From a6777eadff8869cacd30705d0f3a959452881a57 Mon Sep 17 00:00:00 2001 From: Daniel Nachun Date: Thu, 10 Apr 2025 12:17:07 -0700 Subject: [PATCH 1/2] add Docker GitHub Actions workflow --- .github/workflows/container_build.yml | 32 +++++++++++++ .github/workflows/container_upload.yml | 45 +++++++++++++++++++ .../workflows/dispatch_container_upload.yml | 41 +++++++++++++++++ docker/Dockerfile | 2 + 4 files changed, 120 insertions(+) create mode 100644 .github/workflows/container_build.yml create mode 100644 .github/workflows/container_upload.yml create mode 100644 .github/workflows/dispatch_container_upload.yml diff --git a/.github/workflows/container_build.yml b/.github/workflows/container_build.yml new file mode 100644 index 0000000..d2b5938 --- /dev/null +++ b/.github/workflows/container_build.yml @@ -0,0 +1,32 @@ +name: Build containers + +on: + pull_request: + paths: + - 'docker/Dockerfile' + - 'docker/entrypoint.sh' + +jobs: + docker_container: + runs-on: ubuntu-latest + strategy: + fail-fast: false + + steps: + - name: Checkout pull request branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + + - name: Setup up docker buildx + uses: docker/setup-buildx-action@v2 + + - name: Build docker containers + uses: docker/build-push-action@v6 + with: + context: docker + tags: tmate-minimal:latest + outputs: type=image,compression=zstd diff --git a/.github/workflows/container_upload.yml b/.github/workflows/container_upload.yml new file mode 100644 index 0000000..773c4ff --- /dev/null +++ b/.github/workflows/container_upload.yml @@ -0,0 +1,45 @@ +name: Push containers to registries + +on: + pull_request_target: + types: [closed] + paths: + - 'docker/Dockerfile' + - 'docker/entrypoint.sh' + +jobs: + push_docker_containers: + runs-on: ubuntu-latest + strategy: + fail-fast: false + permissions: + contents: read + packages: write + + steps: + - name: Checkout pull request branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + + - name: Setup up docker buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to ghcr.io with docker + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push docker containers + uses: docker/build-push-action@v6 + with: + context: docker + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/tmate-minimal:latest + outputs: type=image,compression=zstd,push=true diff --git a/.github/workflows/dispatch_container_upload.yml b/.github/workflows/dispatch_container_upload.yml new file mode 100644 index 0000000..f040ae2 --- /dev/null +++ b/.github/workflows/dispatch_container_upload.yml @@ -0,0 +1,41 @@ +name: Push containers to registries + +on: + workflow_dispatch: + +jobs: + push_docker_containers: + runs-on: ubuntu-latest + strategy: + fail-fast: false + permissions: + contents: read + packages: write + + steps: + - name: Checkout pull request branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + + - name: Setup up docker buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to ghcr.io with docker + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push docker containers + uses: docker/build-push-action@v6 + with: + context: docker + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/tmate-minimal:latest + outputs: type=image,compression=zstd,push=true diff --git a/docker/Dockerfile b/docker/Dockerfile index e2666d3..8ec235b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,10 +5,12 @@ USER root # libgomp1 is needed for FINEMAP, which is precompiled and breaks with RPATH relocation # tmate is needed so that SSH access is possible # curl is needed to bootstrap pixi +# DO NOT add other packages here unless specifically told to- dependencies should be managed by pixi RUN apt-get update && apt-get -y install ca-certificates tzdata libgl1 libgomp1 tmate curl # Use bash as default shell instead of dash RUN ln -sf /bin/bash /bin/sh +RUN usermod -a -G users ubuntu # RUN useradd --no-log-init --create-home --shell /bin/bash --uid 2000 --no-user-group jovyan COPY --chown=ubuntu --chmod=755 entrypoint.sh /usr/local/bin/entrypoint.sh From c8c2dff7bba1e6036ca357a5636bf7558fe38bae Mon Sep 17 00:00:00 2001 From: Daniel Nachun Date: Thu, 10 Apr 2025 12:19:14 -0700 Subject: [PATCH 2/2] add Docker GitHub Actions workflow --- docker/README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docker/README.md b/docker/README.md index d36dc78..733062c 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,6 +1,5 @@ # Minimal VM image for mmcloud -This image is designed to work for mmcloud as the base image where we add additional package on the fly. +This image is designed to work for mmcloud as the base image where we add additional package on the fly. Instead of the typical approach of installing software into a container, we install our software into an AWS FSx volume with pixi and mount this volume into the container at run time. This greatly reduces the startup time for jobs as well as the EBS volume storage requirements for the host VM. -- The image is maintained in the long run at https://github.com/danielnachun/misc-containers/tree/main/tmate-minimal. Please check that repo for the latest version -- To use this image in mmcloud please check this page: https://wanggroup.org/productivity_tips/mmcloud-interactive +To use this image in mmcloud please check this page: https://wanggroup.org/productivity_tips/mmcloud-interactive