u

Signed-off-by: Joe Isaacs <[email protected]>

Author: joseph-isaacs

.github/actions/build-ami/action.yml

@@ -0,0 +1,102 @@
+name: "Build Vortex CI AMI"
+description: "Build a custom Amazon Machine Image for Vortex CI runners"
+
+inputs:
+  arch:
+    description: "Target architecture: x64 or arm64"
+    required: true
+  aws-region:
+    description: "AWS region to build AMI in"
+    required: false
+    default: "us-east-1"
+  ami-prefix:
+    description: "Prefix for AMI name"
+    required: false
+    default: "vortex-ci"
+  retention-days:
+    description: "Number of days before AMI is deprecated"
+    required: false
+    default: "30"
+
+outputs:
+  ami-id:
+    description: "The ID of the built AMI"
+    value: ${{ steps.create-ami.outputs.ami_id }}
+  ami-name:
+    description: "The name of the built AMI"
+    value: ${{ steps.create-ami.outputs.ami_name }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Rust
+      uses: ./.github/actions/setup-rust
+
+    - name: Setup flatc
+      uses: ./.github/actions/setup-flatc
+
+    - name: Install extra dependencies
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+          cmake \
+          ninja-build \
+          clang \
+          lld \
+          llvm
+
+    - name: Install nightly toolchain
+      shell: bash
+      run: |
+        rustup toolchain install nightly
+        rustup component add --toolchain nightly rustfmt clippy rust-src miri llvm-tools-preview
+
+    - name: Install cargo tools
+      shell: bash
+      run: |
+        cargo install cargo-nextest --locked
+        cargo install cargo-hack --locked
+        cargo install grcov --locked
+
+    - name: Get instance ID
+      id: instance
+      shell: bash
+      run: |
+        INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
+        echo "instance_id=$INSTANCE_ID" >> $GITHUB_OUTPUT
+
+    - name: Create AMI
+      id: create-ami
+      shell: bash
+      env:
+        AWS_REGION: ${{ inputs.aws-region }}
+        AMI_PREFIX: ${{ inputs.ami-prefix }}
+        ARCH: ${{ inputs.arch }}
+        RETENTION_DAYS: ${{ inputs.retention-days }}
+      run: |
+        TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+        AMI_NAME="${AMI_PREFIX}-${ARCH}-${TIMESTAMP}"
+        DEPRECATION_TIME=$(date -u -d "+${RETENTION_DAYS} days" +%Y-%m-%dT%H:%M:%SZ)
+
+        echo "Creating AMI: $AMI_NAME"
+        AMI_ID=$(aws ec2 create-image \
+          --instance-id "${{ steps.instance.outputs.instance_id }}" \
+          --name "$AMI_NAME" \
+          --description "Vortex CI runner image for ${ARCH}" \
+          --no-reboot \
+          --tag-specifications "ResourceType=image,Tags=[{Key=Name,Value=$AMI_NAME},{Key=Environment,Value=ci},{Key=Arch,Value=$ARCH},{Key=ManagedBy,Value=github-actions}]" \
+          --query 'ImageId' \
+          --output text)
+
+        echo "Waiting for AMI to be available..."
+        aws ec2 wait image-available --image-ids "$AMI_ID"
+
+        echo "Setting deprecation time to $DEPRECATION_TIME"
+        aws ec2 enable-image-deprecation \
+          --image-id "$AMI_ID" \
+          --deprecate-at "$DEPRECATION_TIME"
+
+        echo "ami_id=$AMI_ID" >> $GITHUB_OUTPUT
+        echo "ami_name=$AMI_NAME" >> $GITHUB_OUTPUT
+        echo "AMI created: $AMI_ID ($AMI_NAME)"

.github/runs-on.yml

@@ -1,11 +1,17 @@
+# Custom AMIs for Vortex CI runners
+# These AMIs are automatically rebuilt every 15 days by the ami-prebuild.yml workflow
+# to keep the GitHub Actions runner agent up to date (required to be <30 days old).
+#
+# AMI naming pattern: vortex-ci-{arch}-{timestamp}
+# Built with: .github/actions/build-ami and .github/packer/vortex-ci.pkr.hcl
 images:
   vortex-ci-amd64:
     platform: "linux"
     arch: "x64"
-    name: "vortex-ci-*"
+    name: "vortex-ci-x64-*"
     owner: "375504701696"
   vortex-ci-arm64:
     platform: "linux"
     arch: "arm64"
-    name: "vortex-ci-*"
+    name: "vortex-ci-arm64-*"
     owner: "375504701696"

.github/workflows/ami-prebuild.yml

@@ -0,0 +1,115 @@
+name: AMI Prebuild
+
+# Schedule to run every 15 days to keep runner agent up to date
+# GitHub stops routing jobs to runners with agents older than 30 days
+on:
+  # TODO: Remove push trigger after testing
+  push:
+    branches: [ji/ami-prebuild]
+    paths:
+      - ".github/workflows/ami-prebuild.yml"
+      - ".github/actions/build-ami/**"
+  schedule:
+    # Run at 00:00 UTC on the 1st and 16th of each month (~15 days apart)
+    - cron: "0 0 1,16 * *"
+  workflow_dispatch:
+    inputs:
+      arch:
+        description: "Architecture to build (leave empty for both)"
+        required: false
+        type: choice
+        options:
+          - ""
+          - x64
+          - arm64
+      retention-days:
+        description: "Days until AMI deprecation"
+        required: false
+        type: number
+        default: 30
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  AWS_REGION: us-east-1
+
+jobs:
+  build-x64:
+    name: "Build AMI (x64)"
+    if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.arch == '' || github.event.inputs.arch == 'x64' }}
+    runs-on:
+      - runs-on=${{ github.run_id }}
+      - family=m7i+m7i-flex+m7a
+      - cpu=4
+      - image=ubuntu24-full-x64
+      - tag=ami-prebuild-x64
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::375504701696:role/GitHubBenchmarkRole
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Build AMI
+        id: build
+        uses: ./.github/actions/build-ami
+        with:
+          arch: x64
+          aws-region: ${{ env.AWS_REGION }}
+          retention-days: ${{ inputs.retention-days || '30' }}
+
+      - name: Summary
+        run: |
+          echo "## AMI Build Complete (x64)" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **AMI ID:** ${{ steps.build.outputs.ami-id }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **AMI Name:** ${{ steps.build.outputs.ami-name }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Deprecation:** ${{ inputs.retention-days || '30' }} days" >> $GITHUB_STEP_SUMMARY
+
+  build-arm64:
+    name: "Build AMI (arm64)"
+    if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.arch == '' || github.event.inputs.arch == 'arm64' }}
+    runs-on:
+      - runs-on=${{ github.run_id }}
+      - family=m7g
+      - cpu=4
+      - image=ubuntu24-full-arm64
+      - tag=ami-prebuild-arm64
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::375504701696:role/GitHubBenchmarkRole
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Build AMI
+        id: build
+        uses: ./.github/actions/build-ami
+        with:
+          arch: arm64
+          aws-region: ${{ env.AWS_REGION }}
+          retention-days: ${{ inputs.retention-days || '30' }}
+
+      - name: Summary
+        run: |
+          echo "## AMI Build Complete (arm64)" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **AMI ID:** ${{ steps.build.outputs.ami-id }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **AMI Name:** ${{ steps.build.outputs.ami-name }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Deprecation:** ${{ inputs.retention-days || '30' }} days" >> $GITHUB_STEP_SUMMARY