Open source

The TestDriver Action is open source, and its source code is available for review. You can find the repository here:

Ephemeral virtual machine runners

TestDriver tests are executed on private virtual machines (VMs) managed by Amazon EC2. These VMs are ephemeral, meaning they only exist for the duration of the test execution. Once the test is complete:

  • The VM is destroyed.
  • The hard disk is wiped to ensure no residual data remains.

Secrets

To securely manage private information, we recommend storing sensitive data as secrets in your GitHub repository. Learn more about storing secrets in GitHub.

Handling secrets

  • Prerun Scripts: Any secrets supplied within prerun scripts or prompts are transmitted over SSL to the TestDriver API. Prerun scripts are not persisted.
  • Agent Prompts: Secrets supplied to agent prompts are persisted (see Agent Security).
  • Secure Workflows: If your workflow requires secret sharing and you encounter issues, please contact us for assistance.

Common use case

A common workflow involves using prerun scripts to securely access a private staging website via basic authentication. This allows you to log into staging environments without persisting sensitive data on TestDriver servers.

Environment-specific security

Production

Testing production environments is the simplest and most secure starting point.

  • Production testing doesn’t require any private information from your team.
  • Simply provide the tests to TestDriver and point them toward publicly available endpoints.
  • TestDriver doesn’t need access to any private or sensitive information for production testing.

Staging

Testing staging environments may require secure information, such as credentials or tokens.

  • Use GitHub secrets to securely store and manage this information.
  • Refer to the Secrets section above for guidance on securely implementing tests for staging environments.

Development

TestDriver can clone feature branches and build code on its virtual machines using workflows similar to GitHub Actions.

GitHub token for development

To test development branches of private codebases, you must supply a GitHub personal access token within the GitHub Action. This token is used to:

  • Clone the codebase onto the VM.
  • Build and test the code in an isolated environment.

Example configuration:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  • The token is transmitted over SSL and is not persisted.
  • Learn more about managing the privacy of GitHub access tokens here.

Notes

  • TestDriver’s ephemeral VMs ensure that no data persists beyond the test execution.
  • For maximum security, always use GitHub secrets to manage sensitive information.
  • If you have specific security concerns or requirements, feel free to contact us for support.