build docker image/sif file action

.github/workflows/container_build_push.yml

@@ -0,0 +1,87 @@
+name: container-build-push
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - "v*.*.*"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ghcr.io/${{ github.repository_owner }}/container_template            
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+            type=raw,value=latest,enable={{is_default_branch}} 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}      
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: "{{defaultContext}}:src"
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file:
+            ./dockerfiles/container_template/Dockerfile
+          platforms: linux/amd64
+
+  build-apptainer-container:
+    needs: docker
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    name: Build Apptainer Container
+    steps:
+      - name: Check out code for the container builds
+        uses: actions/checkout@v4
+      - name: Docker meta 
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/container_template            
+          tags: |
+            type=semver,pattern={{version}}
+            type=ref,event=branch
+            type=sha
+            type=raw,value=latest,enable={{is_default_branch}}
+      - name: Build and push Apptainer container
+        run: |
+          tags="${{ steps.meta.outputs.tags }}"
+          csv_tags=$(printf "%s\n" "$tags" | awk -F: 'NR==1{printf "%s,", $0; next} {printf "%s,", $NF}' | sed 's/,$//')
+          IFS= read -r first_tag <<EOF
+          $tags
+          EOF
+          push_tags="$(printf $csv_tags | sed -e "s/container_template/container_template_sif/g")"
+          echo ${{ secrets.GITHUB_TOKEN }} | oras login --username ${{ github.repository_owner }} --password-stdin ghcr.io
+          docker pull kaczmarj/apptainer:latest
+          docker run --rm --privileged -v $(pwd):/work kaczmarj/apptainer build container_template.sif docker://"$first_tag"
+          oras push "$push_tags" container_template.sif
+          rm container_template.sif
+        shell: sh

README.md

@@ -1,6 +1,6 @@
 # Project ``container_template``
 
-This is a template repository for singularity/dockerfile containers and build scripts
+This is a template repository for Singularity/Dockerfile containers/images and build scripts
 
 ## Build status
 
@@ -9,6 +9,7 @@ This is a template repository for singularity/dockerfile containers and build sc
 [![Documentation Status](https://readthedocs.org/projects/container-template/badge/?version=latest)](https://container-template.readthedocs.io/en/latest/?badge=latest)
 [![Flake8 lint](https://github.com/precimed/container_template/actions/workflows/python.yml/badge.svg)](https://github.com/precimed/container_template/actions/workflows/python.yml)
 [![Dockerfile lint](https://github.com/precimed/container_template/actions/workflows/docker.yml/badge.svg)](https://github.com/precimed/container_template/actions/workflows/docker.yml)
+[![Container build push](https://github.com/precimed/container_template/actions/workflows/container_build_push.yml/badge.svg)](https://github.com/precimed/container_template/actions/workflows/container_build_push.yml)
 [![Use this Template](https://img.shields.io/badge/Use%20this%20template-green.svg)](https://github.com/new?template_name=container_template&template_owner=precimed)
 
 ## Citation

docker/README.md

@@ -21,7 +21,11 @@ This repository is used to develop and document [Docker](https://www.docker.com)
 
 If you face any issues, or if you need additional software, please let us know by creating an [issue](https://github.com/espenhgn/container_template/issues/new).
 
-## Build instructions
+## Build instructions – DEPRECATED
+
+The build scripts described below are deprecated and will be removed in the future.
+We rely on a GitHub Actions workflow to build the containers and push them to the GitHub Container Registry.
+See the [GitHub Actions](../.github/workflows/container_build_push.yml) file for more information.
 
 ### The easy(er) way
 

docker/dockerfiles/container_template/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:24.04
 
 ENV TZ=Europe
 ENV DEBIAN_FRONTEND noninteractive

docker/scripts/apt_get_essential.sh

@@ -2,9 +2,9 @@
 set -eou pipefail
 
 apt-get update && apt-get install -y  --no-install-recommends \
-    apt-utils=2.0.9 \
-    ca-certificates=20230311ubuntu0.20.04.1 \
-    curl=7.68.0-1ubuntu2.19 \
+    apt-utils=2.7.14build2 \
+    ca-certificates=20240203 \
+    curl=8.5.0-2ubuntu10.1 \
     && \
     update-ca-certificates && \
     apt-get clean && \

docker/scripts/install_mambaforge.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-version=22.11.1-4
+version=24.3.0-0
 curl -sSL https://github.com/conda-forge/miniforge/releases/download/$version/Mambaforge-$version-$(uname)-$(uname -m).sh -o /tmp/mambaforge.sh \
   && mkdir /root/.conda \
   && bash /tmp/mambaforge.sh -bfp /usr/local \

docs/container_template.md

@@ -24,7 +24,7 @@ Options and arguments (and corresponding environment variables):
 
 ## Helpful links to singularity documentation
 
-It's good idea to familirize with basics of Singularity, such as these:
+It's a good idea to familiarize yourself with the basics of Singularity, such as these:
 
 * ["singularity shell" options](https://sylabs.io/guides/3.2/user-guide/cli/singularity_shell.html#options)
 * [Bind paths and mounts](https://sylabs.io/guides/3.2/user-guide/bind_paths_and_mounts.html).

scripts/PROJECT_README.md

@@ -4,7 +4,7 @@ README info goes here. Modify for your own project's needs.
 
 # Important! - post initial setup steps
 
-After setting up project from the template, add files, commit and push the changes after running the setup script (`scripts/init.py`):
+After setting up your project from the template, add files, commit and push the changes after running the setup script (`scripts/init.py`):
 
 ```
 git add <file1> <file2> ...
@@ -27,6 +27,7 @@ Revise the `<container_template>/.gitattributes` file as necessary. Some common
 [![Documentation Status](https://readthedocs.org/projects/container-template/badge/?version=latest)](https://container-template.readthedocs.io/en/latest/?badge=latest)
 [![Flake8 lint](https://github.com/precimed/container_template/actions/workflows/python.yml/badge.svg)](https://github.com/precimed/container_template/actions/workflows/python.yml)
 [![Dockerfile lint](https://github.com/precimed/container_template/actions/workflows/docker.yml/badge.svg)](https://github.com/precimed/container_template/actions/workflows/docker.yml)
+[![Container build push](https://github.com/precimed/container_template/actions/workflows/container_build_push.yml/badge.svg)](https://github.com/precimed/container_template/actions/workflows/container_build_push.yml)
 
 ## Description of available containers
 
@@ -36,7 +37,92 @@ Revise the `<container_template>/.gitattributes` file as necessary. Some common
 
 Below is the list of tools included in the different Dockerfile(s) and installer bash scripts for each container.
 Please keep up to date (and update the main `<container_template>/README.md` when pushing new container builds):
-
+
+### Installation and set up
+
+#### Dependencies on host system
+
+In order to set up these resource, some software may be required
+
+- [Singularity/SingularityCE](https://sylabs.io/singularity/) or [Apptainer](https://apptainer.org)
+- [Git](https://git-scm.com/)
+- [Git LFS](https://git-lfs.com)
+- [ORAS CLI](https://oras.land)
+
+#### Clone the repository
+
+To download the last revision of this project, issue:
+
+```bash
+cd path/to/repositories
+git clone --depth 1 https://github.com/precimed/container_template.git
+cd container_template
+git lfs pull  # pull "large" files
+```
+
+#### Update the `container_template.sif` container
+
+To obtain updated versions of the Singularity Image Format (.sif) container file `, issue
+
+```bash
+cd path/to/repositories/container_template/singularity
+mv container_template.sif container_template.sif.old  # optional, just rename the old(er) file
+apptainer pull docker://ghcr.io/precimed/container_template:<tag>  # or
+singularity pull docker://ghcr.io/precimed/container_template:<tag> # or 
+oras pull ghcr.io/precimed/container_template_sif:<tag>
+```
+
+where `<tag>` corresponds to a tag listed under [packages](https://github.com/precimed/container_template/pkgs/container/container_template),
+such as `latest`, `main`, or `sha_<GIT SHA>`. 
+The `oras pull` statement pulls the `container_template.sif` file from [ghcr.io](https://github.com/precimed/container_template/pkgs/container/container_template_sif) using the [ORAS](https://oras.land) registry, without the need to build the container locally.
+
+#### Pulling and using Docker image
+
+To pull the corresponding Docker image, issue:
+
+```bash
+docker pull ghcr.io/precimed/container_template:<tag>
+```
+
+If working on recent Macs, add the `--platform=linux/amd64` after `docker pull`. 
+This may allow replacing `singularity exec ...` or `apptainer exec ...` statements with appropriate `docker run ...` statements, 
+on systems where Singularity or Apptainer is unavailable.
+Functionally, the Docker image is equivalent to the Singularity container, but note that syntax for mounting volumes and invoking commands may differ.
+Please refer to [docs.docker.com](https://docs.docker.com) for more information.
+
+> [!NOTE] Note that the provided Docker image may not support all CPUs, and may not be able to run on all systems via CPU virtualization.
+> An option may be to build the Docker image on the host machine (e.g., M1/M2 Macs, older Intel CPUs), as:
+>
+>```bash
+>docker build --platform=linux/amd64 -t ghcr.io/precimed/container_template -f dockerfiles/container_template/Dockerfile .
+>```
+
+Example of using the Docker image:
+
+```bash
+#!/bin/bash
+# define environment variables:
+export IMAGE="ghcr.io/precimed/container_template:latest"  # adapt as necessary
+# shortcuts for Python and interactive shell:
+export PYTHON="docker run --platform=linux/amd64 --rm -v ${PWD}:/home -w/home --entrypoint=python ${IMAGE}"
+export ISHELL="docker run --platform=linux/amd64 --rm -it -v ${PWD}:/home -w/home --entrypoint=bash ${IMAGE}"
+
+# invoke Python help/list local directory
+$PYTHON --help
+$PYTHON -c "import os; print(os.listdir())"
+```
+
+### Systems without internet access
+
+Some secure platforms do not have direct internet access, hence we recommend cloning/pulling all required files on a machine with internet access as explained above, and archive the `container_template` directory with all files and moving it using whatever file uploader is available for the platform.
+
+```bash
+cd /path/to/container_template
+SHA=$(git rev-parse --short HEAD)
+cd ..
+tar --exclude=".git/*" -cvf container_template_$SHA.tar container_template
+```
+
 ### container_template.sif
 
 | OS/tool             | Version               | License           | Source
@@ -46,12 +132,13 @@ Please keep up to date (and update the main `<container_template>/README.md` whe
 
 ## Building/rebuilding containers
 
-For instructions on how to build or rebuild containers using [Docker](https://www.docker.com) and [Singularity](https://docs.sylabs.io) refer to [`<container_template>/docker/README.md`](https://github.com/precimed/container_template/blob/main/docker/README.md).
+While we don't recommend building containers locally, it is possible.
+For instructions on how to build or rebuild containers manually using [Docker](https://www.docker.com) and [Singularity](https://docs.sylabs.io) refer to [`<container_template>/docker/README.md`](https://github.com/precimed/container_template/blob/main/docker/README.md).
 
 ## Build the documentation
 
 Within this repository, the html-documentation can be built from source files put here using [Sphinx](https://www.sphinx-doc.org/en/master/index.html). 
-To do so, install Sphinx and some additional packages in python using [Conda](https://docs.conda.io/en/latest/) by issuing:
+To do so, install Sphinx and some additional packages in Python using [Conda](https://docs.conda.io/en/latest/) by issuing:
 
 ```
 cd <container_template>/docs/source

version/version.py

@@ -5,7 +5,7 @@
 _PATCH = "0"
 # This is mainly for nightly builds which have the suffix ".dev$DATE". See
 # https://semver.org/#is-v123-a-semantic-version for the semantics.
-_SUFFIX = "rc3"
+_SUFFIX = "rc4"
 
 VERSION_SHORT = "{0}.{1}".format(_MAJOR, _MINOR)
 VERSION = "{0}.{1}.{2}{3}".format(_MAJOR, _MINOR, _PATCH, _SUFFIX)