Merge pull request #176 from nmfs-opensci/base-image

Create Dockerfile
nmfs-opensci · Nov 14, 2024 · 9ac5d1b · 9ac5d1b
2 parents 7195128 + 7f5fdbe
commit 9ac5d1b
Show file tree

Hide file tree

Showing 3 changed files with 181 additions and 0 deletions.
diff --git a/.github/workflows/base-build.yml b/.github/workflows/base-build.yml
@@ -0,0 +1,40 @@
+name: Docker Image base-image
+on:
+  workflow_dispatch: null
+  push:
+    branches: main
+    paths:
+      - 'base-image/Dockerfile'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: main
+      - name: Login to GitHub Container Registry
+        if: github.repository == 'nmfs-opensci/py-rocket-base'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
+      - name: Create short_sha tag
+        shell: bash
+        run: |
+          short_sha=$(echo "${{ github.sha }}" | cut -c1-7)
+          echo "tag=${short_sha}" >> $GITHUB_ENV
+      - name: Build the Docker image
+        if: github.repository == 'nmfs-opensci/py-rocket-base'
+        run: |
+          docker build . -f Dockerfile \
+            --tag ghcr.io/nmfs-opensci/py-rocket-base/base-image:latest \
+            --tag ghcr.io/nmfs-opensci/py-rocket-base/base-image:${{ env.tag }}
+      - name: Publish
+        if: github.repository == 'nmfs-opensci/py-rocket-base'
+        run: |
+          docker push ghcr.io/nmfs-opensci/py-rocket-base/base-image:latest
+          docker push ghcr.io/nmfs-opensci/py-rocket-base/base-image:${{ env.tag }}
+          
diff --git a/.github/workflows/update-pangeo-dockerfile.yml b/.github/workflows/update-pangeo-dockerfile.yml
@@ -0,0 +1,57 @@
+name: Update Dockerfile from Source
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/update-pangeo-dockerfile.yml'
+  workflow_dispatch:  # Manual trigger
+  schedule:
+    - cron: '0 3 * * *'  # Runs daily at 3:00 AM UTC
+
+jobs:
+  update-dockerfile:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Fetch Raw Dockerfile
+        id: fetch_dockerfile
+        run: |
+          URL="https://raw.githubusercontent.com/pangeo-data/pangeo-docker-images/master/base-image/Dockerfile"
+          curl -o base-image/Dockerfile.new $URL
+          if cmp -s base-image/Dockerfile base-image/Dockerfile.new; then
+            echo "No changes in Dockerfile."
+            echo "::set-output name=changed::false"
+          else
+            echo "Dockerfile has changed."
+            echo "::set-output name=changed::true"
+          fi
+
+      - name: Modify Dockerfile if Changed
+        if: steps.fetch_dockerfile.outputs.changed == 'true'
+        run: |
+          sed '/ENTRYPOINT/d' base-image/Dockerfile.new > base-image/Dockerfile
+          rm base-image/Dockerfile.new
+
+      - name: Commit and Push Changes
+        if: steps.fetch_dockerfile.outputs.changed == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git checkout -b update-dockerfile
+          git add base-image/Dockerfile
+          git commit -m "Update Dockerfile from source"
+          git push -u origin update-dockerfile
+
+      - name: Create Pull Request
+        if: steps.fetch_dockerfile.outputs.changed == 'true'
+        uses: peter-evans/create-pull-request@v5
+        with:
+          title: "Update Dockerfile from Source"
+          body: "This PR updates the Dockerfile in base-image directory to the latest version from the source repo."
+          branch: "update-dockerfile"
+          reviewers: ['eeholmes']  # Replace with a GitHub username if needed
diff --git a/base-image/Dockerfile b/base-image/Dockerfile
@@ -0,0 +1,84 @@
+# syntax=docker/dockerfile:1
+# Dockerfile for base image of all pangeo images
+FROM ubuntu:22.04
+# build file for pangeo images
+
+LABEL org.opencontainers.image.source=https://github.com/pangeo-data/pangeo-docker-images
+
+# Setup environment to match variables set by repo2docker as much as possible
+# The name of the conda environment into which the requested packages are installed
+ENV CONDA_ENV=notebook \
+    # Tell apt-get to not block installs by asking for interactive human input
+    DEBIAN_FRONTEND=noninteractive \
+    # Set username, uid and gid (same as uid) of non-root user the container will be run as
+    NB_USER=jovyan \
+    NB_UID=1000 \
+    # Use /bin/bash as shell, not the default /bin/sh (arrow keys, etc don't work then)
+    SHELL=/bin/bash \
+    # Setup locale to be UTF-8, avoiding gnarly hard to debug encoding errors
+    LANG=C.UTF-8  \
+    LC_ALL=C.UTF-8 \
+    # Install conda in the same place repo2docker does
+    CONDA_DIR=/srv/conda
+
+# All env vars that reference other env vars need to be in their own ENV block
+# Path to the python environment where the jupyter notebook packages are installed
+ENV NB_PYTHON_PREFIX=${CONDA_DIR}/envs/${CONDA_ENV} \
+    # Home directory of our non-root user
+    HOME=/home/${NB_USER}
+
+# Add both our notebook env as well as default conda installation to $PATH
+# Thus, when we start a `python` process (for kernels, or notebooks, etc),
+# it loads the python in the notebook conda environment, as that comes
+# first here.
+ENV PATH=${NB_PYTHON_PREFIX}/bin:${CONDA_DIR}/bin:${PATH}
+
+# Ask dask to read config from ${CONDA_DIR}/etc rather than
+# the default of /etc, since the non-root jovyan user can write
+# to ${CONDA_DIR}/etc but not to /etc
+ENV DASK_ROOT_CONFIG=${CONDA_DIR}/etc
+
+RUN echo "Creating ${NB_USER} user..." \
+    # Create a group for the user to be part of, with gid same as uid
+    && groupadd --gid ${NB_UID} ${NB_USER}  \
+    # Create non-root user, with given gid, uid and create $HOME
+    && useradd --create-home --gid ${NB_UID} --no-log-init --uid ${NB_UID} ${NB_USER} \
+    # Make sure that /srv is owned by non-root user, so we can install things there
+    && chown -R ${NB_USER}:${NB_USER} /srv
+
+# Run conda activate each time a bash shell starts, so users don't have to manually type conda activate
+# Note this is only read by shell, but not by the jupyter notebook - that relies
+# on us starting the correct `python` process, which we do by adding the notebook conda environment's
+# bin to PATH earlier ($NB_PYTHON_PREFIX/bin)
+RUN echo ". ${CONDA_DIR}/etc/profile.d/conda.sh ; conda activate ${CONDA_ENV}" > /etc/profile.d/init_conda.sh
+
+# Install basic apt packages
+RUN echo "Installing Apt-get packages..." \
+    && apt-get update --fix-missing > /dev/null \
+    && apt-get install -y apt-utils wget zip tzdata > /dev/null \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Add TZ configuration - https://github.com/PrefectHQ/prefect/issues/3061
+ENV TZ=UTC
+# ========================
+
+USER ${NB_USER}
+WORKDIR ${HOME}
+
+# Install latest mambaforge in ${CONDA_DIR}
+RUN echo "Installing Miniforge..." \
+    && URL="https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-$(uname -m).sh" \
+    && wget --quiet ${URL} -O installer.sh \
+    && /bin/bash installer.sh -u -b -p ${CONDA_DIR} \
+    && rm installer.sh \
+    && mamba install conda-lock -y \
+    && mamba clean -afy \
+    # After installing the packages, we cleanup some unnecessary files
+    # to try reduce image size - see https://jcristharif.com/conda-docker-tips.html
+    # Although we explicitly do *not* delete .pyc files, as that seems to slow down startup
+    # quite a bit unfortunately - see https://github.com/2i2c-org/infrastructure/issues/2047
+    && find ${CONDA_DIR} -follow -type f -name '*.a' -delete
+
+EXPOSE 8888
+ENTRYPOINT ["/srv/start"]