Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make base images multiarch #55

Closed
wants to merge 18 commits into from
Closed

Make base images multiarch #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
484c3e2
Add support for multiplatform to the Docker images
martin-g Apr 7, 2023
55141ff
Make busybox image multiarch
martin-g Apr 10, 2023
91d5700
Install wget for create-env Dockerfile
martin-g Apr 11, 2023
d539259
Use ubuntu-20.04 for bioconda-recipes-issue-responder and bot workflows
martin-g Apr 11, 2023
73956c6
Add multi-arch build to create-env workflow
martin-g Apr 11, 2023
af88732
Pass an Authorization request header when making REST API calls to Qu…
martin-g Apr 11, 2023
e1c9d8a
Bump create-env image version to 3.0.0
martin-g Apr 11, 2023
4d7695c
create-env container image is not ready yet for Linux ARM64
martin-g Apr 12, 2023
5ab1e66
No need to setup QEMU for create-env for now
martin-g Apr 13, 2023
bfcb907
Do not use ${{ steps.build.outputs.tags }} in 'for' loops
martin-g Apr 13, 2023
575ea75
Add debugging (set -x) to `Check Tags` job
martin-g Apr 13, 2023
6a1897b
Update actions/checkout to v4
martin-g Oct 4, 2023
c1e64e2
Use archive.debian.org for Debian:9
martin-g Oct 5, 2023
29fd36c
Do not use `sudo` to install `wget
martin-g Oct 5, 2023
a682f56
Use apt-get instead of yum. The current BASE is debian
martin-g Oct 5, 2023
891daa4
Run `apt-get update` before trying to install `wget
martin-g Oct 5, 2023
a9d086d
Fix a typo in `wget` command option for the output file
martin-g Oct 6, 2023
c21a608
Use ubuntu-22.04 Docker action image for all workflows
martin-g Oct 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 41 additions & 29 deletions .github/workflows/base-glibc-busybox-bash.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,25 @@ on:
jobs:
build:
name: Build & Push
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
env:
# The base image is not intended to change often and should be used with
# version tags or checksum IDs, but not via "latest".
IMAGE_VERSION: '2.1.0'
IMAGE_VERSION: '3.0.0'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it a normal upgrade or for special fixing?

Copy link
Contributor Author

@martin-g martin-g Apr 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I bumped the major version because now the image would be multi-arch and because of the update of Ubuntu version and the GLIBC coming with it.
But since there are no changes for the x86_64 users maybe we should bump the minor/patch version ?! I am OK to update the PR with the preferred change by the maintainers!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only reason I can think of to keep the older version is to use an older libc for testing to make sure our packages for on older HPC. But this should be ensure with the build container ... so following this and trusting the build container I think we could bump the runtime container.

@bioconda/build-system any thoughts?

Copy link
Contributor Author

@martin-g martin-g Apr 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just bumped the version of create-env image too to 3.0.0, so it is in sync with the other images in this PR.
As I said above I'd be happy to change the version to whatever the Bioconda team thinks it should be!

IMAGE_NAME: base-glibc-busybox-bash
BUSYBOX_VERSION: '1.32.1'
DEBIAN_VERSION: '10.9'

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4

- name: Build
id: buildah-build
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64

- name: Calculate tags and labels
id: calculate
run: |
set -xeu
cd 'images/${{ env.IMAGE_NAME }}'
Expand All @@ -49,11 +54,12 @@ jobs:
bash="$( run bash --version | sed '1!d' )"
buildah rm "${container}"

container="$( buildah from "${image_id}" )"
buildah config --label=glibc="${glibc}" "${container}"
buildah config --label=busybox="${busybox}" "${container}"
buildah config --label=deb-list="${deb_list}" "${container}"
buildah config --label=pkg-list="${pkg_list}" "${container}"
labels="
glibc="${glibc}"
busybox="${busybox}"
deb-list="${deb_list}"
pkg-list="${pkg_list}"
"

glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )"
busybox_version="$( printf %s "${busybox}" | sed -E '1 s/.*v([0-9.]*[0-9]).*/\1/' )"
Expand All @@ -64,23 +70,29 @@ jobs:
latest
"

image_id="$( buildah commit "${container}" )"
buildah rm "${container}"
image_name='${{ env.IMAGE_NAME }}'

for tag in ${tags} ; do
buildah tag "${image_id}" \
"${image_name}":"${tag}"
done
echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT
echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT

echo "::set-output name=image::${image_name}"
echo "::set-output name=tags::$( echo ${tags} )"
- name: Build multiarch image
id: build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.calculate.outputs.tags }}
labels: ${{ steps.calculate.outputs.labels }}
archs: amd64,arm64
build-args: |
busybox_version=${{ env.BUSYBOX_VERSION }}
debian_version=${{ env.DEBIAN_VERSION }}
context: ./images/${{ env.IMAGE_NAME }}
containerfiles: |
./images/${{ env.IMAGE_NAME }}/Dockerfile

- name: Test
run: |
image='${{ steps.buildah-build.outputs.image }}'
image='${{ steps.build.outputs.image }}'
ids="$(
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
for tag in ${{ steps.calculate.outputs.tags }} ; do
buildah images --quiet --no-trunc "${image}:${tag}"
done
)"
Expand All @@ -99,8 +111,8 @@ jobs:
# FIX upstream: Quay.io does not support immutable images currently.
# => Try to use the REST API to check for duplicate tags.
respone="$(
curl -sL \
'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image'
curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \
'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image'
)"

existing_tags="$(
Expand All @@ -115,7 +127,7 @@ jobs:
"${respone}"
exit 1
}
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
for tag in ${{ steps.calculate.outputs.tags }} ; do
if [ \! "${tag}" = latest ] ; then
if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then
printf 'Tag %s already exists!\n' "${tag}"
Expand All @@ -128,18 +140,18 @@ jobs:
name: Push
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.buildah-build.outputs.image }}
tags: ${{ steps.buildah-build.outputs.tags }}
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.calculate.outputs.tags }}
registry: ${{ secrets.QUAY_BIOCONDA_REPO }}
username: ${{ secrets.QUAY_BIOCONDA_USERNAME }}
password: ${{ secrets.QUAY_BIOCONDA_TOKEN }}

- if: ${{ github.ref == 'refs/heads/main' }}
name: Test Pushed
run: |
image='${{ steps.buildah-build.outputs.image }}'
image='${{ env.IMAGE_NAME }}'
ids="$(
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
for tag in ${{ steps.calculate.outputs.tags }} ; do
buildah images --quiet --no-trunc "${image}:${tag}"
done
)"
Expand Down
78 changes: 44 additions & 34 deletions .github/workflows/base-glibc-debian-bash.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,24 @@ on:
jobs:
build:
name: Build & Push
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
env:
# The base image is not intended to change often and should be used with
# version tags or checksum IDs, but not via "latest".
IMAGE_VERSION: '2.1.0'
IMAGE_VERSION: '3.0.0'
IMAGE_NAME: base-glibc-debian-bash
DEBIAN_VERSION: '10.9'

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4

- name: Build
id: buildah-build
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64

- name: Calculate tags and labels
id: calculate
run: |
set -xeu
cd 'images/${{ env.IMAGE_NAME }}'
Expand All @@ -44,10 +49,10 @@ jobs:
debian="$( run cat /etc/debian_version | sed '1!d' )"
bash="$( run bash --version | sed '1!d' )"
buildah rm "${container}"

container="$( buildah from "${image_id}" )"
buildah config --label=glibc="${glibc}" "${container}"
buildah config --label=debian="${debian}" "${container}"
labels="
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

buildah config --label=glibc="${glibc}" "${container}"
buildah config --label=debian="${debian}" "${container}"

Not sure what did the original buildah do? Just label variable? Was it used by some other where?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know where and how these labels are used but they are still set at https://github.com/bioconda/bioconda-containers/pull/55/files#diff-b4a54ac6775437f0dbe546b99c784d76f3defaaa74b1456488e4fa4f78850e1cR75

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, great!

glibc=${glibc}
debian=${debian}
"

glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )"
debian_version="$( printf %s "${debian}" | sed -E 's|/|_|g' )"
Expand All @@ -57,24 +62,28 @@ jobs:
${{ env.IMAGE_VERSION }}_${glibc_version}_${debian_version}_${bash_version}
latest
"

echo "tags=$( echo ${tags} )" >> $GITHUB_OUTPUT
echo "labels=$( echo ${labels} )" >> $GITHUB_OUTPUT

image_id="$( buildah commit "${container}" )"
buildah rm "${container}"
image_name='${{ env.IMAGE_NAME }}'

for tag in ${tags} ; do
buildah tag "${image_id}" \
"${image_name}":"${tag}"
done

echo "::set-output name=image::${image_name}"
echo "::set-output name=tags::$( echo ${tags} )"
- name: Build multiarch image
id: build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.calculate.outputs.tags }}
labels: ${{ steps.calculate.outputs.labels }}
archs: amd64,arm64
build-args: |
debian_version=${{ env.DEBIAN_VERSION }}
containerfiles: |
./images/${{ env.IMAGE_NAME }}/Dockerfile

- name: Test
run: |
image='${{ steps.buildah-build.outputs.image }}'
image='${{ steps.build.outputs.image }}'
ids="$(
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
for tag in ${{ steps.calculate.outputs.tags }} ; do
buildah images --quiet --no-trunc "${image}:${tag}"
done
)"
Expand All @@ -90,13 +99,13 @@ jobs:

- name: Check Tags
run: |
set -x
# FIX upstream: Quay.io does not support immutable images currently.
# => Try to use the REST API to check for duplicate tags.
response=$(
curl -H "Authorization: Bearer $TOKEN" \
-sL \
'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image'
)
response="$(
curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not tested because the secrets are not exported to forks/PRs.
Without the Authorization header Quay returns 403 (Forbidden)

'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/image'
)"

existing_tags="$(
printf %s "${response}" \
Expand All @@ -107,10 +116,10 @@ jobs:
'Could not get list of image tags.' \
'Does the repository exist on Quay.io?' \
'Quay.io REST API response was:' \
"${respone}"
"${response}"
exit 1
}
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
for tag in ${{ steps.calculate.outputs.tags }} ; do
if [ \! "${tag}" = latest ] ; then
if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then
printf 'Tag %s already exists!\n' "${tag}"
Expand All @@ -122,21 +131,22 @@ jobs:
TOKEN: ${{ secrets.secrets.QUAY_BIOCONDA_TOKEN }}

- if: ${{ github.ref == 'refs/heads/main' }}
name: Push
name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.buildah-build.outputs.image }}
tags: ${{ steps.buildah-build.outputs.tags }}
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.calculate.outputs.tags }}
registry: ${{ secrets.QUAY_BIOCONDA_REPO }}
username: ${{ secrets.QUAY_BIOCONDA_USERNAME }}
password: ${{ secrets.QUAY_BIOCONDA_TOKEN }}

- if: ${{ github.ref == 'refs/heads/main' }}
name: Test Pushed
run: |
image='${{ steps.buildah-build.outputs.image }}'
image='${{ steps.build.outputs.image }}'
ids="$(
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
for tag in ${{ steps.calculate.outputs.tags }} ; do
buildah images --quiet --no-trunc "${image}:${tag}"
done
)"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/bioconda-recipes-issue-responder.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ on:
jobs:
build:
name: Build & Push
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
env:
IMAGE_NAME: bioconda-recipes-issue-responder
IMAGE_VERSION: '1.1.1'

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4

- name: Build
id: buildah-build
Expand Down Expand Up @@ -57,7 +57,7 @@ jobs:
# FIX upstream: Quay.io does not support immutable images currently.
# => Try to use the REST API to check for duplicate tags.
respone="$(
curl -sL \
curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \
'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image'
)"

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/bot.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ jobs:
packages: "anaconda-client skopeo"
- tag: update
packages: "git openssh"
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
env:
IMAGE_NAME: bot
IMAGE_VERSION: '1.1.23'

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4

- name: Build
id: buildah-build
Expand Down Expand Up @@ -68,7 +68,7 @@ jobs:
# # FIX upstream: Quay.io does not support immutable images currently.
# # => Try to use the REST API to check for duplicate tags.
# respone="$(
# curl -sL \
# curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \
# 'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image'
# )"

Expand Down
11 changes: 6 additions & 5 deletions .github/workflows/create-env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ on:
jobs:
build:
name: Build & Push
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
env:
IMAGE_VERSION: '2.2.1'
IMAGE_VERSION: '3.0.0'
IMAGE_NAME: create-env

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4

- name: Prepare
id: prepare
Expand All @@ -38,8 +38,9 @@ jobs:
tags: >-
latest
${{ env.IMAGE_VERSION }}
archs: amd64
context: ./images/${{ env.IMAGE_NAME }}
dockerfiles: |
containerfiles: |
./images/${{ env.IMAGE_NAME }}/Dockerfile
build-args: |
bioconda_utils_version=${{ steps.prepare.outputs.bioconda_utils_version }}
Expand Down Expand Up @@ -71,7 +72,7 @@ jobs:
while [ "${has_additional}" = 'true' ] ; do
page="$(( page + 1 ))"
respone="$(
curl -sL \
curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \
'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/tag?limit=100&page='"${page}"
)"
has_additional="$( printf %s "${respone}" | jq -r '.has_additional' )"
Expand Down
3 changes: 3 additions & 0 deletions images/base-glibc-busybox-bash/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ FROM "debian:${debian_version}-slim" AS build_base
# (or not want) to include.
# Use old Debian version to ensure compatible (low glibc requirement) binaries.
FROM debian:9-slim AS busybox_builder
RUN echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list
RUN echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list
RUN echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list
RUN apt-get update && \
apt-get install -y \
bzip2 curl ca-certificates tar gcc gnupg dirmngr make
Expand Down
8 changes: 5 additions & 3 deletions images/base-glibc-busybox-bash/Dockerfile.test
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@ RUN [ "$( sh -lc 'printf world' )" = 'world' ] \
printf '' \
> /usr/local/env-activate.sh

COPY --from=debian:9-slim /lib/x86_64-linux-gnu/libz.so* /lib/x86_64-linux-gnu/
RUN wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh \
COPY --from=debian:9-slim /lib/*-linux-gnu/libz.so* /lib/*-linux-gnu/
RUN ARCH=$(uname -m) \
&& \
sh ./Miniconda3-latest-Linux-x86_64.sh -bp /opt/conda \
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${ARCH}.sh \
&& \
sh ./Miniconda3-latest-Linux-${ARCH}.sh -bp /opt/conda \
&& \
/opt/conda/bin/conda info --all
Loading