Conversation
theihor
force-pushed
the
debian
branch
7 times, most recently
from
b91e1f3 to
7f6479a
Compare
theihor
added a commit
to kernel-patches/bpf-rc
that referenced
this pull request
Jan 27, 2026
GitHub now provides a lightweight runner [1], which is perfect for little jobs like set-matrix. [1] https://github.blog/changelog/2026-01-22-1-vcpu-linux-runner-now-generally-available-in-github-actions/ Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
Use a custom Debian-base docker image for kernel build jobs (kernel-patches/runner#94). Bump libbpf/ci actions to v4 (libbpf/ci#210). Other nits: - set CROSS_COMPILE only for s390x - simplify Linux source download - remove setup docker/qemu logic - in gcc-bpf, install github cli on demand Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
theihor
added a commit
to kernel-patches/runner
that referenced
this pull request
Jan 27, 2026
Update automated build workflows to build 5 images: - x86_64 Ubuntu runner - aarch64 Ubuntu runner - s390x Ubuntu runner - x86_64 Debian builder - aarch64 Debian builder With this change, Ubuntu runners don't install build dependencies from libbpf/ci/setup-build-env action, only run-vmtest dependencies. For context see kernel-patches/vmtest#433 Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
theihor
added a commit
to kernel-patches/runner
that referenced
this pull request
Jan 27, 2026
Update automated build workflows to build 5 images: - x86_64 Ubuntu runner - aarch64 Ubuntu runner - s390x Ubuntu runner - x86_64 Debian builder - aarch64 Debian builder With this change, Ubuntu runners don't install build dependencies from libbpf/ci/setup-build-env action, only run-vmtest dependencies. For context see kernel-patches/vmtest#433 Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is a part of changes moving BPF CI kernel build jobs environment to a docker image based on debian. Debian is chosen due to it being upstream of Ubuntu, so most scripting is compatible and it is generally lighter and (hopefully) more stable.
Other relevant PRs: libbpf/ci#210, kernel-patches/runner#94
The point of this change is not to switch to Debian specifically, but to battle-test environment customization for BPF CI jobs. If this works well, it's a PoC that BPF CI doesn't actually depend on Ubuntu, or whatever github-hosted runners are using.
Note that this change only affects the build jobs. We are still bound by the requirement to use bare-metal machines to run the selftests without emulation, and so the test jobs will still use ubuntu-based runners for now. However they can already become lighter, because build dependencies won't be necessary anymore.
Background
For mostly historical reasons, BPF CI runners have been tightly coupled to Ubuntu-based environment.
This makes sense, because Ubuntu is the official distro used by GitHub-hosted action runners, and we've been trying to keep BPF CI workflows working on both self-hosted and GitHub-hosted runners.
It comes with drawbacks of course. In particular, because the runners use stable Ubuntu version (24.04 as of today), cutting edge versions of upstream dependencies, sometimes required for BPF testing, may be unavailable out of the box. Because of that, we occasionally have to resort to questionable hackery (example, example).
Another drawback is that BPF CI is down when Canonical is down, because of all the apt install commands across the workflows.
Also we rely on third-party Docker images, which overall have been very helpful, but is another bottleneck. For example, actions runner software can be updated only after upstream image is updated.
AWS CodeBuild
Last year (#346) I set up AWS CodeBuild project in order to be able auto-scale the kernel build jobs on demand. This has been in use without major issues since then.
As it turns out, AWS CodeBuild allows image override directly in the github actions workflow definition (docs). This enables great flexibility in controlling what workflows run in what environment, because we don't have to set up an entire separate runner (from GHA perspective) for every environment. Just specify image uri in the yaml.
This is also better than a vanilla actions
container:feature (docs), because the AWS CodeBuild engine has a local docker cache which helps to avoid pulling (or building) the image for every single job. This matters when the image size is 5Gb+.The cherry on top is that CodeBuild handles part of the self-hosted runner plumbing, such as authentication. The only thing one has to ensure is that the docker image has GitHub Actions runner client runtime dependencies installed. This means that the images running on CodeBuild can be simpler and more lightweight (in terms of stuff installed on the system) compared to what we have now.