E2B Nightly — Release Gate Matrix #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2B Nightly — Release Gate Matrix | |
| # Runs the e2b matrix-release-gate scenarios in cloud sandboxes once a day. | |
| # This is the AUTHORITATIVE pre-release E2E test for fresh-install + first-use | |
| # paths that local pytest cannot cover (real OS image, real pipx install, | |
| # real PyPI dry-run). Per docs/release-policy.md it is NOT in release.yml — | |
| # E2B sandbox runs cost ~$0.25 each + 5-10 min wall time, too expensive | |
| # to gate every PR or every release. Daily cadence is sufficient: main | |
| # averages a few merges per day, and a regression caught at 02:00 UTC the | |
| # next day is still ahead of any human user impact. | |
| # | |
| # On failure: opens a GitHub issue tagged `release-gate` so engineering | |
| # triages before the next release tag. | |
| on: | |
| schedule: | |
| - cron: "0 2 * * *" # UTC 02:00 daily | |
| workflow_dispatch: # manual trigger | |
| permissions: | |
| contents: read | |
| issues: write # to open failure issues | |
| jobs: | |
| e2b-matrix-release-gate: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Install e2b runner deps | |
| run: pip install -e ".[dev]" | |
| - name: Install gitleaks (required by packing pre-pack scan) | |
| run: | | |
| GITLEAKS_VERSION=8.21.2 | |
| curl -fsSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \ | |
| | tar -xz -C /tmp gitleaks | |
| sudo mv /tmp/gitleaks /usr/local/bin/gitleaks | |
| gitleaks version | |
| - name: Stage secrets file | |
| env: | |
| E2B_API_KEY: ${{ secrets.E2B_API_KEY }} | |
| OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }} | |
| ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} | |
| run: | | |
| mkdir -p ~/.config | |
| { | |
| echo "E2B_API_KEY=${E2B_API_KEY}" | |
| echo "OPENROUTER_API_KEY=${OPENROUTER_API_KEY}" | |
| echo "ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}" | |
| } > ~/.config/ai-secrets.env | |
| chmod 600 ~/.config/ai-secrets.env | |
| - name: Run matrix-release-gate | |
| id: matrix | |
| env: | |
| AUTOSEARCH_PACKING_REQUIRE_SECRET_SCAN: "1" | |
| run: | | |
| python scripts/e2b/run_validation.py \ | |
| --project autosearch-release-gate \ | |
| --matrix tests/e2b/matrix-release-gate.yaml \ | |
| --output reports/e2b-nightly \ | |
| --source-dir . \ | |
| --parallel 4 | |
| - name: Upload reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2b-nightly-reports | |
| path: reports/e2b-nightly/ | |
| retention-days: 14 | |
| - name: Open failure issue | |
| if: failure() | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| const title = `E2B nightly release-gate FAILED — ${new Date().toISOString().slice(0, 10)}`; | |
| const body = `Nightly E2B matrix-release-gate run failed. | |
| **Run:** ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId} | |
| **Workflow:** \`.github/workflows/e2b-nightly.yml\` | |
| **Matrix:** \`tests/e2b/matrix-release-gate.yaml\` | |
| Engineering triage required BEFORE the next release tag is pushed. | |
| See \`docs/release-policy.md\` § Nightly checks for the policy.`; | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title, | |
| body, | |
| labels: ['release-gate', 'nightly-failure'], | |
| }); |