Initial implementation of Scaleway Apple Silicon fleeting plugin

- Implements the fleeting InstanceGroup interface for Scaleway Mac mini servers
- Uses the official scaleway-sdk-go Apple Silicon v1alpha1 API
- Supports M1-M, M2-M, M2-L server types in fr-par-3
- Servers are identified by a name prefix (fleeting-<name>-<index>)
- ConnectInfo defaults to darwin/arm64/ssh with the Scaleway-provided SSH username
- GitHub Actions workflow publishes a multi-platform OCI artifact to GHCR
  via fleeting-artifact, enabling gitlab-runner fleeting install

Author: pascal-sochacki

.github/workflows/release.yml

@@ -0,0 +1,150 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+permissions:
+  contents: write       # create GitHub releases & upload assets
+  packages: write       # push to GHCR
+  id-token: write       # keyless cosign signing via OIDC
+
+env:
+  IMAGE: ghcr.io/${{ github.repository }}
+  GO_VERSION: "1.24"
+
+jobs:
+  # ── 1. Build binaries for all platforms (parallelised) ───────────────────────
+  build:
+    name: Build (${{ matrix.os }}-${{ matrix.arch }}${{ matrix.variant && format('v{0}', matrix.variant) || '' }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - { os: linux,   arch: amd64 }
+          - { os: linux,   arch: arm64 }
+          - { os: linux,   arch: arm,   variant: "7" }
+          - { os: linux,   arch: "386" }
+          - { os: darwin,  arch: amd64 }
+          - { os: darwin,  arch: arm64 }
+          - { os: windows, arch: amd64 }
+          - { os: windows, arch: "386" }
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: Build
+        env:
+          GOOS: ${{ matrix.os }}
+          GOARCH: ${{ matrix.arch }}
+          GOARM: ${{ matrix.variant }}
+          CGO_ENABLED: "0"
+        run: |
+          VERSION="${{ github.ref_name }}"
+          REVISION="$(git rev-parse --short=8 HEAD)"
+          REFERENCE="${{ github.ref_name }}"
+          BUILT="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+          PKG="github.com/codecentric/fleeting-plugin-scaleway"
+
+          ARCH_DIR="${{ matrix.arch }}${{ matrix.variant && format('v{0}', matrix.variant) || '' }}"
+          EXT="${{ matrix.os == 'windows' && '.exe' || '' }}"
+          OUTDIR="dist/${{ matrix.os }}/${ARCH_DIR}"
+          mkdir -p "${OUTDIR}"
+
+          go build -a \
+            -ldflags "-w -s \
+              -X ${PKG}.VERSION=${VERSION} \
+              -X ${PKG}.REVISION=${REVISION} \
+              -X ${PKG}.REFERENCE=${REFERENCE} \
+              -X ${PKG}.BUILT=${BUILT}" \
+            -o "${OUTDIR}/plugin${EXT}" \
+            ./cmd/fleeting-plugin-scaleway/...
+
+          echo "Built ${OUTDIR}/plugin${EXT}"
+
+      - name: Upload dist artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-${{ matrix.os }}-${{ matrix.arch }}${{ matrix.variant && format('v{0}', matrix.variant) || '' }}
+          path: dist/
+          retention-days: 1
+
+  # ── 2. Publish OCI artifact to GHCR & create GitHub release ─────────────────
+  release:
+    name: Publish OCI & GitHub Release
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      # Merge all per-platform dist/ directories into one
+      - name: Download all dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: dist-*
+          path: dist/
+          merge-multiple: true
+
+      - name: Display dist layout
+        run: find dist -type f | sort
+
+      # Install fleeting-artifact
+      - name: Install fleeting-artifact
+        run: go install gitlab.com/gitlab-org/fleeting/fleeting-artifact/cmd/fleeting-artifact@latest
+
+      # Install cosign for keyless signing
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3
+
+      # Log in to GHCR
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Push the multi-platform OCI artifact and capture the digest
+      - name: Release OCI artifact
+        id: oci
+        env:
+          VERSION: ${{ github.ref_name }}
+        run: |
+          # Strip leading 'v' for the OCI tag (fleeting-artifact expects semver without 'v')
+          SEMVER="${VERSION#v}"
+          DIGEST="$(fleeting-artifact release -dir dist "${{ env.IMAGE }}:${SEMVER}")"
+          echo "digest=${DIGEST}" >> "$GITHUB_OUTPUT"
+          echo "semver=${SEMVER}" >> "$GITHUB_OUTPUT"
+
+      # Keyless sign the OCI artifact with cosign + OIDC
+      - name: Sign OCI artifact
+        env:
+          COSIGN_YES: "true"
+        run: cosign sign "${{ steps.oci.outputs.digest }}"
+
+      # Build checksums of all binaries for the GitHub release assets
+      - name: Generate checksums
+        run: |
+          find dist -type f -name 'plugin*' | sort | xargs sha256sum > checksums.txt
+          cat checksums.txt
+
+      # Create a GitHub release with the binary archives and checksums
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: Release ${{ github.ref_name }}
+          generate_release_notes: true
+          files: |
+            checksums.txt

.gitignore

@@ -0,0 +1,4 @@
+dist/
+bin/
+*.exe
+.env

Makefile

@@ -0,0 +1,82 @@
+.DEFAULT_GOAL := build
+
+export NAME     ?= fleeting-plugin-scaleway
+export VERSION  := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
+export OUT_PATH ?= out
+export CGO_ENABLED := 0
+
+REVISION  := $(shell git rev-parse --short=8 HEAD 2>/dev/null || echo unknown)
+REFERENCE := $(shell git symbolic-ref --short HEAD 2>/dev/null || echo HEAD)
+BUILT     := $(shell date -u +%Y-%m-%dT%H:%M:%SZ)
+PKG       := github.com/codecentric/fleeting-plugin-scaleway
+
+GO_LDFLAGS := \
+	-X $(PKG).VERSION=$(VERSION) \
+	-X $(PKG).REVISION=$(REVISION) \
+	-X $(PKG).REFERENCE=$(REFERENCE) \
+	-X $(PKG).BUILT=$(BUILT) \
+	-w -s
+
+# All OS/arch targets.
+# Format: <os>/<arch> or <os>/<arch>/<variant> (variant only for ARM).
+# Windows binaries get a .exe suffix via the build rule.
+OS_ARCHS ?= \
+	linux/amd64 \
+	linux/arm64 \
+	linux/arm/7 \
+	linux/386 \
+	darwin/amd64 \
+	darwin/arm64 \
+	windows/amd64 \
+	windows/386
+
+# ── build (host only) ────────────────────────────────────────────────────────
+
+.PHONY: build
+build:
+	@mkdir -p $(OUT_PATH)
+	go build -ldflags "$(GO_LDFLAGS)" -o $(OUT_PATH)/$(NAME) ./cmd/$(NAME)/...
+
+# ── cross-compile all targets ─────────────────────────────────────────────────
+
+# dist/<os>/<arch[variant]>/plugin[.exe]
+# This layout is exactly what fleeting-artifact expects.
+.PHONY: all
+all:
+	@$(MAKE) $(foreach t,$(OS_ARCHS),_build_$(subst /,_,$(t)))
+
+# Generic rule: _build_<os>_<arch> or _build_<os>_<arch>_<variant>
+_build_%:
+	$(eval PARTS  := $(subst _, ,$*))
+	$(eval OS     := $(word 1,$(PARTS)))
+	$(eval ARCH   := $(word 2,$(PARTS)))
+	$(eval GOARM  := $(word 3,$(PARTS)))
+	$(eval OUTDIR := dist/$(OS)/$(if $(GOARM),$(ARCH)v$(GOARM),$(ARCH)))
+	$(eval EXT    := $(if $(filter windows,$(OS)),.exe,))
+	@mkdir -p $(OUTDIR)
+	GOOS=$(OS) GOARCH=$(ARCH) $(if $(GOARM),GOARM=$(GOARM),) \
+		go build -a -ldflags "$(GO_LDFLAGS)" \
+		-o $(OUTDIR)/plugin$(EXT) \
+		./cmd/$(NAME)/...
+	@echo "Built $(OUTDIR)/plugin$(EXT)"
+
+# ── test ─────────────────────────────────────────────────────────────────────
+
+.PHONY: test
+test:
+	go test -v -timeout=30m ./...
+
+# ── OCI release (requires fleeting-artifact in PATH) ─────────────────────────
+
+# Usage: make release-oci IMAGE=ghcr.io/codecentric/fleeting-plugin-scaleway VERSION=1.2.3
+.PHONY: release-oci
+release-oci:
+	@if [ -z "$(IMAGE)" ]; then echo "IMAGE is required, e.g. make release-oci IMAGE=ghcr.io/org/fleeting-plugin-scaleway VERSION=1.2.3"; exit 1; fi
+	@if [ -z "$(VERSION)" ]; then echo "VERSION is required"; exit 1; fi
+	fleeting-artifact release -dir dist $(IMAGE):$(VERSION)
+
+# ── clean ─────────────────────────────────────────────────────────────────────
+
+.PHONY: clean
+clean:
+	rm -rf $(OUT_PATH) dist

README.md

@@ -0,0 +1,134 @@
+# fleeting-plugin-scaleway
+
+GitLab Runner fleeting plugin for [Scaleway Apple Silicon](https://www.scaleway.com/en/developers/api/apple-silicon/) (Mac mini M1/M2/M2-Pro dedicated servers).
+
+## Overview
+
+This plugin implements the [GitLab fleeting](https://docs.gitlab.com/runner/executors/docker_autoscaler.html) `InstanceGroup` interface, allowing the GitLab Runner docker-autoscaler executor to dynamically provision and deprovision Scaleway Apple Silicon servers.
+
+> **Note:** Scaleway Apple Silicon servers have a **minimum 24-hour lease**. The plugin will provision servers on demand, but billing starts immediately and the server cannot be deleted before the lease expires.
+
+## Plugin Configuration
+
+| Parameter | Type | Required | Description |
+|---|---|---|---|
+| `secret_key` | string | No* | Scaleway API secret key. Defaults to `SCW_SECRET_KEY` env var. |
+| `project_id` | string | No* | Scaleway project ID. Defaults to `SCW_DEFAULT_PROJECT_ID` env var. |
+| `zone` | string | No | Availability zone. Defaults to `fr-par-3` (the only Apple Silicon zone). |
+| `server_type` | string | **Yes** | Server type to provision, e.g. `M2-M`, `M2-L`, `M1-M`. |
+| `os_id` | string | No | OS UUID to install. When omitted the default OS for the server type is used. |
+| `name` | string | **Yes** | Logical name for this instance group. Used to tag/identify servers. |
+
+\* Can be provided via environment variable instead.
+
+### Default connector config
+
+| Parameter | Default |
+|---|---|
+| `os` | `darwin` |
+| `protocol` | `ssh` |
+| `arch` | `arm64` |
+
+## Authentication
+
+Provide credentials in one of two ways:
+
+1. **Plugin config** — set `secret_key` and `project_id` in `plugin_config`.
+2. **Environment variables** — set `SCW_SECRET_KEY` and `SCW_DEFAULT_PROJECT_ID` on the runner process.
+
+## Example runner config
+
+```toml
+concurrent = 4
+check_interval = 0
+shutdown_timeout = 0
+log_level = "info"
+
+[[runners]]
+  name = "scaleway-mac-runner"
+  url = "https://gitlab.com"
+  token = "<GITLAB_RUNNER_TOKEN>"
+  executor = "docker-autoscaler"
+  shell = "bash"
+
+  [runners.autoscaler]
+    capacity_per_instance = 1
+    max_use_count = 10
+    max_instances = 4
+    plugin = "fleeting-plugin-scaleway"
+
+    [runners.autoscaler.plugin_config]
+      name         = "mac-runners"
+      server_type  = "M2-M"
+      zone         = "fr-par-3"
+      # secret_key and project_id can also be set via SCW_SECRET_KEY /
+      # SCW_DEFAULT_PROJECT_ID environment variables.
+      secret_key   = "<SCW_SECRET_KEY>"
+      project_id   = "<SCW_PROJECT_ID>"
+
+    [runners.autoscaler.connector_config]
+      username               = "m1"
+      key_path               = "/etc/gitlab-runner/id_ed25519"
+      use_static_credentials = true
+      keepalive              = "30s"
+      timeout                = "10m"
+
+    [[runners.autoscaler.policy]]
+      idle_count = 1
+      idle_time  = "30m"
+```
+
+## Installation
+
+### OCI registry (recommended)
+
+The plugin is distributed as an OCI artifact on GHCR. GitLab Runner can install it automatically via `gitlab-runner fleeting install`.
+
+Set the `plugin` field in `config.toml`:
+
+```toml
+[runners.autoscaler]
+  plugin = "ghcr.io/codecentric/fleeting-plugin-scaleway:latest"
+```
+
+Then run:
+
+```bash
+gitlab-runner fleeting install
+```
+
+The runner will download and install the correct binary for its OS and architecture.  
+Use a version constraint instead of `latest` to pin a specific release:
+
+```toml
+  plugin = "ghcr.io/codecentric/fleeting-plugin-scaleway:1"   # latest 1.x.x
+  plugin = "ghcr.io/codecentric/fleeting-plugin-scaleway:1.2" # latest 1.2.x
+```
+
+### Manual binary installation
+
+Download a binary from the [Releases](https://github.com/codecentric/fleeting-plugin-scaleway/releases) page, place it somewhere on `$PATH`, and name it `fleeting-plugin-scaleway`. Then reference it by that name:
+
+```toml
+[runners.autoscaler]
+  plugin = "fleeting-plugin-scaleway"
+```
+
+## Building from source
+
+```bash
+go build ./cmd/fleeting-plugin-scaleway
+```
+
+Cross-compile all platforms (output goes to `dist/`):
+
+```bash
+make all
+```
+
+## Caveats
+
+- The **24-hour minimum lease** means autoscaling costs are dominated by the lease duration, not actual usage. Configure `idle_time` and `max_use_count` accordingly.
+- Only **`fr-par-3`** is currently available for Apple Silicon.
+- Server names are prefixed with `fleeting-<name>-` so the plugin can identify its own servers across API calls.
+- SSH credentials must be pre-configured on the base OS image or injected through the Scaleway runner configuration. The plugin itself does not inject SSH keys.

cmd/fleeting-plugin-scaleway/main.go

@@ -0,0 +1,10 @@
+package main
+
+import (
+	scaleway "github.com/codecentric/fleeting-plugin-scaleway"
+	"gitlab.com/gitlab-org/fleeting/fleeting/plugin"
+)
+
+func main() {
+	plugin.Main(&scaleway.InstanceGroup{}, scaleway.Version)
+}