vars
+    outputCallback?: (output: string) => void,
+  ) {
+    for (const element of command.split(`\n`)) {
+      if (!suppressLogs) {
+        RemoteClientLogger.log(element);
+      }
+    }
+
+    return await new Promise<string>((promise, throwError) => {
+      let output = '';
+      const child = exec(command, { maxBuffer: 1024 * 10000 }, (error, stdout, stderr) => {
+        if (!suppressError && error) {
+          RemoteClientLogger.log(error.toString());
+          throwError(error);
+        }
+        if (stderr) {
+          const diagnosticOutput = `${stderr.toString()}`;
+          if (!suppressLogs) {
+            RemoteClientLogger.logCliDiagnostic(diagnosticOutput);
+          }
+          output += diagnosticOutput;
+        }
+        const outputChunk = `${stdout}`;
+        if (outputCallback) {
+          outputCallback(outputChunk);
+        }
+        output += outputChunk;
+      });
+      child.on('close', (code) => {
+        if (!suppressLogs) {
+          RemoteClientLogger.log(`[${code}]`);
+        }
+        if (code !== 0 && !suppressError) {
+          throwError(output);
+        }
+        const outputLines = output.split(`\n`);
+        for (const element of outputLines) {
+          if (!suppressLogs) {
+            RemoteClientLogger.log(element);
+          }
+        }
+        promise(output);
+      });
+    });
+  }
+}

src/model/cloud-runner/services/core/follow-log-stream-service.ts

@@ -0,0 +1,57 @@
+import GitHub from '../../../github';
+import CloudRunner from '../../cloud-runner';
+import { CloudRunnerStatics } from '../../options/cloud-runner-statics';
+import CloudRunnerLogger from './cloud-runner-logger';
+import * as core from '@actions/core';
+
+export class FollowLogStreamService {
+  static Reset() {
+    FollowLogStreamService.DidReceiveEndOfTransmission = false;
+  }
+  static errors = ``;
+  public static DidReceiveEndOfTransmission = false;
+  public static handleIteration(message: string, shouldReadLogs: boolean, shouldCleanup: boolean, output: string) {
+    if (message.includes(`---${CloudRunner.buildParameters.logId}`)) {
+      CloudRunnerLogger.log('End of log transmission received');
+      FollowLogStreamService.DidReceiveEndOfTransmission = true;
+      shouldReadLogs = false;
+    } else if (message.includes('Rebuilding Library because the asset database could not be found!')) {
+      GitHub.updateGitHubCheck(`Library was not found, importing new Library`, ``);
+      core.warning('LIBRARY NOT FOUND!');
+      core.setOutput('library-found', 'false');
+    } else if (message.includes('Build succeeded')) {
+      GitHub.updateGitHubCheck(`Build succeeded`, `Build succeeded`);
+      core.setOutput('build-result', 'success');
+    } else if (message.includes('Build fail')) {
+      GitHub.updateGitHubCheck(
+        `Build failed\n${FollowLogStreamService.errors}`,
+        `Build failed`,
+        `failure`,
+        `completed`,
+      );
+      core.setOutput('build-result', 'failed');
+      core.setFailed('unity build failed');
+      core.error('BUILD FAILED!');
+    } else if (message.toLowerCase().includes('error ')) {
+      core.error(message);
+      FollowLogStreamService.errors += `\n${message}`;
+    } else if (message.toLowerCase().includes('error: ')) {
+      core.error(message);
+      FollowLogStreamService.errors += `\n${message}`;
+    } else if (message.toLowerCase().includes('command failed: ')) {
+      FollowLogStreamService.errors += `\n${message}`;
+    } else if (message.toLowerCase().includes('invalid ')) {
+      FollowLogStreamService.errors += `\n${message}`;
+    } else if (message.toLowerCase().includes('incompatible  ')) {
+      FollowLogStreamService.errors += `\n${message}`;
+    } else if (message.toLowerCase().includes('cannot be found')) {
+      FollowLogStreamService.errors += `\n${message}`;
+    }
+
+    // Always append log lines to output so tests can assert on BuildResults
+    output += `${message}\n`;
+    CloudRunnerLogger.log(`[${CloudRunnerStatics.logPrefix}] ${message}`);
+
+    return { shouldReadLogs, shouldCleanup, output };
+  }
+}

src/model/cloud-runner/services/core/shared-workspace-locking.ts

@@ -0,0 +1,408 @@
+import CloudRunnerLogger from './cloud-runner-logger';
+import BuildParameters from '../../../build-parameters';
+import CloudRunner from '../../cloud-runner';
+import Input from '../../../input';
+import {
+  CreateBucketCommand,
+  DeleteObjectCommand,
+  HeadBucketCommand,
+  ListObjectsV2Command,
+  PutObjectCommand,
+  S3,
+} from '@aws-sdk/client-s3';
+import { AwsClientFactory } from '../../providers/aws/aws-client-factory';
+import { promisify } from 'node:util';
+import { exec as execCb } from 'node:child_process';
+const exec = promisify(execCb);
+export class SharedWorkspaceLocking {
+  private static _s3: S3;
+  private static get s3(): S3 {
+    if (!SharedWorkspaceLocking._s3) {
+      // Use factory so LocalStack endpoint/path-style settings are honored
+      SharedWorkspaceLocking._s3 = AwsClientFactory.getS3();
+    }
+    return SharedWorkspaceLocking._s3;
+  }
+  private static get useRclone() {
+    return CloudRunner.buildParameters.storageProvider === 'rclone';
+  }
+  private static async rclone(command: string): Promise<string> {
+    const { stdout } = await exec(`rclone ${command}`);
+    return stdout.toString();
+  }
+  private static get bucket() {
+    return SharedWorkspaceLocking.useRclone
+      ? CloudRunner.buildParameters.rcloneRemote
+      : CloudRunner.buildParameters.awsStackName;
+  }
+  public static get workspaceBucketRoot() {
+    return SharedWorkspaceLocking.useRclone
+      ? `${SharedWorkspaceLocking.bucket}/`
+      : `s3://${SharedWorkspaceLocking.bucket}/`;
+  }
+  public static get workspaceRoot() {
+    return `${SharedWorkspaceLocking.workspaceBucketRoot}locks/`;
+  }
+  private static get workspacePrefix() {
+    return `locks/`;
+  }
+  private static async ensureBucketExists(): Promise<void> {
+    const bucket = SharedWorkspaceLocking.bucket;
+    if (SharedWorkspaceLocking.useRclone) {
+      try {
+        await SharedWorkspaceLocking.rclone(`lsf ${bucket}`);
+      } catch {
+        await SharedWorkspaceLocking.rclone(`mkdir ${bucket}`);
+      }
+      return;
+    }
+    try {
+      await SharedWorkspaceLocking.s3.send(new HeadBucketCommand({ Bucket: bucket }));
+    } catch {
+      const region = Input.region || process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1';
+      const createParams: any = { Bucket: bucket };
+      if (region && region !== 'us-east-1') {
+        createParams.CreateBucketConfiguration = { LocationConstraint: region };
+      }
+      await SharedWorkspaceLocking.s3.send(new CreateBucketCommand(createParams));
+    }
+  }
+  private static async listObjects(prefix: string, bucket = SharedWorkspaceLocking.bucket): Promise<string[]> {
+    await SharedWorkspaceLocking.ensureBucketExists();
+    if (prefix !== '' && !prefix.endsWith('/')) {
+      prefix += '/';
+    }
+    if (SharedWorkspaceLocking.useRclone) {
+      const path = `${bucket}/${prefix}`;
+      try {
+        const output = await SharedWorkspaceLocking.rclone(`lsjson ${path}`);
+        const json = JSON.parse(output) as { Name: string; IsDir: boolean }[];
+        return json.map((e) => (e.IsDir ? `${e.Name}/` : e.Name));
+      } catch {
+        return [];
+      }
+    }
+    const result = await SharedWorkspaceLocking.s3.send(
+      new ListObjectsV2Command({ Bucket: bucket, Prefix: prefix, Delimiter: '/' }),
+    );
+    const entries: string[] = [];
+    for (const p of result.CommonPrefixes || []) {
+      if (p.Prefix) entries.push(p.Prefix.slice(prefix.length));
+    }
+    for (const c of result.Contents || []) {
+      if (c.Key && c.Key !== prefix) entries.push(c.Key.slice(prefix.length));
+    }
+    return entries;
+  }
+  public static async GetAllWorkspaces(buildParametersContext: BuildParameters): Promise<string[]> {
+    if (!(await SharedWorkspaceLocking.DoesCacheKeyTopLevelExist(buildParametersContext))) {
+      return [];
+    }
+
+    return (
+      await SharedWorkspaceLocking.listObjects(
+        `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/`,
+      )
+    )
+      .map((x) => x.replace(`/`, ``))
+      .filter((x) => x.endsWith(`_workspace`))
+      .map((x) => x.split(`_`)[1]);
+  }
+  public static async DoesCacheKeyTopLevelExist(buildParametersContext: BuildParameters) {
+    try {
+      const rootLines = await SharedWorkspaceLocking.listObjects('');
+      const lockFolderExists = rootLines.map((x) => x.replace(`/`, ``)).includes(`locks`);
+
+      if (lockFolderExists) {
+        const lines = await SharedWorkspaceLocking.listObjects(SharedWorkspaceLocking.workspacePrefix);
+
+        return lines.map((x) => x.replace(`/`, ``)).includes(buildParametersContext.cacheKey);
+      } else {
+        return false;
+      }
+    } catch {
+      return false;
+    }
+  }
+
+  public static NewWorkspaceName() {
+    return `${CloudRunner.retainedWorkspacePrefix}-${CloudRunner.buildParameters.buildGuid}`;
+  }
+  public static async GetAllLocksForWorkspace(
+    workspace: string,
+    buildParametersContext: BuildParameters,
+  ): Promise<string[]> {
+    if (!(await SharedWorkspaceLocking.DoesWorkspaceExist(workspace, buildParametersContext))) {
+      return [];
+    }
+
+    return (
+      await SharedWorkspaceLocking.listObjects(
+        `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/`,
+      )
+    )
+      .map((x) => x.replace(`/`, ``))
+      .filter((x) => x.includes(workspace) && x.endsWith(`_lock`));
+  }
+  public static async GetLockedWorkspace(workspace: string, runId: string, buildParametersContext: BuildParameters) {
+    if (buildParametersContext.maxRetainedWorkspaces === 0) {
+      return false;
+    }
+
+    if (await SharedWorkspaceLocking.DoesCacheKeyTopLevelExist(buildParametersContext)) {
+      const workspaces = await SharedWorkspaceLocking.GetFreeWorkspaces(buildParametersContext);
+      CloudRunnerLogger.log(`run agent ${runId} is trying to access a workspace, free: ${JSON.stringify(workspaces)}`);
+      for (const element of workspaces) {
+        const lockResult = await SharedWorkspaceLocking.LockWorkspace(element, runId, buildParametersContext);
+        CloudRunnerLogger.log(
+          `run agent: ${runId} try lock workspace: ${element} locking attempt result: ${lockResult}`,
+        );
+
+        if (lockResult) {
+          return true;
+        }
+      }
+    }
+
+    if (await SharedWorkspaceLocking.DoesWorkspaceExist(workspace, buildParametersContext)) {
+      workspace = SharedWorkspaceLocking.NewWorkspaceName();
+      CloudRunner.lockedWorkspace = workspace;
+    }
+
+    const createResult = await SharedWorkspaceLocking.CreateWorkspace(workspace, buildParametersContext);
+    const lockResult = await SharedWorkspaceLocking.LockWorkspace(workspace, runId, buildParametersContext);
+    CloudRunnerLogger.log(
+      `run agent ${runId} didn't find a free workspace so created: ${workspace} createWorkspaceSuccess: ${createResult} Lock:${lockResult}`,
+    );
+
+    return createResult && lockResult;
+  }
+
+  public static async DoesWorkspaceExist(workspace: string, buildParametersContext: BuildParameters) {
+    return (
+      (await SharedWorkspaceLocking.GetAllWorkspaces(buildParametersContext)).filter((x) => x.includes(workspace))
+        .length > 0
+    );
+  }
+  public static async HasWorkspaceLock(
+    workspace: string,
+    runId: string,
+    buildParametersContext: BuildParameters,
+  ): Promise<boolean> {
+    const locks = (await SharedWorkspaceLocking.GetAllLocksForWorkspace(workspace, buildParametersContext))
+      .map((x) => {
+        return {
+          name: x,
+          timestamp: Number(x.split(`_`)[0]),
+        };
+      })
+      .sort((x) => x.timestamp);
+    const lockMatches = locks.filter((x) => x.name.includes(runId));
+    const includesRunLock = lockMatches.length > 0 && locks.indexOf(lockMatches[0]) === 0;
+    CloudRunnerLogger.log(
+      `Checking has workspace lock, runId: ${runId}, workspace: ${workspace}, success: ${includesRunLock} \n- Num of locks created by Run Agent: ${
+        lockMatches.length
+      } Num of Locks: ${locks.length}, Time ordered index for Run Agent: ${locks.indexOf(lockMatches[0])} \n \n`,
+    );
+
+    return includesRunLock;
+  }
+
+  public static async GetFreeWorkspaces(buildParametersContext: BuildParameters): Promise<string[]> {
+    const result: string[] = [];
+    const workspaces = await SharedWorkspaceLocking.GetAllWorkspaces(buildParametersContext);
+    for (const element of workspaces) {
+      const isLocked = await SharedWorkspaceLocking.IsWorkspaceLocked(element, buildParametersContext);
+      const isBelowMax = await SharedWorkspaceLocking.IsWorkspaceBelowMax(element, buildParametersContext);
+      CloudRunnerLogger.log(`workspace ${element} locked:${isLocked} below max:${isBelowMax}`);
+      if (!isLocked && isBelowMax) {
+        result.push(element);
+      }
+    }
+
+    return result;
+  }
+
+  public static async IsWorkspaceBelowMax(
+    workspace: string,
+    buildParametersContext: BuildParameters,
+  ): Promise<boolean> {
+    const workspaces = await SharedWorkspaceLocking.GetAllWorkspaces(buildParametersContext);
+    if (workspace === ``) {
+      return (
+        workspaces.length < buildParametersContext.maxRetainedWorkspaces ||
+        buildParametersContext.maxRetainedWorkspaces === 0
+      );
+    }
+    const ordered: any[] = [];
+    for (const ws of workspaces) {
+      ordered.push({
+        name: ws,
+        timestamp: await SharedWorkspaceLocking.GetWorkspaceTimestamp(ws, buildParametersContext),
+      });
+    }
+    ordered.sort((x) => x.timestamp);
+    const matches = ordered.filter((x) => x.name.includes(workspace));
+    const isWorkspaceBelowMax =
+      matches.length > 0 &&
+      (ordered.indexOf(matches[0]) < buildParametersContext.maxRetainedWorkspaces ||
+        buildParametersContext.maxRetainedWorkspaces === 0);
+
+    return isWorkspaceBelowMax;
+  }
+
+  public static async GetWorkspaceTimestamp(
+    workspace: string,
+    buildParametersContext: BuildParameters,
+  ): Promise<Number> {
+    if (workspace.split(`_`).length > 0) {
+      return Number(workspace.split(`_`)[1]);
+    }
+
+    if (!(await SharedWorkspaceLocking.DoesWorkspaceExist(workspace, buildParametersContext))) {
+      throw new Error("Workspace doesn't exist, can't call get all locks");
+    }
+
+    return (
+      await SharedWorkspaceLocking.listObjects(
+        `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/`,
+      )
+    )
+      .map((x) => x.replace(`/`, ``))
+      .filter((x) => x.includes(workspace) && x.endsWith(`_workspace`))
+      .map((x) => Number(x))[0];
+  }
+
+  public static async IsWorkspaceLocked(workspace: string, buildParametersContext: BuildParameters): Promise<boolean> {
+    if (!(await SharedWorkspaceLocking.DoesWorkspaceExist(workspace, buildParametersContext))) {
+      throw new Error(`workspace doesn't exist ${workspace}`);
+    }
+    const files = await SharedWorkspaceLocking.listObjects(
+      `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/`,
+    );
+
+    const lockFilesExist =
+      files.filter((x) => {
+        return x.includes(workspace) && x.endsWith(`_lock`);
+      }).length > 0;
+
+    return lockFilesExist;
+  }
+
+  public static async CreateWorkspace(workspace: string, buildParametersContext: BuildParameters): Promise<boolean> {
+    if (await SharedWorkspaceLocking.DoesWorkspaceExist(workspace, buildParametersContext)) {
+      throw new Error(`${workspace} already exists`);
+    }
+    const timestamp = Date.now();
+    const key = `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/${timestamp}_${workspace}_workspace`;
+    await SharedWorkspaceLocking.ensureBucketExists();
+    if (SharedWorkspaceLocking.useRclone) {
+      await SharedWorkspaceLocking.rclone(`touch ${SharedWorkspaceLocking.bucket}/${key}`);
+    } else {
+      await SharedWorkspaceLocking.s3.send(
+        new PutObjectCommand({ Bucket: SharedWorkspaceLocking.bucket, Key: key, Body: new Uint8Array(0) }),
+      );
+    }
+
+    const workspaces = await SharedWorkspaceLocking.GetAllWorkspaces(buildParametersContext);
+
+    CloudRunnerLogger.log(`All workspaces ${workspaces}`);
+    if (!(await SharedWorkspaceLocking.IsWorkspaceBelowMax(workspace, buildParametersContext))) {
+      CloudRunnerLogger.log(`Workspace is above max ${workspaces} ${buildParametersContext.maxRetainedWorkspaces}`);
+      await SharedWorkspaceLocking.CleanupWorkspace(workspace, buildParametersContext);
+
+      return false;
+    }
+
+    return true;
+  }
+
+  public static async LockWorkspace(
+    workspace: string,
+    runId: string,
+    buildParametersContext: BuildParameters,
+  ): Promise<boolean> {
+    const existingWorkspace = workspace.endsWith(`_workspace`);
+    const ending = existingWorkspace ? workspace : `${workspace}_workspace`;
+    const key = `${SharedWorkspaceLocking.workspacePrefix}${
+      buildParametersContext.cacheKey
+    }/${Date.now()}_${runId}_${ending}_lock`;
+    await SharedWorkspaceLocking.ensureBucketExists();
+    if (SharedWorkspaceLocking.useRclone) {
+      await SharedWorkspaceLocking.rclone(`touch ${SharedWorkspaceLocking.bucket}/${key}`);
+    } else {
+      await SharedWorkspaceLocking.s3.send(
+        new PutObjectCommand({ Bucket: SharedWorkspaceLocking.bucket, Key: key, Body: new Uint8Array(0) }),
+      );
+    }
+
+    const hasLock = await SharedWorkspaceLocking.HasWorkspaceLock(workspace, runId, buildParametersContext);
+
+    if (hasLock) {
+      CloudRunner.lockedWorkspace = workspace;
+    } else {
+      if (SharedWorkspaceLocking.useRclone) {
+        await SharedWorkspaceLocking.rclone(`delete ${SharedWorkspaceLocking.bucket}/${key}`);
+      } else {
+        await SharedWorkspaceLocking.s3.send(
+          new DeleteObjectCommand({ Bucket: SharedWorkspaceLocking.bucket, Key: key }),
+        );
+      }
+    }
+
+    return hasLock;
+  }
+
+  public static async ReleaseWorkspace(
+    workspace: string,
+    runId: string,
+    buildParametersContext: BuildParameters,
+  ): Promise<boolean> {
+    await SharedWorkspaceLocking.ensureBucketExists();
+    const files = await SharedWorkspaceLocking.GetAllLocksForWorkspace(workspace, buildParametersContext);
+    const file = files.find((x) => x.includes(workspace) && x.endsWith(`_lock`) && x.includes(runId));
+    CloudRunnerLogger.log(`All Locks ${files} ${workspace} ${runId}`);
+    CloudRunnerLogger.log(`Deleting lock ${workspace}/${file}`);
+    CloudRunnerLogger.log(`rm ${SharedWorkspaceLocking.workspaceRoot}${buildParametersContext.cacheKey}/${file}`);
+    if (file) {
+      if (SharedWorkspaceLocking.useRclone) {
+        await SharedWorkspaceLocking.rclone(
+          `delete ${SharedWorkspaceLocking.bucket}/${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/${file}`,
+        );
+      } else {
+        await SharedWorkspaceLocking.s3.send(
+          new DeleteObjectCommand({
+            Bucket: SharedWorkspaceLocking.bucket,
+            Key: `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/${file}`,
+          }),
+        );
+      }
+    }
+
+    return !(await SharedWorkspaceLocking.HasWorkspaceLock(workspace, runId, buildParametersContext));
+  }
+
+  public static async CleanupWorkspace(workspace: string, buildParametersContext: BuildParameters) {
+    const prefix = `${SharedWorkspaceLocking.workspacePrefix}${buildParametersContext.cacheKey}/`;
+    const files = await SharedWorkspaceLocking.listObjects(prefix);
+    for (const file of files.filter((x) => x.includes(`_${workspace}_`))) {
+      if (SharedWorkspaceLocking.useRclone) {
+        await SharedWorkspaceLocking.rclone(`delete ${SharedWorkspaceLocking.bucket}/${prefix}${file}`);
+      } else {
+        await SharedWorkspaceLocking.s3.send(
+          new DeleteObjectCommand({ Bucket: SharedWorkspaceLocking.bucket, Key: `${prefix}${file}` }),
+        );
+      }
+    }
+  }
+
+  public static async ReadLines(command: string): Promise<string[]> {
+    const path = command.replace('aws s3 ls', '').replace('rclone lsf', '').trim();
+    const withoutScheme = path.replace('s3://', '');
+    const [bucket, ...rest] = withoutScheme.split('/');
+    const prefix = rest.join('/');
+    return SharedWorkspaceLocking.listObjects(prefix, bucket);
+  }
+}
+
+export default SharedWorkspaceLocking;

src/model/cloud-runner/services/core/task-parameter-serializer.ts

@@ -0,0 +1,199 @@
+import BuildParameters from '../../../build-parameters';
+import Input from '../../../input';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+import CloudRunnerEnvironmentVariable from '../../options/cloud-runner-environment-variable';
+import CloudRunnerOptionsReader from '../../options/cloud-runner-options-reader';
+import CloudRunnerQueryOverride from '../../options/cloud-runner-query-override';
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+import { CommandHookService } from '../hooks/command-hook-service';
+
+export class TaskParameterSerializer {
+  static readonly blockedParameterNames: Set<string> = new Set([
+    '0',
+    'length',
+    'prototype',
+    '',
+    'unityVersion',
+    'CACHE_UNITY_INSTALLATION_ON_MAC',
+    'RUNNER_TEMP_PATH',
+    'NAME',
+    'CUSTOM_JOB',
+  ]);
+  public static createCloudRunnerEnvironmentVariables(
+    buildParameters: BuildParameters,
+  ): CloudRunnerEnvironmentVariable[] {
+    const result: CloudRunnerEnvironmentVariable[] = this.uniqBy(
+      [
+        ...[
+          { name: 'BUILD_TARGET', value: buildParameters.targetPlatform },
+          { name: 'UNITY_VERSION', value: buildParameters.editorVersion },
+          { name: 'GITHUB_TOKEN', value: process.env.GITHUB_TOKEN },
+        ],
+        ...TaskParameterSerializer.serializeFromObject(buildParameters),
+        ...TaskParameterSerializer.serializeInput(),
+        ...TaskParameterSerializer.serializeCloudRunnerOptions(),
+        ...CommandHookService.getSecrets(CommandHookService.getHooks(buildParameters.commandHooks)),
+        // Include AWS environment variables for LocalStack compatibility
+        ...TaskParameterSerializer.serializeAwsEnvironmentVariables(),
+      ]
+        .filter(
+          (x) =>
+            !TaskParameterSerializer.blockedParameterNames.has(x.name) &&
+            x.value !== '' &&
+            x.value !== undefined &&
+            x.value !== `undefined`,
+        )
+        .map((x) => {
+          x.name = `${TaskParameterSerializer.ToEnvVarFormat(x.name)}`;
+          x.value = `${x.value}`;
+
+          return x;
+        }),
+      (item: CloudRunnerEnvironmentVariable) => item.name,
+    );
+
+    return result;
+  }
+
+  // eslint-disable-next-line no-unused-vars
+  static uniqBy(a: CloudRunnerEnvironmentVariable[], key: (parameters: CloudRunnerEnvironmentVariable) => string) {
+    const seen: { [key: string]: boolean } = {};
+
+    return a.filter(function (item) {
+      const k = key(item);
+
+      return seen.hasOwnProperty(k) ? false : (seen[k] = true);
+    });
+  }
+
+  public static readBuildParameterFromEnvironment(): BuildParameters {
+    const buildParameters = new BuildParameters();
+    const keys = [
+      ...new Set(
+        Object.getOwnPropertyNames(process.env)
+          .filter((x) => !this.blockedParameterNames.has(x) && x.startsWith(''))
+          .map((x) => TaskParameterSerializer.UndoEnvVarFormat(x)),
+      ),
+    ];
+
+    for (const element of keys) {
+      if (element !== `customJob`) {
+        buildParameters[element] = process.env[`${TaskParameterSerializer.ToEnvVarFormat(element)}`];
+      }
+    }
+
+    return buildParameters;
+  }
+
+  private static serializeInput() {
+    return TaskParameterSerializer.serializeFromType(Input);
+  }
+
+  private static serializeCloudRunnerOptions() {
+    return TaskParameterSerializer.serializeFromType(CloudRunnerOptions);
+  }
+
+  private static serializeAwsEnvironmentVariables() {
+    const awsEnvVars = [
+      'AWS_ACCESS_KEY_ID',
+      'AWS_SECRET_ACCESS_KEY',
+      'AWS_DEFAULT_REGION',
+      'AWS_REGION',
+      'AWS_S3_ENDPOINT',
+      'AWS_ENDPOINT',
+      'AWS_CLOUD_FORMATION_ENDPOINT',
+      'AWS_ECS_ENDPOINT',
+      'AWS_KINESIS_ENDPOINT',
+      'AWS_CLOUD_WATCH_LOGS_ENDPOINT',
+    ];
+
+    return awsEnvVars
+      .filter((key) => process.env[key] !== undefined)
+      .map((key) => ({
+        name: key,
+        value: process.env[key] || '',
+      }));
+  }
+
+  public static ToEnvVarFormat(input: string): string {
+    return CloudRunnerOptions.ToEnvVarFormat(input);
+  }
+
+  public static UndoEnvVarFormat(element: string): string {
+    return this.camelize(element.toLowerCase().replace(/_+/g, ' '));
+  }
+
+  private static camelize(string: string) {
+    return TaskParameterSerializer.uncapitalizeFirstLetter(
+      string
+        .replace(/(^\w)|([A-Z])|(\b\w)/g, function (word: string, index: number) {
+          return index === 0 ? word.toLowerCase() : word.toUpperCase();
+        })
+        .replace(/\s+/g, ''),
+    );
+  }
+
+  private static uncapitalizeFirstLetter(string: string) {
+    return string.charAt(0).toLowerCase() + string.slice(1);
+  }
+
+  private static serializeFromObject(buildParameters: any) {
+    const array: any[] = [];
+    const keys = Object.getOwnPropertyNames(buildParameters).filter((x) => !this.blockedParameterNames.has(x));
+    for (const element of keys) {
+      array.push({
+        name: TaskParameterSerializer.ToEnvVarFormat(element),
+        value: buildParameters[element],
+      });
+    }
+
+    return array;
+  }
+
+  private static serializeFromType(type: any) {
+    const array: any[] = [];
+    const input = CloudRunnerOptionsReader.GetProperties();
+    for (const element of input) {
+      if (typeof type[element] !== 'function' && array.filter((x) => x.name === element).length === 0) {
+        array.push({
+          name: element,
+          value: `${type[element]}`,
+        });
+      }
+    }
+
+    return array;
+  }
+
+  public static readDefaultSecrets(): CloudRunnerSecret[] {
+    let array = new Array();
+    array = TaskParameterSerializer.tryAddInput(array, 'UNITY_SERIAL');
+    array = TaskParameterSerializer.tryAddInput(array, 'UNITY_EMAIL');
+    array = TaskParameterSerializer.tryAddInput(array, 'UNITY_PASSWORD');
+
+    // array = TaskParameterSerializer.tryAddInput(array, 'UNITY_LICENSE');
+    array = TaskParameterSerializer.tryAddInput(array, 'GIT_PRIVATE_TOKEN');
+
+    return array;
+  }
+
+  private static getValue(key: string) {
+    return CloudRunnerQueryOverride.queryOverrides !== undefined &&
+      CloudRunnerQueryOverride.queryOverrides[key] !== undefined
+      ? CloudRunnerQueryOverride.queryOverrides[key]
+      : process.env[key];
+  }
+
+  private static tryAddInput(array: CloudRunnerSecret[], key: string): CloudRunnerSecret[] {
+    const value = TaskParameterSerializer.getValue(key);
+    if (value !== undefined && value !== '' && value !== 'null') {
+      array.push({
+        ParameterKey: key,
+        EnvironmentVariable: key,
+        ParameterValue: value,
+      });
+    }
+
+    return array;
+  }
+}

src/model/cloud-runner/services/hooks/command-hook-service.ts

@@ -0,0 +1,118 @@
+import { BuildParameters, Input } from '../../..';
+import YAML from 'yaml';
+import { RemoteClientLogger } from '../../remote-client/remote-client-logger';
+import path from 'node:path';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+import * as fs from 'node:fs';
+import CloudRunnerLogger from '../core/cloud-runner-logger';
+import { CommandHook } from './command-hook';
+
+// import CloudRunnerLogger from './cloud-runner-logger';
+
+export class CommandHookService {
+  public static ApplyHooksToCommands(commands: string, buildParameters: BuildParameters): string {
+    const hooks = CommandHookService.getHooks(buildParameters.commandHooks);
+    CloudRunnerLogger.log(`Applying hooks ${hooks.length}`);
+
+    return `echo "---"
+echo "start cloud runner init"
+${CloudRunnerOptions.cloudRunnerDebug ? `printenv` : `#`}
+echo "start of cloud runner job"
+${hooks.filter((x) => x.hook.includes(`before`)).map((x) => x.commands) || ' '}
+${commands}
+${hooks.filter((x) => x.hook.includes(`after`)).map((x) => x.commands) || ' '}
+echo "end of cloud runner job"
+echo "---${buildParameters.logId}"`;
+  }
+
+  public static getHooks(customCommandHooks: string): CommandHook[] {
+    const experimentHooks = customCommandHooks;
+    let output = new Array<CommandHook>();
+    if (experimentHooks && experimentHooks !== '') {
+      try {
+        output = YAML.parse(experimentHooks);
+      } catch (error) {
+        throw error;
+      }
+    }
+
+    return [
+      ...output.filter((x) => x.hook !== undefined && x.hook.length > 0),
+      ...CommandHookService.GetCustomHooksFromFiles(`before`),
+      ...CommandHookService.GetCustomHooksFromFiles(`after`),
+    ];
+  }
+
+  static GetCustomHooksFromFiles(hookLifecycle: string): CommandHook[] {
+    const results: CommandHook[] = [];
+
+    // RemoteClientLogger.log(`GetCustomHookFiles: ${hookLifecycle}`);
+    try {
+      const gameCiCustomHooksPath = path.join(process.cwd(), `game-ci`, `command-hooks`);
+      const files = fs.readdirSync(gameCiCustomHooksPath);
+      for (const file of files) {
+        if (!CloudRunnerOptions.commandHookFiles.includes(file.replace(`.yaml`, ``))) {
+          continue;
+        }
+        const fileContents = fs.readFileSync(path.join(gameCiCustomHooksPath, file), `utf8`);
+        const fileContentsObject = CommandHookService.ParseHooks(fileContents)[0];
+        if (fileContentsObject.hook.includes(hookLifecycle)) {
+          results.push(fileContentsObject);
+        }
+      }
+    } catch (error) {
+      RemoteClientLogger.log(`Failed Getting: ${hookLifecycle} \n ${JSON.stringify(error, undefined, 4)}`);
+    }
+
+    // RemoteClientLogger.log(`Active Steps From Hooks: \n ${JSON.stringify(results, undefined, 4)}`);
+
+    return results;
+  }
+
+  private static ConvertYamlSecrets(object: CommandHook) {
+    if (object.secrets === undefined) {
+      object.secrets = [];
+
+      return;
+    }
+    object.secrets = object.secrets.map((x: any) => {
+      return {
+        ParameterKey: x.name,
+        EnvironmentVariable: Input.ToEnvVarFormat(x.name),
+        ParameterValue: x.value,
+      };
+    });
+  }
+
+  public static ParseHooks(hooks: string): CommandHook[] {
+    if (hooks === '') {
+      return [];
+    }
+
+    // if (CloudRunner.buildParameters?.cloudRunnerIntegrationTests) {
+
+    // CloudRunnerLogger.log(`Parsing build hooks: ${steps}`);
+
+    // }
+    const isArray = hooks.replace(/\s/g, ``)[0] === `-`;
+    const object: CommandHook[] = isArray ? YAML.parse(hooks) : [YAML.parse(hooks)];
+    for (const hook of object) {
+      CommandHookService.ConvertYamlSecrets(hook);
+      if (hook.secrets === undefined) {
+        hook.secrets = [];
+      }
+    }
+    if (object === undefined) {
+      throw new Error(`Failed to parse ${hooks}`);
+    }
+
+    return object;
+  }
+
+  public static getSecrets(hooks: any) {
+    const secrets = hooks.map((x: any) => x.secrets).filter((x: any) => x !== undefined && x.length > 0);
+
+    // eslint-disable-next-line unicorn/no-array-reduce
+    return secrets.length > 0 ? secrets.reduce((x: any, y: any) => [...x, ...y]) : [];
+  }
+}

src/model/cloud-runner/services/hooks/command-hook.ts

@@ -0,0 +1,9 @@
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+
+export class CommandHook {
+  public commands: string[] = new Array<string>();
+  public secrets: CloudRunnerSecret[] = new Array<CloudRunnerSecret>();
+  public name!: string;
+  public hook!: string[];
+  public step!: string[];
+}

src/model/cloud-runner/services/hooks/container-hook-service.ts

@@ -0,0 +1,379 @@
+import YAML from 'yaml';
+import CloudRunner from '../../cloud-runner';
+import { CustomWorkflow } from '../../workflows/custom-workflow';
+import { RemoteClientLogger } from '../../remote-client/remote-client-logger';
+import path from 'node:path';
+import fs from 'node:fs';
+import Input from '../../../input';
+import CloudRunnerOptions from '../../options/cloud-runner-options';
+import { ContainerHook as ContainerHook } from './container-hook';
+import { CloudRunnerStepParameters } from '../../options/cloud-runner-step-parameters';
+
+export class ContainerHookService {
+  static GetContainerHooksFromFiles(hookLifecycle: string): ContainerHook[] {
+    const results: ContainerHook[] = [];
+    try {
+      const gameCiCustomStepsPath = path.join(process.cwd(), `game-ci`, `container-hooks`);
+      const files = fs.readdirSync(gameCiCustomStepsPath);
+      for (const file of files) {
+        if (!CloudRunnerOptions.containerHookFiles.includes(file.replace(`.yaml`, ``))) {
+          // RemoteClientLogger.log(`Skipping CustomStepFile: ${file}`);
+          continue;
+        }
+        const fileContents = fs.readFileSync(path.join(gameCiCustomStepsPath, file), `utf8`);
+        const fileContentsObject = ContainerHookService.ParseContainerHooks(fileContents)[0];
+        if (fileContentsObject.hook === hookLifecycle) {
+          results.push(fileContentsObject);
+        }
+      }
+    } catch (error) {
+      RemoteClientLogger.log(`Failed Getting: ${hookLifecycle} \n ${JSON.stringify(error, undefined, 4)}`);
+    }
+
+    // RemoteClientLogger.log(`Active Steps From Files: \n ${JSON.stringify(results, undefined, 4)}`);
+
+    const builtInContainerHooks: ContainerHook[] = ContainerHookService.ParseContainerHooks(
+      `- name: aws-s3-upload-build
+  image: amazon/aws-cli
+  hook: after
+  commands: |
+    if command -v aws > /dev/null 2>&1; then
+      aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile default || true
+      aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile default || true
+      aws configure set region $AWS_DEFAULT_REGION --profile default || true
+      ENDPOINT_ARGS=""
+      if [ -n "$AWS_S3_ENDPOINT" ]; then ENDPOINT_ARGS="--endpoint-url $AWS_S3_ENDPOINT"; fi
+      aws $ENDPOINT_ARGS s3 cp /data/cache/$CACHE_KEY/build/build-${CloudRunner.buildParameters.buildGuid}.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } s3://${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/$CACHE_KEY/build/build-$BUILD_GUID.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } || true
+      rm /data/cache/$CACHE_KEY/build/build-${CloudRunner.buildParameters.buildGuid}.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } || true
+    else
+      echo "AWS CLI not available, skipping aws-s3-upload-build"
+    fi
+  secrets:
+  - name: awsAccessKeyId
+    value: ${process.env.AWS_ACCESS_KEY_ID || ``}
+  - name: awsSecretAccessKey
+    value: ${process.env.AWS_SECRET_ACCESS_KEY || ``}
+  - name: awsDefaultRegion
+    value: ${process.env.AWS_REGION || ``}
+  - name: AWS_S3_ENDPOINT
+    value: ${CloudRunnerOptions.awsS3Endpoint || process.env.AWS_S3_ENDPOINT || ``}
+- name: aws-s3-pull-build
+  image: amazon/aws-cli
+  commands: |
+    mkdir -p /data/cache/$CACHE_KEY/build/
+    if command -v aws > /dev/null 2>&1; then
+      aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile default || true
+      aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile default || true
+      aws configure set region $AWS_DEFAULT_REGION --profile default || true
+      ENDPOINT_ARGS=""
+      if [ -n "$AWS_S3_ENDPOINT" ]; then ENDPOINT_ARGS="--endpoint-url $AWS_S3_ENDPOINT"; fi
+      aws $ENDPOINT_ARGS s3 ls ${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/ || true
+      aws $ENDPOINT_ARGS s3 ls ${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/$CACHE_KEY/build || true
+      aws s3 cp s3://${
+        CloudRunner.buildParameters.awsStackName
+      }/cloud-runner-cache/$CACHE_KEY/build/build-$BUILD_GUID_TARGET.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } /data/cache/$CACHE_KEY/build/build-$BUILD_GUID_TARGET.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } || true
+    else
+      echo "AWS CLI not available, skipping aws-s3-pull-build"
+    fi
+  secrets:
+    - name: AWS_ACCESS_KEY_ID
+    - name: AWS_SECRET_ACCESS_KEY
+    - name: AWS_DEFAULT_REGION
+    - name: BUILD_GUID_TARGET
+    - name: AWS_S3_ENDPOINT
+- name: steam-deploy-client
+  image: steamcmd/steamcmd
+  commands: |
+    apt-get update
+    apt-get install -y curl tar coreutils git tree > /dev/null
+    curl -s https://gist.githubusercontent.com/frostebite/1d56f5505b36b403b64193b7a6e54cdc/raw/fa6639ed4ef750c4268ea319d63aa80f52712ffb/deploy-client-steam.sh | bash
+  secrets:
+    - name: STEAM_USERNAME
+    - name: STEAM_PASSWORD
+    - name: STEAM_APPID
+    - name: STEAM_SSFN_FILE_NAME
+    - name: STEAM_SSFN_FILE_CONTENTS
+    - name: STEAM_CONFIG_VDF_1
+    - name: STEAM_CONFIG_VDF_2
+    - name: STEAM_CONFIG_VDF_3
+    - name: STEAM_CONFIG_VDF_4
+    - name: BUILD_GUID_TARGET
+    - name: RELEASE_BRANCH
+- name: steam-deploy-project
+  image: steamcmd/steamcmd
+  commands: |
+    apt-get update
+    apt-get install -y curl tar coreutils git tree > /dev/null
+    curl -s https://gist.githubusercontent.com/frostebite/969da6a41002a0e901174124b643709f/raw/02403e53fb292026cba81ddcf4ff35fc1eba111d/steam-deploy-project.sh | bash
+  secrets:
+    - name: STEAM_USERNAME
+    - name: STEAM_PASSWORD
+    - name: STEAM_APPID
+    - name: STEAM_SSFN_FILE_NAME
+    - name: STEAM_SSFN_FILE_CONTENTS
+    - name: STEAM_CONFIG_VDF_1
+    - name: STEAM_CONFIG_VDF_2
+    - name: STEAM_CONFIG_VDF_3
+    - name: STEAM_CONFIG_VDF_4
+    - name: BUILD_GUID_2
+    - name: RELEASE_BRANCH
+- name: aws-s3-upload-cache
+  image: amazon/aws-cli
+  hook: after
+  commands: |
+    if command -v aws > /dev/null 2>&1; then
+      aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile default || true
+      aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile default || true
+      aws configure set region $AWS_DEFAULT_REGION --profile default || true
+      ENDPOINT_ARGS=""
+      if [ -n "$AWS_S3_ENDPOINT" ]; then ENDPOINT_ARGS="--endpoint-url $AWS_S3_ENDPOINT"; fi
+      aws $ENDPOINT_ARGS s3 cp --recursive /data/cache/$CACHE_KEY/lfs s3://${
+        CloudRunner.buildParameters.awsStackName
+      }/cloud-runner-cache/$CACHE_KEY/lfs || true
+      rm -r /data/cache/$CACHE_KEY/lfs || true
+      aws $ENDPOINT_ARGS s3 cp --recursive /data/cache/$CACHE_KEY/Library s3://${
+        CloudRunner.buildParameters.awsStackName
+      }/cloud-runner-cache/$CACHE_KEY/Library || true
+      rm -r /data/cache/$CACHE_KEY/Library || true
+    else
+      echo "AWS CLI not available, skipping aws-s3-upload-cache"
+    fi
+  secrets:
+  - name: AWS_ACCESS_KEY_ID
+    value: ${process.env.AWS_ACCESS_KEY_ID || ``}
+  - name: AWS_SECRET_ACCESS_KEY
+    value: ${process.env.AWS_SECRET_ACCESS_KEY || ``}
+  - name: AWS_DEFAULT_REGION
+    value: ${process.env.AWS_REGION || ``}
+  - name: AWS_S3_ENDPOINT
+    value: ${CloudRunnerOptions.awsS3Endpoint || process.env.AWS_S3_ENDPOINT || ``}
+- name: aws-s3-pull-cache
+  image: amazon/aws-cli
+  hook: before
+  commands: |
+    mkdir -p /data/cache/$CACHE_KEY/Library/
+    mkdir -p /data/cache/$CACHE_KEY/lfs/
+    if command -v aws > /dev/null 2>&1; then
+      aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile default || true
+      aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile default || true
+      aws configure set region $AWS_DEFAULT_REGION --profile default || true
+      ENDPOINT_ARGS=""
+      if [ -n "$AWS_S3_ENDPOINT" ]; then ENDPOINT_ARGS="--endpoint-url $AWS_S3_ENDPOINT"; fi
+      aws $ENDPOINT_ARGS s3 ls ${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/ || true
+      aws $ENDPOINT_ARGS s3 ls ${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/$CACHE_KEY/ || true
+      BUCKET1="${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/$CACHE_KEY/Library/"
+      aws $ENDPOINT_ARGS s3 ls $BUCKET1 || true
+      OBJECT1="$(aws $ENDPOINT_ARGS s3 ls $BUCKET1 | sort | tail -n 1 | awk '{print $4}' || '')"
+      aws $ENDPOINT_ARGS s3 cp s3://$BUCKET1$OBJECT1 /data/cache/$CACHE_KEY/Library/ || true
+      BUCKET2="${CloudRunner.buildParameters.awsStackName}/cloud-runner-cache/$CACHE_KEY/lfs/"
+      aws $ENDPOINT_ARGS s3 ls $BUCKET2 || true
+      OBJECT2="$(aws $ENDPOINT_ARGS s3 ls $BUCKET2 | sort | tail -n 1 | awk '{print $4}' || '')"
+      aws $ENDPOINT_ARGS s3 cp s3://$BUCKET2$OBJECT2 /data/cache/$CACHE_KEY/lfs/ || true
+    else
+      echo "AWS CLI not available, skipping aws-s3-pull-cache"
+    fi
+- name: rclone-upload-build
+  image: rclone/rclone
+  hook: after
+  commands: |
+    if command -v rclone > /dev/null 2>&1; then
+      rclone copy /data/cache/$CACHE_KEY/build/build-${CloudRunner.buildParameters.buildGuid}.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } ${CloudRunner.buildParameters.rcloneRemote}/cloud-runner-cache/$CACHE_KEY/build/ || true
+      rm /data/cache/$CACHE_KEY/build/build-${CloudRunner.buildParameters.buildGuid}.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } || true
+    else
+      echo "rclone not available, skipping rclone-upload-build"
+    fi
+  secrets:
+  - name: RCLONE_REMOTE
+    value: ${CloudRunner.buildParameters.rcloneRemote || ``}
+- name: rclone-pull-build
+  image: rclone/rclone
+  commands: |
+    mkdir -p /data/cache/$CACHE_KEY/build/
+    if command -v rclone > /dev/null 2>&1; then
+      rclone copy ${
+        CloudRunner.buildParameters.rcloneRemote
+      }/cloud-runner-cache/$CACHE_KEY/build/build-$BUILD_GUID_TARGET.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } /data/cache/$CACHE_KEY/build/build-$BUILD_GUID_TARGET.tar${
+        CloudRunner.buildParameters.useCompressionStrategy ? '.lz4' : ''
+      } || true
+    else
+      echo "rclone not available, skipping rclone-pull-build"
+    fi
+  secrets:
+    - name: BUILD_GUID_TARGET
+    - name: RCLONE_REMOTE
+      value: ${CloudRunner.buildParameters.rcloneRemote || ``}
+- name: rclone-upload-cache
+  image: rclone/rclone
+  hook: after
+  commands: |
+    if command -v rclone > /dev/null 2>&1; then
+      rclone copy /data/cache/$CACHE_KEY/lfs ${
+        CloudRunner.buildParameters.rcloneRemote
+      }/cloud-runner-cache/$CACHE_KEY/lfs || true
+      rm -r /data/cache/$CACHE_KEY/lfs || true
+      rclone copy /data/cache/$CACHE_KEY/Library ${
+        CloudRunner.buildParameters.rcloneRemote
+      }/cloud-runner-cache/$CACHE_KEY/Library || true
+      rm -r /data/cache/$CACHE_KEY/Library || true
+    else
+      echo "rclone not available, skipping rclone-upload-cache"
+    fi
+  secrets:
+  - name: RCLONE_REMOTE
+    value: ${CloudRunner.buildParameters.rcloneRemote || ``}
+- name: rclone-pull-cache
+  image: rclone/rclone
+  hook: before
+  commands: |
+    mkdir -p /data/cache/$CACHE_KEY/Library/
+    mkdir -p /data/cache/$CACHE_KEY/lfs/
+    if command -v rclone > /dev/null 2>&1; then
+      rclone copy ${
+        CloudRunner.buildParameters.rcloneRemote
+      }/cloud-runner-cache/$CACHE_KEY/Library /data/cache/$CACHE_KEY/Library/ || true
+      rclone copy ${
+        CloudRunner.buildParameters.rcloneRemote
+      }/cloud-runner-cache/$CACHE_KEY/lfs /data/cache/$CACHE_KEY/lfs/ || true
+    else
+      echo "rclone not available, skipping rclone-pull-cache"
+    fi
+  secrets:
+  - name: RCLONE_REMOTE
+    value: ${CloudRunner.buildParameters.rcloneRemote || ``}
+- name: debug-cache
+  image: ubuntu
+  hook: after
+  commands: |
+    apt-get update > /dev/null || true
+    ${CloudRunnerOptions.cloudRunnerDebug ? `apt-get install -y tree > /dev/null || true` : `#`}
+    ${CloudRunnerOptions.cloudRunnerDebug ? `tree -L 3 /data/cache || true` : `#`}
+  secrets:
+  - name: awsAccessKeyId
+    value: ${process.env.AWS_ACCESS_KEY_ID || ``}
+  - name: awsSecretAccessKey
+    value: ${process.env.AWS_SECRET_ACCESS_KEY || ``}
+  - name: awsDefaultRegion
+    value: ${process.env.AWS_REGION || ``}
+  - name: AWS_S3_ENDPOINT
+    value: ${CloudRunnerOptions.awsS3Endpoint || process.env.AWS_S3_ENDPOINT || ``}`,
+    ).filter((x) => CloudRunnerOptions.containerHookFiles.includes(x.name) && x.hook === hookLifecycle);
+
+    // In local provider mode (non-container) or when AWS credentials are not present, skip AWS S3 hooks
+    const provider = CloudRunner.buildParameters?.providerStrategy;
+    const isContainerized = provider === 'aws' || provider === 'k8s' || provider === 'local-docker';
+    const hasAwsCreds =
+      (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) ||
+      (process.env.awsAccessKeyId && process.env.awsSecretAccessKey);
+
+    // Always include AWS hooks on the AWS provider (task role provides creds),
+    // otherwise require explicit creds for other containerized providers.
+    const shouldIncludeAwsHooks =
+      isContainerized && !CloudRunner.buildParameters?.skipCache && (provider === 'aws' || Boolean(hasAwsCreds));
+    const filteredBuiltIns = shouldIncludeAwsHooks
+      ? builtInContainerHooks
+      : builtInContainerHooks.filter((x) => x.image !== 'amazon/aws-cli');
+
+    if (filteredBuiltIns.length > 0) {
+      results.push(...filteredBuiltIns);
+    }
+
+    return results;
+  }
+
+  private static ConvertYamlSecrets(object: ContainerHook) {
+    if (object.secrets === undefined) {
+      object.secrets = [];
+
+      return;
+    }
+    object.secrets = object.secrets.map((x: { [key: string]: any }) => {
+      return {
+        ParameterKey: x.name,
+        EnvironmentVariable: Input.ToEnvVarFormat(x.name),
+        ParameterValue: x.value,
+      };
+    });
+  }
+
+  public static ParseContainerHooks(steps: string): ContainerHook[] {
+    if (steps === '') {
+      return [];
+    }
+    const isArray = steps.replace(/\s/g, ``)[0] === `-`;
+    const object: ContainerHook[] = isArray ? YAML.parse(steps) : [YAML.parse(steps)];
+    for (const step of object) {
+      ContainerHookService.ConvertYamlSecrets(step);
+      if (step.secrets === undefined) {
+        step.secrets = [];
+      } else {
+        for (const secret of step.secrets) {
+          if (secret.ParameterValue === undefined && process.env[secret.EnvironmentVariable] !== undefined) {
+            if (CloudRunner.buildParameters?.cloudRunnerDebug) {
+              // CloudRunnerLogger.log(`Injecting custom step ${step.name} from env var ${secret.ParameterKey}`);
+            }
+            secret.ParameterValue = process.env[secret.ParameterKey] || ``;
+          }
+        }
+      }
+      if (step.image === undefined) {
+        step.image = `ubuntu`;
+      }
+    }
+    if (object === undefined) {
+      throw new Error(`Failed to parse ${steps}`);
+    }
+
+    return object;
+  }
+
+  static async RunPostBuildSteps(cloudRunnerStepState: CloudRunnerStepParameters) {
+    let output = ``;
+    const steps: ContainerHook[] = [
+      ...ContainerHookService.ParseContainerHooks(CloudRunner.buildParameters.postBuildContainerHooks),
+      ...ContainerHookService.GetContainerHooksFromFiles(`after`),
+    ];
+
+    if (steps.length > 0) {
+      output += await CustomWorkflow.runContainerJob(
+        steps,
+        cloudRunnerStepState.environment,
+        cloudRunnerStepState.secrets,
+      );
+    }
+
+    return output;
+  }
+  static async RunPreBuildSteps(cloudRunnerStepState: CloudRunnerStepParameters) {
+    let output = ``;
+    const steps: ContainerHook[] = [
+      ...ContainerHookService.ParseContainerHooks(CloudRunner.buildParameters.preBuildContainerHooks),
+      ...ContainerHookService.GetContainerHooksFromFiles(`before`),
+    ];
+
+    if (steps.length > 0) {
+      output += await CustomWorkflow.runContainerJob(
+        steps,
+        cloudRunnerStepState.environment,
+        cloudRunnerStepState.secrets,
+      );
+    }
+
+    return output;
+  }
+}

src/model/cloud-runner/services/hooks/container-hook.ts

@@ -0,0 +1,9 @@
+import CloudRunnerSecret from '../../options/cloud-runner-secret';
+
+export class ContainerHook {
+  public commands!: string;
+  public secrets: CloudRunnerSecret[] = new Array<CloudRunnerSecret>();
+  public name!: string;
+  public image: string = `ubuntu`;
+  public hook!: string;
+}

src/model/cloud-runner/services/utility/lfs-hashing.ts

@@ -0,0 +1,43 @@
+import path from 'node:path';
+import { CloudRunnerFolders } from '../../options/cloud-runner-folders';
+import { CloudRunnerSystem } from '../core/cloud-runner-system';
+import fs from 'node:fs';
+import { Cli } from '../../../cli/cli';
+import { CliFunction } from '../../../cli/cli-functions-repository';
+
+export class LfsHashing {
+  public static async createLFSHashFiles() {
+    await CloudRunnerSystem.Run(`git lfs ls-files -l | cut -d ' ' -f1 | sort > .lfs-assets-guid`);
+    await CloudRunnerSystem.Run(`md5sum .lfs-assets-guid > .lfs-assets-guid-sum`);
+    const lfsHashes = {
+      lfsGuid: fs
+        .readFileSync(`${path.join(CloudRunnerFolders.repoPathAbsolute, `.lfs-assets-guid`)}`, 'utf8')
+        .replace(/\n/g, ``),
+      lfsGuidSum: fs
+        .readFileSync(`${path.join(CloudRunnerFolders.repoPathAbsolute, `.lfs-assets-guid-sum`)}`, 'utf8')
+        .replace('  .lfs-assets-guid', '')
+        .replace(/\n/g, ``),
+    };
+
+    return lfsHashes;
+  }
+  public static async hashAllFiles(folder: string) {
+    const startPath = process.cwd();
+    process.chdir(folder);
+    const result = await (await CloudRunnerSystem.Run(`find -type f -exec md5sum "{}" + | sort | md5sum`))
+      .replace(/\n/g, '')
+      .split(` `)[0];
+    process.chdir(startPath);
+
+    return result;
+  }
+
+  @CliFunction(`hash`, `hash all folder contents`)
+  static async hash() {
+    if (!Cli.options) {
+      return;
+    }
+    const folder = Cli.options['cachePushFrom'];
+    LfsHashing.hashAllFiles(folder);
+  }
+}

src/model/cloud-runner/tests/cloud-runner-async-workflow.test.ts

@@ -0,0 +1,40 @@
+import { BuildParameters, ImageTag } from '../..';
+import CloudRunner from '../cloud-runner';
+import UnityVersioning from '../../unity-versioning';
+import { Cli } from '../../cli/cli';
+import CloudRunnerOptions from '../options/cloud-runner-options';
+import setups from './cloud-runner-suite.test';
+import { OptionValues } from 'commander';
+
+async function CreateParameters(overrides: OptionValues | undefined) {
+  if (overrides) Cli.options = overrides;
+
+  return BuildParameters.create();
+}
+describe('Cloud Runner Async Workflows', () => {
+  setups();
+  it('Responds', () => {});
+
+  if (CloudRunnerOptions.cloudRunnerDebug && CloudRunnerOptions.providerStrategy !== `local-docker`) {
+    it('Async Workflows', async () => {
+      // Setup parameters
+      const buildParameter = await CreateParameters({
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.read('test-project'),
+        asyncCloudRunner: `true`,
+        githubChecks: `true`,
+        providerStrategy: 'k8s',
+        buildPlatform: 'linux',
+        targetPlatform: 'StandaloneLinux64',
+      });
+      const baseImage = new ImageTag(buildParameter);
+
+      // Run the job
+      await CloudRunner.run(buildParameter, baseImage.toString());
+
+      // wait for 15 seconds
+      await new Promise((resolve) => setTimeout(resolve, 1000 * 60 * 12));
+    }, 1_000_000_000);
+  }
+});

src/model/cloud-runner/tests/cloud-runner-caching.test.ts

@@ -0,0 +1,59 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import BuildParameters from '../../build-parameters';
+import { Cli } from '../../cli/cli';
+import UnityVersioning from '../../unity-versioning';
+import CloudRunner from '../cloud-runner';
+import { CloudRunnerSystem } from '../services/core/cloud-runner-system';
+import { Caching } from '../remote-client/caching';
+import { v4 as uuidv4 } from 'uuid';
+import GitHub from '../../github';
+import CloudRunnerOptions from '../options/cloud-runner-options';
+describe('Cloud Runner (Remote Client) Caching', () => {
+  it('responds', () => {});
+  if (CloudRunnerOptions.providerStrategy === `local-docker`) {
+    it('Simple caching works', async () => {
+      Cli.options = {
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.read('test-project'),
+        targetPlatform: 'StandaloneLinux64',
+        cacheKey: `test-case-${uuidv4()}`,
+      };
+      GitHub.githubInputEnabled = false;
+      const buildParameter = await BuildParameters.create();
+      CloudRunner.buildParameters = buildParameter;
+
+      // Create test folder
+      const testFolder = path.resolve(__dirname, Cli.options.cacheKey);
+      fs.mkdirSync(testFolder);
+
+      // Create cache folder
+      const cacheFolder = path.resolve(__dirname, `cache-${Cli.options.cacheKey}`);
+      fs.mkdirSync(cacheFolder);
+
+      // Add test file to test folders
+      fs.writeFileSync(path.resolve(testFolder, 'test.txt'), Cli.options.cacheKey);
+      await Caching.PushToCache(cacheFolder, testFolder, `${Cli.options.cacheKey}`);
+
+      // Delete test folder
+      fs.rmdirSync(testFolder, { recursive: true });
+      await Caching.PullFromCache(
+        cacheFolder.replace(/\\/g, `/`),
+        testFolder.replace(/\\/g, `/`),
+        `${Cli.options.cacheKey}`,
+      );
+      await CloudRunnerSystem.Run(`du -h ${__dirname}`);
+
+      // Compare validity to original hash
+      expect(fs.readFileSync(path.resolve(testFolder, 'test.txt'), { encoding: 'utf8' }).toString()).toContain(
+        Cli.options.cacheKey,
+      );
+      fs.rmdirSync(testFolder, { recursive: true });
+      fs.rmdirSync(cacheFolder, { recursive: true });
+
+      GitHub.githubInputEnabled = true;
+      delete Cli.options;
+    }, 1000000);
+  }
+});

src/model/cloud-runner/tests/cloud-runner-environment.test.ts

@@ -0,0 +1,116 @@
+import { BuildParameters, CloudRunner, ImageTag, Input } from '../..';
+import { TaskParameterSerializer } from '../services/core/task-parameter-serializer';
+import UnityVersioning from '../../unity-versioning';
+import { Cli } from '../../cli/cli';
+import GitHub from '../../github';
+import setups from './cloud-runner-suite.test';
+import { CloudRunnerStatics } from '../options/cloud-runner-statics';
+import CloudRunnerOptions from '../options/cloud-runner-options';
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+
+async function CreateParameters(overrides: any) {
+  if (overrides) {
+    Cli.options = overrides;
+  }
+  const originalValue = GitHub.githubInputEnabled;
+  GitHub.githubInputEnabled = false;
+  const results = await BuildParameters.create();
+  GitHub.githubInputEnabled = originalValue;
+  delete Cli.options;
+
+  return results;
+}
+
+describe('Cloud Runner Sync Environments', () => {
+  setups();
+  const testSecretName = 'testSecretName';
+  const testSecretValue = 'testSecretValue';
+  it('Responds', () => {});
+
+  if (CloudRunnerOptions.cloudRunnerDebug) {
+    it('All build parameters sent to cloud runner as env vars', async () => {
+      // Setup parameters
+      const buildParameter = await CreateParameters({
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.read('test-project'),
+        targetPlatform: 'StandaloneWindows64',
+        customJob: `
+        - name: 'step 1'
+          image: 'ubuntu'
+          commands: 'printenv'
+          secrets:
+            - name: '${testSecretName}'
+              value: '${testSecretValue}'
+        `,
+        cloudRunnerDebug: true,
+      });
+      const baseImage = new ImageTag(buildParameter);
+      if (baseImage.toString().includes('undefined')) {
+        throw new Error(`Base image is undefined`);
+      }
+
+      // Run the job
+      const file = (await CloudRunner.run(buildParameter, baseImage.toString())).BuildResults;
+
+      // Assert results
+      // expect(file).toContain(JSON.stringify(buildParameter));
+      expect(file).toContain(`${Input.ToEnvVarFormat(testSecretName)}=${testSecretValue}`);
+      const environmentVariables = TaskParameterSerializer.createCloudRunnerEnvironmentVariables(buildParameter);
+      const secrets = TaskParameterSerializer.readDefaultSecrets().map((x) => {
+        return {
+          name: x.EnvironmentVariable,
+          value: x.ParameterValue,
+        };
+      });
+      const combined = [...environmentVariables, ...secrets]
+        .filter((element) => element.value !== undefined && element.value !== '' && typeof element.value !== 'function')
+        .map((x) => {
+          if (typeof x.value === `string`) {
+            x.value = x.value.replace(/\s+/g, '');
+          }
+
+          return x;
+        })
+        .filter((element) => {
+          return !['UNITY_LICENSE', 'UNITY_LICENSE', 'CUSTOM_JOB', 'CUSTOM_JOB'].includes(element.name);
+        });
+      const newLinePurgedFile = file
+        .replace(/\s+/g, '')
+        .replace(new RegExp(`\\[${CloudRunnerStatics.logPrefix}\\]`, 'g'), '');
+      for (const element of combined) {
+        expect(newLinePurgedFile).toContain(`${element.name}`);
+        CloudRunnerLogger.log(`Contains ${element.name}`);
+        const fullNameEqualValue = `${element.name}=${element.value}`;
+        expect(newLinePurgedFile).toContain(fullNameEqualValue);
+      }
+    }, 1_000_000_000);
+  }
+});
+
+describe('Cloud Runner Environment Serializer', () => {
+  setups();
+  const testSecretName = 'testSecretName';
+  const testSecretValue = 'testSecretValue';
+  it('Cloud Runner Parameter Serialization', async () => {
+    // Setup parameters
+    const buildParameter = await CreateParameters({
+      versioning: 'None',
+      projectPath: 'test-project',
+      unityVersion: UnityVersioning.read('test-project'),
+      customJob: `
+      - name: 'step 1'
+        image: 'alpine'
+        commands: 'printenv'
+        secrets:
+          - name: '${testSecretName}'
+            value: '${testSecretValue}'
+      `,
+    });
+
+    const result = TaskParameterSerializer.createCloudRunnerEnvironmentVariables(buildParameter);
+    expect(result.find((x) => Number.parseInt(x.name)) !== undefined).toBeFalsy();
+    const result2 = TaskParameterSerializer.createCloudRunnerEnvironmentVariables(buildParameter);
+    expect(result2.find((x) => Number.parseInt(x.name)) !== undefined).toBeFalsy();
+  });
+});

src/model/cloud-runner/tests/cloud-runner-github-checks.test.ts

@@ -0,0 +1,65 @@
+import CloudRunner from '../cloud-runner';
+import UnityVersioning from '../../unity-versioning';
+import setups from './cloud-runner-suite.test';
+import GitHub from '../../github';
+import { TIMEOUT_INFINITE, createParameters } from '../../../test-utils/cloud-runner-test-helpers';
+describe('Cloud Runner Github Checks', () => {
+  setups();
+  it('Responds', () => {});
+
+  beforeEach(() => {
+    // Mock GitHub API requests to avoid real network calls
+    jest.spyOn(GitHub as any, 'createGitHubCheckRequest').mockResolvedValue({
+      status: 201,
+      data: { id: '1' },
+    });
+    jest.spyOn(GitHub as any, 'updateGitHubCheckRequest').mockResolvedValue({
+      status: 200,
+      data: {},
+    });
+    jest.spyOn(GitHub as any, 'runUpdateAsyncChecksWorkflow').mockResolvedValue(undefined);
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
+  it(
+    'Check Handling Direct',
+    async () => {
+      // Setup parameters
+      const buildParameter = await createParameters({
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.read('test-project'),
+        asyncCloudRunner: `true`,
+        githubChecks: `true`,
+      });
+      await CloudRunner.setup(buildParameter);
+      CloudRunner.buildParameters.githubCheckId = await GitHub.createGitHubCheck(`direct create`);
+      await GitHub.updateGitHubCheck(`1 ${new Date().toISOString()}`, `direct`);
+      await GitHub.updateGitHubCheck(`2 ${new Date().toISOString()}`, `direct`, `success`, `completed`);
+    },
+    TIMEOUT_INFINITE,
+  );
+  it(
+    'Check Handling Via Async Workflow',
+    async () => {
+      // Setup parameters
+      const buildParameter = await createParameters({
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.read('test-project'),
+        asyncCloudRunner: `true`,
+        githubChecks: `true`,
+      });
+      GitHub.forceAsyncTest = true;
+      await CloudRunner.setup(buildParameter);
+      CloudRunner.buildParameters.githubCheckId = await GitHub.createGitHubCheck(`async create`);
+      await GitHub.updateGitHubCheck(`1 ${new Date().toISOString()}`, `async`);
+      await GitHub.updateGitHubCheck(`2 ${new Date().toISOString()}`, `async`, `success`, `completed`);
+      GitHub.forceAsyncTest = false;
+    },
+    TIMEOUT_INFINITE,
+  );
+});

src/model/cloud-runner/tests/cloud-runner-hooks.test.ts

@@ -0,0 +1,121 @@
+import CloudRunner from '../cloud-runner';
+import { BuildParameters, ImageTag } from '../..';
+import UnityVersioning from '../../unity-versioning';
+import { Cli } from '../../cli/cli';
+import CloudRunnerLogger from '../services/core/cloud-runner-logger';
+import { v4 as uuidv4 } from 'uuid';
+import CloudRunnerOptions from '../options/cloud-runner-options';
+import setups from './cloud-runner-suite.test';
+import { ContainerHookService } from '../services/hooks/container-hook-service';
+import { CommandHookService } from '../services/hooks/command-hook-service';
+
+async function CreateParameters(overrides: any) {
+  if (overrides) {
+    Cli.options = overrides;
+  }
+
+  return await BuildParameters.create();
+}
+
+describe('Cloud Runner Custom Hooks And Steps', () => {
+  it('Responds', () => {});
+  setups();
+  it('Check parsing and reading of steps', async () => {
+    const yamlString = `hook: before
+commands: echo "test"`;
+    const yamlString2 = `- hook: before
+  commands: echo "test"`;
+    const overrides = {
+      versioning: 'None',
+      projectPath: 'test-project',
+      unityVersion: UnityVersioning.determineUnityVersion('test-project', UnityVersioning.read('test-project')),
+      targetPlatform: 'StandaloneLinux64',
+      image: 'ubuntu',
+      cacheKey: `test-case-${uuidv4()}`,
+    };
+    CloudRunner.setup(await CreateParameters(overrides));
+    const stringObject = ContainerHookService.ParseContainerHooks(yamlString);
+    const stringObject2 = ContainerHookService.ParseContainerHooks(yamlString2);
+
+    CloudRunnerLogger.log(yamlString);
+    CloudRunnerLogger.log(JSON.stringify(stringObject, undefined, 4));
+
+    expect(stringObject.length).toBe(1);
+    expect(stringObject[0].hook).toBe(`before`);
+    expect(stringObject2.length).toBe(1);
+    expect(stringObject2[0].hook).toBe(`before`);
+
+    const getCustomStepsFromFiles = ContainerHookService.GetContainerHooksFromFiles(`before`);
+    CloudRunnerLogger.log(JSON.stringify(getCustomStepsFromFiles, undefined, 4));
+  });
+  if (CloudRunnerOptions.cloudRunnerDebug && CloudRunnerOptions.providerStrategy !== `k8s`) {
+    it('Should be 1 before and 1 after hook', async () => {
+      const overrides = {
+        versioning: 'None',
+        image: 'ubuntu',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.determineUnityVersion('test-project', UnityVersioning.read('test-project')),
+        targetPlatform: 'StandaloneLinux64',
+        cacheKey: `test-case-${uuidv4()}`,
+        containerHookFiles: `my-test-step-pre-build,my-test-step-post-build`,
+        commandHookFiles: `my-test-hook-pre-build,my-test-hook-post-build`,
+      };
+      const buildParameter2 = await CreateParameters(overrides);
+      await CloudRunner.setup(buildParameter2);
+      const beforeHooks = CommandHookService.GetCustomHooksFromFiles(`before`);
+      const afterHooks = CommandHookService.GetCustomHooksFromFiles(`after`);
+      expect(beforeHooks).toHaveLength(1);
+      expect(afterHooks).toHaveLength(1);
+    });
+    it('Should be 1 before and 1 after step', async () => {
+      const overrides = {
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.determineUnityVersion('test-project', UnityVersioning.read('test-project')),
+        targetPlatform: 'StandaloneLinux64',
+        cacheKey: `test-case-${uuidv4()}`,
+        image: 'ubuntu',
+        containerHookFiles: `my-test-step-pre-build,my-test-step-post-build`,
+        commandHookFiles: `my-test-hook-pre-build,my-test-hook-post-build`,
+      };
+      const buildParameter2 = await CreateParameters(overrides);
+      await CloudRunner.setup(buildParameter2);
+      const beforeSteps = ContainerHookService.GetContainerHooksFromFiles(`before`);
+      const afterSteps = ContainerHookService.GetContainerHooksFromFiles(`after`);
+      expect(beforeSteps).toHaveLength(1);
+      expect(afterSteps).toHaveLength(1);
+    });
+    it('Run build once - check for pre and post custom hooks run contents', async () => {
+      const overrides = {
+        versioning: 'None',
+        projectPath: 'test-project',
+        unityVersion: UnityVersioning.determineUnityVersion('test-project', UnityVersioning.read('test-project')),
+        targetPlatform: 'StandaloneLinux64',
+        cacheKey: `test-case-${uuidv4()}`,
+        containerHookFiles: `my-test-step-pre-build,my-test-step-post-build`,
+        commandHookFiles: `my-test-hook-pre-build,my-test-hook-post-build`,
+        cloudRunnerDebug: true,
+      };
+      const buildParameter2 = await CreateParameters(overrides);
+      const baseImage2 = new ImageTag(buildParameter2);
+      const results2Object = await CloudRunner.run(buildParameter2, baseImage2.toString());
+      const results2 = results2Object.BuildResults;
+      CloudRunnerLogger.log(`run 2 succeeded`);
+
+      const buildContainsBuildSucceeded = results2.includes('Build succeeded');
+      const buildContainsPreBuildHookRunMessage = results2.includes('before-build hook test!');
+      const buildContainsPostBuildHookRunMessage = results2.includes('after-build hook test!');
+
+      const buildContainsPreBuildStepMessage = results2.includes('before-build step test!');
+      const buildContainsPostBuildStepMessage = results2.includes('after-build step test!');
+
+      if (CloudRunnerOptions.providerStrategy !== 'local') {
+        expect(buildContainsBuildSucceeded).toBeTruthy();
+      }
+      expect(buildContainsPreBuildHookRunMessage).toBeTruthy();
+      expect(buildContainsPostBuildHookRunMessage).toBeTruthy();
+      expect(buildContainsPreBuildStepMessage).toBeTruthy();
+      expect(buildContainsPostBuildStepMessage).toBeTruthy();
+    }, 1_000_000_000);
+  }
+});

src/model/cloud-runner/tests/cloud-runner-image.test.ts

@@ -0,0 +1,51 @@
+import { BuildParameters, ImageTag } from '../..';
+import UnityVersioning from '../../unity-versioning';
+import { Cli } from '../../cli/cli';
+import GitHub from '../../github';
+import setups from './cloud-runner-suite.test';
+
+async function CreateParameters(overrides: any) {
+  if (overrides) {
+    Cli.options = overrides;
+  }
+  const originalValue = GitHub.githubInputEnabled;
+  GitHub.githubInputEnabled = false;
+  const results = await BuildParameters.create();
+  GitHub.githubInputEnabled = originalValue;
+  delete Cli.options;
+
+  return results;
+}
+
+describe('Cloud Runner Image', () => {
+  setups();
+  const testSecretName = 'testSecretName';
+  const testSecretValue = 'testSecretValue';
+  it('Can create valid image from normal config', async () => {
+    // Setup parameters
+    const buildParameter = await CreateParameters({
+      versioning: 'None',
+      projectPath: 'test-project',
+      unityVersion: UnityVersioning.read('test-project'),
+      targetPlatform: 'StandaloneWindows64',
+      customJob: `
+        - name: 'step 1'
+          image: 'ubuntu'
+          commands: 'printenv'
+          secrets:
+            - name: '${testSecretName}'
+              value: '${testSecretValue}'
+        `,
+    });
+    const baseImage = new ImageTag(buildParameter);
+    if (buildParameter.targetPlatform === undefined) {
+      throw new Error(`target platform includes undefined`);
+    }
+    if (baseImage.toString().includes('undefined')) {
+      throw new Error(`Base image ${baseImage.toString()} includes undefined`);
+    }
+    if (baseImage.toString().includes('NaN')) {
+      throw new Error(`Base image ${baseImage.toString()} includes nan`);
+    }
+  }, 1_000_000_000);
+});