-
Notifications
You must be signed in to change notification settings - Fork 4
101 lines (88 loc) · 3.85 KB
/
Copy pathe2b-nightly.yml
File metadata and controls
101 lines (88 loc) · 3.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: E2B Release Gate Matrix
# Runs the e2b matrix-release-gate scenarios in cloud sandboxes on demand.
# This is the AUTHORITATIVE pre-release E2E test for fresh-install + first-use
# paths that local pytest cannot cover (real OS image, real pipx install,
# real PyPI dry-run). Per docs/release-policy.md it is NOT in release.yml —
# E2B sandbox runs cost ~$0.25 each + 5-10 min wall time, too expensive
# to gate every PR or every release.
#
# Trigger: manual only (workflow_dispatch). Run this before tagging a release.
# The previous daily cron was removed: the job had never reached the matrix
# (missing e2b deps made it fail at import every night and open a noise issue),
# and a daily gate that nobody triages adds cost without protecting releases.
#
# On failure: opens a GitHub issue tagged `release-gate` so engineering
# triages before the next release tag.
on:
workflow_dispatch: # manual trigger only — run before tagging a release
permissions:
contents: read
issues: write # to open failure issues
jobs:
e2b-matrix-release-gate:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Install e2b runner deps
run: pip install -e ".[dev,e2b]"
- name: Install gitleaks (required by packing pre-pack scan)
run: |
GITLEAKS_VERSION=8.21.2
curl -fsSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
| tar -xz -C /tmp gitleaks
sudo mv /tmp/gitleaks /usr/local/bin/gitleaks
gitleaks version
- name: Stage secrets file
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
mkdir -p ~/.config
{
echo "E2B_API_KEY=${E2B_API_KEY}"
echo "OPENROUTER_API_KEY=${OPENROUTER_API_KEY}"
echo "ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}"
} > ~/.config/ai-secrets.env
chmod 600 ~/.config/ai-secrets.env
- name: Run matrix-release-gate
id: matrix
env:
AUTOSEARCH_PACKING_REQUIRE_SECRET_SCAN: "1"
run: |
python scripts/e2b/run_validation.py \
--project autosearch-release-gate \
--matrix tests/e2b/matrix-release-gate.yaml \
--output reports/e2b-nightly \
--source-dir . \
--parallel 4
- name: Upload reports
if: always()
uses: actions/upload-artifact@v7
with:
name: e2b-nightly-reports
path: reports/e2b-nightly/
retention-days: 14
- name: Open failure issue
if: failure()
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with:
script: |
const title = `E2B nightly release-gate FAILED — ${new Date().toISOString().slice(0, 10)}`;
const body = `Nightly E2B matrix-release-gate run failed.
**Run:** ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}
**Workflow:** \`.github/workflows/e2b-nightly.yml\`
**Matrix:** \`tests/e2b/matrix-release-gate.yaml\`
Engineering triage required BEFORE the next release tag is pushed.
See \`docs/release-policy.md\` § Nightly checks for the policy.`;
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title,
body,
labels: ['release-gate', 'nightly-failure'],
});