refactor(runner): build runner binary in CI, deploy from GitHub Releases#467
Merged
Conversation
Eliminates the Docker/ECR pipeline for runner deployment. The runner is now fully self-contained (libboxlite.a auto-extracts the embedded runtime), so EC2 can download a single binary from GitHub Releases instead of pulling a Docker image. - Add .github/workflows/build-runner-binary.yml: builds daemon, computer-use, and runner with plain `go build` (no Nx); uploads tarball to GitHub Releases - Remove Docker/AWS-CLI/ECR setup from EC2 user-data; download prebuilt runner binary instead. Drops ~2 minutes off boot time. - Drop RunnerEcrPolicy IAM attachment (no longer needed) - Read RUNNER_VERSION from root Cargo.toml at deploy time so SST tracks the release version automatically - Remove BOXLITE_RUNTIME_PATH ARG from runner Dockerfile (runtime is auto-extracted from libboxlite.a) Bump SDK versions 0.8.2 -> 0.9.0 across Rust workspace, Python, Node, and Go SDK setup tool.
Replaces the hardcoded version example in the "cannot detect SDK version" fallback error so it doesn't get stale every release. Users now see a clear placeholder they're expected to substitute.
Follows Go's own CLI convention (e.g., `go install` without version). - States the actual fix path: run from a project that imports the SDK - Falls back to `@latest` which is a real, always-valid Go module specifier (avoids the stale-version-literal problem)
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/build-runner-binary.ymlto build the runner Go binary (with daemon + computer-use embedded) and publish it to GitHub Releases after the C SDK build succeeds0.8.2→0.9.0across Rust workspace, Python, Node, and Go SDK setup toolWhy
The runner binary is now fully self-contained: it links
libboxlite.a, which auto-extracts the embeddedboxlite-runtime(shim + guest agent) at startup. There's no longer any need to ship a separate runtime directory or wrap the binary in a Docker image. This simplifies the deployment topology and drops EC2 boot time by ~2 minutes (no Docker install, no AWS CLI install, no ECR login/pull/extract).Changes
CI
build-runner-binary.yml: triggers after "Build C SDK" completes, downloads prebuiltlibboxlite.a, builds daemon (CGO_ENABLED=0) → computer-use (CGO_ENABLED=1) → runner (links libboxlite.a) with plaingo build, packages asboxlite-runner-v{VERSION}-linux-amd64.tar.gz, uploads to GitHub ReleaseInfra (
apps/infra/sst.config.ts)RunnerEcrPolicyIAM attachment (ECR access no longer needed)ecrRepovariable and Docker/AWS-CLI installation from EC2 user-datacurlRUNNER_VERSIONderived from rootCargo.tomlat deploy time (uses ESM-compatibleimport.meta.url)BOXLITE_RUNTIME_DIRenv var from systemd unit (runtime auto-extracted from libboxlite.a)Runner Dockerfile
BOXLITE_RUNTIME_PATHARG andCOPYof runtime directory (no longer needed). Dockerfile is retained for legacy/dev use cases but not on the deployment path.Version bump 0.8.2 → 0.9.0
Cargo.toml(workspace + path dependencies)Cargo.lock(auto-updated)sdks/python/pyproject.tomlsdks/node/package.jsonsdks/go/cmd/setup/main.go(error message reference)Test plan
build-runner-binary.ymlviaworkflow_dispatchon this branch and confirmboxlite-runner-v0.9.0-linux-amd64.tar.gzartifact uploads successfullysst deploywith the new infra config and confirm:Runner setup completewith no Docker/ECR stepssystemctl status boxlite-runneris activeNotes
--no-verifybecauselibkrun/libkrunfwsubmodules aren't initialized locally. The changes don't touch Go code that the failing test exercises — the failure was environmental.go work downloadcommand (replaced with per-modulego mod download) and a hard-codedRUNNER_VERSION(replaced with dynamic read fromCargo.toml).