bioconda · bgruening · Jan 10, 2024 · Nov 28, 2023
diff --git a/.github/workflows/build-env-image.yml b/.github/workflows/build-env-image.yml
@@ -0,0 +1,114 @@
+name: Build image
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    paths:
+    - 'images/build-env/**'
+    - '.github/workflows/build-env-image.yml'
+
+jobs:
+  build:
+    name: Build image - ${{ matrix.image }}
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+          - arch: arm64
+            image: bioconda/bioconda-utils-build-env-cos7-aarch64
+            base_image: quay.io/condaforge/linux-anvil-aarch64
+          - arch: amd64
+            image: bioconda/bioconda-utils-build-env-cos7-x86_64
+            base_image: quay.io/condaforge/linux-anvil-cos7-x86_64
+    steps:
+    - name: Checkout bioconda-containers
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Checkout bioconda-utils
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        repository: 'bioconda/bioconda-utils'
+        path: 'bioconda-utils'
+
+    - id: get-tag
+      run: |
+        tag=${{ github.event.release && github.event.release.tag_name || github.sha }}
+        printf %s "tag=${tag#v}" >> $GITHUB_OUTPUT
+
+    - name: Install qemu dependency
+      if: ${{ matrix.arch == 'arm64' }}
+      uses: docker/setup-qemu-action@v3
+      with:
+        platforms: arm64
+
+    - name: Build image
+      id: buildah-build
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ${{ matrix.image }}
+        arch: ${{ matrix.arch }}
+        build-args: |
+          BASE_IMAGE=${{ matrix.base_image }}
+        tags: >-
+          latest
+          ${{ steps.get-tag.outputs.tag }}
+        dockerfiles: |
+          ./images/build-env/Dockerfile
+
+    - name: Test built image
+      run: |
+        image='${{ steps.buildah-build.outputs.image }}'
+        for tag in ${{ steps.buildah-build.outputs.tags }} ; do
+          podman run --rm "${image}:${tag}" bioconda-utils --version
+        done
+
+    - name: Push To Quay
+      if: github.ref == 'refs/heads/main' && github.repository == 'bioconda/bioconda-containers'
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.buildah-build.outputs.image }}
+        tags: ${{ steps.buildah-build.outputs.tags }}
+        registry: ${{ secrets.QUAY_BIOCONDA_REPO }}
+        username: ${{ secrets.QUAY_BIOCONDA_USERNAME }}
+        password: ${{ secrets.QUAY_BIOCONDA_TOKEN }}
+
+  build-manifest:
+    needs: [build]
+    if: github.ref == 'refs/heads/main' && github.repository == 'bioconda/bioconda-containers'
+    name: quay.io/bioconda/${{ matrix.cfg.DOCKER_MANIFEST }}:${{ matrix.cfg.DOCKER_TAG }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        cfg:
+          - DOCKER_MANIFEST: bioconda-utils-build-env-cos7
+            DOCKER_TAG: "latest"
+            DOCKER_IMAGES: "quay.io/<<USER>>/bioconda-utils-build-env-cos7:<<TAG>>,quay.io/<<USER>>/bioconda-utils-build-env-cos7-aarch64:<<TAG>>"
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Interpolate placeholders
+        id: interpolate
+        run: |
+          set -x
+          INTERPOLATED=`echo "${{ matrix.cfg.DOCKER_IMAGES }}" | sed "s#<<USER>>#${{ secrets.QUAY_BIOCONDA_USERNAME }}#g" | sed "s#<<TAG>>#${{ matrix.cfg.DOCKER_TAG }}#g"`
+          echo "DOCKER_IMAGES=${INTERPOLATED}" >> "$GITHUB_OUTPUT"
+
+      - name: Login to Quay.io registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.QUAY_BIOCONDA_REPO }}
+          username: ${{ secrets.QUAY_BIOCONDA_USERNAME }}
+          password: ${{ secrets.QUAY_BIOCONDA_TOKEN }}
+
+      - name: Push Docker manifest list for quay.io/bioconda
+        uses: Noelware/[email protected]
+        with:
+            inputs: quay.io/${{ secrets.QUAY_BIOCONDA_USERNAME }}/${{ matrix.cfg.DOCKER_MANIFEST }}:${{ matrix.cfg.DOCKER_TAG }}
+            images: ${{ steps.interpolate.outputs.DOCKER_IMAGES }}
+            push: true
diff --git a/images/build-env/Dockerfile b/images/build-env/Dockerfile
@@ -0,0 +1,67 @@
+# Specify the base image to support multi-arch images, such as
+# - 'quay.io/condaforge/linux-anvil-aarch64' for Linux aarch64
+# - 'quay.io/condaforge/linux-anvil-cos7-x86_64' for Linux x86_64
+ARG BASE_IMAGE=quay.io/condaforge/linux-anvil-cos7-x86_64
+
+FROM ${BASE_IMAGE} as base
+
+# Copy over C.UTF-8 locale from our base image to make it consistently available during build.
+COPY --from=quay.io/bioconda/base-glibc-busybox-bash /usr/lib/locale/C.utf8 /usr/lib/locale/C.utf8
+
+# Provide system deps unconditionally until we are able to offer per-recipe installs.
+# (Addresses, e.g., "ImportError: libGL.so.1" in tests directly invoked by conda-build.)
+# Also install packages that have been installed historically (openssh-client).
+RUN yum install -y mesa-libGL-devel \
+    && \
+    yum install -y openssh-clients \
+    && \
+    yum clean all && \
+    rm -rf /var/cache/yum/*
+
+# This changes root's .condarc which ENTRYPOINT copies to /home/conda/.condarc later.
+RUN . /opt/conda/etc/profile.d/conda.sh && \
+    conda config \
+    --add channels defaults \
+    --add channels bioconda \
+    --add channels conda-forge \
+    && \
+    { conda config --remove repodata_fns current_repodata.json 2> /dev/null || true ; } && \
+    conda config --prepend repodata_fns repodata.json && \
+    conda config --set channel_priority strict && \
+    conda config --set auto_update_conda False
+
+FROM base as build
+WORKDIR /tmp/repo
+COPY ./bioconda-utils/ ./
+RUN . /opt/conda/etc/profile.d/conda.sh  && conda list
+RUN . /opt/conda/etc/profile.d/conda.sh  && conda activate base && \
+    pip wheel . && \
+    mkdir - /opt/bioconda-utils && \
+    cp ./bioconda_utils-*.whl \
+    ./bioconda_utils/bioconda_utils-requirements.txt \
+    /opt/bioconda-utils/ \
+    && \
+    chgrp -R lucky /opt/bioconda-utils && \
+    chmod -R g=u /opt/bioconda-utils
+
+FROM base
+COPY --from=build /opt/bioconda-utils /opt/bioconda-utils
+RUN . /opt/conda/etc/profile.d/conda.sh  && conda activate base && \
+    # Make sure we get the (working) conda we want before installing the rest.
+    sed -nE \
+    '/^conda([><!=~ ].+)?$/p' \
+    /opt/bioconda-utils/bioconda_utils-requirements.txt \
+    | xargs -r mamba install --yes && \
+    # FIXME: "remove truststore" only necessary due to python downgrade.
+    #        Updating requirements should fix that.
+    #        (Also this removal will break in future.)
+    mamba remove --yes truststore && \
+    mamba install --yes --file /opt/bioconda-utils/bioconda_utils-requirements.txt && \
+    pip install --no-deps --find-links /opt/bioconda-utils bioconda_utils && \
+    mamba clean --yes --index --tarballs && \
+    # Find files that are not already in group "lucky" and change their group and mode.
+    find /opt/conda \
+    \! -group lucky \
+    -exec chgrp --no-dereference lucky {} + \
+    \! -type l \
+    -exec chmod g=u {} +