feat: Add meta-chromium-test layer with CI/CD infrastructure

This commit introduces a complete testing ecosystem for Chromium and
Electron builds on embedded Linux systems, featuring a new
Yocto/OpenEmbedded layer (meta-chromium-test) and AWS-based CI/CD
infrastructure that supports automated builds, testing, and validation
across multiple architectures and display backends.

The new meta-chromium-test layer provides a full Yocto/OpenEmbedded
testing infrastructure with proper layer structure, supporting ARM,
AArch64, RISC-V, and x86-64 architectures across multiple display
backends including Ozone Wayland, X11, and Ozone X11. The layer uses
KAS for reproducible build system configuration management and
automatically adapts to the current meta-browser branch, whether it's
scarthgap, master, or other versions. This eliminates the need to
maintain separate configurations for each Yocto version.

The testing components include smoke test suites for automated Chromium
and Electron functionality validation, QEMU integration for emulated
testing environments across all architectures, and BitBake recipes for
chromium-tests and electron-tests packages. The layer includes validation
scripts that provide a framework for build and test validation, ensuring
reliability across the entire testing pipeline.

The AWS-based CI/CD infrastructure provides scalable build capabilities
through EC2 auto-scaling that dynamically provisions build runners based
on workflow demand. The system includes automatic resource cleanup
preventing orphaned infrastructure costs, EFS shared caching for
distributed sstate-cache and downloads across all build nodes, and S3
artifact storage for persistent storage of build artifacts and test
results. This infrastructure supports matrix-based parallel builds
covering all combinations of browser, architecture, and display backend,
with each matrix combination running in an isolated environment where
individual failures don't block other combinations.

The workflow architecture consists of five GitHub Actions workflows that
orchestrate the complete build and test pipeline. The main build/test
workflow includes an 11-hour timeout to accommodate long Yocto builds,
while dedicated EC2 infrastructure management handles resource
provisioning. Browser-specific workflows for Chromium and Electron
provide targeted testing, and automated EFS cache cleanup runs weekly to
prevent cache bloat. The system supports both AWS-based auto-scaling and
self-hosted runners, providing flexibility when AWS infrastructure is
unavailable.

Build optimization features include shared sstate-cache that reduces
build times through artifact reuse, persistent downloads caching for
fetched sources across builds, and automated weekly cleanup preventing
cache bloat. The multi-node scaling capability distributes builds across
multiple EC2 instances, while automatic provisioning creates EC2
instances on-demand for build jobs. Resources are automatically
terminated after builds complete, implementing a pay-per-use model with
automatic resource lifecycle management.

The testing validation system includes built-in smoke tests that verify
basic Chromium and Electron functionality, QEMU emulation that runs tests
in environments matching target architectures, and build validation
checks ensuring successful compilation and packaging. Detailed failure
analysis and artifact collection provide error reporting when issues
occur.

This testing matrix supports all combinations of three architectures (ARM,
AArch64, x86-64) with both Chromium and Electron browsers across
multiple display backends. Chromium supports Ozone Wayland and X11, while
Electron supports Ozone Wayland and Ozone X11, all built against glibc
(musl support was removed for simplicity). The KAS file generation system
uses script-based creation of configuration files with a template system
ensuring consistent configuration across all combinations, making it easy
to add new architectures or backends while maintaining efficiency through
a single source of truth for configuration patterns.

Author: caneraltinbasak

.github/workflows/bs_meta_browser_build_and_test.yml

@@ -0,0 +1,143 @@
+name: 'Build and Test Meta-Browser: EC2 controller'
+on:
+  workflow_call:
+    inputs:
+      build_type:
+        description: 'Build Type'
+        required: true
+        type: string
+
+      browser:
+        description: 'Chromium or Electron'
+        required: true
+        type: string
+
+      chromium_version:
+        description: 'Display backend/Ozone platform (ozone-wayland or x11)'
+        required: true
+        type: string
+
+      arch:
+        description: 'Target architecture'
+        required: true
+        type: string
+
+      instance_type:
+        description: 'EC2 instance type'
+        required: false
+        type: string
+        default: c6a.4xlarge
+
+      leave_ec2_instance_running:
+        description: 'Leave EC2 instance running after use'
+        type: boolean
+        default: false
+
+      instance_name_postfix:
+        description: 'Name to add as postfix to the EC2 machine'
+        type: string
+        default: auto-triggered
+
+      aws_arn_role:
+        required: true
+        type: string
+
+      aws_region:
+        required: true
+        type: string
+
+jobs:
+  start-runner:
+    name: Start self-hosted EC2 runner
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ inputs.aws_region }}
+          role-to-assume: ${{ inputs.aws_arn_role }}
+          role-session-name: mb-ci-${{ github.run_id }}
+          role-duration-seconds: 43200  # 12 hours for long builds
+
+      - name: Download config file and set env vars from it
+        run: |
+          aws s3 cp s3://meta-browser-ci-config-bucket/config.json .
+          aws s3 cp s3://meta-browser-ci-config-bucket/set_github_env_vars.py .
+          python3 set_github_env_vars.py --file config.json
+
+      - name: Clean up any leftover runners
+        run: |
+          echo "Checking for any leftover runners from previous runs..."
+          echo "Current GitHub run context:"
+          echo "Run ID: ${{ github.run_id }}"
+          echo "Run attempt: ${{ github.run_attempt }}"
+          echo "Run number: ${{ github.run_number }}"
+          echo "This run will use unique label with attempt number to avoid conflicts"
+          
+      - name: Start EC2 runner with retry
+        id: start-ec2-runner
+        uses: brightsign/ec2-github-runner@0fa8b183dd4124fd191ccdbc48b68f0ea46a9634
+        timeout-minutes: 15  # Allow more time for registration
+        with:
+          mode: start
+          github-app-private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          github-app-id: 287690
+          ec2-image-id: ami-08a4255385679596c  # Custom AMI with Yocto build dependencies pre-installed
+          ec2-instance-type: ${{ inputs.instance_type }}
+          subnet-id: ${{ env.VPC_SUBNET_ID }}
+          security-group-id: ${{ env.VPC_SG_ID }}
+          run-as-service-with-user: ubuntu
+          label: "mb-${{ github.run_id }}-${{ github.run_attempt }}-${{ inputs.browser }}-${{ inputs.arch }}-${{ inputs.chromium_version }}"  # Unique per matrix job with attempt
+          aws-resource-tags: > # optional, requires additional permissions
+            [
+              {"Key": "Name", "Value": "github-runner-meta-browser-${{ inputs.instance_name_postfix }}-${{ github.run_id }}"},
+              {"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
+              {"Key": "ChromiumVersion", "Value": "${{ inputs.chromium_version }}"},
+              {"Key": "Architecture", "Value": "${{ inputs.arch }}"},
+              {"Key": "RunId", "Value": "${{ github.run_id }}"},
+              {"Key": "RunAttempt", "Value": "${{ github.run_attempt }}"},
+              {"Key": "Browser", "Value": "${{ inputs.browser }}"}
+            ]
+
+  build-and-test-meta-browser:
+    name: Build and Test Meta-Browser
+    needs: start-runner # required to start the main job when the runner is ready
+    uses: ./.github/workflows/bs_meta_browser_build_and_test.yml
+    secrets: inherit
+    with:
+      runner_name: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
+      github_hosted_runner: false
+      browser: ${{ inputs.browser }}
+      build_type: ${{ inputs.build_type }}
+      chromium_version: ${{ inputs.chromium_version }}
+      arch: ${{ inputs.arch }}
+      aws_arn_role: ${{ inputs.aws_arn_role }}
+      aws_region: ${{ inputs.aws_region }}
+
+  stop-runner:
+    name: Stop self-hosted EC2 runner
+    needs:
+      - start-runner # required to get output from the start-runner job
+      - build-and-test-meta-browser # required to wait when the main job is done
+    runs-on: ubuntu-latest
+    if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ inputs.aws_arn_role }}
+          aws-region: ${{ inputs.aws_region }}
+          role-session-name: mb-cleanup-${{ github.run_id }}
+
+      - name: Stop EC2 runner
+        uses: brightsign/ec2-github-runner@0fa8b183dd4124fd191ccdbc48b68f0ea46a9634
+        with:
+          mode: stop
+          github-app-private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          github-app-id: 287690
+          label: ${{ needs.start-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
+          leave-ec2-instance-running: ${{ inputs.leave_ec2_instance_running }}

.github/workflows/bs_meta_browser_ci_ec2.yml

@@ -0,0 +1,95 @@
+name: Chromium build- and smoke-test
+
+on:
+  workflow_dispatch:
+    inputs:
+      repository:
+        description: 'Repository to clone for the workflow'
+        required: true
+        default: 'OSSystems'
+      branch:
+        description: 'Branch to checkout for the workflow'
+        required: true
+        default: 'master'
+      use_aws:
+        description: 'Use AWS EC2 instances instead of local runner'
+        required: false
+        type: boolean
+        default: true
+      instance_type:
+        description: 'EC2 instance type for build (more cores = faster builds)'
+        required: false
+        type: choice
+        options:
+          - 'c6id.4xlarge'   # 16 vCPUs, 32 GB RAM, 1x 950 GB NVMe
+          - 'c6id.8xlarge'   # 32 vCPUs, 64 GB RAM, 1x 1900 GB NVMe
+          - 'c6id.12xlarge'  # 48 vCPUs, 96 GB RAM, 2x 1425 GB NVMe
+          - 'c6id.16xlarge'  # 64 vCPUs, 128 GB RAM, 2x 1900 GB NVMe
+        default: 'c6id.8xlarge'
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'meta-chromium/recipes-browser/chromium/files/**'
+      - 'meta-chromium/recipes-browser/chromium/chromium*'
+      - 'meta-chromium/recipes-browser/chromium/gn*'
+      - '.github/workflows/chromium.yml'
+
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  id-token: write  # Required for OIDC authentication
+
+jobs:
+  # AWS-based builds (always for PR, default for manual dispatch)
+  aws-matrix-build:
+    if: ${{ (github.repository_owner == 'brightsign' || github.repository_owner == 'OSSystems') && (github.event_name == 'pull_request' || inputs.use_aws == true || inputs.use_aws == null) }}
+    strategy:
+      fail-fast: false  # Continue other matrix jobs even if one fails
+      matrix:
+        ozone_platform: [ozone-wayland, x11]
+        arch: [arm, aarch64, x86-64]
+    uses: ./.github/workflows/bs_meta_browser_ci_ec2.yml
+    secrets: inherit
+    with:
+      build_type: "release"
+      browser: "chromium"
+      chromium_version: ${{ matrix.ozone_platform }}
+      arch: ${{ matrix.arch }}
+      aws_arn_role: "arn:aws:iam::195607249165:role/github-actions-meta-browser-repo"
+      aws_region: "us-east-1"
+      instance_type: ${{ inputs.instance_type || 'c6id.8xlarge' }}  # Default for PR builds, user choice for manual
+
+  # Local runner (manual dispatch only, when explicitly disabled AWS)
+  local-build:
+    if: ${{ (github.repository_owner == 'brightsign' || github.repository_owner == 'OSSystems') && github.event_name == 'workflow_dispatch' && inputs.use_aws == false }}
+    strategy:
+      fail-fast: false  # Continue other matrix jobs even if one fails
+      matrix:
+        browser_version: [ozone-wayland, x11]
+        browser: [chromium]
+        arch: [arm, aarch64, x86-64]
+    runs-on: [self-hosted, chromium]
+    container:
+      image: skandigraun/yocto:latest
+      volumes:
+        - yocto:/yocto
+    steps:
+      - run: |
+         mkdir -p /yocto
+         cd /yocto
+         rm -rf meta-browser
+         # Clean stale pseudo state from any previous interrupted builds
+         rm -rf build/tmp/work/*/*/*/pseudo build/tmp/sysroots-components/*/pseudo 2>/dev/null || true
+         if [ "${{ github.event_name }}" = "pull_request" ]; then
+             GH_URL="$GITHUB_SERVER_URL/${{ github.event.pull_request.head.repo.full_name }}"
+             GH_REV="$GITHUB_HEAD_REF"
+         else
+             GH_URL="$GITHUB_SERVER_URL/${{ github.repository }}"
+             GH_REV="${{ github.ref_name }}"
+         fi
+         git clone $GH_URL
+         git -C meta-browser checkout $GH_REV
+         # meta-chromium-test is now integrated into meta-browser
+         ./meta-browser/meta-chromium-test/scripts/build.sh ${{ matrix.arch }} ${{ matrix.browser_version }} ${{ matrix.browser }}