Skip to content

[ENH] new docker container to build apptainer containers. #150

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[ENH] new docker container to build apptainer containers. #150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
84862d2
add build env and ci build of build env.
bpinsard May 30, 2025
30d0b7d
wip: wf to build apptainers on github
bpinsard Aug 22, 2025
507710f
dummy test commit
bpinsard Aug 22, 2025
e474288
cleanup branch
bpinsard Sep 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions .github/workflows/docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Create and publish a Docker image

on:
push:
branches: ['master']
paths:
- Dockerfile
env:
REGISTRY: ghcr.io
IMAGE_NAME: ReproNim/repronim-buildenv

jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3.3.0
with:
registry: ${{ env.REGISTRY }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you know value to use if for docker hub? https://github.com/docker/login-action?tab=readme-ov-file#docker-hub then does not use any then

username: repro-bot
password: ${{ secrets.REPROBOT_REGISTRY_TOKEN }}
Comment on lines +32 to +33
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
username: repro-bot
password: ${{ secrets.REPROBOT_REGISTRY_TOKEN }}
username: ${{ secrets.DOCKER_LOGIN }}
password: ${{ secrets.DOCKER_TOKEN }}

to be more inline with setup we have in https://github.com/ReproNim/reprostim/blob/master/.github/workflows/docker.yml


- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5.6.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Build and push Docker image
uses: docker/build-push-action@v6.13.0
with:
context: .
file: Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
13 changes: 13 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
FROM alpine:3.21.3
ENV PATH="/usr/local/apptainer/bin:$PATH" \
APPTAINER_TMPDIR="/tmp-apptainer"
RUN apk add --no-cache apptainer py3-pytest ca-certificates libseccomp squashfs-tools tzdata fuse2fs fuse-overlayfs squashfuse \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The py3-pytest package is being installed. pytest is a testing framework and is generally not required in a production or builder image unless its explicit purpose is to execute tests. Including it adds unnecessary bloat to the image, increasing its size and potential attack surface. If this image is not intended for running tests, please consider removing this package.

python3 py3-pip git openssh-client git-annex curl bzip2 bash\
&& mkdir -p $APPTAINER_TMPDIR \
&& cp /usr/share/zoneinfo/UTC /etc/localtime \
&& apk del tzdata \
&& rm -rf /tmp/* /var/cache/apk/*

RUN pip install --break-system-packages --no-cache-dir datalad datalad-container
Comment on lines +4 to +11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The apk and pip installations are in separate RUN layers, and the cleanup logic is suboptimal. This can lead to a larger final image size because temporary files from the pip installation are not cleaned up. It's a Docker best practice to chain related commands into a single RUN layer and perform cleanup at the end. This creates a more compact and efficient image layer.

Additionally, rm -rf /var/cache/apk/* is redundant when using the --no-cache flag with apk add.

RUN apk add --no-cache \
        apptainer \
        py3-pytest \
        ca-certificates \
        libseccomp \
        squashfs-tools \
        fuse2fs \
        fuse-overlayfs \
        squashfuse \
        python3 \
        py3-pip \
        git \
        openssh-client \
        git-annex \
        curl \
        bzip2 \
        bash \
        tzdata \
    && pip install --break-system-packages --no-cache-dir datalad datalad-container \
    && mkdir -p $APPTAINER_TMPDIR \
    && cp /usr/share/zoneinfo/UTC /etc/localtime \
    && apk del tzdata \
    && rm -rf /tmp/*


WORKDIR /work