s390x: build native runner binaries in a stage

.github/workflows/publish.yml

@@ -43,7 +43,7 @@ jobs:
         arch: [s390x, aarch64, x86_64]
         include:
           - arch: s390x
-            dockerfile: s390x-native.Dockerfile
+            dockerfile: s390x.Dockerfile
             platform: linux/s390x
           - arch: aarch64
             dockerfile: Dockerfile

.github/workflows/version_bump.yml

@@ -35,13 +35,13 @@ jobs:
 
       - name: Update release
         id: bump
-        run: sed -i 's#^ARG version=.*#ARG version=${{ steps.release.outputs.ACTIONS_VERSION}}#' s390x.Dockerfile
+        run: sed -i 's#^ARG RUNNER_VERSION=.*#ARG RUNNER_VERSION=${{ steps.release.outputs.ACTIONS_VERSION}}#' s390x.Dockerfile
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v7
         with:
-          title: "[automated] Bumping s390x containers to action-runners v${{ steps.release.outputs.ACTIONS_VERSION}}"
-          commit-message: "[automated] Bumping s390x containers to action-runners v${{ steps.release.outputs.ACTIONS_VERSION}}"
+          title: "[automated] s390x: bump RUNNER_VERSION to v${{ steps.release.outputs.ACTIONS_VERSION}}"
+          commit-message: "[automated] s390x: bump RUNNER_VERSION to v${{ steps.release.outputs.ACTIONS_VERSION}}"
           branch: "version-bump/${{ steps.release.outputs.ACTIONS_VERSION}}"
           delete-branch: true
           body: ""

s390x.Dockerfile

@@ -1,67 +1,84 @@
-# Self-Hosted IBM Z Github Actions Runner.
-ARG UBUNTU_VERSION=focal
-# Temporary image: amd64 dependencies.
-FROM --platform=linux/amd64 ubuntu:${UBUNTU_VERSION} AS ld-prefix
-# Redefining UBUNTU_VERSION without a value inherits the global default
-ARG UBUNTU_VERSION
+# Self-Hosted IBM Z Github Actions Runner
+
+ARG RUNNER_VERSION=2.322.0
+
+FROM ubuntu:noble AS build-s390x-runner-binaries
 ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get -y install ca-certificates && if [ ${UBUNTU_VERSION} = "focal" ]; then apt-get -y install libicu66 libssl1.1; else apt-get -y install libicu74 libssl3t64; fi
 
-# Main image.
-FROM --platform=linux/s390x ubuntu:${UBUNTU_VERSION}
+ARG S390X_RUNNER_REPO="https://github.com/anup-kodlekere/gaplib.git"
+ARG S390X_RUNNER_REPO_REV=f5085ab2e51fad20329b441f3c5475c50e4ea1bd
+ARG S390X_PATCH=build-files/runner-sdk-8.patch
+
+ARG RUNNER_REPO="https://github.com/actions/runner"
+ARG RUNNER_VERSION
+
+RUN apt-get update -y
+RUN apt-get -y install curl git jq sudo wget
+RUN apt-get -y install dotnet-sdk-8.0
+
+RUN git clone ${S390X_RUNNER_REPO} /opt/s390x-runner
+WORKDIR /opt/s390x-runner
+RUN git checkout ${S390X_RUNNER_REPO_REV}
+# RUN cp build-files/99synaptics /etc/apt/apt.conf.d/
+# RUN cp build-files/01-nodoc /etc/dpkg/dpkg.cfg.d/
+RUN cp ${S390X_PATCH} /opt/runner.patch
+
+RUN git clone -b v${RUNNER_VERSION} ${RUNNER_REPO} /opt/runner
+WORKDIR /opt/runner
+RUN git apply /opt/runner.patch
+
+# dotnet refuses to build if global.json version and dotnet version don't match
+# it's difficult to get the right version of dotnet on s390x (the best way is to build it)
+# so replacing the version in global.json is an acceptable workaround
+RUN jq --arg ver "$(dotnet --version)" '.sdk.version = $ver' src/global.json > tmp.json && \
+    mv tmp.json src/global.json
+
+WORKDIR /opt/runner/src
+RUN ./dev.sh layout
+RUN ./dev.sh package
+RUN ./dev.sh test
+
+RUN mv "/opt/runner/_package/actions-runner-linux-s390x-${RUNNER_VERSION#v}.tar.gz" /opt/runner.tar.gz
 
-# Packages for libbpf testing that are not installed by .github/actions/setup.
+FROM ubuntu:noble AS prepare-runner-image
 ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get -y install \
-        bc \
-        bison \
-        cmake \
-        cpu-checker \
-        curl \
-        dumb-init \
-        wget \
-        flex \
-        git \
-        jq \
-        linux-image-generic \
-        python3 \
-        rsync \
-        software-properties-common \
-        sudo \
-        tree \
-        zstd \
-        iproute2 \
-        iputils-ping && \
-    apt-get install -y cpu-checker qemu-kvm qemu-utils qemu-system-x86 qemu-system-s390x qemu-system-arm qemu-guest-agent ethtool keyutils iptables gawk
-
-# amd64 Github Actions Runner.
-ARG version=2.320.0
-ARG homedir=/actions-runner
-# Copy scripts from  myoung34/docker-github-actions-runner
-RUN curl -L https://raw.githubusercontent.com/myoung34/docker-github-actions-runner/${version}/entrypoint.sh -o /entrypoint.sh && chmod 755 /entrypoint.sh
-RUN curl -L https://raw.githubusercontent.com/myoung34/docker-github-actions-runner/${version}/token.sh -o /token.sh && chmod 755 /token.sh
-
-RUN useradd -d ${homedir} -m runner
+
+ARG RUNNER_HOME=/actions-runner
+ARG RUNNER_VERSION
+
+RUN apt-get update -y
+RUN apt-get install -y \
+    bc bison build-essential cmake cpu-checker curl dumb-init elfutils ethtool flex g++ gawk git \
+    iproute2 iptables iputils-ping jq keyutils libguestfs-tools python3-minimal python3-docutils \
+    rsync software-properties-common sudo tree wget xz-utils zstd
+RUN apt-get install -y \
+    binutils-dev libcap-dev libdw-dev libelf-dev libssl-dev ncurses-dev
+RUN apt-get install -y \
+    qemu-guest-agent qemu-kvm qemu-system-arm qemu-system-s390x qemu-system-x86 qemu-utils
+RUN apt-get install -y aspnetcore-runtime-8.0
+
+# Install LLVM with automatic script (https://apt.llvm.org)
+RUN bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
+
+RUN apt-get clean
+
+# Copy scripts from myoung34/docker-github-actions-runner
+RUN curl -L https://raw.githubusercontent.com/myoung34/docker-github-actions-runner/${RUNNER_VERSION}/entrypoint.sh -o /entrypoint.sh && chmod 755 /entrypoint.sh
+RUN curl -L https://raw.githubusercontent.com/myoung34/docker-github-actions-runner/${RUNNER_VERSION}/token.sh -o /token.sh && chmod 755 /token.sh
+
+RUN useradd -d ${RUNNER_HOME} -m runner
 RUN echo "runner ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
 RUN echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >>/etc/sudoers
 # Make sure kvm group exists. This is a no-op when it does.
 RUN addgroup --system kvm
 RUN usermod -a -G kvm runner
 USER runner
 ENV USER=runner
-WORKDIR ${homedir}
-RUN curl -L https://github.com/actions/runner/releases/download/v${version}/actions-runner-linux-x64-${version}.tar.gz | tar -xz
-USER root
+WORKDIR ${RUNNER_HOME}
 
-# WARNING: This needs to be set at the end of the file or it will have side effects when building the container
-# from within a foreign arch (like building on x86 host).
-# amd64 dependencies.
-# More specifically this is setting QEMU_LD_PREFIX that causes issue, but before touching system
-# files, we may as well finish any prior installs.
-COPY --from=ld-prefix / /usr/x86_64-linux-gnu/
-RUN ln -fs ../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /usr/x86_64-linux-gnu/lib64/
-RUN ln -fs /etc/resolv.conf /usr/x86_64-linux-gnu/etc/
-ENV QEMU_LD_PREFIX=/usr/x86_64-linux-gnu
+COPY --from=build-s390x-runner-binaries /opt/runner.tar.gz /opt/runner.tar.gz
+RUN tar -xzf /opt/runner.tar.gz -C ${RUNNER_HOME}
+USER root
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["./bin/Runner.Listener", "run", "--startuptype", "service"]