You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Hardening & Modernization plan (#15, phases 1–8, plus #20) is done: aws-sdk v3, OIDC, IMDSv2, encrypted EBS, ephemeral non-root runners, structured logging, retries, unit tests. The action is now solid — the next multiplier is capable. A codebase review shows the ceilings:
Cost: on-demand only (src/aws.js builds plain RunInstances — no spot), x64 only (runner-checksums.js pins one arch), full cold boot every job. Spot + Graviton + warm pools compound to a 3–5× cost/latency improvement for the same CI minutes.
Reliability: one subnet, one instance type — any capacity hiccup fails the workflow; bootstrap failures "fail silently inside cloud-init, and the action will eventually time out" (README's own words); leaked instances (cancelled workflows, stop-job failures) bill until a human notices.
Reach: one runner per invocation (matrix builds need hand-wired duplicates), 8 GiB default disk kills Docker jobs, non-yum distros are told to fork.
Queue-depth autoscaling / webhook-driven pools (à la actions-runner-controller or philips-labs runners): a fundamentally different architecture (long-running control plane vs. a workflow-step action). The action's start/stop-inside-the-workflow model is its simplicity advantage — kept. Warm pools (Warm pools: reuse stopped instances (stop/start lifecycle) for 60%+ faster job starts #48) capture most of the latency benefit without a control plane.
Back-compat: existing inputs keep working with byte-identical default behavior (regression tests on generated params/user-data are the standard); new inputs optional with safe defaults.
No new leak paths: every launched resource is tagged with the action's signature, covered by TTL + reaper, and DeleteOnTermination where applicable.
Secrets: registration tokens never appear in logs or captured console output (redaction tests extend with each feature).
Repo standards: npm ci && npm run package with dist committed (verify-dist green), unit tests per the existing jest patterns, SHA-pinned workflow actions, IAM examples updated per feature (least-privilege with tag-scoped conditions), README inputs/outputs tables + action.yml descriptions in the same PR.
Individual issues carry full designs and acceptance criteria — review and adjust priorities there.
Where the 10x is
The Hardening & Modernization plan (#15, phases 1–8, plus #20) is done: aws-sdk v3, OIDC, IMDSv2, encrypted EBS, ephemeral non-root runners, structured logging, retries, unit tests. The action is now solid — the next multiplier is capable. A codebase review shows the ceilings:
src/aws.jsbuilds plain RunInstances — no spot), x64 only (runner-checksums.jspins one arch), full cold boot every job. Spot + Graviton + warm pools compound to a 3–5× cost/latency improvement for the same CI minutes.Phase 1 — Reliability first
mode: cleanupreaper — high (closes every instance-leak path)Phase 2 — Cost
architectureinput, per-arch checksums, AMI-arch fail-fast) — mediumPhase 3 — Capability & toil
volume-size/type/iops/throughput) — medium (small, high frequency-of-pain; good early ship despite phase placement)count: N, one label) for matrix builds — mediumpre-runner-script+user-data-template(converts "fork for Ubuntu" into "copy an example") — mediumSequencing & dependencies
Suggested order: #41 → #42 → #44 → #40 → #39 → #47 → #43 → #45 → #46 → #48.
Considered and deferred
runner-version: latest: rejected — unpinned versions would defeat checksum verification; Automate actions/runner version bumps: scheduled PR workflow + bump script #47 (fast automated bumps) is the answer.Cross-cutting rules (apply to every item)
DeleteOnTerminationwhere applicable.npm ci && npm run packagewith dist committed (verify-dist green), unit tests per the existing jest patterns, SHA-pinned workflow actions, IAM examples updated per feature (least-privilege with tag-scoped conditions), README inputs/outputs tables + action.yml descriptions in the same PR.Individual issues carry full designs and acceptance criteria — review and adjust priorities there.