From 87400e9d590d9339a4d0eb1ba7718360dc19b807 Mon Sep 17 00:00:00 2001 From: Koray Oksay Date: Mon, 25 Aug 2025 17:27:55 +0300 Subject: [PATCH 1/8] update oracle runners with vm ones Signed-off-by: Koray Oksay --- .github/workflows/build_and_test.yaml | 8 ++++---- .github/workflows/cacher.yaml | 2 +- .github/workflows/cli_release.yaml | 4 ++-- .github/workflows/cloud_release.yaml | 2 +- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/mirror_demos.yaml | 2 +- .github/workflows/mirror_deps.yaml | 2 +- .github/workflows/mirror_releases.yaml | 2 +- .github/workflows/operator_release.yaml | 4 ++-- .github/workflows/perf_common.yaml | 4 ++-- .github/workflows/pr_genfiles.yml | 2 +- .github/workflows/pr_linter.yml | 2 +- .github/workflows/release_update_docs_px_dev.yaml | 2 +- .github/workflows/trivy_images.yaml | 2 +- .github/workflows/vizier_release.yaml | 4 ++-- 15 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 4e29338249a..f96ef029fc8 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -36,7 +36,7 @@ jobs: image-base-name: "dev_image_with_extras" ref: ${{ needs.env-protect-setup.outputs.ref }} clang-tidy: - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 needs: [authorize, env-protect-setup, get-dev-image] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -64,7 +64,7 @@ jobs: code-coverage: if: github.event_name == 'push' needs: [authorize, env-protect-setup, get-dev-image] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} steps: @@ -88,7 +88,7 @@ jobs: ./ci/collect_coverage.sh -u -b main -c "$(git rev-parse HEAD)" -r pixie-io/pixie generate-matrix: needs: [authorize, env-protect-setup, get-dev-image] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} outputs: @@ -120,7 +120,7 @@ jobs: bazel_tests_* build-and-test: needs: [authorize, env-protect-setup, get-dev-image, generate-matrix] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 permissions: contents: read actions: read diff --git a/.github/workflows/cacher.yaml b/.github/workflows/cacher.yaml index 584360a5ff3..264da3af65c 100644 --- a/.github/workflows/cacher.yaml +++ b/.github/workflows/cacher.yaml @@ -12,7 +12,7 @@ jobs: with: image-base-name: "dev_image" populate-caches: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/cli_release.yaml b/.github/workflows/cli_release.yaml index ba7a5101002..b83223b4f44 100644 --- a/.github/workflows/cli_release.yaml +++ b/.github/workflows/cli_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -188,7 +188,7 @@ jobs: --notes $'Pixie CLI Release:\n'"${changelog}" gh release upload "${TAG_NAME}" linux-artifacts/* macos-artifacts/* update-gh-artifacts-manifest: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: [get-dev-image, create-github-release] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/cloud_release.yaml b/.github/workflows/cloud_release.yaml index ff49ea2cf35..70d45655e99 100644 --- a/.github/workflows/cloud_release.yaml +++ b/.github/workflows/cloud_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 20dc5700ef8..b00ee7bc9f5 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -10,7 +10,7 @@ permissions: contents: read jobs: analyze-go: - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 permissions: actions: read contents: read @@ -28,7 +28,7 @@ jobs: with: category: "/language:go" analyze-python: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 permissions: actions: read contents: read @@ -42,7 +42,7 @@ jobs: with: category: "/language:python" analyze-javascript: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 permissions: actions: read contents: read diff --git a/.github/workflows/mirror_demos.yaml b/.github/workflows/mirror_demos.yaml index 0f2c5f46df4..a1b3d1f1d9b 100644 --- a/.github/workflows/mirror_demos.yaml +++ b/.github/workflows/mirror_demos.yaml @@ -9,7 +9,7 @@ jobs: permissions: contents: read packages: write - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 steps: - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v2 with: diff --git a/.github/workflows/mirror_deps.yaml b/.github/workflows/mirror_deps.yaml index 983b598927c..600fa1d8ac1 100644 --- a/.github/workflows/mirror_deps.yaml +++ b/.github/workflows/mirror_deps.yaml @@ -9,7 +9,7 @@ jobs: permissions: contents: read packages: write - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 steps: - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v2 with: diff --git a/.github/workflows/mirror_releases.yaml b/.github/workflows/mirror_releases.yaml index f89ac612887..25137d48606 100644 --- a/.github/workflows/mirror_releases.yaml +++ b/.github/workflows/mirror_releases.yaml @@ -10,7 +10,7 @@ jobs: permissions: contents: read packages: write - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 steps: - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v2 with: diff --git a/.github/workflows/operator_release.yaml b/.github/workflows/operator_release.yaml index d5db686663d..554a2f0835e 100644 --- a/.github/workflows/operator_release.yaml +++ b/.github/workflows/operator_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -142,7 +142,7 @@ jobs: git commit -s -m "Release Helm chart ${VERSION}" git push origin "gh-pages" update-gh-artifacts-manifest: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: [get-dev-image, create-github-release] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/perf_common.yaml b/.github/workflows/perf_common.yaml index 01083668873..766dc3e4105 100644 --- a/.github/workflows/perf_common.yaml +++ b/.github/workflows/perf_common.yaml @@ -34,7 +34,7 @@ jobs: ref: ${{ inputs.ref }} generate-perf-matrix: needs: get-dev-image-with-extras - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image-with-extras.outputs.image-with-tag }} outputs: @@ -57,7 +57,7 @@ jobs: echo "matrix=${matrix}" >> $GITHUB_OUTPUT run-perf-eval: needs: [get-dev-image-with-extras, generate-perf-matrix] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image-with-extras.outputs.image-with-tag }} strategy: diff --git a/.github/workflows/pr_genfiles.yml b/.github/workflows/pr_genfiles.yml index 69c1b080a0e..07d88137af1 100644 --- a/.github/workflows/pr_genfiles.yml +++ b/.github/workflows/pr_genfiles.yml @@ -13,7 +13,7 @@ jobs: with: image-base-name: "dev_image" run-genfiles: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/pr_linter.yml b/.github/workflows/pr_linter.yml index 9769777a618..8cd9b646d6e 100644 --- a/.github/workflows/pr_linter.yml +++ b/.github/workflows/pr_linter.yml @@ -13,7 +13,7 @@ jobs: with: image-base-name: "linter_image" run-container-lint: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: get-linter-image container: image: ${{ needs.get-linter-image.outputs.image-with-tag }} diff --git a/.github/workflows/release_update_docs_px_dev.yaml b/.github/workflows/release_update_docs_px_dev.yaml index 2efec3b6445..877d46653ea 100644 --- a/.github/workflows/release_update_docs_px_dev.yaml +++ b/.github/workflows/release_update_docs_px_dev.yaml @@ -13,7 +13,7 @@ jobs: image-base-name: "dev_image_with_extras" generate-docs: needs: get-dev-image - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} steps: diff --git a/.github/workflows/trivy_images.yaml b/.github/workflows/trivy_images.yaml index 5e25f4746b9..d29452bddf1 100644 --- a/.github/workflows/trivy_images.yaml +++ b/.github/workflows/trivy_images.yaml @@ -18,7 +18,7 @@ jobs: fail-fast: false matrix: artifact: [cloud, operator, vizier] - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/vizier_release.yaml b/.github/workflows/vizier_release.yaml index 12d722cfaf4..1607f56c321 100644 --- a/.github/workflows/vizier_release.yaml +++ b/.github/workflows/vizier_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -149,7 +149,7 @@ jobs: git commit -s -m "Release Helm chart Vizier ${VERSION}" git push origin "gh-pages" update-gh-artifacts-manifest: - runs-on: oracle-8cpu-32gb-x86-64 + runs-on: oracle-vm-8cpu-32gb-x86-64 needs: [get-dev-image, create-github-release] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} From 6bd9571763920815af803837fb6c45f6af6459ca Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sat, 22 Nov 2025 01:33:15 +0000 Subject: [PATCH 2/8] Don't run with remote execution. Build all bpf tests #ci:bpf-build Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 5 +++++ .github/workflows/cacher.yaml | 2 +- .github/workflows/cli_release.yaml | 4 ++-- .github/workflows/cloud_release.yaml | 2 +- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/mirror_demos.yaml | 2 +- .github/workflows/mirror_deps.yaml | 2 +- .github/workflows/mirror_releases.yaml | 2 +- .github/workflows/operator_release.yaml | 4 ++-- .github/workflows/perf_common.yaml | 4 ++-- .github/workflows/pr_genfiles.yml | 2 +- .github/workflows/pr_linter.yml | 2 +- .github/workflows/release_update_docs_px_dev.yaml | 2 +- .github/workflows/trivy_images.yaml | 2 +- .github/workflows/vizier_release.yaml | 4 ++-- ci/github/bazelrc | 3 --- 16 files changed, 25 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index f96ef029fc8..3cb60854db7 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -5,6 +5,7 @@ on: push: branches: - 'main' + - 'ddelnano/update-gha-oracle-runners' schedule: # Run at 23:09 PST (07:09 UTC) every sunday. Github suggests not running actions on the hour. - cron: '9 7 * * 0' @@ -160,6 +161,10 @@ jobs: run: | # Github actions container runner creates a docker network without IPv6 support. We enable it manually. sysctl -w net.ipv6.conf.lo.disable_ipv6=0 + + # Our qemu builds require unprivileged user namespaces to run. + sysctl -w kernel.unprivileged_userns_clone=1 + sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 ./scripts/bazel_ignore_codes.sh test ${{ matrix.args }} --target_pattern_file=target_files/${{ matrix.tests }} \ 2> >(tee bazel_stderr) - name: Parse junit reports diff --git a/.github/workflows/cacher.yaml b/.github/workflows/cacher.yaml index 264da3af65c..584360a5ff3 100644 --- a/.github/workflows/cacher.yaml +++ b/.github/workflows/cacher.yaml @@ -12,7 +12,7 @@ jobs: with: image-base-name: "dev_image" populate-caches: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/cli_release.yaml b/.github/workflows/cli_release.yaml index b83223b4f44..ba7a5101002 100644 --- a/.github/workflows/cli_release.yaml +++ b/.github/workflows/cli_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -188,7 +188,7 @@ jobs: --notes $'Pixie CLI Release:\n'"${changelog}" gh release upload "${TAG_NAME}" linux-artifacts/* macos-artifacts/* update-gh-artifacts-manifest: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: [get-dev-image, create-github-release] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/cloud_release.yaml b/.github/workflows/cloud_release.yaml index 70d45655e99..ff49ea2cf35 100644 --- a/.github/workflows/cloud_release.yaml +++ b/.github/workflows/cloud_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index b00ee7bc9f5..20dc5700ef8 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -10,7 +10,7 @@ permissions: contents: read jobs: analyze-go: - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 permissions: actions: read contents: read @@ -28,7 +28,7 @@ jobs: with: category: "/language:go" analyze-python: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 permissions: actions: read contents: read @@ -42,7 +42,7 @@ jobs: with: category: "/language:python" analyze-javascript: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 permissions: actions: read contents: read diff --git a/.github/workflows/mirror_demos.yaml b/.github/workflows/mirror_demos.yaml index a1b3d1f1d9b..0f2c5f46df4 100644 --- a/.github/workflows/mirror_demos.yaml +++ b/.github/workflows/mirror_demos.yaml @@ -9,7 +9,7 @@ jobs: permissions: contents: read packages: write - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 steps: - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v2 with: diff --git a/.github/workflows/mirror_deps.yaml b/.github/workflows/mirror_deps.yaml index 600fa1d8ac1..983b598927c 100644 --- a/.github/workflows/mirror_deps.yaml +++ b/.github/workflows/mirror_deps.yaml @@ -9,7 +9,7 @@ jobs: permissions: contents: read packages: write - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 steps: - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v2 with: diff --git a/.github/workflows/mirror_releases.yaml b/.github/workflows/mirror_releases.yaml index 25137d48606..f89ac612887 100644 --- a/.github/workflows/mirror_releases.yaml +++ b/.github/workflows/mirror_releases.yaml @@ -10,7 +10,7 @@ jobs: permissions: contents: read packages: write - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 steps: - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v2 with: diff --git a/.github/workflows/operator_release.yaml b/.github/workflows/operator_release.yaml index 554a2f0835e..d5db686663d 100644 --- a/.github/workflows/operator_release.yaml +++ b/.github/workflows/operator_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -142,7 +142,7 @@ jobs: git commit -s -m "Release Helm chart ${VERSION}" git push origin "gh-pages" update-gh-artifacts-manifest: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: [get-dev-image, create-github-release] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/perf_common.yaml b/.github/workflows/perf_common.yaml index 766dc3e4105..01083668873 100644 --- a/.github/workflows/perf_common.yaml +++ b/.github/workflows/perf_common.yaml @@ -34,7 +34,7 @@ jobs: ref: ${{ inputs.ref }} generate-perf-matrix: needs: get-dev-image-with-extras - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image-with-extras.outputs.image-with-tag }} outputs: @@ -57,7 +57,7 @@ jobs: echo "matrix=${matrix}" >> $GITHUB_OUTPUT run-perf-eval: needs: [get-dev-image-with-extras, generate-perf-matrix] - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image-with-extras.outputs.image-with-tag }} strategy: diff --git a/.github/workflows/pr_genfiles.yml b/.github/workflows/pr_genfiles.yml index 07d88137af1..69c1b080a0e 100644 --- a/.github/workflows/pr_genfiles.yml +++ b/.github/workflows/pr_genfiles.yml @@ -13,7 +13,7 @@ jobs: with: image-base-name: "dev_image" run-genfiles: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/pr_linter.yml b/.github/workflows/pr_linter.yml index 8cd9b646d6e..9769777a618 100644 --- a/.github/workflows/pr_linter.yml +++ b/.github/workflows/pr_linter.yml @@ -13,7 +13,7 @@ jobs: with: image-base-name: "linter_image" run-container-lint: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: get-linter-image container: image: ${{ needs.get-linter-image.outputs.image-with-tag }} diff --git a/.github/workflows/release_update_docs_px_dev.yaml b/.github/workflows/release_update_docs_px_dev.yaml index 877d46653ea..2efec3b6445 100644 --- a/.github/workflows/release_update_docs_px_dev.yaml +++ b/.github/workflows/release_update_docs_px_dev.yaml @@ -13,7 +13,7 @@ jobs: image-base-name: "dev_image_with_extras" generate-docs: needs: get-dev-image - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} steps: diff --git a/.github/workflows/trivy_images.yaml b/.github/workflows/trivy_images.yaml index d29452bddf1..5e25f4746b9 100644 --- a/.github/workflows/trivy_images.yaml +++ b/.github/workflows/trivy_images.yaml @@ -18,7 +18,7 @@ jobs: fail-fast: false matrix: artifact: [cloud, operator, vizier] - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/.github/workflows/vizier_release.yaml b/.github/workflows/vizier_release.yaml index 1607f56c321..12d722cfaf4 100644 --- a/.github/workflows/vizier_release.yaml +++ b/.github/workflows/vizier_release.yaml @@ -15,7 +15,7 @@ jobs: image-base-name: "dev_image_with_extras" build-release: name: Build Release - runs-on: oracle-vm-16cpu-64gb-x86-64 + runs-on: oracle-16cpu-64gb-x86-64 needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -149,7 +149,7 @@ jobs: git commit -s -m "Release Helm chart Vizier ${VERSION}" git push origin "gh-pages" update-gh-artifacts-manifest: - runs-on: oracle-vm-8cpu-32gb-x86-64 + runs-on: oracle-8cpu-32gb-x86-64 needs: [get-dev-image, create-github-release] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} diff --git a/ci/github/bazelrc b/ci/github/bazelrc index f4b0cdb5ac0..8de37643b0c 100644 --- a/ci/github/bazelrc +++ b/ci/github/bazelrc @@ -5,9 +5,6 @@ common --color=yes # a given run. common --keep_going -# Always use remote exec -build --config=remote - build --build_metadata=HOST=github-actions build --build_metadata=USER=github-actions build --build_metadata=REPO_URL=https://github.com/pixie-io/pixie From 6ba104e887a880200aa64c2f9274b2959b564135 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 4 Dec 2025 14:48:13 +0000 Subject: [PATCH 3/8] Remove es tmpfs mounts that cause AccessDenfiedException on container start Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index a098add6a2d..90b499641f7 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -63,30 +63,6 @@ func SetupElastic() (*elastic.Client, func(), error) { }, func(config *docker.HostConfig) { config.AutoRemove = true config.RestartPolicy = docker.RestartPolicy{Name: "no"} - // Tmpfs is much faster than the default docker mounts. - config.Mounts = []docker.HostMount{ - { - Target: "/opt/elasticsearch/volatile/data", - Type: "tmpfs", - TempfsOptions: &docker.TempfsOptions{ - SizeBytes: 100 * 1024 * 1024, - }, - }, - { - Target: "/opt/elasticsearch/volatile/logs", - Type: "tmpfs", - TempfsOptions: &docker.TempfsOptions{ - SizeBytes: 100 * 1024 * 1024, - }, - }, - { - Target: "/tmp", - Type: "tmpfs", - TempfsOptions: &docker.TempfsOptions{ - SizeBytes: 100 * 1024 * 1024, - }, - }, - } config.CPUCount = 1 config.Memory = 1024 * 1024 * 1024 config.MemorySwap = 0 From 103b873026354dc5df614e4a3d2154541facbf7e Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 4 Dec 2025 14:51:37 +0000 Subject: [PATCH 4/8] Ensure that cc_clang_binary rules have access to sysroot glibc Signed-off-by: Dom Del Nano --- bazel/toolchain_transitions.bzl | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/toolchain_transitions.bzl b/bazel/toolchain_transitions.bzl index 65caa6e6c7b..5578af5dada 100644 --- a/bazel/toolchain_transitions.bzl +++ b/bazel/toolchain_transitions.bzl @@ -29,6 +29,7 @@ cc_clang_binary = meta.wrap_with_transition( native.cc_binary, { "@//bazel/cc_toolchains:compiler": meta.replace_with("clang"), + "@//bazel/cc_toolchains:libc_version": meta.replace_with("glibc2_36"), }, executable = True, ) From 9ea87401dc6f1fb219ca4b8f7c13c318bf2454af Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 4 Dec 2025 14:02:20 -0800 Subject: [PATCH 5/8] Ensure the path.data and path.logs ES env vars are removed too Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index 90b499641f7..f06dbfd11f6 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -55,8 +55,6 @@ func SetupElastic() (*elastic.Client, func(), error) { "xpack.security.http.ssl.enabled=false", "xpack.security.transport.ssl.enabled=false", "indices.lifecycle.poll_interval=5s", - "path.data=/opt/elasticsearch/volatile/data", - "path.logs=/opt/elasticsearch/volatile/logs", "ES_JAVA_OPTS=-Xms128m -Xmx128m -server", "ES_HEAP_SIZE=128m", }, From 4a99482c190f3af4a9ec27c4b3b883a95126361e Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 4 Dec 2025 22:35:34 +0000 Subject: [PATCH 6/8] Remove branch trigger used for testing Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 3cb60854db7..58d51489c78 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -5,7 +5,6 @@ on: push: branches: - 'main' - - 'ddelnano/update-gha-oracle-runners' schedule: # Run at 23:09 PST (07:09 UTC) every sunday. Github suggests not running actions on the hour. - cron: '9 7 * * 0' From 0fa9e121e9b05a4b663ca9881a6a3e121e4e1d3e Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Fri, 5 Dec 2025 09:33:30 +0000 Subject: [PATCH 7/8] Add tmpfs mounts back with proper permissions to fix elasticsearch startup Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 29 ++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index f06dbfd11f6..3e25db58ff8 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -55,12 +55,41 @@ func SetupElastic() (*elastic.Client, func(), error) { "xpack.security.http.ssl.enabled=false", "xpack.security.transport.ssl.enabled=false", "indices.lifecycle.poll_interval=5s", + "path.data=/opt/elasticsearch/volatile/data", + "path.logs=/opt/elasticsearch/volatile/logs", "ES_JAVA_OPTS=-Xms128m -Xmx128m -server", "ES_HEAP_SIZE=128m", }, }, func(config *docker.HostConfig) { config.AutoRemove = true config.RestartPolicy = docker.RestartPolicy{Name: "no"} + // Tmpfs is much faster than the default docker mounts. + config.Mounts = []docker.HostMount{ + { + Target: "/opt/elasticsearch/volatile/data", + Type: "tmpfs", + TempfsOptions: &docker.TempfsOptions{ + SizeBytes: 100 * 1024 * 1024, + Mode: 0777, + }, + }, + { + Target: "/opt/elasticsearch/volatile/logs", + Type: "tmpfs", + TempfsOptions: &docker.TempfsOptions{ + SizeBytes: 100 * 1024 * 1024, + Mode: 0777, + }, + }, + { + Target: "/tmp", + Type: "tmpfs", + TempfsOptions: &docker.TempfsOptions{ + SizeBytes: 100 * 1024 * 1024, + Mode: 0777, + }, + }, + } config.CPUCount = 1 config.Memory = 1024 * 1024 * 1024 config.MemorySwap = 0 From 68178d15a41b2d6fe4a79727ffc870593a128891 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Fri, 5 Dec 2025 10:03:59 +0000 Subject: [PATCH 8/8] Fix linting issues Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index 3e25db58ff8..a90dafef4c2 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -70,7 +70,7 @@ func SetupElastic() (*elastic.Client, func(), error) { Type: "tmpfs", TempfsOptions: &docker.TempfsOptions{ SizeBytes: 100 * 1024 * 1024, - Mode: 0777, + Mode: 0o777, }, }, { @@ -78,7 +78,7 @@ func SetupElastic() (*elastic.Client, func(), error) { Type: "tmpfs", TempfsOptions: &docker.TempfsOptions{ SizeBytes: 100 * 1024 * 1024, - Mode: 0777, + Mode: 0o777, }, }, { @@ -86,7 +86,7 @@ func SetupElastic() (*elastic.Client, func(), error) { Type: "tmpfs", TempfsOptions: &docker.TempfsOptions{ SizeBytes: 100 * 1024 * 1024, - Mode: 0777, + Mode: 0o777, }, }, }