vortex-data · joseph-isaacs · Dec 18, 2025 · Dec 19, 2025 · Dec 19, 2025 · Dec 19, 2025
diff --git a/.github/packer/scripts/provision.sh b/.github/packer/scripts/provision.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+set -euo pipefail
+
+# Variables (passed from Packer)
+RUST_TOOLCHAIN="${RUST_TOOLCHAIN:-1.89}"
+PROTOC_VERSION="${PROTOC_VERSION:-29.3}"
+FLATC_VERSION="${FLATC_VERSION:-25.9.23}"
+
+echo "=== Installing Vortex CI dependencies ==="
+
+# Install build dependencies
+echo "Installing system packages..."
+sudo apt-get update
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+  cmake \
+  ninja-build \
+  clang \
+  lld \
+  llvm \
+  pkg-config \
+  libssl-dev
+
+# Install Rust
+echo "Installing Rust ${RUST_TOOLCHAIN}..."
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain "${RUST_TOOLCHAIN}"
+source "$HOME/.cargo/env"
+echo 'source $HOME/.cargo/env' >> "$HOME/.bashrc"
+
+# Install Rust components
+rustup component add clippy rustfmt
+rustup toolchain install nightly
+rustup component add --toolchain nightly rustfmt clippy rust-src miri llvm-tools-preview
+
+echo "Rust installed:"
+cargo --version
+rustc --version
+
+# Install protoc
+echo "Installing protoc ${PROTOC_VERSION}..."
+ARCH=$(uname -m)
+if [ "$ARCH" = "x86_64" ]; then
+  PROTOC_ARCH=linux-x86_64
+else
+  PROTOC_ARCH=linux-aarch_64
+fi
+curl -fsSL -o /tmp/protoc.zip "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-${PROTOC_ARCH}.zip"
+sudo unzip -o /tmp/protoc.zip -d /usr/local bin/protoc 'include/*'
+sudo chmod +x /usr/local/bin/protoc
+rm /tmp/protoc.zip
+protoc --version
+
+# Install flatc
+echo "Installing flatc ${FLATC_VERSION}..."
+if [ "$ARCH" = "x86_64" ]; then
+  curl -fsSL -o /tmp/flatc.zip "https://github.com/google/flatbuffers/releases/download/v${FLATC_VERSION}/Linux.flatc.binary.clang++-18.zip"
+  sudo unzip -o /tmp/flatc.zip -d /usr/local/bin
+  sudo chmod +x /usr/local/bin/flatc
+  rm /tmp/flatc.zip
+else
+  # Build from source for ARM64
+  git clone --depth 1 --branch "v${FLATC_VERSION}" https://github.com/google/flatbuffers.git /tmp/flatbuffers
+  cd /tmp/flatbuffers
+  cmake -G Ninja -DCMAKE_BUILD_TYPE=Release .
+  ninja
+  sudo cp flatc /usr/local/bin/
+  cd -
+  rm -rf /tmp/flatbuffers
+fi
+flatc --version
+
+# Install cargo tools
+echo "Installing cargo tools..."
+source "$HOME/.cargo/env"
+cargo install cargo-nextest --locked
+cargo install cargo-hack --locked
+cargo install grcov --locked
+
+# Cleanup
+echo "Cleaning up..."
+sudo apt-get clean
+sudo rm -rf /var/lib/apt/lists/*
+rm -rf /tmp/*
+
+echo "=== Vortex CI dependencies installed successfully ==="
diff --git a/.github/packer/scripts/user_data.sh b/.github/packer/scripts/user_data.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+# Start SSH for Packer to connect
+systemctl start ssh
diff --git a/.github/packer/vortex-ci.pkr.hcl b/.github/packer/vortex-ci.pkr.hcl
@@ -0,0 +1,127 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.3.0"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "aws_region" {
+  type    = string
+  default = "eu-west-1"
+}
+
+variable "arch" {
+  type        = string
+  description = "Architecture: x64 or arm64"
+}
+
+variable "ami_prefix" {
+  type    = string
+  default = "vortex-ci"
+}
+
+variable "source_ami_owner" {
+  type        = string
+  default     = "135269210855"
+  description = "runs-on AWS account ID"
+}
+
+variable "subnet_id" {
+  type    = string
+  default = ""
+}
+
+variable "security_group_id" {
+  type        = string
+  default     = ""
+  description = "Existing security group ID (must allow SSH inbound)"
+}
+
+variable "rust_toolchain" {
+  type    = string
+  default = "1.89"
+}
+
+variable "protoc_version" {
+  type    = string
+  default = "29.3"
+}
+
+variable "flatc_version" {
+  type    = string
+  default = "25.9.23"
+}
+
+locals {
+  timestamp = formatdate("YYYYMMDD-HHmmss", timestamp())
+
+  arch_config = {
+    x64 = {
+      instance_type   = "m7i.large"
+      source_ami_name = "runs-on-v2.2-ubuntu24-full-x64-*"
+      ami_arch        = "x86_64"
+    }
+    arm64 = {
+      instance_type   = "m7g.large"
+      source_ami_name = "runs-on-v2.2-ubuntu24-full-arm64-*"
+      ami_arch        = "arm64"
+    }
+  }
+
+  config = local.arch_config[var.arch]
+}
+
+source "amazon-ebs" "vortex-ci" {
+  ami_name      = "${var.ami_prefix}-${var.arch}-${local.timestamp}"
+  instance_type = local.config.instance_type
+  region        = var.aws_region
+
+  source_ami_filter {
+    filters = {
+      name                = local.config.source_ami_name
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+      architecture        = local.config.ami_arch
+    }
+    most_recent = true
+    owners      = [var.source_ami_owner]
+  }
+
+  subnet_id         = var.subnet_id != "" ? var.subnet_id : null
+  security_group_id = var.security_group_id != "" ? var.security_group_id : null
+  ssh_username      = "runner"
+
+  # User data to start SSH for Packer connectivity
+  user_data_file = "${path.root}/scripts/user_data.sh"
+
+  launch_block_device_mappings {
+    device_name           = "/dev/sda1"
+    volume_size           = 80
+    volume_type           = "gp3"
+    delete_on_termination = true
+  }
+
+  tags = {
+    Name        = "${var.ami_prefix}-${var.arch}"
+    Environment = "ci"
+    Arch        = var.arch
+    BuildTime   = local.timestamp
+    ManagedBy   = "packer"
+  }
+}
+
+build {
+  sources = ["source.amazon-ebs.vortex-ci"]
+
+  # Run the provisioning script
+  provisioner "shell" {
+    script = "${path.root}/scripts/provision.sh"
+    environment_vars = [
+      "RUST_TOOLCHAIN=${var.rust_toolchain}",
+      "PROTOC_VERSION=${var.protoc_version}",
+      "FLATC_VERSION=${var.flatc_version}"
+    ]
+  }
+}
diff --git a/.github/runs-on.yml b/.github/runs-on.yml
@@ -1,11 +1,17 @@
+# Custom AMIs for Vortex CI runners
+# These AMIs are automatically rebuilt every 15 days by the ami-prebuild.yml workflow
+# to keep the GitHub Actions runner agent up to date (required to be <30 days old).
+#
+# AMI naming pattern: vortex-ci-{arch}-{timestamp}
+# Built with: .github/actions/build-ami and .github/packer/vortex-ci.pkr.hcl
 images:
   vortex-ci-amd64:
     platform: "linux"
     arch: "x64"
-    name: "vortex-ci-*"
+    name: "vortex-ci-x64-*"
     owner: "375504701696"
   vortex-ci-arm64:
     platform: "linux"
     arch: "arm64"
-    name: "vortex-ci-*"
+    name: "vortex-ci-arm64-*"
     owner: "375504701696"