Use VM-based github runners

.github/workflows/attach-artifacts.yml

@@ -9,11 +9,7 @@ on:
 
 jobs:
   upload-assets:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: ubuntu-latest
     permissions:
       contents: write  # needed to modify releases
 

.github/workflows/ci.yml

@@ -23,13 +23,10 @@ jobs:
     name: Smoketests
     strategy:
       matrix:
-        runner: [spacetimedb-new-runner, windows-latest]
+        runner: [spacetimedb-new-runner-2, windows-latest]
         include:
-          - runner: spacetimedb-new-runner
+          - runner: spacetimedb-new-runner-2
             smoketest_args: --docker
-            container:
-              image: localhost:5000/spacetimedb-ci:latest
-              options: --privileged
           - runner: windows-latest
             smoketest_args: --no-build-cli
             container: null
@@ -86,10 +83,6 @@ jobs:
         shell: powershell
       - name: Build crates
         run: cargo build -p spacetimedb-cli -p spacetimedb-standalone -p spacetimedb-update
-      - name: Start Docker daemon
-        if: runner.os == 'Linux'
-        run: /usr/local/bin/start-docker.sh
-
       - name: Build and start database (Linux)
         if: runner.os == 'Linux'
         run: |
@@ -123,11 +116,13 @@ jobs:
   test:
     needs: [lints, llm_ci_check]
     name: Test Suite
+    # TODO: Migrate to spacetimedb-new-runner2 when flakes are fixed
     runs-on: spacetimedb-new-runner
     container:
       image: localhost:5000/spacetimedb-ci:latest
       options: >-
         --privileged
+
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -180,11 +175,7 @@ jobs:
 
   lints:
     name: Lints
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -212,11 +203,7 @@ jobs:
 
   wasm_bindings:
     name: Build and test wasm bindings
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -239,11 +226,7 @@ jobs:
 
   publish_checks:
     name: Check that packages are publishable
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: ubuntu-latest
     permissions: read-all
     steps:
       - uses: actions/checkout@v3
@@ -272,11 +255,8 @@ jobs:
     strategy:
       matrix:
         include:
-          - runner: spacetimedb-new-runner
+          - runner: spacetimedb-new-runner-2
             target: x86_64-unknown-linux-gnu
-            container:
-              image: localhost:5000/spacetimedb-ci:latest
-              options: --privileged
           - { target: aarch64-unknown-linux-gnu, runner: arm-runner }
           - { target: aarch64-apple-darwin, runner: macos-latest }
           - { target: x86_64-pc-windows-msvc, runner: windows-latest }
@@ -324,7 +304,7 @@ jobs:
     name: Unreal Engine Tests
     # This can't go on e.g. ubuntu-latest because that runner runs out of disk space. ChatGPT suggested that the general solution tends to be to use
     # a custom runner.
-    runs-on: spacetimedb-new-runner
+    runs-on: spacetimedb-new-runner-2
     # Disable the tests because they are very flaky at the moment.
     # TODO: Remove this line and re-enable the `if` line just below here.
     if: false
@@ -439,11 +419,7 @@ jobs:
   cli_docs:
     name: Check CLI docs
     permissions: read-all
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
     steps:
@@ -524,12 +500,7 @@ jobs:
     permissions:
       contents: read
       checks: write
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
-        --cgroupns=host
+    runs-on: spacetimedb-unity-runner
     timeout-minutes: 30
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
@@ -630,9 +601,6 @@ jobs:
           key: Unity-${{ github.head_ref }}
           restore-keys: Unity-
 
-        # We need this to support "Docker in Docker"
-      - name: Start Docker daemon
-        run: /usr/local/bin/start-docker.sh
       - name: Run Unity tests
         uses: game-ci/unity-test-runner@v4
         with:
@@ -649,12 +617,7 @@ jobs:
 
   csharp-testsuite:
     needs: [lints, llm_ci_check]
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
-        --cgroupns=host
+    runs-on: spacetimedb-new-runner-2
     timeout-minutes: 30
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target

.github/workflows/docker.yml

@@ -11,63 +11,63 @@
 
 jobs:
   docker-amd64:
-    runs-on: ubuntu-latest
+    runs-on: spacetimedb-new-runner-2
     name: Build DockerHub AMD64 Container
     steps:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: |
             clockworklabs/spacetimedb
           tags: |
             type=ref,event=tag
             type=sha,prefix=commit-,suffix=-amd64
           flavor: |
             latest=false
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}-buildx-
       - name: Login to DockerHub
         uses: docker/login-action@v2
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Build and push
         uses: docker/build-push-action@v4
         with:
           context: .
           file: crates/standalone/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           platforms: linux/amd64
 
       - name: Merge images
         run: |
           ./tools/merge-docker-images.sh clockworklabs/spacetimedb "commit-${GITHUB_SHA:0:7}" "${GITHUB_SHA:0:7}-full"
 
         # This ugly bit is necessary if you don't want your cache to grow forever
         # until it hits GitHub's limit of 5GB.
         # Temp fix
         # https://github.com/docker/build-push-action/issues/252
         # https://github.com/moby/buildkit/issues/1896
       - name: Move cache
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
   docker-arm64:
     runs-on: arm-runner
     name: Build DockerHub ARM64 Container
     steps:

.github/workflows/docs-publish.yaml

@@ -10,11 +10,7 @@ on:
 
 jobs:
   build:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

.github/workflows/docs-test.yaml

@@ -7,11 +7,7 @@ on:
 
 jobs:
   build:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: >-
-        --privileged
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

.github/workflows/package.yml

@@ -16,11 +16,7 @@ jobs:
         include:
           - name: x86_64 Linux
             target: x86_64-unknown-linux-gnu
-            runner: spacetimedb-new-runner
-            container:
-              image: localhost:5000/spacetimedb-ci:latest
-              options: >-
-                --privileged
+            runner: spacetimedb-new-runner-2
           - { name: aarch64 Linux, target: aarch64-unknown-linux-gnu, runner: arm-runner }
           # Disabled because musl builds weren't working and we didn't want to investigate. See https://github.com/clockworklabs/SpacetimeDB/pull/2964.
           # - { name: x86_64 Linux musl, target: x86_64-unknown-linux-musl, runner: bare-metal, container: alpine }

.github/workflows/typescript-lint.yml

@@ -9,37 +9,32 @@
 
 jobs:
   build:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: --privileged
-
-
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
           node-version: 18
 
       - uses: pnpm/action-setup@v4
         with:
           run_install: true
 
       - name: Get pnpm store directory
         shell: bash
         run: |
           echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
 
       - uses: actions/cache@v4
         name: Setup pnpm cache
         with:
           path: ${{ env.STORE_PATH }}
           key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: |
             ${{ runner.os }}-pnpm-store-
 
       - name: Lint
         run: pnpm lint

.github/workflows/typescript-test.yml

@@ -13,153 +13,150 @@
 
 jobs:
   build-and-test:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: --privileged
+    runs-on: spacetimedb-new-runner-2
     env:
       CARGO_TARGET_DIR: ${{ github.workspace }}/target
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
           node-version: 18
 
       - uses: pnpm/action-setup@v4
         with:
           run_install: true
 
       - name: Get pnpm store directory
         shell: bash
         working-directory: crates/bindings-typescript
         run: |
           echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
 
       - uses: actions/cache@v4
         name: Setup pnpm cache
         with:
           path: ${{ env.STORE_PATH }}
           key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: |
             ${{ runner.os }}-pnpm-store-
 
       - name: Build module library and SDK
         working-directory: crates/bindings-typescript
         run: pnpm build
 
       - name: Run module library and SDK tests
         working-directory: crates/bindings-typescript 
         run: pnpm test
 
       # - name: Extract SpacetimeDB branch name from file
       #   id: extract-branch
       #   run: |
       #     # Define the path to the branch file
       #     BRANCH_FILE=".github/spacetimedb-branch.txt"
 
       #     # Default to master if file doesn't exist
       #     if [ ! -f "$BRANCH_FILE" ]; then
       #       echo "::notice::No SpacetimeDB branch file found, using 'master'"
       #       echo "branch=master" >> $GITHUB_OUTPUT
       #       exit 0
       #     fi
 
       #     # Read and trim whitespace from the file
       #     branch=$(cat "$BRANCH_FILE" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
 
       #     # Fallback to master if empty
       #     if [ -z "$branch" ]; then
       #       echo "::warning::SpacetimeDB branch file is empty, using 'master'"
       #       branch="master"
       #     fi
 
       #     echo "branch=$branch" >> $GITHUB_OUTPUT
       #     echo "Using SpacetimeDB branch from file: $branch"
 
       - name: Install Rust toolchain
         uses: dsherret/rust-toolchain-file@v1
 
       - name: Cache Rust dependencies
         uses: Swatinem/rust-cache@v2
         with:
           workspaces: ${{ github.workspace }}
           shared-key: spacetimedb
           # Let the main CI job save the cache since it builds the most things
           save-if: false
           prefix-key: v1
 
       - name: Install SpacetimeDB CLI from the local checkout
         run: |
           cargo install --force --path crates/cli --locked --message-format=short
           cargo install --force --path crates/standalone --locked --message-format=short
           # Add a handy alias using the old binary name, so that we don't have to rewrite all scripts (incl. in submodules).
           rm -f $CARGO_HOME/bin/spacetime
           ln -s $CARGO_HOME/bin/spacetimedb-cli $CARGO_HOME/bin/spacetime
           # Clear any existing information
           spacetime server clear -y
 
       # This step shouldn't be needed, but somehow we end up with caches that are missing librusty_v8.a.
       # This may be due to reusing CARGO_TARGET_DIR while mixing different build strategies (`cargo install` and `cargo build -p`).
       # However, this fix seems to work.
       - name: Check v8 outputs
         run: |
           find "${CARGO_TARGET_DIR}"/ -type f | grep '[/_]v8' || true
           if ! [ -f "${CARGO_TARGET_DIR}"/debug/gn_out/obj/librusty_v8.a ]; then
             echo "Could not find v8 output file librusty_v8.a; rebuilding manually."
             cargo clean -p v8 || true
             cargo build -p v8
           fi
 
       - name: Generate client bindings
         working-directory: templates/quickstart-chat-typescript
         run: |
           pnpm generate
 
       - name: Check for changes
         working-directory: templates/quickstart-chat-typescript
         run: |
           "${GITHUB_WORKSPACE}"/tools/check-diff.sh src/module_bindings || {
             echo "Error: Bindings are dirty. Please generate bindings again and commit them to this branch."
             exit 1
           }
 
       # - name: Start SpacetimeDB
       #   run: |
       #     spacetime start &
       #     disown
 
       # - name: Publish module to SpacetimeDB
       #   working-directory: SpacetimeDB/templates/quickstart-chat-typescript/spacetimedb
       #   run: |
       #     spacetime logout && spacetime login --server-issued-login local
       #     spacetime publish -s local quickstart-chat -c -y
 
       # - name: Publish module to SpacetimeDB
       #   working-directory: SpacetimeDB/templates/quickstart-chat-typescript/spacetimedb
       #   run: |
       #     spacetime logs quickstart-chat
 
       - name: Check that quickstart-chat builds
         working-directory: templates/quickstart-chat-typescript
         run: pnpm build
 
       - name: Check that templates build
         working-directory: templates/
         run: pnpm -r --filter "./**" run build
 
       - name: Check that subdirectories build
         working-directory: crates/bindings-typescript
         run: pnpm -r --filter "./**" run build
 
       # - name: Run quickstart-chat tests
       #   working-directory: examples/quickstart-chat
       #   run: pnpm test
       #
       # # Run this step always, even if the previous steps fail
       # - name: Print rows in the user table
       #   if: always()
       #   run: spacetime sql quickstart-chat "SELECT * FROM user"

.github/workflows/upgrade-version-check.yml

@@ -8,10 +8,7 @@ permissions: read-all
 
 jobs:
   version_upgrade_check:
-    runs-on: spacetimedb-new-runner
-    container:
-      image: localhost:5000/spacetimedb-ci:latest
-      options: --privileged
+    runs-on: spacetimedb-new-runner-2
     steps:
       - name: Checkout
         uses: actions/checkout@v3