Forward cloud credentials into the box env (#39, closes #19)
Box-CI roles that run inside the box and drive the cloud REST API now get credentials. The always-needed trio CONTAINARIUM_SERVER / CONTAINARIUM_TOKEN / CONTAINARIUM_ORG (org from the existing org-id input) is forwarded into the box's setup/test command env, plus a new optional multiline env: input (KEY=VALUE per line) for extras like a second org's CONTAINARIUM_TOKEN_PEER / CONTAINARIUM_ORG_PEER.
Done securely: secrets are written to a mode-0600 file (umask 077), scp'd over the existing channel, and chmod 600 on the box — never on the ssh argv (which would leak into the box process list and Action logs). Every value is ::add-mask::'d, the file is sourced before the command runs, and it's stripped on the keep-on-failure debug path so a debugger can't inherit the CI token.
Unblocks arming the Containarium-cloud actuation verifier (#192) and the Layer-4 per-org network-isolation sentry (#191) — the two remaining MVP verification gates.
Consumer usage
- uses: FootprintAI/containarium-run@v1.4.0
with:
server: ${{ secrets.CONTAINARIUM_SERVER }}
token: ${{ secrets.CONTAINARIUM_TOKEN }}
org-id: ${{ vars.CONTAINARIUM_ORG }}
env: |
CONTAINARIUM_TOKEN_PEER=${{ secrets.CONTAINARIUM_TOKEN_PEER }}
CONTAINARIUM_ORG_PEER=${{ vars.CONTAINARIUM_ORG_PEER }}Lease TTL + heartbeat — no box ever leaks (#37, Containarium#526)
Every box is now born with a short birth TTL (default 20m) stamped right after create, renewed by a background heartbeat while the job runs, so a CANCELLED job or a runner that dies mid-run can no longer leak a box — it self-reaps within one window. Success still deletes immediately; failure still keeps for the debug window.
Full changelog: v1.3.0...v1.4.0