Emit worker runtime output artifacts

[fqjony]

Summary

• Stabilize the worker image build after dependency pin and installer issues.
• Emit worker runtime output from the resolved container environment with configured secrets omitted.
• Add structured runtime-output logging plus a Docker Ops follow-up job that builds the PR SHA locally, writes the JSON to the step summary, and uploads it as an artifact.

Validation

• bash -n lib/runtime_output.sh
• bash -n test/modules/25_runtime_output.sh
• yq eval . .github/workflows/docker-ops.yml
• make test
• make build
• Docker smoke run with WORKER_OUTPUT_FILE and WORKER_OUTPUT_LOG=true using a local SHA-tagged image

Notes

• Runtime output remains opt-in.
• The follow-up CI job does not pull or publish the latest image.

[Copilot]

Pull request overview

This PR updates the worker image/runtime to (a) emit opt-in “runtime output” JSON artifacts/log lines with configured secret values omitted, and (b) simplify runtime configuration by removing built-in provider auth/login behavior and associated docs/examples. It also reorganizes container tests into a top-level test/ directory and adds CI automation for dependency pin upgrades.

Changes:

• Add opt-in runtime output emission (WORKER_OUTPUT_FILE / WORKER_OUTPUT_LOG) with redaction of configured secret env names and secret-reference env names.
• Refactor environment/config application flow to re-apply config+secret resolution via worker env reload / worker config apply, removing auth/login/cleanup modules and docs.
• Restructure tests/docs/examples and extend CI workflows (runtime-output artifact publication; Docker dependency updater workflow + prompts).

Reviewed changes

Copilot reviewed 66 out of 68 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
test/test_helpers.sh	Adds shared test output helpers (colors/symbols + print helpers).
test/modules/60_health.sh	Updates helper path for new test/ location.
test/modules/50_sbom.sh	Updates helper path for new test/ location.
test/modules/40_service.sh	Updates helper path for new test/ location.
test/modules/25_runtime_output.sh	Adds tests validating runtime output redaction + structured log marker.
test/modules/20_env.sh	Updates helper path and adds worker env reload test coverage.
test/modules/10_config.sh	Updates helper path and adds worker config apply test coverage.
test/main.sh	Updates test root path to /home/udx/test.
src/tests/modules/30_auth.sh	Removes auth CLI test module (auth functionality removed).
src/examples/simple-service/README.md	Updates docs link to new services doc location.
src/examples/README.md	Removes deploy-image-override example section reference.
src/examples/deploy-image-override/README.md	Removes deploy-image-override example README.
src/examples/deploy-image-override/deploy.template.yml	Removes deploy-image-override template.
src/configs/worker.yaml	Adds built-in default worker runtime config (runtime output env defaults).
src/configs/services.yaml	Adds built-in default empty services config.
README.md	Rewrites top-level positioning, quickstart, and docs links to match new model (no built-in auth).
Makefile	Updates make test mounts/paths to use test/ instead of src/tests/.
lib/worker_config.sh	Simplifies config selection (user config preferred; else built-in), removes merge behavior.
lib/secrets.sh	Updates internal var skip list and continues env-var secret-ref resolution.
lib/runtime_output.sh	Implements runtime output JSON build + file/log emission with redaction.
lib/process_manager.sh	Adds built-in services config fallback + dependency checks + enabled-service detection.
lib/environment.sh	Removes legacy environment orchestration script (logic moved/centralized).
lib/env_handler.sh	Adds env file management helpers and central configure_environment path (config + secrets + reload).
lib/cli/service.sh	Adds built-in services config fallback and worker service init.
lib/cli/env.sh	Updates env show behavior (masking by config) and routes reload/apply through configure_environment.
lib/cli/config.sh	Updates “active config” reporting and makes config apply call configure_environment.
lib/cli/auth.sh	Removes auth CLI (auth model removed).
lib/cli.sh	Updates CLI help example away from removed auth command.
lib/cleanup.sh	Removes provider auth cleanup logic (auth model removed).
lib/auth/gcp.sh	Removes legacy GCP auth module (auth model removed).
lib/auth/azure.sh	Removes legacy Azure auth module (auth model removed).
lib/auth/aws.sh	Removes legacy AWS auth module (auth model removed).
lib/auth.sh	Removes legacy auth orchestrator (auth model removed).
etc/configs/worker/default.yaml	Removes old built-in config that defined actors/creds.
docs/services.md	Updates services doc wording/links to new doc layout.
docs/secrets.md	Adds new secrets doc describing secret references + external auth boundary.
docs/runtime/config.md	Removes old runtime config doc (replaced by new layout).
docs/references/README.md	Adds references index for stable lookup docs.
docs/references/container-structure.md	Updates links to new doc locations.
docs/references/cloud-providers-auth.md	Adds guidance matrix for provider auth being external to worker.
docs/index.md	Removes old docs index (replaced by new doc structure).
docs/development.md	Updates links/terminology for new doc layout.
docs/deployment.md	Adds consolidated deployment doc (Docker/K8s/CI positioning).
docs/deploy/worker-deployment.md	Removes worker-deployment CLI doc (de-emphasized/removed).
docs/deploy/README.md	Removes old deploy docs index (replaced by docs/deployment.md).
docs/deploy/kubernetes.md	Removes old Kubernetes deploy doc (folded into new deployment guidance).
docs/deploy/image-override.md	Removes old image override doc (example removed).
docs/core-image.md	Updates test path references to new test/ structure.
docs/config.md	Adds consolidated worker config doc including runtime output section.
docs/cli.md	Updates CLI doc to match current command set and reload/apply behavior.
docs/child-images.md	Updates child image guidance away from removed generator/deploy.yml model.
docs/authorization.md	Removes old authorization doc (auth model removed).
docs/auth/README.md	Removes auth docs index (auth model removed).
docs/auth/gcp.md	Removes detailed GCP auth doc (auth model removed).
docs/auth/azure.md	Removes Azure auth placeholder doc.
docs/auth/aws.md	Removes AWS auth placeholder doc.
Dockerfile	Updates dependency pins, tightens env file permissions, and copies built-in configs from src/configs/.
deploy.yml	Removes old deploy.yml example (worker-deployment model removed).
deploy-gcp.yml	Removes old deploy-gcp.yml example (worker-deployment model removed).
ci/prompts/docker-dependency-output.md	Adds output template for dependency updater workflow.
ci/prompts/docker-dependency-nonapt.md	Adds non-apt dependency update rules for Copilot-driven updates.
ci/prompts/docker-dependency-guardrails.md	Adds guardrails for automated Dockerfile-only dependency updates.
ci/prompts/docker-dependency-apt.md	Adds apt pin update rules keyed off probe report JSON.
bin/entrypoint.sh	Switches entrypoint to configure_environment + runtime output emission before starting process manager.
.rabbit/context.yaml	Adds generated repo context manifest (dev.kit).
.github/workflows/docker-ops.yml	Adds runtime-output follow-up job emitting artifact + step summary.
.github/workflows/docker-dependency-updater.yml	Adds scheduled/dispatchable Docker dependency upgrade workflow using Copilot CLI + no-pin apt probe.
.dockerignore	Tightens build context (exclude docs/tests/etc; include src/configs).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.