Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docker and apptainer containers #274

Open
wants to merge 8 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
name: Docker

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
# schedule:
# - cron: '35 8 * * *'
push:
branches: [ "develop" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "develop" ]
workflow_dispatch:

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}


jobs:
build:

runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
with:
cosign-release: 'v2.2.4'

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: ./
file: ./containers/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,6 @@ data/lyon_2015
.vscode
.idea

.sif

config_local_*.yml
57 changes: 57 additions & 0 deletions containers/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# Use an official Ubuntu as a parent image
FROM ubuntu:24.04

# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive

ARG env_path

# Install dependencies
RUN apt-get update && apt-get install -y \
openjdk-17-jdk \
maven \
python3 \
python3-pip \
wget \
unzip \
git \
&& apt-get clean

# Install Miniconda
RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O ~/miniconda.sh && \
/bin/bash ~/miniconda.sh -b -p /opt/conda && \
rm ~/miniconda.sh

# Set path to conda
ENV PATH /opt/conda/bin:$PATH

# Install Osmosis
RUN wget --quiet https://github.com/openstreetmap/osmosis/releases/download/0.48.3/osmosis-0.48.3.zip -O /tmp/osmosis.zip && \
unzip /tmp/osmosis.zip -d /opt/osmosis && \
rm /tmp/osmosis.zip && \
ln -s /opt/osmosis/bin/osmosis /usr/local/bin/osmosis

# Verify installations
RUN java -version && \
mvn -version && \
python3 --version && \
conda --version && \
which osmosis

COPY ./environment.yml /tmp/environment_eqasim.yml

# Copy the environment.yml file into the container if env_path is set (else will create an empty directory)
COPY ${env_path} /tmp/environment_custom.yml

# Check if env_path is set, if not use from the repo
RUN if [ -z "$env_path" ]; then \
mv /tmp/environment_eqasim.yml /tmp/environment.yml; \
else \
mv /tmp/environment_custom.yml /tmp/environment.yml; \
fi

# Create the conda environment
RUN conda env create -f /tmp/environment.yml -n eqasim

# Activate the environment
RUN echo "source activate eqasim" > ~/.bashrc
8 changes: 8 additions & 0 deletions containers/apptainer.def
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
Bootstrap: docker
From: ghcr.io/eqasim-org/ile-de-france:latest

%environment
source /opt/conda/bin/activate eqasim

%runscript
exec python -m synpp "$@"
36 changes: 36 additions & 0 deletions docs/containers.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Containers

Containers for running the Eqasim pipeline are located in the `containers` folder

## Docker container

To build the container :
`docker build -t eqasim .`

This will pull the conda environment from the current repo.

To build using your own environment.yml file :
`docker build --build-arg env_path=/path/to/my/environment.yml -t eqasim .`

To run the pipeline :
```bash
docker run --rm -it \
--mount type=bind,src=/path/to/eqasim-ile-de-france,target=/usr/local/eqasim \
--mount type=bind,src=/path/to/eqasim-data,target=/usr/local/eqasim-data \
ghcr.io/eqasim-org/ile-de-france:latest /bin/bash -l -c "cd /usr/local/eqasim && python -m synpp"`
```

where :

- `/path/to/eqasim-ile-de-france` is the path of the [eqasim pipline](https://github.com/eqasim-org/ile-de-france) on your *host* machine.
- `/usr/local/eqasim` is going to be the path of the eqasim pipeline inside the container.
- `/path/to/eqasim-data` is the path of the data (bdtopo, hts, sirene, etc.) folder on your *host* machine.
- `/usr/local/eqasim-data` is the path of the data folder in the container. **This is the path you need to put in your `congif.yml` file**

## Apptainer

To build the container :
`apptainer -v -d build eqasim.sif apptainer.def`

To run the pipeline :
`apptainer run eqasim.sif`
Loading