OSSystems · DPopov-BS · Sep 3, 2025 · Sep 11, 2025 · Jun 2, 2026
diff --git a/.github/workflows/bs_meta_browser_build_and_test.yml b/.github/workflows/bs_meta_browser_build_and_test.yml
diff --git a/.github/workflows/bs_meta_browser_ci_ec2.yml b/.github/workflows/bs_meta_browser_ci_ec2.yml
@@ -0,0 +1,155 @@
+name: 'Build and Test Meta-Browser: EC2 controller'
+on:
+  workflow_call:
+    inputs:
+      build_type:
+        description: 'Build Type'
+        required: true
+        type: string
+
+      browser:
+        description: 'Chromium or Electron'
+        required: true
+        type: string
+
+      chromium_version:
+        description: 'Display backend/Ozone platform (ozone-wayland or x11)'
+        required: true
+        type: string
+
+      arch:
+        description: 'Target architecture'
+        required: true
+        type: string
+
+      instance_type:
+        description: 'EC2 instance type'
+        required: false
+        type: string
+        default: c6a.4xlarge
+
+      leave_ec2_instance_running:
+        description: 'Leave EC2 instance running after use'
+        type: boolean
+        default: false
+
+      instance_name_postfix:
+        description: 'Name to add as postfix to the EC2 machine'
+        type: string
+        default: auto-triggered
+
+      aws_arn_role:
+        required: true
+        type: string
+
+      aws_region:
+        required: true
+        type: string
+
+      repository:
+        description: 'Repository to clone for the workflow (owner/meta-browser format)'
+        required: false
+        type: string
+
+      branch:
+        description: 'Branch to checkout for the workflow'
+        required: false
+        type: string
+
+jobs:
+  start-runner:
+    name: Start self-hosted EC2 runner
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v6
+        with:
+          aws-region: ${{ inputs.aws_region }}
+          role-to-assume: ${{ inputs.aws_arn_role }}
+          role-session-name: mb-ci-${{ github.run_id }}
+          role-duration-seconds: 43200  # 12 hours for long builds
+
+      - name: Download config file and set env vars from it
+        run: |
+          aws s3 cp s3://meta-browser-ci-config-bucket/config.json .
+          aws s3 cp s3://meta-browser-ci-config-bucket/set_github_env_vars.py .
+          python3 set_github_env_vars.py --file config.json
+
+      - name: Clean up any leftover runners
+        run: |
+          echo "Checking for any leftover runners from previous runs..."
+          echo "Current GitHub run context:"
+          echo "Run ID: ${{ github.run_id }}"
+          echo "Run attempt: ${{ github.run_attempt }}"
+          echo "Run number: ${{ github.run_number }}"
+          echo "This run will use unique label with attempt number to avoid conflicts"
+
+      - name: Start EC2 runner with retry
+        id: start-ec2-runner
+        uses: brightsign/ec2-github-runner@0fa8b183dd4124fd191ccdbc48b68f0ea46a9634
+        timeout-minutes: 15  # Allow more time for registration
+        with:
+          mode: start
+          github-app-private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          github-app-id: 287690
+          ec2-image-id: ami-08a4255385679596c  # Custom AMI with Yocto build dependencies pre-installed
+          ec2-instance-type: ${{ inputs.instance_type }}
+          subnet-id: ${{ env.VPC_SUBNET_ID }}
+          security-group-id: ${{ env.VPC_SG_ID }}
+          run-as-service-with-user: ubuntu
+          label: "mb-${{ github.run_id }}-${{ github.run_attempt }}-${{ inputs.browser }}-${{ inputs.arch }}-${{ inputs.chromium_version }}"  # Unique per matrix job with attempt
+          aws-resource-tags: > # optional, requires additional permissions
+            [
+              {"Key": "Name", "Value": "github-runner-meta-browser-${{ inputs.instance_name_postfix }}-${{ github.run_id }}"},
+              {"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
+              {"Key": "ChromiumVersion", "Value": "${{ inputs.chromium_version }}"},
+              {"Key": "Architecture", "Value": "${{ inputs.arch }}"},
+              {"Key": "RunId", "Value": "${{ github.run_id }}"},
+              {"Key": "RunAttempt", "Value": "${{ github.run_attempt }}"},
+              {"Key": "Browser", "Value": "${{ inputs.browser }}"}
+            ]
+
+  build-and-test-meta-browser:
+    name: Build and Test Meta-Browser
+    needs: start-runner # required to start the main job when the runner is ready
+    uses: ./.github/workflows/bs_meta_browser_build_and_test.yml
+    secrets: inherit
+    with:
+      runner_name: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
+      github_hosted_runner: false
+      browser: ${{ inputs.browser }}
+      build_type: ${{ inputs.build_type }}
+      chromium_version: ${{ inputs.chromium_version }}
+      arch: ${{ inputs.arch }}
+      aws_arn_role: ${{ inputs.aws_arn_role }}
+      aws_region: ${{ inputs.aws_region }}
+      repository: ${{ inputs.repository }}
+      branch: ${{ inputs.branch }}
+
+  stop-runner:
+    name: Stop self-hosted EC2 runner
+    needs:
+      - start-runner # required to get output from the start-runner job
+      - build-and-test-meta-browser # required to wait when the main job is done
+    runs-on: ubuntu-latest
+    if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v6
+        with:
+          role-to-assume: ${{ inputs.aws_arn_role }}
+          aws-region: ${{ inputs.aws_region }}
+          role-session-name: mb-cleanup-${{ github.run_id }}
+
+      - name: Stop EC2 runner
+        uses: brightsign/ec2-github-runner@0fa8b183dd4124fd191ccdbc48b68f0ea46a9634
+        with:
+          mode: stop
+          github-app-private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          github-app-id: 287690
+          label: ${{ needs.start-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
+          leave-ec2-instance-running: ${{ inputs.leave_ec2_instance_running }}
diff --git a/.github/workflows/chromium.yml b/.github/workflows/chromium.yml
@@ -0,0 +1,124 @@
+name: Chromium build- and smoke-test
+
+on:
+  workflow_dispatch:
+    inputs:
+      repository_owner:
+        description: 'Repository owner (e.g., OSSystems, brightsign)'
+        required: true
+        default: 'OSSystems'
+      branch:
+        description: 'Branch to checkout for the workflow'
+        required: true
+        default: 'master'
+      use_aws:
+        description: 'Use AWS EC2 instances instead of local runner'
+        required: false
+        type: boolean
+        default: true
+      instance_type:
+        description: 'EC2 instance type for build (more cores = faster builds)'
+        required: false
+        type: choice
+        options:
+          - 'c6id.4xlarge'   # 16 vCPUs, 32 GB RAM, 1x 950 GB NVMe
+          - 'c6id.8xlarge'   # 32 vCPUs, 64 GB RAM, 1x 1900 GB NVMe
+          - 'c6id.12xlarge'  # 48 vCPUs, 96 GB RAM, 2x 1425 GB NVMe
+          - 'c6id.16xlarge'  # 64 vCPUs, 128 GB RAM, 2x 1900 GB NVMe
+        default: 'c6id.8xlarge'
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'meta-chromium/recipes-browser/chromium/files/**'
+      - 'meta-chromium/recipes-browser/chromium/chromium*'
+      - 'meta-chromium/recipes-browser/chromium/gn*'
+      - '.github/workflows/chromium.yml'
+
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  id-token: write  # Required for OIDC authentication
+
+jobs:
+  # AWS-based builds (always for PR, default for manual dispatch)
+  aws-matrix-build:
+    if: ${{ (github.repository_owner == 'brightsign' || github.repository_owner == 'OSSystems') && (github.event_name == 'pull_request' || inputs.use_aws == true || inputs.use_aws == null) }}
+    strategy:
+      fail-fast: false  # Continue other matrix jobs even if one fails
+      matrix:
+        ozone_platform: [ozone-wayland, x11]
+        arch: [arm, aarch64, x86-64]
+    uses: ./.github/workflows/bs_meta_browser_ci_ec2.yml
+    secrets: inherit
+    with:
+      build_type: "release"
+      browser: "chromium"
+      chromium_version: ${{ matrix.ozone_platform }}
+      arch: ${{ matrix.arch }}
+      aws_arn_role: "arn:aws:iam::195607249165:role/github-actions-meta-browser-repo"
+      aws_region: "us-east-1"
+      instance_type: ${{ inputs.instance_type || 'c6id.8xlarge' }}  # Default for PR builds, user choice for manual
+      repository: ${{ inputs.repository_owner }}/meta-browser
+      branch: ${{ inputs.branch }}
+
+  # Local runner (manual dispatch only, when explicitly disabled AWS)
+  local-build:
+    if: ${{ (github.repository_owner == 'brightsign' || github.repository_owner == 'OSSystems') && github.event_name == 'workflow_dispatch' && inputs.use_aws == false }}
+    strategy:
+      fail-fast: false  # Continue other matrix jobs even if one fails
+      matrix:
+        browser_version: [ozone-wayland, x11]
+        browser: [chromium]
+        arch: [arm, aarch64, x86-64]
+    runs-on: [self-hosted, chromium]
+    container:
+      image: skandigraun/yocto:latest
+      volumes:
+        - yocto:/yocto
+    steps:
+      - run: |
+         mkdir -p /yocto
+         cd /yocto
+         rm -rf meta-browser meta-browser-ci
+         # Clean stale pseudo state from any previous interrupted builds
+         rm -rf build/tmp/work/*/*/*/pseudo build/tmp/sysroots-components/*/pseudo 2>/dev/null || true
+
+         # Always clone the current repository first (for CI scripts and meta-chromium-test)
+         echo "=== Cloning CI repository (for build scripts) ==="
+         CI_URL="$GITHUB_SERVER_URL/${{ github.repository }}"
+         CI_REV="${{ github.ref_name }}"
+         echo "Cloning CI repo from $CI_URL, branch/ref: $CI_REV"
+         git clone $CI_URL meta-browser-ci
+         git -C meta-browser-ci checkout $CI_REV
+
+         # Now determine the source repository to build
+         if [ "${{ github.event_name }}" = "pull_request" ]; then
+             SOURCE_URL="$GITHUB_SERVER_URL/${{ github.event.pull_request.head.repo.full_name }}"
+             SOURCE_REV="$GITHUB_HEAD_REF"
+         elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+             # For manual dispatch, use the repository and branch inputs
+             SOURCE_URL="$GITHUB_SERVER_URL/${{ github.event.inputs.repository_owner }}/meta-browser"
+             SOURCE_REV="${{ github.event.inputs.branch }}"
+         else
+             SOURCE_URL="$CI_URL"
+             SOURCE_REV="$CI_REV"
+         fi
+
+         echo "Source URL: $SOURCE_URL"
+         echo "Source REV: $SOURCE_REV"
+
+         # Clone the source repository (what we want to build)
+         git clone $SOURCE_URL meta-browser
+         git -C meta-browser checkout $SOURCE_REV
+
+         # Copy meta-chromium-test from CI repo to source repo if needed
+         if [ ! -d "meta-browser/meta-chromium-test" ]; then
+           echo "Copying meta-chromium-test from CI repository to source repository"
+           cp -r meta-browser-ci/meta-chromium-test meta-browser/
+         fi
+
+         # meta-chromium-test is now integrated into meta-browser
+         cd meta-browser
+         ./meta-chromium-test/scripts/build.sh ${{ matrix.arch }} ${{ matrix.browser_version }} ${{ matrix.browser }}