diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f0e151d25778c..9d9865db74af0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -145,6 +145,10 @@ jobs:
       - name: install awscli
         run: src/ci/scripts/install-awscli.sh
 
+      - if: contains(matrix.os, 'codebuild-ubuntu')
+        name: Install sotftware for codebuild
+        run: chmod +x src/ci/scripts/ubuntu-codebuild.sh && ./src/ci/scripts/ubuntu-codebuild.sh
+
       - name: install sccache
         run: src/ci/scripts/install-sccache.sh
 
@@ -174,6 +178,8 @@ jobs:
 
       - name: enable ipv6 on Docker
         run: src/ci/scripts/enable-docker-ipv6.sh
+        # Don't run on codebuild because systemctl is not available
+        if: ${{ !contains(matrix.os, 'codebuild-ubuntu') }}
 
       # Disable automatic line ending conversion (again). On Windows, when we're
       # installing dependencies, something switches the git configuration directory or
diff --git a/src/ci/docker/run.sh b/src/ci/docker/run.sh
index a0adf60b6b2c9..3b0516bd25ba9 100755
--- a/src/ci/docker/run.sh
+++ b/src/ci/docker/run.sh
@@ -39,6 +39,7 @@ root_dir="`dirname $src_dir`"
 source "$ci_dir/shared.sh"
 
 if isCI; then
+    echo "CI detected"
     objdir=$root_dir/obj
 else
     objdir=$root_dir/obj/$image
@@ -53,6 +54,7 @@ fi
 CACHE_DOMAIN="${CACHE_DOMAIN:-ci-caches.rust-lang.org}"
 
 if [ -f "$docker_dir/$image/Dockerfile" ]; then
+    echo "Dockerfile found for $image"
     hash_key=/tmp/.docker-hash-key.txt
     rm -f "${hash_key}"
     echo $image >> $hash_key
@@ -149,6 +151,7 @@ if [ -f "$docker_dir/$image/Dockerfile" ]; then
           --output=type=docker
     # On auto/try builds, we can also write to the cache.
     else
+        echo "Logging into the Docker registry"
         # Log into the Docker registry, so that we can read/write cache and the final image
         echo ${DOCKER_TOKEN} | docker login ${REGISTRY} \
             --username ${REGISTRY_USERNAME} \
@@ -157,6 +160,7 @@ if [ -f "$docker_dir/$image/Dockerfile" ]; then
         # Enable a new Docker driver so that --cache-from/to works with a registry backend
         docker buildx create --use --driver docker-container
 
+        echo "Building Docker image with cache"
         # Build the image using registry caching backend
         retry docker \
           buildx \
@@ -165,11 +169,13 @@ if [ -f "$docker_dir/$image/Dockerfile" ]; then
           --cache-to type=registry,ref=${CACHE_IMAGE_TAG},compression=zstd \
           --output=type=docker
 
+        echo "Docker image built"
         # Print images for debugging purposes
         docker images
 
         # Tag the built image and push it to the registry
         docker tag rust-ci "${IMAGE_TAG}"
+        echo "Pushing Docker image to the registry"
         docker push "${IMAGE_TAG}"
 
         # Record the container registry tag/url for reuse, e.g. by rustup.rs builds
@@ -221,6 +227,7 @@ else
     exit 1
 fi
 
+echo "Creating directories"
 mkdir -p $HOME/.cargo
 mkdir -p $objdir/tmp
 mkdir -p $objdir/cores
@@ -276,6 +283,7 @@ args="$args --privileged"
 # `LOCAL_USER_ID` (recognized in `src/ci/run.sh`) to ensure that files are all
 # read/written as the same user as the bare-metal user.
 if [ -f /.dockerenv ]; then
+  echo "Dockerenv detected. We are in docker-in-docker scenario."
   docker create -v /checkout --name checkout alpine:3.4 /bin/true
   docker cp . checkout:/checkout
   args="$args --volumes-from checkout"
@@ -284,16 +292,23 @@ else
   args="$args --volume $objdir:/checkout/obj"
   args="$args --volume $HOME/.cargo:/cargo"
   args="$args --volume /tmp/toolstate:/tmp/toolstate"
+fi
 
-  id=$(id -u)
-  if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
-    # Rootless podman creates a separate user namespace, where an inner
-    # LOCAL_USER_ID will map to a different subuid range on the host.
-    # The "keep-id" mode maps the current UID directly into the container.
-    args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
-  else
-    args="$args --env LOCAL_USER_ID=$id"
-  fi
+id=$(id -u)
+if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
+  # Rootless podman creates a separate user namespace, where an inner
+  # LOCAL_USER_ID will map to a different subuid range on the host.
+  # The "keep-id" mode maps the current UID directly into the container.
+  echo "Running in rootless podman"
+  args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
+elif [[ "$id" != 0 ]]; then
+  echo "Running in docker as non-root"
+  args="$args --env LOCAL_USER_ID=$id"
+else
+  echo "Running in docker as root. Using id 1001."
+  # If we're running as root, we don't want to run the container as root,
+  # so we set id `1001` instead of `0`.
+  args="$args --env LOCAL_USER_ID=1001"
 fi
 
 if [ "$dev" = "1" ]
diff --git a/src/ci/github-actions/calculate-job-matrix.py b/src/ci/github-actions/calculate-job-matrix.py
index 1f994f0ffd2ef..f3c9a9311c914 100755
--- a/src/ci/github-actions/calculate-job-matrix.py
+++ b/src/ci/github-actions/calculate-job-matrix.py
@@ -181,6 +181,21 @@ def format_run_type(run_type: WorkflowRunType) -> str:
         raise AssertionError()
 
 
+# Add new function before main:
+def substitute_github_vars(jobs: list) -> list:
+    """Replace GitHub context variables with environment variables in job configs."""
+    for job in jobs:
+        if "os" in job:
+            job["os"] = job["os"].replace(
+                "${{ github.run_id }}",
+                os.environ["GITHUB_RUN_ID"]
+            ).replace(
+                "${{ github.run_attempt }}",
+                os.environ["GITHUB_RUN_ATTEMPT"]
+            )
+    return jobs
+
+
 if __name__ == "__main__":
     logging.basicConfig(level=logging.INFO)
 
@@ -199,6 +214,8 @@ def format_run_type(run_type: WorkflowRunType) -> str:
     if run_type is not None:
         jobs = calculate_jobs(run_type, data)
     jobs = skip_jobs(jobs, channel)
+    jobs = substitute_github_vars(jobs)
+
 
     if not jobs:
         raise Exception("Scheduled job list is empty, this is an error")
diff --git a/src/ci/github-actions/jobs.yml b/src/ci/github-actions/jobs.yml
index 876a779359215..3c4a65c7c92ff 100644
--- a/src/ci/github-actions/jobs.yml
+++ b/src/ci/github-actions/jobs.yml
@@ -46,6 +46,10 @@ runners:
   - &job-aarch64-linux
     os: ubuntu-22.04-arm64-8core-32gb
 
+  - &job-linux-8c-codebuild
+    os: codebuild-ubuntu-22-8c-${{ github.run_id }}-${{ github.run_attempt }}
+    <<: *base-job
+
 envs:
   env-x86_64-apple-tests: &env-x86_64-apple-tests
     SCRIPT: ./x.py --stage 2 test --skip tests/ui --skip tests/rustdoc -- --exact
@@ -264,7 +268,7 @@ auto:
     <<: *job-linux-4c
 
   - image: x86_64-gnu
-    <<: *job-linux-4c
+    <<: *job-linux-8c-codebuild
 
   # This job ensures commits landing on nightly still pass the full
   # test suite on the stable channel. There are some UI tests that
diff --git a/src/ci/run.sh b/src/ci/run.sh
index b874f71832d73..323e14d351193 100755
--- a/src/ci/run.sh
+++ b/src/ci/run.sh
@@ -2,16 +2,29 @@
 
 set -e
 
+echo "Running inside src/ci/run.sh script"
+
 if [ -n "$CI_JOB_NAME" ]; then
   echo "[CI_JOB_NAME=$CI_JOB_NAME]"
 fi
 
+echo "whoami: $(whoami). Home: $HOME"
+echo "--- current directory ---"
+pwd
+ls -l
+echo "-------------------------"
+echo "NO_CHANGE_USER=$NO_CHANGE_USER. LOCAL_USER_ID=$LOCAL_USER_ID"
 if [ "$NO_CHANGE_USER" = "" ]; then
+  echo "can change user"
   if [ "$LOCAL_USER_ID" != "" ]; then
+    echo "Starting with UID: $LOCAL_USER_ID"
     id -u user &>/dev/null || useradd --shell /bin/bash -u $LOCAL_USER_ID -o -c "" -m user
     export HOME=/home/user
     unset LOCAL_USER_ID
 
+    # Give ownership of the current directory to the user
+    chown -R user:user .
+
     # Ensure that runners are able to execute git commands in the worktree,
     # overriding the typical git protections. In our docker container we're running
     # as root, while the user owning the checkout is not root.
@@ -21,6 +34,7 @@ if [ "$NO_CHANGE_USER" = "" ]; then
     # For NO_CHANGE_USER done in the small number of Dockerfiles affected.
     echo -e '[safe]\n\tdirectory = *' > /home/user/.gitconfig
 
+    echo "Switching to user"
     exec su --preserve-environment -c "env PATH=$PATH \"$0\"" user
   fi
 fi
diff --git a/src/ci/scripts/enable-docker-ipv6.sh b/src/ci/scripts/enable-docker-ipv6.sh
index 03d5a75e24e27..fb09a399d9bec 100755
--- a/src/ci/scripts/enable-docker-ipv6.sh
+++ b/src/ci/scripts/enable-docker-ipv6.sh
@@ -7,6 +7,12 @@ IFS=$'\n\t'
 
 source "$(cd "$(dirname "$0")" && pwd)/../shared.sh"
 
+# Print docker version
+docker --version
+lsb_release -a
+echo "is docker active"
+systemctl is-active docker
+
 if isLinux; then
     sudo mkdir -p /etc/docker
     echo '{"ipv6":true,"fixed-cidr-v6":"fd9a:8454:6789:13f7::/64"}' \
diff --git a/src/ci/scripts/run-build-from-ci.sh b/src/ci/scripts/run-build-from-ci.sh
index 55e75800d91c4..90d6894c7c234 100755
--- a/src/ci/scripts/run-build-from-ci.sh
+++ b/src/ci/scripts/run-build-from-ci.sh
@@ -17,7 +17,9 @@ echo "::add-matcher::src/ci/github-actions/problem_matchers.json"
 # the environment
 rustup self uninstall -y || true
 if [ -z "${IMAGE+x}" ]; then
+    echo "Running ci/run.sh"
     src/ci/run.sh
 else
+    echo "Running docker/run.sh with image ${IMAGE}"
     src/ci/docker/run.sh "${IMAGE}"
 fi
diff --git a/src/ci/scripts/ubuntu-codebuild.sh b/src/ci/scripts/ubuntu-codebuild.sh
new file mode 100644
index 0000000000000..da5371965de46
--- /dev/null
+++ b/src/ci/scripts/ubuntu-codebuild.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# apt-get update
+# apt-get install -y docker-buildx