Update s390x dockerfile

.github/workflows/cmake.yml

@@ -292,8 +292,6 @@ jobs:
             packages: qemu qemu-user gcc-s390x-linux-gnu g++-s390x-linux-gnu libc-dev-s390x-cross
             ldflags: -static
             codecov: ubuntu_gcc_s390x
-            # The dedicated test VM has 4 cores
-            parallels-jobs: 4
 
           - name: Ubuntu GCC S390X No vectorized CRC32 ASAN
             os: ubuntu-latest
@@ -302,10 +300,8 @@ jobs:
             packages: qemu qemu-user gcc-s390x-linux-gnu g++-s390x-linux-gnu libc-dev-s390x-cross
             ldflags: -static
             codecov: ubuntu_gcc_s390x_no_crc32
-            # The dedicated test VM has 4 cores
-            parallels-jobs: 4
 
-          - name: Ubuntu GCC S390X DFLTCC ASAN
+          - name: ${{ github.repository == 'zlib-ng/zlib-ng' && 'EL9' || 'Ubuntu' }} GCC S390X DFLTCC ASAN
             os: ${{ github.repository == 'zlib-ng/zlib-ng' && 'z15' || 'ubuntu-latest' }}
             compiler: gcc
             cxx-compiler: g++
@@ -315,11 +311,11 @@ jobs:
             packages: qemu qemu-user gcc-s390x-linux-gnu g++-s390x-linux-gnu libc-dev-s390x-cross
             asan-options: detect_leaks=0
             ldflags: -static
-            codecov: ubuntu_gcc_s390x_dfltcc
+            codecov: ${{ github.repository == 'zlib-ng/zlib-ng' && 'el9_gcc_s390x_dfltcc' || 'ubuntu_gcc_s390x_dfltcc' }}
             # The dedicated z15 test VM has 4 cores
             parallels-jobs: 4
 
-          - name: Ubuntu GCC S390X DFLTCC UBSAN
+          - name: ${{ github.repository == 'zlib-ng/zlib-ng' && 'EL9' || 'Ubuntu' }} GCC S390X DFLTCC UBSAN
             os: ${{ github.repository == 'zlib-ng/zlib-ng' && 'z15' || 'ubuntu-latest' }}
             compiler: gcc
             cxx-compiler: g++
@@ -328,14 +324,14 @@ jobs:
               -DWITH_DFLTCC_DEFLATE=ON -DWITH_DFLTCC_INFLATE=ON -DWITH_SANITIZER=Undefined
             packages: qemu qemu-user gcc-s390x-linux-gnu g++-s390x-linux-gnu libc-dev-s390x-cross
             ldflags: -static
-            codecov: ubuntu_gcc_s390x_dfltcc_ubsan
+            codecov: ${{ github.repository == 'zlib-ng/zlib-ng' && 'el9_gcc_s390x_dfltcc' || 'ubuntu_gcc_s390x_dfltcc' }}
             # The dedicated z15 test VM has 4 cores
             parallels-jobs: 4
 
-          - name: Ubuntu Clang S390X DFLTCC ${{ (github.repository == 'zlib-ng/zlib-ng' && 'MSAN') || 'Compat' }}
+          - name: ${{ github.repository == 'zlib-ng/zlib-ng' && 'EL9' || 'Ubuntu' }} Clang S390X DFLTCC ${{ (github.repository == 'zlib-ng/zlib-ng' && 'MSAN') || 'Compat' }}
             os: ${{ github.repository == 'zlib-ng/zlib-ng' && 'z15' || 'ubuntu-latest' }}
-            compiler: clang-11
-            cxx-compiler: clang++-11
+            compiler: ${{ github.repository == 'zlib-ng/zlib-ng' && 'clang' || 'clang-11' }}
+            cxx-compiler: ${{ github.repository == 'zlib-ng/zlib-ng' && 'clang++' || 'clang++-11' }}
             cmake-args: >-
               ${{ github.repository != 'zlib-ng/zlib-ng' && '-DCMAKE_TOOLCHAIN_FILE=cmake/toolchain-s390x.cmake -DZLIB_COMPAT=ON' || '-GNinja -DWITH_SANITIZER=Memory' }}
               -DWITH_DFLTCC_DEFLATE=ON -DWITH_DFLTCC_INFLATE=ON
@@ -440,11 +436,11 @@ jobs:
 
           - name: Ubuntu Clang MSAN
             os: ubuntu-latest
-            compiler: clang-11
-            cxx-compiler: clang++-11
+            compiler: clang-15
+            cxx-compiler: clang++-15
             cmake-args: -GNinja -DWITH_SANITIZER=Memory
-            packages:  ninja-build clang-11 llvm-11-tools
-            gcov-exec: llvm-cov-11 gcov
+            packages:  ninja-build clang-15 llvm-15-tools
+            gcov-exec: llvm-cov-15 gcov
             # https://github.com/llvm/llvm-project/issues/55785
             msan-options: use_sigaltstack=0
 
@@ -654,13 +650,16 @@ jobs:
     - name: Compile LLVM C++ libraries (MSAN)
       if: contains(matrix.name, 'MSAN')
       run: |
-        git clone --depth=1 https://github.com/llvm/llvm-project --single-branch --branch llvmorg-11.1.0
-        cmake -S llvm-project/llvm -B llvm-project/build -G Ninja \
+        git clone --depth=1 https://github.com/llvm/llvm-project --single-branch --branch llvmorg-16.0.6
+        cmake -S llvm-project/runtimes -B llvm-project/build -G Ninja \
           -DCMAKE_BUILD_TYPE=Release \
-          -DLLVM_ENABLE_PROJECTS="libcxx;libcxxabi" \
+          -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" \
           -DLLVM_USE_SANITIZER=MemoryWithOrigins \
-          -DLLVM_LIBC_ENABLE_LINTING=OFF
-        cmake --build llvm-project/build -j2 -- cxx cxxabi
+          -DLIBCXXABI_USE_LLVM_UNWINDER=OFF \
+          -DLIBCXX_INCLUDE_BENCHMARKS=OFF \
+          -DLLVM_INCLUDE_TESTS=OFF \
+          -DLLVM_INCLUDE_DOCS=OFF
+        cmake --build llvm-project/build -j3 -- cxx cxxabi
         echo "LLVM_BUILD_DIR=`pwd`/llvm-project/build" >> $GITHUB_ENV
       env:
         CC: ${{ matrix.compiler }}

.github/workflows/configure.yml

@@ -167,7 +167,7 @@ jobs:
             cflags: -static
             ldflags: -static
 
-          - name: Ubuntu GCC S390X DFLTCC
+          - name: ${{ github.repository == 'zlib-ng/zlib-ng' && 'EL9' || 'Ubuntu' }} GCC S390X DFLTCC
             os: ${{ github.repository == 'zlib-ng/zlib-ng' && 'z15' || 'ubuntu-latest' }}
             compiler: ${{ github.repository == 'zlib-ng/zlib-ng' && 'gcc' || 's390x-linux-gnu-gcc' }}
             configure-args: --warn --static --with-dfltcc-deflate --with-dfltcc-inflate
@@ -176,7 +176,7 @@ jobs:
             cflags: ${{ github.repository != 'zlib-ng/zlib-ng' && '-static' || '' }}
             ldflags: ${{ github.repository != 'zlib-ng/zlib-ng' && '-static' || '' }}
 
-          - name: Ubuntu GCC S390X DFLTCC Compat
+          - name: ${{ github.repository == 'zlib-ng/zlib-ng' && 'EL9' || 'Ubuntu' }} GCC S390X DFLTCC Compat
             os: ${{ github.repository == 'zlib-ng/zlib-ng' && 'z15' || 'ubuntu-latest' }}
             compiler: ${{ github.repository == 'zlib-ng/zlib-ng' && 'gcc' || 's390x-linux-gnu-gcc' }}
             configure-args: --warn --zlib-compat --static --with-dfltcc-deflate --with-dfltcc-inflate

.github/workflows/lint.yml

@@ -14,4 +14,4 @@ jobs:
     - name: Whitespace errors
       run: |
         git config core.whitespace blank-at-eol
-        git diff --color --check ${{ github.event.pull_request.base.sha }}
+        git diff --color --check ${{ github.event.pull_request.base.sha }} -- './*' ':!*.patch'

arch/s390/README.md

@@ -213,29 +213,31 @@ DFLTCC is a non-privileged instruction, neither special VM/LPAR
 configuration nor root are required.
 
 zlib-ng CI uses an IBM-provided z15 self-hosted builder for the DFLTCC
-testing. There are no IBM Z builds of GitHub Actions runner, and
-stable qemu-user has problems with .NET apps, so the builder runs the
-x86_64 runner version with qemu-user built from the master branch.
+testing. There is no offical IBM Z builds of GitHub Actions runner, so
+we build one inspired by `anup-kodlekere/gaplib`.
+Future updates to actions-runner might need an updated patch. The .net
+version number patch has been separated into a separate file to avoid a
+need for constantly changing the patch.
 
 ## Configuring the builder.
 
 ### Install prerequisites.
 
 ```
-$ sudo dnf install docker
+sudo dnf install podman
 ```
 
-### Add services.
+### Add actions-runner service.
 
 ```
-$ sudo cp self-hosted-builder/*.service /etc/systemd/system/
-$ sudo systemctl daemon-reload
+sudo cp self-hosted-builder/actions-runner.service /etc/systemd/system/
+sudo systemctl daemon-reload
 ```
 
-### Create a config file.
+### Create a config file, needs github personal access token.
 
 ```
-$ sudo tee /etc/actions-runner
+# Create file /etc/actions-runner
 repo=<owner>/<name>
 access_token=<ghp_***>
 ```
@@ -244,40 +246,32 @@ Access token should have the repo scope, consult
 https://docs.github.com/en/rest/reference/actions#create-a-registration-token-for-a-repository
 for details.
 
-### Autostart the x86_64 emulation support.
+### Autostart actions-runner.
 
 ```
-$ sudo systemctl enable --now qemu-user-static
+$ sudo systemctl enable --now actions-runner
 ```
 
-### Autostart the runner.
+## Rebuilding the container
 
+In order to update the `gaplib-actions-runner` podman container, e.g. to get the
+latest OS security fixes, follow these steps:
 ```
-$ sudo systemctl enable --now actions-runner
-```
+# Stop actions-runner service
+sudo systemctl stop actions-runner
 
-## Rebuilding the image
+# Delete old container
+sudo podman container rm gaplib-actions-runner
 
-In order to update the `iiilinuxibmcom/actions-runner` image, e.g. to get the
-latest OS security fixes, use the following commands:
+# Delete old image
+sudo podman image rm localhost/zlib-ng/actions-runner
 
-```
-$ sudo docker build \
-      --pull \
-      -f self-hosted-builder/actions-runner.Dockerfile \
-      -t iiilinuxibmcom/actions-runner
-$ sudo systemctl restart actions-runner
-```
-
-## Removing persistent data
+# Build image
+sudo podman build --squash -f Dockerfile.zlib-ng --tag zlib-ng/actions-runner --build-arg .
 
-The `actions-runner` service stores various temporary data, such as runner
-registration information, work directories and logs, in the `actions-runner`
-volume. In order to remove it and start from scratch, e.g. when switching the
-runner to a different repository, use the following commands:
+# Build container
+sudo podman create --name=gaplib-actions-runner --env-file=/etc/actions-runner --init --interactive --volume=actions-runner-temp:/home/actions-runner zlib-ng/actions-runner
 
-```
-$ sudo systemctl stop actions-runner
-$ sudo docker rm -f actions-runner
-$ sudo docker volume rm actions-runner
+# Start actions-runner service
+sudo systemctl start actions-runner
 ```

arch/s390/self-hosted-builder/actions-runner.Dockerfile

@@ -1,45 +1,47 @@
 # Self-Hosted IBM Z Github Actions Runner.
 
-# Temporary image: amd64 dependencies.
-FROM amd64/ubuntu:20.04 as ld-prefix
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get -y install ca-certificates libicu66 libssl1.1
-
-# Main image.
-FROM s390x/ubuntu:20.04
-
-# Packages for zlib-ng testing.
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get -y install \
-        clang-11 \
-        cmake \
-        curl \
-        gcc \
-        git \
-        jq \
-        libxml2-dev \
-        libxslt-dev \
-        llvm-11-tools \
-        ninja-build \
-        python-is-python3 \
-        python3 \
-        python3-dev \
-        python3-pip
-
-# amd64 dependencies.
-COPY --from=ld-prefix / /usr/x86_64-linux-gnu/
-RUN ln -fs ../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /usr/x86_64-linux-gnu/lib64/
-RUN ln -fs /etc/resolv.conf /usr/x86_64-linux-gnu/etc/
-ENV QEMU_LD_PREFIX=/usr/x86_64-linux-gnu
-
-# amd64 Github Actions Runner.
-RUN useradd -m actions-runner
-USER actions-runner
-WORKDIR /home/actions-runner
-RUN curl -L https://github.com/actions/runner/releases/download/v2.287.1/actions-runner-linux-x64-2.287.1.tar.gz | tar -xz
-VOLUME /home/actions-runner
+FROM    almalinux:9
+
+RUN     dnf update -y -q && \
+        dnf install -y -q --enablerepo=crb wget git which sudo jq \
+            cmake make automake autoconf m4 libtool ninja-build python3-pip \
+            gcc gcc-c++ clang llvm-toolset glibc-all-langpacks langpacks-en \
+            glibc-static libstdc++-static libstdc++-devel libxslt-devel libxml2-devel
+
+RUN     dnf install -y -q dotnet-sdk-6.0 && \
+        echo "Using SDK - `dotnet --version`"
+
+COPY    runner-s390x.patch /tmp/runner.patch
+COPY    runner-global.json /tmp/global.json
+
+RUN     cd /tmp && \
+        git clone -q https://github.com/actions/runner && \
+        cd runner && \
+        git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) -b build && \
+        git apply /tmp/runner.patch && \
+        cp -f /tmp/global.json src/global.json
+
+
+RUN     cd /tmp/runner/src && \
+        ./dev.sh layout && \
+        ./dev.sh package && \
+        rm -rf /root/.dotnet /root/.nuget
+
+RUN     useradd -c "Action Runner" -m actions-runner && \
+        usermod -L actions-runner
+
+RUN     tar -xf /tmp/runner/_package/*.tar.gz -C /home/actions-runner && \
+        chown -R actions-runner:actions-runner /home/actions-runner
+
+#VOLUME  /home/actions-runner
+
+RUN     rm -rf /tmp/runner /var/cache/dnf/* /tmp/runner.patch /tmp/global.json && \
+        dnf clean all
+
+USER    actions-runner
 
 # Scripts.
-COPY fs/ /
+COPY    fs/ /
+WORKDIR /home/actions-runner
 ENTRYPOINT ["/usr/bin/entrypoint"]
-CMD ["/usr/bin/actions-runner"]
+CMD     ["/usr/bin/actions-runner"]

arch/s390/self-hosted-builder/actions-runner.service

@@ -1,24 +1,18 @@
 [Unit]
-Description=Self-Hosted IBM Z Github Actions Runner
-Wants=qemu-user-static
-After=qemu-user-static
-StartLimitIntervalSec=0
+Description=Podman container: Gaplib Github Actions Runner
+Wants=network-online.target
+After=network-online.target
+StartLimitIntervalSec=1
+RequiresMountsFor=/run/user/1001/containers
 
 [Service]
-Type=simple
+Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=always
-ExecStartPre=-/usr/bin/docker rm --force actions-runner
-ExecStart=/usr/bin/docker run \
-              --env-file=/etc/actions-runner \
-              --init \
-              --interactive \
-              --name=actions-runner \
-              --rm \
-              --volume=actions-runner:/home/actions-runner \
-              iiilinuxibmcom/actions-runner
-ExecStop=/bin/sh -c "docker exec actions-runner kill -INT -- -1"
-ExecStop=/bin/sh -c "docker wait actions-runner"
-ExecStop=/bin/sh -c "docker rm actions-runner"
+TimeoutStopSec=61
+ExecStart=/usr/bin/podman start gaplib-actions-runner
+ExecStop=/usr/bin/podman stop -t 1 gaplib-actions-runner
+ExecStopPost=/usr/bin/podman stop -t 1 gaplib-actions-runner
+Type=forking
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=default.target

arch/s390/self-hosted-builder/runner-global.json

@@ -0,0 +1,5 @@
+{
+  "sdk": {
+    "version": "6.0.421"
+  }
+}