From 16e7f2b17c791b77d3cc09716a8e0e9a6d5811ca Mon Sep 17 00:00:00 2001 From: MarcoIeni <11428655+MarcoIeni@users.noreply.github.com> Date: Wed, 26 Mar 2025 09:53:35 +0100 Subject: [PATCH 1/2] CI: use aws codebuild for dist-arm-linux job --- .github/workflows/ci.yml | 9 +++++ src/ci/citool/src/jobs.rs | 25 +++++++++++++ .../host-x86_64/dist-arm-linux/Dockerfile | 2 +- src/ci/docker/run.sh | 17 ++++++++- src/ci/github-actions/jobs.yml | 8 +++- src/ci/run.sh | 25 +++++++++++++ src/ci/scripts/free-disk-space.sh | 37 +++++++++++++++---- 7 files changed, 112 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 25397006ee23c..9c2a16455b427 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -159,6 +159,8 @@ jobs: run: src/ci/scripts/install-ninja.sh - name: enable ipv6 on Docker + # Don't run on codebuild because systemctl is not available + if: ${{ !contains(matrix.os, 'codebuild-ubuntu') }} run: src/ci/scripts/enable-docker-ipv6.sh # Disable automatic line ending conversion (again). On Windows, when we're @@ -187,6 +189,13 @@ jobs: # Build it into the build directory, to avoid modifying sources - name: build citool run: | + # Check if cargo is installed + if ! command -v cargo &> /dev/null; then + echo "Cargo not found, installing Rust..." + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + # Make cargo available in PATH + . "$HOME/.cargo/env" + fi cd src/ci/citool CARGO_INCREMENTAL=0 CARGO_TARGET_DIR=../../../build/citool cargo build diff --git a/src/ci/citool/src/jobs.rs b/src/ci/citool/src/jobs.rs index 13880ad466a6b..b9566d1d0da67 100644 --- a/src/ci/citool/src/jobs.rs +++ b/src/ci/citool/src/jobs.rs @@ -3,9 +3,11 @@ mod tests; use std::collections::BTreeMap; +use anyhow::Context as _; use serde_yaml::Value; use crate::GitHubContext; +use crate::utils::load_env_var; /// Representation of a job loaded from the `src/ci/github-actions/jobs.yml` file. #[derive(serde::Deserialize, Debug, Clone)] @@ -109,6 +111,27 @@ struct GithubActionsJob { doc_url: Option, } +/// Replace GitHub context variables with environment variables in job configs. +/// Useful for codebuild jobs like +/// `codebuild-ubuntu-22-8c-${{ github.run_id }}-${{ github.run_attempt }}` +fn substitute_github_vars(jobs: Vec) -> anyhow::Result> { + let run_id = load_env_var("GITHUB_RUN_ID")?; + let run_attempt = load_env_var("GITHUB_RUN_ATTEMPT")?; + + let jobs = jobs + .into_iter() + .map(|mut job| { + job.os = job + .os + .replace("${{ github.run_id }}", &run_id) + .replace("${{ github.run_attempt }}", &run_attempt); + job + }) + .collect(); + + Ok(jobs) +} + /// Skip CI jobs that are not supposed to be executed on the given `channel`. fn skip_jobs(jobs: Vec, channel: &str) -> Vec { jobs.into_iter() @@ -177,6 +200,8 @@ fn calculate_jobs( } RunType::AutoJob => (db.auto_jobs.clone(), "auto", &db.envs.auto_env), }; + let jobs = substitute_github_vars(jobs.clone()) + .context("Failed to substitute GitHub context variables in jobs")?; let jobs = skip_jobs(jobs, channel); let jobs = jobs .into_iter() diff --git a/src/ci/docker/host-x86_64/dist-arm-linux/Dockerfile b/src/ci/docker/host-x86_64/dist-arm-linux/Dockerfile index 420c42bc9d807..3795859f308e6 100644 --- a/src/ci/docker/host-x86_64/dist-arm-linux/Dockerfile +++ b/src/ci/docker/host-x86_64/dist-arm-linux/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 +FROM ghcr.io/rust-lang/ubuntu:22.04 COPY scripts/cross-apt-packages.sh /scripts/ RUN sh /scripts/cross-apt-packages.sh diff --git a/src/ci/docker/run.sh b/src/ci/docker/run.sh index 2805bb1118d82..a79ce7e1e3f34 100755 --- a/src/ci/docker/run.sh +++ b/src/ci/docker/run.sh @@ -288,7 +288,7 @@ args="$args --privileged" # `LOCAL_USER_ID` (recognized in `src/ci/run.sh`) to ensure that files are all # read/written as the same user as the bare-metal user. if [ -f /.dockerenv ]; then - docker create -v /checkout --name checkout alpine:3.4 /bin/true + docker create -v /checkout --name checkout ghcr.io/rust-lang/alpine:3.4 /bin/true docker cp . checkout:/checkout args="$args --volumes-from checkout" else @@ -308,6 +308,21 @@ else fi fi +# id=$(id -u) +# if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then +# # Rootless podman creates a separate user namespace, where an inner +# # LOCAL_USER_ID will map to a different subuid range on the host. +# # The "keep-id" mode maps the current UID directly into the container. +# args="$args --env NO_CHANGE_USER=1 --userns=keep-id" +# elif [[ "$id" != 0 ]]; then +# # We are running in docker as non-root +# args="$args --env LOCAL_USER_ID=$id" +# else +# # We are running as root. Since we don't want to run the container as root, +# # we set id `1001` instead of `0`. +# args="$args --env LOCAL_USER_ID=1001" +# fi + if [ "$dev" = "1" ] then # Interactive + TTY diff --git a/src/ci/github-actions/jobs.yml b/src/ci/github-actions/jobs.yml index f62ed23d038c7..7474a80dd1e00 100644 --- a/src/ci/github-actions/jobs.yml +++ b/src/ci/github-actions/jobs.yml @@ -56,6 +56,12 @@ runners: - &job-aarch64-linux-8c os: ubuntu-24.04-arm64-8core-32gb <<: *base-job + + - &job-linux-8c-codebuild + free_disk: true + os: codebuild-ubuntu-22-36c-${{ github.run_id }}-${{ github.run_attempt }} + <<: *base-job + envs: env-x86_64-apple-tests: &env-x86_64-apple-tests SCRIPT: ./x.py --stage 2 test --skip tests/ui --skip tests/rustdoc -- --exact @@ -153,7 +159,7 @@ auto: <<: *job-linux-4c - name: dist-arm-linux - <<: *job-linux-8c + <<: *job-linux-8c-codebuild - name: dist-armhf-linux <<: *job-linux-4c diff --git a/src/ci/run.sh b/src/ci/run.sh index 6980d8220e574..685fd50ed821e 100755 --- a/src/ci/run.sh +++ b/src/ci/run.sh @@ -2,6 +2,25 @@ set -e +change_ownership_if_needed() { + local path=$1 + local owner="user:user" + local test_file="$path/.write_test" + + local current_owner + current_owner=$(stat -f "%Su:%Sg" "$path" 2>/dev/null) + + # Test if filesystem is writable by attempting to touch a temporary file + if touch "$test_file" 2>/dev/null; then + rm "$test_file" + if [ "$current_owner" != "$owner" ]; then + chown -R $owner "$path" + fi + else + echo "$path is read-only, skipping ownership change" + fi +} + if [ -n "$CI_JOB_NAME" ]; then echo "[CI_JOB_NAME=$CI_JOB_NAME]" fi @@ -16,6 +35,12 @@ if [ "$NO_CHANGE_USER" = "" ]; then export HOME=/home/user unset LOCAL_USER_ID +# # Give ownership of necessary directories to the user +# change_ownership_if_needed . +# mkdir -p /cargo +# change_ownership_if_needed /cargo +# change_ownership_if_needed /checkout + # Ensure that runners are able to execute git commands in the worktree, # overriding the typical git protections. In our docker container we're running # as root, while the user owning the checkout is not root. diff --git a/src/ci/scripts/free-disk-space.sh b/src/ci/scripts/free-disk-space.sh index 055a6ac2211e3..fafe3131453d7 100755 --- a/src/ci/scripts/free-disk-space.sh +++ b/src/ci/scripts/free-disk-space.sh @@ -14,6 +14,18 @@ isX86() { fi } +# Check if we're on a GitHub hosted runner. +# Otherwise, we are running in aws codebuild because on codebuild, +# RUNNER_ENVIRONMENT is "self-hosted". +isGitHubRunner() { + # `:-` means "use the value of RUNNER_ENVIRONMENT if it exists, otherwise use an empty string". + if [[ "${RUNNER_ENVIRONMENT:-}" == "github-hosted" ]]; then + return 0 + else + return 1 + fi +} + # print a line of the specified character printSeparationLine() { for ((i = 0; i < 80; i++)); do @@ -118,10 +130,14 @@ removeUnusedFilesAndDirs() { # Azure "/opt/az" "/usr/share/az_"* + ) + if [ -n "${AGENT_TOOLSDIRECTORY:-}" ]; then # Environment variable set by GitHub Actions - "$AGENT_TOOLSDIRECTORY" - ) + to_remove+=( + "${AGENT_TOOLSDIRECTORY}" + ) + fi for element in "${to_remove[@]}"; do if [ ! -e "$element" ]; then @@ -155,20 +171,25 @@ cleanPackages() { '^dotnet-.*' '^llvm-.*' '^mongodb-.*' - 'azure-cli' 'firefox' 'libgl1-mesa-dri' 'mono-devel' 'php.*' ) - if isX86; then + if isGitHubRunner; then packages+=( - 'google-chrome-stable' - 'google-cloud-cli' - 'google-cloud-sdk' - 'powershell' + azure-cli ) + + if isX86; then + packages+=( + 'google-chrome-stable' + 'google-cloud-cli' + 'google-cloud-sdk' + 'powershell' + ) + fi fi sudo apt-get -qq remove -y --fix-missing "${packages[@]}" From c6b42b6b15ff914524a3aab7aa76148b16b43162 Mon Sep 17 00:00:00 2001 From: MarcoIeni <11428655+MarcoIeni@users.noreply.github.com> Date: Wed, 26 Mar 2025 09:54:52 +0100 Subject: [PATCH 2/2] rename job --- src/ci/github-actions/jobs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ci/github-actions/jobs.yml b/src/ci/github-actions/jobs.yml index 7474a80dd1e00..7b2a91b080329 100644 --- a/src/ci/github-actions/jobs.yml +++ b/src/ci/github-actions/jobs.yml @@ -57,7 +57,7 @@ runners: os: ubuntu-24.04-arm64-8core-32gb <<: *base-job - - &job-linux-8c-codebuild + - &job-linux-36c-codebuild free_disk: true os: codebuild-ubuntu-22-36c-${{ github.run_id }}-${{ github.run_attempt }} <<: *base-job @@ -159,7 +159,7 @@ auto: <<: *job-linux-4c - name: dist-arm-linux - <<: *job-linux-8c-codebuild + <<: *job-linux-36c-codebuild - name: dist-armhf-linux <<: *job-linux-4c