Make base images multiarch #55
Conversation
| @@ -93,8 +102,8 @@ jobs: | |||
| # FIX upstream: Quay.io does not support immutable images currently. | |||
| # => Try to use the REST API to check for duplicate tags. | |||
| respone="$( | |||
| curl -sL \ | |||
| 'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image' | |||
| curl -sL -H "Authorization: Bearer ${{ secrets.QUAY_BIOCONDA_TOKEN }}" \ | |||
There was a problem hiding this comment.
This is not tested because the secrets are not exported to forks/PRs.
Without the Authorization header Quay returns 403 (Forbidden)
images/create-env/Dockerfile
Outdated
| @@ -1,3 +1,4 @@ | |||
| ARG arch=x86_64 | |||
| # Use the exact conda, mamba versions as used in bioconda-recipes' builds. | |||
| ARG bioconda_utils_version='1.1.3' | |||
| FROM quay.io/bioconda/bioconda-utils-build-env-cos7:${bioconda_utils_version} as bioconda-build-env | |||
There was a problem hiding this comment.
It seems the image should be quay.io/bioconda/bioconda-utils-build-env-cos7 for x86 and quay.io/bioconda/bioconda-utils-build-env-cos7-aarch64 for aarch64?
There was a problem hiding this comment.
Yes, this has to be updated once bioconda/bioconda-utils#866 is merged!
images/create-env/Dockerfile
Outdated
| @@ -13,7 +14,7 @@ FROM quay.io/bioconda/base-glibc-debian-bash as build | |||
| WORKDIR /tmp/work | |||
| COPY --from=bioconda-build-env /tmp/requirements.txt ./ | |||
| COPY install-conda print-env-activate create-env ./ | |||
| ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh ./miniconda.sh | |||
| ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-${arch}.sh ./miniconda.sh | |||
There was a problem hiding this comment.
curious is it something special so that we have to use build-args but not wget according build arch?
There was a problem hiding this comment.
Again, this is outdated. Please see the latest version of the PR.
There was a problem hiding this comment.
But now I notice that I need to add multi-arch build to the GHA workflow!
There was a problem hiding this comment.
Improved with 1b4b7e2
| env: | ||
| # The base image is not intended to change often and should be used with | ||
| # version tags or checksum IDs, but not via "latest". | ||
| IMAGE_VERSION: '2.1.0' | ||
| IMAGE_VERSION: '3.0.0' |
There was a problem hiding this comment.
Is it a normal upgrade or for special fixing?
There was a problem hiding this comment.
I bumped the major version because now the image would be multi-arch and because of the update of Ubuntu version and the GLIBC coming with it.
But since there are no changes for the x86_64 users maybe we should bump the minor/patch version ?! I am OK to update the PR with the preferred change by the maintainers!
There was a problem hiding this comment.
The only reason I can think of to keep the older version is to use an older libc for testing to make sure our packages for on older HPC. But this should be ensure with the build container ... so following this and trusting the build container I think we could bump the runtime container.
@bioconda/build-system any thoughts?
There was a problem hiding this comment.
I just bumped the version of create-env image too to 3.0.0, so it is in sync with the other images in this PR.
As I said above I'd be happy to change the version to whatever the Bioconda team thinks it should be!
|
We are ready with the next PR for bioconda-containers - https://github.com/martin-g/bioconda-containers/pull/2/files The new/next PR will provide images |
There was a problem hiding this comment.
bioconda-utils build --docker --mulled-test --packages py2bit --docker-base-image ghcr.io/yikun/bioconda-utils-build-env-cos7-aarch64 --mulled-conda-image ghcr.io/martin-g/create-env-aarch64 --force
I also do a e2e test with martin-g#2 (ghcr.io/martin-g/create-env-aarch64), it works! So LGTM except inline comment/question.
| container="$( buildah from "${image_id}" )" | ||
| buildah config --label=glibc="${glibc}" "${container}" | ||
| buildah config --label=debian="${debian}" "${container}" | ||
| labels=" |
There was a problem hiding this comment.
buildah config --label=glibc="${glibc}" "${container}"
buildah config --label=debian="${debian}" "${container}"
Not sure what did the original buildah do? Just label variable? Was it used by some other where?
There was a problem hiding this comment.
I don't know where and how these labels are used but they are still set at https://github.com/bioconda/bioconda-containers/pull/55/files#diff-b4a54ac6775437f0dbe546b99c784d76f3defaaa74b1456488e4fa4f78850e1cR75
|
Friendly ping! |
|
Any feedback on the proposed changes ? |
|
These changes look like exactly what I need! |
|
I had to build Then I built And following the steps explained at bioconda/bioconda-recipes#23454 (comment) I was able to build several Bioconda packages for Linux aarch64! Great work, @martin-g ! I hope this PR is merged soon and all aarch64 Docker images are uploaded to Quay.io so that there is no need to use patches and build them locally ! |
|
+1 for this PR! |
|
I have never touched this repo so far, so any help with fixing the remaining issues would be greatly appreciated. |
|
@johanneskoester Do you have an idea what is needed for #55 (comment) ? |
Thanks for the reminder. Looking into that now. I think the bot did not have the permissions to push, but that should be solved now. Let's see whether the next release (today) succeeds. |
Thanks for the reminder. Solved now and 2.5.0 has been properly pushed! |
|
Great! |
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org> Try with redhat-actions/buildah-build and redhat-actions/push-to-registry Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
ubuntu-18.04 is deprecated - https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/ Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
…ay.io Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
To be in sync with the other image versions in this PR Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Its value is newline separated and breaks the loop syntax Fix the name of a step - it is steps.build.outputs.image, not buildah-build anymore Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
martin-g
force-pushed
the
support-linux-aarch64
branch
from
026904f
to
575ea75
Compare
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
|
I am going to merge martin-g#2 into this PR. |
|
The CI jobs fail with: for debian:9. |
|
Is it OK to use Debian 10 instead ? |
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
|
With c1e64e2 I updated |
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
|
Now I remember why here it depends on quay.io/bioconda/base-glibc-debian-bash - the ARM64 flavor of this image is created by this PR.
But this PR CI checks cannot pass because bioconda-containers/.github/workflows/base-glibc-debian-bash.yaml Lines 96 to 98 in 0fc3512 |
|
@johanneskoester Could you please allow the execution of the checks one more time? Thanks! |
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
|
Hi @martin-g, thank you (and also everyone else above!) for working on this, much appreciated. (Incidentally, Debian 12.2 is also scheduled to be released today, so we might combine updating the base images with that version. I'm doing some sanity checks for that currently.) I'll get back to you tomorrow or Monday at the latest. Cheers, |
|
Quick update: Currently, I'm digging into why # podman run --arch=arm64 --rm docker://arm64v8/busybox:1.36.1-glibc busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
wget: error getting response: Connection reset by peer
# podman run --arch=arm64 --rm docker://arm64v8/busybox:1.36.1-musl busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
wget: error getting response: Connection reset by peer
# podman run --arch=arm64 --rm docker://arm64v8/debian:12.1-slim sh -c 'apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get install -qy busybox > /dev/null && busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html'
debconf: delaying package configuration, since apt-utils is not installed
wget: error getting response: Connection reset by peer
# podman run --arch=arm64 --rm docker://arm64v8/alpine:3.18.4 busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 20:46:02 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
# podman run --arch=amd64 --rm docker://amd64/busybox:1.36.1-glibc busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 20:46:53 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
# podman run --arch=amd64 --rm docker://amd64/debian:12.1-slim sh -c 'apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get install -qy busybox > /dev/null && busybox wget -q -S --no-check-certificate https://www.busybox.net/news.html'
debconf: delaying package configuration, since apt-utils is not installed
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 20:47:25 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Once that one's figured out, I'll cherry-pick your changes into multiple PRs to update the base images and then the other images. ( |
|
There are many reports for The recommendation is to use works fine! I tried many older versions of |
Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Yes, you'd normally not want to use BusyBox's
For some use cases that makes sense, yes. I just wanted to make sure that we don't introduce (avoidable) differences between the I'm currently working on incorporating the version updates and hope we can finish the images tomorrow. |
|
After more unfortunate delays, we are nearly there with the container builds. In gh-58 I cherry-picked your commits for the base images and those are available on quay.io/bioconda (well, after fixing a little hiccup with gh-60). There were quite some unexpected hurdles with differences under QEMU and/or aarch64, Buildah versions, bumpy manifest handling, directory layout changes in Debian 12, etc. pp. I'll wait for one test run of gh-59 to finish and then trim down/skip some tests (at least when run via QEMU), so that we can have those built and pushed today. We now have x86_64 and aarch64 base images updated to the current Debian/BusyBox versions (also prepared for minimal work needed for future Debian >=13 updates) available at Thanks very much for keeping to push this -- half a year on this PR, finally coming to fruition! |
Add support for Linux ARM64 to
base-glibc-busybox-bashandbase-glibc-debian-bashimages.Update the Github runners to 20.04 because the 18.04 ones never start (they stay in
Queuedstate for days). See https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/Fix warnings:
>> $GITHUB_OUTPUTinstead of the deprecatedset-outputMulti-arch images built by my fork could be seen here: