ci(e2e): add VM integration tests on ephemeral AWS EC2 runner#477
Merged
Conversation
GitHub-hosted runners do not support /dev/kvm, preventing VM-based integration tests from running in CI. This adds an e2e-test workflow that launches an ephemeral AWS EC2 c8i.2xlarge instance (Intel Nitro with nested KVM) per job, runs all integration test suites, and terminates the instance afterward. Authentication uses GitHub OIDC → AWS STS (no stored AWS credentials). A setup script (scripts/ci/setup-aws-oidc.sh) provisions all required AWS resources: OIDC provider, IAM roles, instance profile, and SG. Safety: 5-layer defense against orphaned instances (ephemeral runner, always-cleanup job, 45-min self-destruct via IAM, API deregistration, 35-min job timeout, instance-initiated-shutdown-behavior=terminate). Triggers: push to main (path-filtered), PR with 'e2e' label, manual. Cost: ~$0.09-0.14 per run (~$0.34/hr for c8i.2xlarge).
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
DorianZheng
added a commit
that referenced
this pull request
May 5, 2026
Replaces the initial e2e-test.yml (merged in #477) with the complete implementation including: - GitHub App authentication (no PAT needed) - OIDC for AWS (no stored AWS credentials) - Automated setup script with manifest flow (one-click app creation) - Multi-remote support, port reuse, proper error reporting Setup: ./scripts/ci/setup-ci-runner.sh (auto-detects everything) Cost: ~$0.09-0.14 per run (~$0.34/hr for c8i.2xlarge)
DorianZheng
added a commit
that referenced
this pull request
May 5, 2026
Replaces the initial e2e-test.yml (merged in #477) with the complete implementation including: - GitHub App authentication (no PAT needed) - OIDC for AWS (no stored AWS credentials) - Automated setup script with manifest flow (one-click app creation) - Multi-remote support, port reuse, proper error reporting Setup: ./scripts/ci/setup-ci-runner.sh (auto-detects everything) Cost: ~$0.09-0.14 per run (~$0.34/hr for c8i.2xlarge)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
e2e-test.ymlworkflow that provisions an ephemeral AWS EC2 c8i.2xlarge instance per job to run VM-requiring integration testsscripts/ci/setup-ci-runner.shfor one-command infrastructure provisioning (AWS + GitHub)Architecture
Safety
--ephemeralrunner auto-deregisters after one jobif: always()ensures cleanup on failure/cancellationinstance-initiated-shutdown-behavior: terminateCost
$0.09-0.14 per run ($0.34/hr for c8i.2xlarge, 15-25 min typical)Test plan
./scripts/ci/setup-ci-runner.shto provision AWS infraaws ec2 describe-instances --filters "Name=tag:Purpose,Values=boxlite-e2e"