Launch Sandbox in CI

Crafting sandboxes can be launched as part of CI automation — for example, when a pull request is created — without any developer action.

Set Up a Service Account

1. Create a Service Account from Team/Service Accounts.
2. Authorize the Service Account to pull source code.
3. Create a Login Token for the Service Account.
4. Save the Login Token as a secret in the CI system.

Set Up the CLI in CI

This setup can be done as part of the CI workflow and only needs to be performed once if the underlying storage is persisted:

cs config set server_url https://SYS-DOMAIN
cs login -t LOGIN_TOKEN

Use the CLI to Manage Sandboxes

Once the CLI is configured, it can be used to manage sandboxes:

set -e
cs sandbox create ci-$CI_ID -t ci-template -D workspace/checkout[src].version=$BRANCH --wait=false
cs sandbox wait ci-$CI_ID --timeout=30m
cs sandbox delete --force ci-$CI_ID

It is recommended to run CI-related tasks as part of the build hook. As soon as the sandbox is ready, the build hook completes and the sandbox can be deleted. Otherwise, before running cs sandbox delete, use cs ssh to execute tasks inside the sandbox:

cs ssh -W ci-$CI_ID/workspace -- <COMMAND>