Action

The TestDriver action is open source. You can find the source below.

Ephemeral Virtual Machine Runners

TestDriver tests are executed on private virtual machines managed by Amazon EC2. These VMs are ephemeral meaning they only exist for the lifetime of the test execution. After the test completes, the VM is destroyed and the hard disk is wiped.

Secrets

We recommend storing any private information as a secret in your GitHub repository. Learn more about storing secrets here.

Any secrets supplied within Prerun Scripts or prompts will be transmitted over SSL to our API. Secrets supplied to agent prompts will be persisted (see Agent), but prerun scripts are not persisted.

A common workflow is to use Prerun Scripts to access a private staging website via basic auth. This will allow you to securely log into staging without persisting sensitive data on our servers.

Production

Testing production resources does not require any private information from your team. Simply provide the tests to TestDriver and point toward your publicly available endpoints. TestDriver does not need access to any private information.

Staging

Depending on your implementation, TestDriver may need secure information to test staging environments. See Secretsabove for more information on securely implementing tests on staging.

Development

TestDriver can clone feature branches and build code on it's virtual machines using a similar workflow to GitHub runners.

In order for TestDriver to test development branches of private codebases, it's necessary to supply a GitHub Token within the GitHub action. This personal access token is used to clone the codebase on the VM.

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

This token is transmitted over SSL and is not persisted. Learn more about managing the privacy of GitHub access tokens here.