add background heartbeat process (30s interval)

action.yml

@@ -1,13 +1,13 @@
 name: 'Begin Testbox'
 description: 'Initialize a Blacksmith Testbox session. Phones home to receive config, installs SSH key and rsync.'
 
 inputs:
   testbox_id:
     description: 'Testbox session ID (from workflow_dispatch input). Leave empty for validation mode.'
     required: false
     default: ''
   api_url:
     description: 'Override the backend API URL (default: discovered from VM metadata)'
     required: false
 
 runs:
@@ -17,7 +17,7 @@
       shell: bash
       run: |
         if [ -z "${{ inputs.testbox_id }}" ]; then
           echo "::notice::Running in validation mode — setup steps will be validated without starting a testbox session."
         fi
 
     - name: Discover metadata service
@@ -26,7 +26,7 @@
       run: |
         METADATA_PORT="${METADATA_PORT:-}"
         if [ -z "$METADATA_PORT" ]; then
           METADATA_PORT=$(cat /proc/cmdline | tr ' ' '\n' | grep '^metadata_port=' | cut -d'=' -f2)
           if [ -z "$METADATA_PORT" ]; then
             echo "metadata_port not found in kernel cmdline"
             echo "available=false" >> "$GITHUB_OUTPUT"
@@ -49,20 +49,20 @@
         mkdir -p "$STATE"
         chmod 700 "$STATE"
 
         INSTALLATION_MODEL_ID=$(curl -s --connect-timeout 2 --max-time 5 "http://${METADATA_ADDR}/installationModelID")
         if [ -n "$API_URL_OVERRIDE" ]; then
           API_URL="$API_URL_OVERRIDE"
         else
           API_URL=$(curl -s --connect-timeout 2 --max-time 5 "http://${METADATA_ADDR}/backendURL")
         fi
 
         # Piggyback on the VM's stickyDiskToken for phone-home authentication.
         # This is a Sanctum token that proves the caller is a real Blacksmith VM
         # belonging to the claimed installation — it's only accessible from inside
         # the VM via the metadata service and is not publicly visible.
         AUTH_TOKEN=$(curl -s --connect-timeout 2 --max-time 5 "http://${METADATA_ADDR}/stickyDiskToken")
 
         if [ -z "$API_URL" ] || [ -z "$INSTALLATION_MODEL_ID" ] || [ -z "$AUTH_TOKEN" ]; then
           echo "Warning: could not read required metadata (backendURL, installationModelID, stickyDiskToken)"
           exit 0
         fi
@@ -111,6 +111,45 @@
 
         echo "Testbox initialized: testbox_id=${TESTBOX_ID}"
 
+    - name: Start heartbeat
+      if: steps.metadata.outputs.available == 'true' && inputs.testbox_id
+      shell: bash
+      run: |
+        STATE=/tmp/.testbox
+        if [ ! -f "$STATE/testbox_id" ]; then
+          echo "Warning: state directory not initialized, skipping heartbeat"
+          exit 0
+        fi
+
+        # Launch a background heartbeat loop that POSTs to the backend
+        # every 30 seconds. The backend uses this to detect dead VMs
+        # whose phone-home (completed) never arrived.
+        #
+        # nohup + fd redirects + disown fully detaches the process
+        # from this step's shell. Without this, GitHub Actions may
+        # wait on or SIGTERM child processes between composite action
+        # steps, killing the heartbeat before run-testbox starts.
+        #
+        # The state files are read inside the loop so the script is
+        # self-contained and does not depend on shell variable scope.
+        nohup bash -c 'STATE=/tmp/.testbox
+        API_URL=$(cat "$STATE/api_url")
+        AUTH_TOKEN=$(cat "$STATE/auth_token")
+        TESTBOX_ID=$(cat "$STATE/testbox_id")
+        INSTALLATION_MODEL_ID=$(cat "$STATE/installation_model_id")
+        while true; do
+          sleep 30
+          curl -s -f --max-time 10 -X POST "${API_URL}/api/testbox/heartbeat" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${AUTH_TOKEN}" \
+            -d "{\"testbox_id\":\"${TESTBOX_ID}\",\"installation_model_id\":${INSTALLATION_MODEL_ID}}" \
+            >/dev/null 2>&1 || true
+        done' </dev/null >/dev/null 2>&1 &
+        HEARTBEAT_PID=$!
+        echo "$HEARTBEAT_PID" > "$STATE/heartbeat_pid"
+        disown "$HEARTBEAT_PID"
+        echo "Heartbeat started (PID $HEARTBEAT_PID, every 30s, disowned)"
+
     - name: Install SSH public key
       if: steps.metadata.outputs.available == 'true' && inputs.testbox_id
       shell: bash