From: Hans Kristian Rosbach Date: Mon, 16 Sep 2024 11:15:46 +0000 (+0200) Subject: Update s390x actions-runner docker X-Git-Tag: 2.2.3~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87d8e9540844ff7afd7d466d4e218544578b248b;p=thirdparty%2Fzlib-ng.git Update s390x actions-runner docker --- diff --git a/arch/s390/README.md b/arch/s390/README.md index 7b383cc9..c56ffd76 100644 --- a/arch/s390/README.md +++ b/arch/s390/README.md @@ -222,56 +222,44 @@ need for constantly changing the patch. ## Configuring the builder. ### Install prerequisites. - ``` sudo dnf install podman ``` -### Add actions-runner service. +### Create a config file, needs github personal access token. +Access token needs permissions; Repo Admin RW, Org Self-hosted runners RW. +For details, consult +https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-a-repository +#### Create file /etc/actions-runner: ``` -sudo cp self-hosted-builder/actions-runner.service /etc/systemd/system/ -sudo systemctl daemon-reload +REPO=/ +PAT_TOKEN= ``` -### Create a config file, needs github personal access token. - +#### Set permissions on /etc/actions-runner: ``` -# Create file /etc/actions-runner -repo=/ -access_token= +chmod 600 /etc/actions-runner ``` -Access token should have the repo scope, consult -https://docs.github.com/en/rest/reference/actions#create-a-registration-token-for-a-repository -for details. +### Add actions-runner service. +``` +sudo cp self-hosted-builder/actions-runner.service /etc/systemd/system/ +sudo systemctl daemon-reload +``` ### Autostart actions-runner. - ``` $ sudo systemctl enable --now actions-runner ``` -## Rebuilding the container - -In order to update the `gaplib-actions-runner` podman container, e.g. to get the -latest OS security fixes, follow these steps: +### Add auto-rebuild cronjob +``` +sudo cp self-hosted-builder/actions-runner-rebuild.sh /etc/cron.weekly/ +chmod +x /etc/cron.weekly/actions-runner-rebuild.sh ``` -# Stop actions-runner service -sudo systemctl stop actions-runner - -# Delete old container -sudo podman container rm gaplib-actions-runner - -# Delete old image -sudo podman image rm localhost/zlib-ng/actions-runner - -# Build image -sudo podman build --squash -f Dockerfile.zlib-ng --tag zlib-ng/actions-runner --build-arg . - -# Build container -sudo podman create --name=gaplib-actions-runner --env-file=/etc/actions-runner --init --interactive --volume=actions-runner-temp:/home/actions-runner zlib-ng/actions-runner -# Start actions-runner service -sudo systemctl start actions-runner +## Building / Rebuilding the container +``` +sudo /etc/cron.weekly/actions-runner-rebuild.sh ``` diff --git a/arch/s390/self-hosted-builder/actions-runner b/arch/s390/self-hosted-builder/actions-runner new file mode 100755 index 00000000..a1d031bc --- /dev/null +++ b/arch/s390/self-hosted-builder/actions-runner @@ -0,0 +1,58 @@ +#!/bin/bash + +# +# Ephemeral runner startup script. +# +# Expects the following environment variables: +# +# - REPO= +# - PAT_TOKEN= +# + +set -e -u + +# Validate required environment variables +if [ -z "${REPO:-}" ] || [ -z "${PAT_TOKEN:-}" ]; then + echo "Error: REPO and/or PAT_TOKEN environment variables not found" + exit 1 +fi + +# Check the cached registration token. +TOKEN_FILE=registration-token.json +if [ -f $TOKEN_FILE ]; then + set +e + EXPIRES=$(jq --raw-output .EXPIRES "$TOKEN_FILE" 2>/dev/null) + STATUS=$? + set -e +else + STATUS=1 +fi +if [[ $STATUS -ne 0 || $(date +%s) -ge $(date -d "$EXPIRES" +%s) ]]; then + # Refresh the cached registration token. + curl \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $PAT_TOKEN" \ + "https://api.github.com/repos/$REPO/actions/runners/registration-token" \ + -o "$TOKEN_FILE" +fi + +REG_TOKEN=$(jq --raw-output .token "$TOKEN_FILE") +if [ $REG_TOKEN = "null" ]; then + echo "Failed to get registration token" + exit 1 +fi + +# (Re-)register the runner. +set -x +./config.sh \ + --url "https://github.com/$REPO" \ + --token "$REG_TOKEN" \ + --unattended \ + --disableupdate \ + --replace \ + --labels z15 \ + --ephemeral + +# Run one job. +./run.sh diff --git a/arch/s390/self-hosted-builder/actions-runner-rebuild.sh b/arch/s390/self-hosted-builder/actions-runner-rebuild.sh new file mode 100644 index 00000000..9efd6a09 --- /dev/null +++ b/arch/s390/self-hosted-builder/actions-runner-rebuild.sh @@ -0,0 +1,43 @@ +#!/usr/bin/bash +set -ex + +if [ ! -f /etc/actions-runner ]; then + echo "Error: /etc/actions-runner env file not found" + exit 1 +fi + +# Use local file if run interactively, otherwise wget the current one. +if [ -t 0 ] ; then + if [ ! -f actions-runner.Dockerfile ]; then + echo "Error: actions-runner.Dockerfile not found" + exit 1 + fi + DOCKERFILE=actions-runner.Dockerfile +else + DOCKERFILE="$(mktemp)" + wget https://raw.githubusercontent.com/zlib-ng/zlib-ng/refs/heads/develop/arch/s390/self-hosted-builder/actions-runner.Dockerfile -O $DOCKERFILE +fi + +# Stop service +systemctl stop actions-runner + +# Delete container +podman container rm gaplib-actions-runner + +# Delete image +podman image rm localhost/zlib-ng/actions-runner + +# Build image +podman build --squash -f $DOCKERFILE --tag zlib-ng/actions-runner . + +# Create container +podman create --replace --name=gaplib-actions-runner --env-file=/etc/actions-runner --init --volume=actions-runner-temp:/home/actions-runner zlib-ng/actions-runner + +# Start service +systemctl start actions-runner + +# Clean up tempfile +if [ ! -t 0 ] ; then + rm $DOCKERFILE + echo "Deleted dockerfile $DOCKERFILE" +fi diff --git a/arch/s390/self-hosted-builder/actions-runner.Dockerfile b/arch/s390/self-hosted-builder/actions-runner.Dockerfile index cf5c3e72..0e55ef67 100644 --- a/arch/s390/self-hosted-builder/actions-runner.Dockerfile +++ b/arch/s390/self-hosted-builder/actions-runner.Dockerfile @@ -3,24 +3,21 @@ FROM almalinux:9 RUN dnf update -y -q && \ - dnf install -y -q --enablerepo=crb wget git which sudo jq \ + dnf install -y -q --enablerepo=crb wget git which sudo jq sed \ cmake make automake autoconf m4 libtool ninja-build python3-pip \ gcc gcc-c++ clang llvm-toolset glibc-all-langpacks langpacks-en \ glibc-static libstdc++-static libstdc++-devel libxslt-devel libxml2-devel -RUN dnf install -y -q dotnet-sdk-6.0 && \ +RUN dnf install -y -q dotnet-sdk-8.0 && \ echo "Using SDK - `dotnet --version`" -COPY runner-s390x.patch /tmp/runner.patch -COPY runner-global.json /tmp/global.json - RUN cd /tmp && \ git clone -q https://github.com/actions/runner && \ cd runner && \ git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) -b build && \ - git apply /tmp/runner.patch && \ - cp -f /tmp/global.json src/global.json - + wget https://github.com/anup-kodlekere/gaplib/raw/refs/heads/main/build-files/runner-sdk-8.patch && \ + git apply runner-sdk-8.patch && \ + sed -i'' -e /version/s/8......\"$/$8.0.100\"/ src/global.json RUN cd /tmp/runner/src && \ ./dev.sh layout && \ @@ -41,7 +38,8 @@ RUN rm -rf /tmp/runner /var/cache/dnf/* /tmp/runner.patch /tmp/global.json & USER actions-runner # Scripts. -COPY fs/ / +COPY entrypoint /usr/bin/ +COPY actions-runner /usr/bin/ WORKDIR /home/actions-runner ENTRYPOINT ["/usr/bin/entrypoint"] CMD ["/usr/bin/actions-runner"] diff --git a/arch/s390/self-hosted-builder/actions-runner.service b/arch/s390/self-hosted-builder/actions-runner.service index b6c20b65..79560cde 100644 --- a/arch/s390/self-hosted-builder/actions-runner.service +++ b/arch/s390/self-hosted-builder/actions-runner.service @@ -10,8 +10,8 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=always TimeoutStopSec=61 ExecStart=/usr/bin/podman start gaplib-actions-runner -ExecStop=/usr/bin/podman stop -t 1 gaplib-actions-runner -ExecStopPost=/usr/bin/podman stop -t 1 gaplib-actions-runner +ExecStop=/usr/bin/podman stop -t 30 gaplib-actions-runner +ExecStopPost=/usr/bin/podman stop -t 10 gaplib-actions-runner Type=forking [Install] diff --git a/arch/s390/self-hosted-builder/fs/usr/bin/entrypoint b/arch/s390/self-hosted-builder/entrypoint similarity index 100% rename from arch/s390/self-hosted-builder/fs/usr/bin/entrypoint rename to arch/s390/self-hosted-builder/entrypoint diff --git a/arch/s390/self-hosted-builder/fs/usr/bin/actions-runner b/arch/s390/self-hosted-builder/fs/usr/bin/actions-runner deleted file mode 100755 index c9d8227d..00000000 --- a/arch/s390/self-hosted-builder/fs/usr/bin/actions-runner +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# -# Ephemeral runner startup script. -# -# Expects the following environment variables: -# -# - repo=/ -# - access_token= -# - -set -e -u - -# Check the cached registration token. -token_file=registration-token.json -set +e -expires_at=$(jq --raw-output .expires_at "$token_file" 2>/dev/null) -status=$? -set -e -if [[ $status -ne 0 || $(date +%s) -ge $(date -d "$expires_at" +%s) ]]; then - # Refresh the cached registration token. - curl \ - -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $access_token" \ - "https://api.github.com/repos/$repo/actions/runners/registration-token" \ - -o "$token_file" -fi - -# (Re-)register the runner. -registration_token=$(jq --raw-output .token "$token_file") -./config.sh remove --token "$registration_token" || true -./config.sh \ - --url "https://github.com/$repo" \ - --token "$registration_token" \ - --labels z15 \ - --ephemeral - -# Run one job. -./run.sh diff --git a/arch/s390/self-hosted-builder/runner-global.json b/arch/s390/self-hosted-builder/runner-global.json deleted file mode 100644 index e7028fe0..00000000 --- a/arch/s390/self-hosted-builder/runner-global.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "sdk": { - "version": "6.0.421" - } -} diff --git a/arch/s390/self-hosted-builder/runner-s390x.patch b/arch/s390/self-hosted-builder/runner-s390x.patch deleted file mode 100644 index 8260f3cc..00000000 --- a/arch/s390/self-hosted-builder/runner-s390x.patch +++ /dev/null @@ -1,243 +0,0 @@ -diff --git a/src/Directory.Build.props b/src/Directory.Build.props -index 9db5fac..f02e235 100644 ---- a/src/Directory.Build.props -+++ b/src/Directory.Build.props -@@ -44,6 +44,9 @@ - - $(DefineConstants);ARM64 - -+ -+ $(DefineConstants);S390X -+ - - - -diff --git a/src/Misc/externals.sh b/src/Misc/externals.sh -index 383221e..1555f67 100755 ---- a/src/Misc/externals.sh -+++ b/src/Misc/externals.sh -@@ -189,3 +189,8 @@ if [[ "$PACKAGERUNTIME" == "linux-arm" ]]; then - acquireExternalTool "$NODE_URL/v${NODE16_VERSION}/node-v${NODE16_VERSION}-linux-armv7l.tar.gz" node16 fix_nested_dir - acquireExternalTool "$NODE_URL/v${NODE20_VERSION}/node-v${NODE20_VERSION}-linux-armv7l.tar.gz" node20 fix_nested_dir - fi -+ -+if [[ "$PACKAGERUNTIME" == "linux-s390x" ]]; then -+ acquireExternalTool "$NODE_URL/v${NODE16_VERSION}/node-v${NODE16_VERSION}-linux-s390x.tar.gz" node16 fix_nested_dir -+ acquireExternalTool "$NODE_URL/v${NODE20_VERSION}/node-v${NODE20_VERSION}-linux-s390x.tar.gz" node20 fix_nested_dir -+fi -diff --git a/src/Misc/layoutroot/config.sh b/src/Misc/layoutroot/config.sh -index 14cc6ba..9b5b8e6 100755 ---- a/src/Misc/layoutroot/config.sh -+++ b/src/Misc/layoutroot/config.sh -@@ -20,25 +20,29 @@ then - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - -- ldd ./bin/libcoreclr.so | grep 'not found' -- if [ $? -eq 0 ]; then -- echo "Dependencies is missing for Dotnet Core 6.0" -- echo $message -- exit 1 -- fi -+ ARCH=`uname -m` -+ if [ "${ARCH}" != "s390x" -a "${ARCH}" != "ppc64le" ] -+ then -+ ldd ./bin/libcoreclr.so | grep 'not found' -+ if [ $? -eq 0 ]; then -+ echo "Dependencies is missing for Dotnet Core 6.0" -+ echo $message -+ exit 1 -+ fi - -- ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' -- if [ $? -eq 0 ]; then -- echo "Dependencies is missing for Dotnet Core 6.0" -- echo $message -- exit 1 -- fi -+ ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' -+ if [ $? -eq 0 ]; then -+ echo "Dependencies is missing for Dotnet Core 6.0" -+ echo $message -+ exit 1 -+ fi - -- ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' -- if [ $? -eq 0 ]; then -- echo "Dependencies is missing for Dotnet Core 6.0" -- echo $message -- exit 1 -+ ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' -+ if [ $? -eq 0 ]; then -+ echo "Dependencies is missing for Dotnet Core 6.0" -+ echo $message -+ exit 1 -+ fi - fi - - if ! [ -x "$(command -v ldconfig)" ]; then -diff --git a/src/Runner.Common/Constants.cs b/src/Runner.Common/Constants.cs -index 177e3c9..9545981 100644 ---- a/src/Runner.Common/Constants.cs -+++ b/src/Runner.Common/Constants.cs -@@ -58,7 +58,8 @@ namespace GitHub.Runner.Common - X86, - X64, - Arm, -- Arm64 -+ Arm64, -+ S390x - } - - public static class Runner -@@ -81,6 +82,8 @@ namespace GitHub.Runner.Common - public static readonly Architecture PlatformArchitecture = Architecture.Arm; - #elif ARM64 - public static readonly Architecture PlatformArchitecture = Architecture.Arm64; -+#elif S390X -+ public static readonly Architecture PlatformArchitecture = Architecture.S390x; - #else - public static readonly Architecture PlatformArchitecture = Architecture.X64; - #endif -diff --git a/src/Runner.Common/Util/VarUtil.cs b/src/Runner.Common/Util/VarUtil.cs -index 97273a1..2a34430 100644 ---- a/src/Runner.Common/Util/VarUtil.cs -+++ b/src/Runner.Common/Util/VarUtil.cs -@@ -53,6 +53,8 @@ namespace GitHub.Runner.Common.Util - return "ARM"; - case Constants.Architecture.Arm64: - return "ARM64"; -+ case Constants.Architecture.S390x: -+ return "S390X"; - default: - throw new NotSupportedException(); // Should never reach here. - } -diff --git a/src/Test/L0/ConstantGenerationL0.cs b/src/Test/L0/ConstantGenerationL0.cs -index 2042485..a9d8b46 100644 ---- a/src/Test/L0/ConstantGenerationL0.cs -+++ b/src/Test/L0/ConstantGenerationL0.cs -@@ -20,6 +20,7 @@ namespace GitHub.Runner.Common.Tests - "linux-x64", - "linux-arm", - "linux-arm64", -+ "linux-s390x", - "osx-x64", - "osx-arm64" - }; -diff --git a/src/Test/L0/Listener/SelfUpdaterL0.cs b/src/Test/L0/Listener/SelfUpdaterL0.cs -index 26ba65e..6791df3 100644 ---- a/src/Test/L0/Listener/SelfUpdaterL0.cs -+++ b/src/Test/L0/Listener/SelfUpdaterL0.cs -@@ -1,4 +1,4 @@ --#if !(OS_WINDOWS && ARM64) -+#if !(OS_WINDOWS && ARM64) && !S390X - using System; - using System.Collections.Generic; - using System.IO; -@@ -16,6 +16,7 @@ using Xunit; - - namespace GitHub.Runner.Common.Tests.Listener - { -+#if !S390X // Self-update is not currently supported on S390X - public sealed class SelfUpdaterL0 - { - private Mock _runnerServer; -@@ -291,5 +292,6 @@ namespace GitHub.Runner.Common.Tests.Listener - } - } - } -+#endif - } - #endif -diff --git a/src/Test/L0/Listener/SelfUpdaterV2L0.cs b/src/Test/L0/Listener/SelfUpdaterV2L0.cs -index 5115a6b..dd8d198 100644 ---- a/src/Test/L0/Listener/SelfUpdaterV2L0.cs -+++ b/src/Test/L0/Listener/SelfUpdaterV2L0.cs -@@ -1,4 +1,4 @@ --#if !(OS_WINDOWS && ARM64) -+#if !(OS_WINDOWS && ARM64) && !S390X - using System; - using System.Collections.Generic; - using System.IO; -diff --git a/src/Test/L0/Worker/StepHostL0.cs b/src/Test/L0/Worker/StepHostL0.cs -index f6b5889..26f8e21 100644 ---- a/src/Test/L0/Worker/StepHostL0.cs -+++ b/src/Test/L0/Worker/StepHostL0.cs -@@ -31,7 +31,7 @@ namespace GitHub.Runner.Common.Tests.Worker - return hc; - } - --#if OS_LINUX -+#if OS_LINUX && !S390X - [Fact] - [Trait("Level", "L0")] - [Trait("Category", "Worker")] -diff --git a/src/dev.sh b/src/dev.sh -index fa637d1..8c66f37 100755 ---- a/src/dev.sh -+++ b/src/dev.sh -@@ -54,6 +54,7 @@ elif [[ "$CURRENT_PLATFORM" == 'linux' ]]; then - case $CPU_NAME in - armv7l) RUNTIME_ID="linux-arm";; - aarch64) RUNTIME_ID="linux-arm64";; -+ s390x) RUNTIME_ID="linux-s390x";; - esac - fi - elif [[ "$CURRENT_PLATFORM" == 'darwin' ]]; then -@@ -80,7 +81,7 @@ if [[ "$CURRENT_PLATFORM" == 'windows' ]]; then - exit 1 - fi - elif [[ "$CURRENT_PLATFORM" == 'linux' ]]; then -- if [[ ("$RUNTIME_ID" != 'linux-x64') && ("$RUNTIME_ID" != 'linux-x86') && ("$RUNTIME_ID" != 'linux-arm64') && ("$RUNTIME_ID" != 'linux-arm') ]]; then -+ if [[ ("$RUNTIME_ID" != 'linux-x64') && ("$RUNTIME_ID" != 'linux-x86') && ("$RUNTIME_ID" != 'linux-arm64') && ("$RUNTIME_ID" != 'linux-arm') && ("$RUNTIME_ID" != 'linux-s390x') ]]; then - echo "Failed: Can't build $RUNTIME_ID package $CURRENT_PLATFORM" >&2 - exit 1 - fi -@@ -199,7 +200,8 @@ function package () - popd > /dev/null - } - --if [[ (! -d "${DOTNETSDK_INSTALLDIR}") || (! -e "${DOTNETSDK_INSTALLDIR}/.${DOTNETSDK_VERSION}") || (! -e "${DOTNETSDK_INSTALLDIR}/dotnet") ]]; then -+if [[ "${RUNTIME_ID}" != "linux-s390x" && ((! -d "${DOTNETSDK_INSTALLDIR}") || (! -e "${DOTNETSDK_INSTALLDIR}/.${DOTNETSDK_VERSION}") || (! -e "${DOTNETSDK_INSTALLDIR}/dotnet")) ]]; then -+ - - # Download dotnet SDK to ../_dotnetsdk directory - heading "Ensure Dotnet SDK" -@@ -224,8 +226,10 @@ if [[ (! -d "${DOTNETSDK_INSTALLDIR}") || (! -e "${DOTNETSDK_INSTALLDIR}/.${DOTN - echo "${DOTNETSDK_VERSION}" > "${DOTNETSDK_INSTALLDIR}/.${DOTNETSDK_VERSION}" - fi - --echo "Prepend ${DOTNETSDK_INSTALLDIR} to %PATH%" --export PATH=${DOTNETSDK_INSTALLDIR}:$PATH -+if [[ -d "${DOTNETSDK_INSTALLDIR}" ]]; then -+ echo "Prepend ${DOTNETSDK_INSTALLDIR} to %PATH%" -+ export PATH=${DOTNETSDK_INSTALLDIR}:$PATH -+fi - - heading "Dotnet SDK Version" - dotnet --version -diff --git a/src/dir.proj b/src/dir.proj -index 056a312..8370922 100644 ---- a/src/dir.proj -+++ b/src/dir.proj -@@ -41,8 +41,18 @@ - - - -- -- -+ -+ -+ RuntimeIdentifier=$(PackageRuntime) -+ -+ SelfContained=false;CopyLocalRuntimeTargetAssets=false -+ -+ -+ -+ - - -