Skip to content

Remediate AWS integration CI (closes #30)#31

Merged
scttfrdmn merged 4 commits into
mainfrom
fix/issue-30-ci-remediation
Jun 3, 2026
Merged

Remediate AWS integration CI (closes #30)#31
scttfrdmn merged 4 commits into
mainfrom
fix/issue-30-ci-remediation

Conversation

@scttfrdmn

@scttfrdmn scttfrdmn commented Jun 3, 2026

Copy link
Copy Markdown
Owner

Fixes all four findings in #30 so the AWS integration workflow runs green end-to-end and the monthly schedule is a real (cheap) drift check rather than a no-op.

A — quick no longer triggers a 4-min image build

starburst_setup() gains a trailing build_image = TRUE param (backward compatible). With build_image = FALSE it provisions S3/ECR/ECS/VPC + writes config + checks quotas but skips build_initial_environment(); the worker image is built lazily on first launch. The CI Configure staRburst step now passes build_image = FALSE.

B — buildx failures surface instead of "no builder found"

ensure_buildx_builder() now captures stdout/stderr (so safe_system's stop() carries the real error) and runs docker buildx use <name> after create so the explicit --builder reference resolves. Multi-platform is unchanged (ARM64 Graviton workers need it).

C — monthly schedule runs a default suite

Added job env: SUITE: ${{ github.event.inputs.test_suite || 'quick' }} and switched the 5 suite-step if: gates from github.event.inputs.test_suite (empty on schedule) to env.SUITE. The monthly cron now runs the read-only quick smoke suite (~$0) — which is exactly what catches creds/IAM/config drift.

D — 2 missing IAM perms (applied out-of-band)

Added s3:PutEncryptionConfiguration and servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota to the starburst-github-actions role's starburst-integration policy via AWS CLI (not a repo change). Verified present.

Verification

  • Offline suite: 216 pass, 0 fail, 0 error (added 4 assertions).
  • R CMD check: back to the pre-existing baseline (1 donttest ERROR + 2 file NOTEs, all environmental — the new Rd/usage warnings I briefly introduced were fixed by regenerating docs).
  • Post-merge: a manual quick dispatch on main is the final green check (the workflow only runs on dispatch/schedule, and the IAM trust is scoped to main).

Closes #30

scttfrdmn added 4 commits June 2, 2026 17:41
@scttfrdmn
feat: add build_image param to starburst_setup (refs #30)
ac3f757 
starburst_setup() always ended by building the multi-platform worker image
(~4 min). Add build_image = TRUE (trailing, backward compatible); set FALSE to
provision S3/ECR/ECS/VPC + write config + check quotas without the image build.
The image is then built lazily on first worker launch via ensure_environment().
Enables a fast, cheap CI connectivity check.

Refs #30
@scttfrdmn
fix: make ensure_buildx_builder surface errors and select builder (refs
41f00cb 
#30)

The inspect/create calls discarded stdout/stderr, so a failed builder setup
was swallowed and surfaced later as an opaque 'no builder found' at buildx
build. Capture stdout/stderr (so safe_system's stop() carries the real stderr)
and add 'docker buildx use <name>' after create so the explicit --builder
reference resolves even if the create didn't register it as current.

Refs #30
@scttfrdmn
test: cover build_image=FALSE/TRUE and buildx use selection (refs #30)
c0e79dd 
- starburst_setup(build_image=FALSE) does not call build_initial_environment;
  build_image=TRUE (default) does.
- ensure_buildx_builder selects the builder via 'buildx use' after create.

Refs #30
@scttfrdmn
ci: default scheduled suite to quick + skip image build in setup (closes
46080b1 
 #30)

- Add job env SUITE = inputs.test_suite || 'quick' and gate the 5 suite steps
  on env.SUITE, so the monthly schedule (empty inputs) runs the quick smoke
  suite instead of being a no-op.
- Configure staRburst step now uses build_image=FALSE so provisioning is fast
  for every run; suites that launch workers build the image lazily.

Closes #30
@scttfrdmn scttfrdmn merged commit d649981 into main Jun 3, 2026
6 checks passed
@scttfrdmn scttfrdmn deleted the fix/issue-30-ci-remediation branch June 3, 2026 00:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AWS integration CI: lighten quick smoke test, buildx runner edge case, 2 missing IAM perms

1 participant

@scttfrdmn