CI: use aws codebuild for dist-arm-linux job

.github/workflows/ci.yml

@@ -159,6 +159,8 @@ jobs:
         run: src/ci/scripts/install-ninja.sh
 
       - name: enable ipv6 on Docker
+        # Don't run on codebuild because systemctl is not available
+        if: ${{ !contains(matrix.os, 'codebuild-ubuntu') }}
         run: src/ci/scripts/enable-docker-ipv6.sh
 
       # Disable automatic line ending conversion (again). On Windows, when we're
@@ -187,6 +189,13 @@ jobs:
       # Build it into the build directory, to avoid modifying sources
       - name: build citool
         run: |
+          # Check if cargo is installed
+          if ! command -v cargo &> /dev/null; then
+            echo "Cargo not found, installing Rust..."
+            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+            # Make cargo available in PATH
+            . "$HOME/.cargo/env"
+          fi
           cd src/ci/citool
           CARGO_INCREMENTAL=0 CARGO_TARGET_DIR=../../../build/citool cargo build
 

src/ci/citool/src/jobs.rs

@@ -3,9 +3,11 @@ mod tests;
 
 use std::collections::BTreeMap;
 
+use anyhow::Context as _;
 use serde_yaml::Value;
 
 use crate::GitHubContext;
+use crate::utils::load_env_var;
 
 /// Representation of a job loaded from the `src/ci/github-actions/jobs.yml` file.
 #[derive(serde::Deserialize, Debug, Clone)]
@@ -109,6 +111,27 @@ struct GithubActionsJob {
     doc_url: Option<String>,
 }
 
+/// Replace GitHub context variables with environment variables in job configs.
+/// Useful for codebuild jobs like
+/// `codebuild-ubuntu-22-8c-${{ github.run_id }}-${{ github.run_attempt }}`
+fn substitute_github_vars(jobs: Vec<Job>) -> anyhow::Result<Vec<Job>> {
+    let run_id = load_env_var("GITHUB_RUN_ID")?;
+    let run_attempt = load_env_var("GITHUB_RUN_ATTEMPT")?;
+
+    let jobs = jobs
+        .into_iter()
+        .map(|mut job| {
+            job.os = job
+                .os
+                .replace("${{ github.run_id }}", &run_id)
+                .replace("${{ github.run_attempt }}", &run_attempt);
+            job
+        })
+        .collect();
+
+    Ok(jobs)
+}
+
 /// Skip CI jobs that are not supposed to be executed on the given `channel`.
 fn skip_jobs(jobs: Vec<Job>, channel: &str) -> Vec<Job> {
     jobs.into_iter()
@@ -177,6 +200,8 @@ fn calculate_jobs(
         }
         RunType::AutoJob => (db.auto_jobs.clone(), "auto", &db.envs.auto_env),
     };
+    let jobs = substitute_github_vars(jobs.clone())
+        .context("Failed to substitute GitHub context variables in jobs")?;
     let jobs = skip_jobs(jobs, channel);
     let jobs = jobs
         .into_iter()

src/ci/docker/host-x86_64/dist-arm-linux/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ghcr.io/rust-lang/ubuntu:22.04
 
 COPY scripts/cross-apt-packages.sh /scripts/
 RUN sh /scripts/cross-apt-packages.sh

src/ci/docker/run.sh

@@ -288,7 +288,7 @@ args="$args --privileged"
 # `LOCAL_USER_ID` (recognized in `src/ci/run.sh`) to ensure that files are all
 # read/written as the same user as the bare-metal user.
 if [ -f /.dockerenv ]; then
-  docker create -v /checkout --name checkout alpine:3.4 /bin/true
+  docker create -v /checkout --name checkout ghcr.io/rust-lang/alpine:3.4 /bin/true
   docker cp . checkout:/checkout
   args="$args --volumes-from checkout"
 else
@@ -308,6 +308,21 @@ else
   fi
 fi
 
+# id=$(id -u)
+# if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
+#   # Rootless podman creates a separate user namespace, where an inner
+#   # LOCAL_USER_ID will map to a different subuid range on the host.
+#   # The "keep-id" mode maps the current UID directly into the container.
+#   args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
+# elif [[ "$id" != 0 ]]; then
+#   # We are running in docker as non-root
+#   args="$args --env LOCAL_USER_ID=$id"
+# else
+#   # We are running as root. Since we don't want to run the container as root,
+#   # we set id `1001` instead of `0`.
+#   args="$args --env LOCAL_USER_ID=1001"
+# fi
+
 if [ "$dev" = "1" ]
 then
   # Interactive + TTY

src/ci/github-actions/jobs.yml

@@ -56,6 +56,12 @@ runners:
   - &job-aarch64-linux-8c
     os: ubuntu-24.04-arm64-8core-32gb
     <<: *base-job
+
+  - &job-linux-36c-codebuild
+    free_disk: true
+    os: codebuild-ubuntu-22-36c-${{ github.run_id }}-${{ github.run_attempt }}
+    <<: *base-job
+
 envs:
   env-x86_64-apple-tests: &env-x86_64-apple-tests
     SCRIPT: ./x.py --stage 2 test --skip tests/ui --skip tests/rustdoc -- --exact
@@ -153,7 +159,7 @@ auto:
     <<: *job-linux-4c
 
   - name: dist-arm-linux
-    <<: *job-linux-8c
+    <<: *job-linux-36c-codebuild
 
   - name: dist-armhf-linux
     <<: *job-linux-4c

src/ci/run.sh

@@ -2,6 +2,25 @@
 
 set -e
 
+change_ownership_if_needed() {
+    local path=$1
+    local owner="user:user"
+    local test_file="$path/.write_test"
+
+    local current_owner
+    current_owner=$(stat -f "%Su:%Sg" "$path" 2>/dev/null)
+
+    # Test if filesystem is writable by attempting to touch a temporary file
+    if touch "$test_file" 2>/dev/null; then
+        rm "$test_file"
+        if [ "$current_owner" != "$owner" ]; then
+            chown -R $owner "$path"
+        fi
+    else
+        echo "$path is read-only, skipping ownership change"
+    fi
+}
+
 if [ -n "$CI_JOB_NAME" ]; then
   echo "[CI_JOB_NAME=$CI_JOB_NAME]"
 fi
@@ -16,6 +35,12 @@ if [ "$NO_CHANGE_USER" = "" ]; then
     export HOME=/home/user
     unset LOCAL_USER_ID
 
+#   # Give ownership of necessary directories to the user
+#   change_ownership_if_needed .
+#   mkdir -p /cargo
+#   change_ownership_if_needed /cargo
+#   change_ownership_if_needed /checkout
+
     # Ensure that runners are able to execute git commands in the worktree,
     # overriding the typical git protections. In our docker container we're running
     # as root, while the user owning the checkout is not root.

src/ci/scripts/free-disk-space.sh

@@ -14,6 +14,18 @@ isX86() {
     fi
 }
 
+# Check if we're on a GitHub hosted runner.
+# Otherwise, we are running in aws codebuild because on codebuild,
+# RUNNER_ENVIRONMENT is "self-hosted".
+isGitHubRunner() {
+    # `:-` means "use the value of RUNNER_ENVIRONMENT if it exists, otherwise use an empty string".
+    if [[ "${RUNNER_ENVIRONMENT:-}" == "github-hosted" ]]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
 # print a line of the specified character
 printSeparationLine() {
     for ((i = 0; i < 80; i++)); do
@@ -118,10 +130,14 @@ removeUnusedFilesAndDirs() {
         # Azure
         "/opt/az"
         "/usr/share/az_"*
+    )
 
+    if [ -n "${AGENT_TOOLSDIRECTORY:-}" ]; then
         # Environment variable set by GitHub Actions
-        "$AGENT_TOOLSDIRECTORY"
-    )
+        to_remove+=(
+            "${AGENT_TOOLSDIRECTORY}"
+        )
+    fi
 
     for element in "${to_remove[@]}"; do
         if [ ! -e "$element" ]; then
@@ -155,20 +171,25 @@ cleanPackages() {
         '^dotnet-.*'
         '^llvm-.*'
         '^mongodb-.*'
-        'azure-cli'
         'firefox'
         'libgl1-mesa-dri'
         'mono-devel'
         'php.*'
     )
 
-    if isX86; then
+    if isGitHubRunner; then
         packages+=(
-            'google-chrome-stable'
-            'google-cloud-cli'
-            'google-cloud-sdk'
-            'powershell'
+            azure-cli
         )
+
+        if isX86; then
+            packages+=(
+                'google-chrome-stable'
+                'google-cloud-cli'
+                'google-cloud-sdk'
+                'powershell'
+            )
+        fi
     fi
 
     sudo apt-get -qq remove -y --fix-missing "${packages[@]}"