-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make base images multiarch #55
Conversation
@@ -93,8 +102,8 @@ jobs: | |||
# FIX upstream: Quay.io does not support immutable images currently. | |||
# => Try to use the REST API to check for duplicate tags. | |||
respone="$( | |||
curl -sL \ | |||
'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image' | |||
curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not tested because the secrets are not exported to forks/PRs.
Without the Authorization
header Quay returns 403 (Forbidden)
images/create-env/Dockerfile
Outdated
@@ -1,3 +1,4 @@ | |||
ARG arch=x86_64 | |||
# Use the exact conda, mamba versions as used in bioconda-recipes' builds. | |||
ARG bioconda_utils_version='1.1.3' | |||
FROM quay.io/bioconda/bioconda-utils-build-env-cos7:${bioconda_utils_version} as bioconda-build-env |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems the image should be quay.io/bioconda/bioconda-utils-build-env-cos7
for x86 and quay.io/bioconda/bioconda-utils-build-env-cos7-aarch64
for aarch64?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this has to be updated once bioconda/bioconda-utils#866 is merged!
images/create-env/Dockerfile
Outdated
@@ -13,7 +14,7 @@ FROM quay.io/bioconda/base-glibc-debian-bash as build | |||
WORKDIR /tmp/work | |||
COPY --from=bioconda-build-env /tmp/requirements.txt ./ | |||
COPY install-conda print-env-activate create-env ./ | |||
ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh ./miniconda.sh | |||
ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${arch}.sh ./miniconda.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
curious is it something special so that we have to use build-args
but not wget according build arch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, this is outdated. Please see the latest version of the PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But now I notice that I need to add multi-arch build to the GHA workflow!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Improved with 1b4b7e2
env: | ||
# The base image is not intended to change often and should be used with | ||
# version tags or checksum IDs, but not via "latest". | ||
IMAGE_VERSION: '2.1.0' | ||
IMAGE_VERSION: '3.0.0' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it a normal upgrade or for special fixing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I bumped the major version because now the image would be multi-arch and because of the update of Ubuntu version and the GLIBC coming with it.
But since there are no changes for the x86_64 users maybe we should bump the minor/patch version ?! I am OK to update the PR with the preferred change by the maintainers!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only reason I can think of to keep the older version is to use an older libc for testing to make sure our packages for on older HPC. But this should be ensure with the build container ... so following this and trusting the build container I think we could bump the runtime container.
@bioconda/build-system any thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just bumped the version of create-env
image too to 3.0.0
, so it is in sync with the other images in this PR.
As I said above I'd be happy to change the version to whatever the Bioconda team thinks it should be!
We are ready with the next PR for bioconda-containers - https://github.com/martin-g/bioconda-containers/pull/2/files The new/next PR will provide images |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bioconda-utils build --docker --mulled-test --packages py2bit --docker-base-image ghcr.io/yikun/bioconda-utils-build-env-cos7-aarch64 --mulled-conda-image ghcr.io/martin-g/create-env-aarch64 --force
I also do a e2e test with martin-g#2 (ghcr.io/martin-g/create-env-aarch64), it works! So LGTM except inline comment/question.
container="$( buildah from "${image_id}" )" | ||
buildah config --label=glibc="${glibc}" "${container}" | ||
buildah config --label=debian="${debian}" "${container}" | ||
labels=" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
buildah config --label=glibc="${glibc}" "${container}"
buildah config --label=debian="${debian}" "${container}"
Not sure what did the original buildah do? Just label variable? Was it used by some other where?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know where and how these labels are used but they are still set at https://github.com/bioconda/bioconda-containers/pull/55/files#diff-b4a54ac6775437f0dbe546b99c784d76f3defaaa74b1456488e4fa4f78850e1cR75
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, great!
Friendly ping! |
Any feedback on the proposed changes ? |
These changes look like exactly what I need! |
I had to build Then I built And following the steps explained at bioconda/bioconda-recipes#23454 (comment) I was able to build several Bioconda packages for Linux aarch64! Great work, @martin-g ! I hope this PR is merged soon and all aarch64 Docker images are uploaded to Quay.io so that there is no need to use patches and build them locally ! |
+1 for this PR! |
I have never touched this repo so far, so any help with fixing the remaining issues would be greatly appreciated. |
@johanneskoester Do you have an idea what is needed for #55 (comment) ? |
Thanks for the reminder. Looking into that now. I think the bot did not have the permissions to push, but that should be solved now. Let's see whether the next release (today) succeeds. |
Thanks for the reminder. Solved now and 2.5.0 has been properly pushed! |
Great! |
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]> Try with redhat-actions/buildah-build and redhat-actions/push-to-registry Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
ubuntu-18.04 is deprecated - https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/ Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
…ay.io Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
To be in sync with the other image versions in this PR Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Its value is newline separated and breaks the loop syntax Fix the name of a step - it is steps.build.outputs.image, not buildah-build anymore Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
026904f
to
575ea75
Compare
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
I am going to merge martin-g#2 into this PR. |
The CI jobs fail with:
for debian:9. |
Is it OK to use Debian 10 instead ? |
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
With c1e64e2 I updated |
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Now I remember why
here it depends on quay.io/bioconda/base-glibc-debian-bash - the ARM64 flavor of this image is created by this PR.
But this PR CI checks cannot pass because bioconda-containers/.github/workflows/base-glibc-debian-bash.yaml Lines 96 to 98 in 0fc3512
|
@johanneskoester Could you please allow the execution of the checks one more time? Thanks! |
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Hi @martin-g, thank you (and also everyone else above!) for working on this, much appreciated. (Incidentally, Debian 12.2 is also scheduled to be released today, so we might combine updating the base images with that version. I'm doing some sanity checks for that currently.) I'll get back to you tomorrow or Monday at the latest. Cheers, |
Quick update: Currently, I'm digging into why # podman run --arch=arm64 --rm docker://arm64v8/busybox:1.36.1-glibc busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
wget: error getting response: Connection reset by peer
# podman run --arch=arm64 --rm docker://arm64v8/busybox:1.36.1-musl busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
wget: error getting response: Connection reset by peer
# podman run --arch=arm64 --rm docker://arm64v8/debian:12.1-slim sh -c 'apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get install -qy busybox > /dev/null && busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html'
debconf: delaying package configuration, since apt-utils is not installed
wget: error getting response: Connection reset by peer
# podman run --arch=arm64 --rm docker://arm64v8/alpine:3.18.4 busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 20:46:02 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
# podman run --arch=amd64 --rm docker://amd64/busybox:1.36.1-glibc busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 20:46:53 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
# podman run --arch=amd64 --rm docker://amd64/debian:12.1-slim sh -c 'apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get install -qy busybox > /dev/null && busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html'
debconf: delaying package configuration, since apt-utils is not installed
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 20:47:25 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Once that one's figured out, I'll cherry-pick your changes into multiple PRs to update the base images and then the other images. ( |
There are many reports for The recommendation is to use
works fine! I tried many older versions of |
Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
Yes, you'd normally not want to use BusyBox's
For some use cases that makes sense, yes. I just wanted to make sure that we don't introduce (avoidable) differences between the I'm currently working on incorporating the version updates and hope we can finish the images tomorrow. |
After more unfortunate delays, we are nearly there with the container builds. In gh-58 I cherry-picked your commits for the base images and those are available on quay.io/bioconda (well, after fixing a little hiccup with gh-60). There were quite some unexpected hurdles with differences under QEMU and/or aarch64, Buildah versions, bumpy manifest handling, directory layout changes in Debian 12, etc. pp. I'll wait for one test run of gh-59 to finish and then trim down/skip some tests (at least when run via QEMU), so that we can have those built and pushed today. We now have x86_64 and aarch64 base images updated to the current Debian/BusyBox versions (also prepared for minimal work needed for future Debian >=13 updates) available at Thanks very much for keeping to push this -- half a year on this PR, finally coming to fruition! |
Add support for Linux ARM64 to
base-glibc-busybox-bash
andbase-glibc-debian-bash
images.Update the Github runners to 20.04 because the 18.04 ones never start (they stay in
Queued
state for days). See https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/Fix warnings:
>> $GITHUB_OUTPUT
instead of the deprecatedset-output
Multi-arch images built by my fork could be seen here: