ci: add ARM64 device farm, Docker runner, and self-hosted CI hardening#36
Open
phunkeler wants to merge 101 commits into
Open
ci: add ARM64 device farm, Docker runner, and self-hosted CI hardening#36phunkeler wants to merge 101 commits into
phunkeler wants to merge 101 commits into
Conversation
* refactor: Observable devices + tests * sonarqube: security
* refactor: Observable devices + tests * sonarqube: security * refactor: beef-up logging + no use of INFO level
* fix: log levels + categoryName + dependabot groups * Fix stray ';'
…ce scripts - Raspberry Pi Appium setup guide (docs/) with Docker Compose arm64 config - setup-pi-host.sh and init-pi-devices.sh for one-shot Pi + device configuration - prepare-devices.sh/.ps1 for pre-test screen wake / stay-awake / keyguard dismiss - UiTests project: Appium fixture, DevicePrep (AndroidSdk NuGet), test stubs, runsettings - DevFlowAgent stub documenting future migration path away from Appium Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tion Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ui-tests.yml: runs on self-hosted ARM64, gated to repo owner only - APPIUM_SERVER_URL/DEVICE serials injected via repository secrets - Evidence screenshots uploaded as artifacts - .gitignore: exclude *.local.runsettings from tracking - runsettings: convert to template, real values via secrets/local file Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- check-devices.sh validates ADB is on 0.0.0.0:5037 and all serials are ready - GitHub Actions annotations on failure (::error:: prefix) - Workflow calls check-devices before dotnet run - ADB systemd service: Restart=always + RestartSec=3 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- docker/runner/Dockerfile — ubuntu:24.04 + official runner release + adb - docker/runner/entrypoint.sh — auto-registers via GitHub API, ephemeral, cleans up on shutdown - docker/appium/Dockerfile — moved from Pi home dir into repo - docker/docker-compose.yml — combined Appium + runner, both reach host ADB via host-gateway - docker/.env.example — GITHUB_PAT template (real .env gitignored) - check-devices.sh — configurable ADB host/port via env vars for container use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… mount - --no-install-recommends on all apt-get install calls - packages sorted alphanumerically - docker-compose mounts host gh auth config (read-only) — no PAT in .env Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…nner - build job: GitHub-hosted ARM64 runner builds NearbyChat APK, uploads as artifact - ui-tests job: Pi self-hosted runner downloads APK, installs on devices, runs tests - secrets passed via env: not interpolated inline in shell scripts - DEVICE2_SERIAL gracefully skipped when not yet set
Adds docker-images.yml workflow to build ARM64 images on GitHub-hosted runners and push to ghcr.io on changes to docker/**. Updates docker-compose.yml to pull pre-built images instead of building on the Pi.
… used by install steps
…n fresh ADB session
…er registration - Drop XHarness from APK install; use adb install -r --no-streaming to avoid Samsung streaming install rejection without extra tooling - Remove Restore tools step and XHarness tool manifest entry - Add --replace to runner config.sh so stale registrations don't crash the container
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sets up an ARM64 Android device farm for automated UI testing:
Appium + self-hosted GitHub Actions runner in Docker (built from official actions/runner binary)
UI test workflow split: APK build on GitHub-hosted ubuntu-latest, tests on self-hosted linux/ARM64 runner
Single-device smoke test; two-device P2P tests skip gracefully when DEVICE2_SERIAL absent
All action references SHA-pinned; Dependabot configured for weekly github-actions and Docker updates
actions-sha-bump label + reminder workflow prompts updating the Actions allow list after merging
Containers hardened: read-only rootfs, all capabilities dropped, tmpfs for writable scratch paths
cloud-init/user-data.yml checked in — fresh Pi is flash + boot + 2 manual auth steps
reapply-config workflow enforces host config on demand via scoped SSH key (command="sudo bash -s")
os-maintenance workflow runs weekly unattended-upgrade dry-run and posts output to job summary
Preview release process documented in CONTRIBUTING.md with release.sh script
Setup and day-to-day operations documented in docs/raspberry-pi-appium-setup.md