Open
Conversation
3 tasks
Add CI support for compiling and distributing the Rust containerd shim
(containerd-shim-kata-v2-rs) as a static musl binary across all CI systems.
GitLab CI (.gitlab-ci.yml):
- Add build-shim-rust-amd64/arm64 jobs using the internal mirror registry
(registry.ddbuild.io/images/mirror/rust:1.91-alpine) with musl cross-
compilation toolchains
- Update publish-artifacts to upload the Rust shim to S3 alongside the Go shim
GHA static tarball workflows (build-kata-static-tarball-{amd64,arm64}.yaml):
- Add build-asset-shim-rs job that builds the Rust shim and uploads it as a
GHA artifact
- Update create-kata-tarball to include the Rust shim at
opt/kata/runtime-rs/bin/containerd-shim-kata-v2 inside the release tarball
- Install cmake, required by libz-sys for musl cross-compilation
GHA release workflow (build-kata-os.yml):
- Add "Build containerd-shim-kata-v2-rs" step and bundle it into
artifacts-{amd64,arm64}.zip alongside the kernel, rootfs, and Go shim
- Reclaim workspace ownership with `sudo chown -R ... .` before building:
the self-hosted arm64 runner reuses its workspace between runs and previous
Docker steps leave root-owned files that block protobuf codegen
- Install cmake and create the musl C++ symlink for cross-compilation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
TheRayquaza
force-pushed
the
mateo.lelong/datadog-ci-rust-shim
branch
from
b8be637 to
62d84ff
Compare
zaymat
requested changes
Apr 9, 2026
Comment on lines
+29
to
+32
| - name: Install Rust toolchain | ||
| run: | | ||
| curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain 1.91 | ||
| echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
There was a problem hiding this comment.
I wonder if there exists github actions for that.
TheRayquaza
force-pushed
the
mateo.lelong/datadog-ci-rust-shim
branch
from
d7bb3ff to
3299c43
Compare
zaymat
reviewed
Apr 16, 2026
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: ">=1.24.0" | ||
| - uses: dtolnay/rust-toolchain@1.91 |
There was a problem hiding this comment.
any idea why they don't need it in the kata upstream github action?
| - uses: dtolnay/rust-toolchain@1.91 | ||
| - name: Install dependencies | ||
| run: sudo apt-get update && sudo apt-get install -y libelf-dev flex bison libssl-dev pahole | ||
| run: sudo apt-get update && sudo apt-get install -y libelf-dev flex bison libssl-dev pahole musl-tools g++ cmake |
There was a problem hiding this comment.
do you still need g++ and cmake after you changes?
Comment on lines
+44
to
+48
| rustup target add ${{ matrix.musl_arch }}-unknown-linux-musl | ||
| cd src/runtime-rs | ||
| make clean-generated-files | ||
| make PREFIX=/opt/kata | ||
| cp ../../target/${{ matrix.musl_arch }}-unknown-linux-musl/release/containerd-shim-kata-v2 /tmp/containerd-shim-kata-v2-rs |
There was a problem hiding this comment.
How is it done upstream. I'm under the impression they generate both shims in one make command.
TheRayquaza
force-pushed
the
mateo.lelong/datadog-ci-rust-shim
branch
2 times, most recently
from
2d85b94 to
3299c43
Compare
Author
|
actually that s an issue, going back to manual download of rust using upstream script |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds CI support for compiling and distributing the Rust containerd shim (`containerd-shim-kata-v2-rs`) as a static musl binary alongside the existing Go shim, across all CI systems.
GitLab CI (
.gitlab-ci.yml):build-shim-rust-amd64andbuild-shim-rust-arm64jobs usingregistry.ddbuild.io/images/mirror/rust:1.91-alpinewith musl cross-compilation toolchainspublish-artifactsupdated to upload the Rust shim to S3 ats3://kata-containers-ci-artifacts/$TAG/{amd64,arm64}/containerd-shim-kata-v2GHA static tarball workflows (
build-kata-static-tarball-{amd64,arm64}.yaml):build-asset-shim-rsjob compiles and uploads the Rust shim as a GHA artifactcreate-kata-tarballbundles inside the release tarballGHA release workflow (
build-kata-os.yml):artifacts-{amd64,arm64}.zipTesting
The build was validated on run #24140664525 (both amd64 and arm64).
To verify the Rust shim is present in the release zip: