Added workflows

.build-scripts/tag-release.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+# shellcheck shell=bash
+set -euo pipefail
+[[ "${XDEBUG:-0}" =~ ^[1yYtT] ]] && set -x
+
+IMAGE_TAG_SEP="@"
+
+IMAGE_NAME="${1:-}"
+[[ -n "${IMAGE_NAME:-}" ]] || { echo "IMAGE_NAME is empty" >&2; exit 1; }
+shift
+
+IMAGE_TAG="${1:-}"
+if [[ -z "${IMAGE_TAG:-}" ]]; then
+	IMAGE_TAG="latest"
+	echo "IMAGE_TAG is empty, using default: ${IMAGE_TAG}" >&2
+else
+	shift
+fi
+
+FULL_CONTAINER_NAME="${IMAGE_NAME}:${IMAGE_TAG}"
+
+GIT_TAG="${IMAGE_NAME}${IMAGE_TAG_SEP}${IMAGE_TAG}"
+
+[[ -n "${GIT_TAG:-}" ]] || { echo "GIT_TAG is empty" >&2; exit 1; }
+
+comment="${1:-}"
+if [[ -z "${comment:-}" ]]; then
+	comment="${FULL_CONTAINER_NAME}"
+	echo "comment is empty, using default: ${comment}" >&2
+else
+	shift
+fi
+
+git_tag_args=()
+git_commit_args=()
+if [[ -n "${comment:-}" ]]; then
+	git_tag_args+=(-m "${comment}")
+	git_commit_args+=(-m "${comment}")
+fi
+
+for arg in "$@"; do
+	git_tag_args+=(-m "${arg}")
+	git_commit_args+=(-m "${arg}")
+done
+
+echo "git_tag_args: ${git_commit_args[*]}" >&2
+echo "git_commit_args: ${git_commit_args[*]}" >&2
+
+if git tag -l "${GIT_TAG:-}" | grep -q "^${GIT_TAG:-}$"; then
+	echo "git tag ${GIT_TAG} already exists" >&2
+	if [[ -t 1 ]]; then
+		choice=y
+		read -rp "Do you want to continue? [Y/n] " choice
+		[[ "${choice:-y}" =~ ^[Yy]$ ]] || exit 1
+	fi
+fi
+
+if [[ -t 1 ]]; then
+	echo "git tag -fa ${GIT_TAG} ${git_tag_args[*]}"
+	choice=y
+	read -rp "Do you want to continue? [Y/n] " choice
+	[[ "${choice:-y}" =~ ^[Yy]$ ]] || exit 1
+fi
+
+git commit --allow-empty "${git_commit_args[@]}"
+git push
+git tag -fa "${GIT_TAG}" "${git_tag_args[@]}"
+
+echo 'Tag contents:'
+git tag -l --format='%(contents)' "$(git describe --tags --abbrev=0 || true)"
+
+if [[ -t 1 ]]; then
+	choice=y
+
+	if git remote get-url origin 2>/dev/null 1>&2; then
+		read -rp "Do you want to push to origin? [Y/n] " choice
+		[[ "${choice:-y}" =~ ^[Yy]$ ]] && git push -f origin "${GIT_TAG}"
+	fi
+
+	if git remote get-url upstream 2>/dev/null 1>&2; then
+		read -rp "Do you want to push to upstream? [Y/n] " choice
+		[[ "${choice:-y}" =~ ^[Yy]$ ]] && git push -f upstream "${GIT_TAG}"
+	fi
+fi

.build-scripts/write-apptainer-labels.sh

@@ -0,0 +1,84 @@
+#!/bin/sh
+# shellcheck shell=sh
+
+# Write the build labels to the build labels path for both the org.label-schema and org.opencontainers.image formats
+
+[ -n "${XDEBUG:-}" ] && set -x
+
+write_to_build_labels() {
+	while [ $# -gt 1 ]; do
+		eval "[ -n \"\${$#}\" ] && printf '%s %s\n' \"$1\" \"\${$#}\"" >>"${BUILD_LABELS_PATH:-/dev/stdout}"
+		shift
+	done
+	return 0
+}
+
+write_apptainer_labels() {
+	#[ -n "${APPTAINER_ROOTFS:-}" ] || return 1                                                       # Exit if not in an apptainer build
+	#BUILD_LABELS_PATH="${BUILD_LABELS_PATH:-${APPTAINER_ROOTFS:+${APPTAINER_ROOTFS}/.build.labels}}" # Set the default build labels path
+	if [ -n "${APPTAINER_ROOTFS:-}" ]; then
+		BUILD_LABELS_PATH="${BUILD_LABELS_PATH:-${APPTAINER_ROOTFS}/.build.labels}"
+	else
+		BUILD_LABELS_PATH="${BUILD_LABELS_PATH:-/dev/stdout}"
+	fi
+
+	# Try to fill in the build labels via git if not already set and git is available
+	if git tag >/dev/null 2>&1; then
+		IMAGE_VCS_URL="${IMAGE_VCS_URL:-$(git remote get-url origin || true)}"                       # Set the default VCS URL to the origin remote
+		[ -z "${IMAGE_URL:-}" ] && [ -n "${IMAGE_VCS_URL:-}" ] && IMAGE_URL="${IMAGE_VCS_URL%%.git}" # Set the default URL to the VCS URL without the .git extension
+		IMAGE_VCS_REF="${IMAGE_VCS_REF:-$(git rev-parse --short HEAD || true)}"                      # Set the default VCS ref to the short hash of HEAD
+
+		IMAGE_GIT_TAG="${GITHUB_REF_NAME:-"$(git tag --points-at HEAD --list '*@*' --sort=-"creatordate:iso" || true)"}" # Set the default git tag to the most recent tag matching the format *@* sorted by date
+
+		if [ -n "${IMAGE_GIT_TAG:-}" ]; then
+			if [ -z "${IMAGE_TAG:-}" ]; then
+				IMAGE_TAG="$(echo "${IMAGE_GIT_TAG:-}" | sed -nE 's/.*[@]//; s/^v//; 1p')"
+				[ -z "${IMAGE_TAG:-}" ] && IMAGE_TAG='latest'
+			fi
+
+			if [ -n "${IMAGE_TITLE:-}" ]; then
+				IMAGE_TITLE="$(echo "${IMAGE_GIT_TAG}" | sed -nE 's/[@].*$//; 1p')"
+			fi
+		fi
+	fi
+	IMAGE_TAG="${IMAGE_TAG:-latest}"                     # Set the default tag to latest if no tag was found
+	IMAGE_TITLE="${IMAGE_TITLE:-"$(basename "${PWD}")"}" # Set the default title to the current directory name
+	IMAGE_VERSION="${IMAGE_VERSION:-${IMAGE_TAG:-}}"     # Set the default version to the tag if set, otherwise the tag if set, otherwise empty
+
+	# If no image vendor is set, try to set it to the GitHub organization:
+	if [ -z "${IMAGE_VENDOR:=${IMAGE_VENDOR:-}}" ]; then
+		# If the GitHub organization is not set, try to set it to the GitHub organization of the upstream remote:
+		[ -z "${GH_ORG:-}" ] && GH_ORG="$(git remote get-url upstream | sed -n 's/.*github.com[:/]\([^/]*\)\/.*/\1/p' || true)"
+		# If the GitHub organization is not set, try to set it to the GitHub organization of the origin remote:
+		[ -z "${GH_ORG:-}" ] && GH_ORG="$(git remote get-url origin | sed -n 's/.*github.com[:/]\([^/]*\)\/.*/\1/p' || true)"
+
+		# Assign the image vendor to the GitHub organization or username if it is set, otherwise leave it empty:
+		IMAGE_VENDOR="${GH_ORG:-}"
+
+		# If the GitHub organization is set to uw-psych, set the image vendor to the University of Washington Department of Psychology:
+		[ "${IMAGE_VENDOR:-}" = 'uw-psych' ] && IMAGE_VENDOR='University of Washington Department of Psychology'
+	fi
+
+	# Try to set image author from GITHUB_REPOSITORY_OWNER if not set:
+	IMAGE_AUTHOR="${IMAGE_AUTHOR:-${GITHUB_REPOSITORY_OWNER:-}}"
+
+	# If no image author is set, try to set it to the git author via git config:
+	if [ -z "${IMAGE_AUTHOR:-}" ] && command -v git >/dev/null 2>&1; then
+		[ -n "${IMAGE_AUTHOR_EMAIL:-}" ] || IMAGE_AUTHOR_EMAIL="$(git config --get user.email || git config --get github.email || true)"
+		[ -n "${IMAGE_AUTHOR_NAME:-}" ] || IMAGE_AUTHOR_NAME="$(git config --get user.name || git config --get github.user || true)"
+		IMAGE_AUTHOR="${IMAGE_AUTHOR_NAME:+${IMAGE_AUTHOR_NAME} }<${IMAGE_AUTHOR_EMAIL:-}>"
+	fi
+
+	# Write the build labels to the build labels path for both the org.label-schema and org.opencontainers.image formats:
+	write_to_build_labels "org.label-schema.title" "org.opencontainers.image.title" "${IMAGE_TITLE:-}"
+	write_to_build_labels "org.label-schema.url" "org.opencontainers.image.url" "${IMAGE_URL:-}"
+	write_to_build_labels "org.label-schema.vcs-ref" "org.opencontainers.image.revision" "${IMAGE_VCS_REF:-}"
+	write_to_build_labels "org.label-schema.vcs-url" "org.opencontainers.image.source" "${IMAGE_VCS_URL:-}"
+	write_to_build_labels "org.label-schema.vendor" "org.opencontainers.image.vendor" "${IMAGE_VENDOR:-}"
+	write_to_build_labels "MAINTAINER" "maintainer" "org.opencontainers.image.authors" "${IMAGE_AUTHOR:-}"
+	write_to_build_labels "org.label-schema.description" "org.opencontainers.image.description" "${IMAGE_DESCRIPTION:-}"
+	write_to_build_labels "org.label-schema.usage" "org.opencontainers.image.documentation" "${IMAGE_DOCUMENTATION:-}"
+	write_to_build_labels "org.label-schema.version" "org.opencontainers.image.version" "${IMAGE_VERSION:-}"
+}
+
+! (return 0 2>/dev/null) || write_apptainer_labels "$@"

.github/workflows/apptainer-image.yml

@@ -0,0 +1,110 @@
+name: Apptainer Build
+on:
+  push:
+    tags:
+      - "*@*"
+
+defaults:
+  run:
+    shell: bash
+
+env:
+  APPTAINER_VERSION: 1.2.5
+  ORAS_VERSION: 1.1.0
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    name: Build Apptainer image
+    permissions:
+        contents: write
+        packages: write
+
+    steps:
+      - name: Download Apptainer
+        run: |
+          set -eux -o pipefail
+          curl -o "apptainer-${APPTAINER_VERSION}.deb" -L https://github.com/apptainer/apptainer/releases/download/v${APPTAINER_VERSION}/apptainer_${APPTAINER_VERSION}_amd64.deb
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update -yq  || echo "Couldn't update apt packages. Will attempt installation without update" >&2
+          sudo dpkg --install --force-depends "apptainer-${APPTAINER_VERSION}.deb" && sudo apt-get install --fix-broken --yes --quiet
+          apptainer >&2 --version && echo >&2 "Apptainer installed successfully!"
+          apptainer remote login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} oras://ghcr.io && echo "Logged in to remote registry successfully" >&2
+
+      - name: Install ORAS
+        run: |
+          set -eux -o pipefail
+          curl -o "oras_${ORAS_VERSION}.tar.gz" -L "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz"
+
+          # Install the executable:
+          tar -xvf oras_${ORAS_VERSION}.tar.gz && chmod +x oras && sudo mv oras /usr/local/bin/oras
+          sudo mv "${DOWNLOAD_PATH}" /usr/local/bin/oras && sudo chmod +x /usr/local/bin/oras & oras >&2 version && echo >&2 "oras installed successfully!"
+          oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io && echo "Logged in to remote registry successfully" >&2
+
+      - name: Check out code for the container build
+        uses: actions/checkout@v4
+
+      - name: Build Container
+        run: |
+          set -eux -o pipefail
+          if [[ "${GITHUB_REF_TYPE:-}" == "tag" ]] && [[ "${GITHUB_REF}" =~ ^.*@.*$ ]]; then
+              [[ -z "${IMAGE_NAME:-}" ]] && IMAGE_NAME="${GITHUB_REF%%@*}" && IMAGE_NAME="${IMAGE_NAME##refs/tags/}"
+              [[ -z "${IMAGE_TAG:-}" ]] && IMAGE_TAG="${GITHUB_REF##*@}" && IMAGE_TAG="${IMAGE_TAG##*v}"
+          fi
+
+          [[ -z "${IMAGE_NAME:-}" ]] && IMAGE_NAME="${GITHUB_REPOSITORY##*/}"
+          [[ -z "${IMAGE_TAG:-}" ]] && IMAGE_TAG="$(date +%s)"
+
+          if [[ -d "${IMAGE_NAME}" ]] && [[ -f "${IMAGE_NAME}/Singularity" ]]; then
+            cd "${IMAGE_NAME}"
+            echo "Using Singularity file in ${PWD}" >&2
+          elif [[ -f Singularity ]]; then
+            echo "Using Singularity file in root directory" >&2
+          else
+            echo "No Singularity file found in \"${IMAGE_NAME:-}\" or root directory" >&2
+            exit 1
+          fi
+          
+          IMAGE_PATH="${GITHUB_WORKSPACE}/${IMAGE_NAME}".sif
+
+          echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
+          echo "IMAGE_PATH=${IMAGE_PATH}" >> $GITHUB_ENV
+
+          echo "IMAGE_NAME=${IMAGE_NAME}" >&2
+          echo "IMAGE_TAG=${IMAGE_TAG}" >&2
+          echo "IMAGE_PATH=${IMAGE_PATH}" >&2
+        
+          apptainer build --nv --fix-perms --disable-cache --force "${IMAGE_PATH}" Singularity
+          
+          echo "Container built successfully" >&2
+          
+          echo "Container size:" >&2
+          du -h "${IMAGE_PATH}" >&2
+          
+          echo "Container labels:" >&2
+          apptainer inspect "${IMAGE_PATH}" >&2
+
+      - name: Push Container
+        run: |
+          set -eux -o pipefail
+          
+          if [[ "${GITHUB_REF_TYPE:-}" == "tag" ]] && [[ "${GITHUB_REF}" =~ ^.*@.*$ ]]; then
+              [[ -z "${IMAGE_NAME:-}" ]] && IMAGE_NAME="${GITHUB_REF%%@*}" && IMAGE_NAME="${IMAGE_NAME##refs/tags/}"
+              [[ -z "${IMAGE_TAG:-}" ]] && IMAGE_TAG="${GITHUB_REF##*@}" && IMAGE_TAG="${IMAGE_TAG##*v}"
+          fi
+
+          [[ -z "${IMAGE_NAME:-}" ]] && IMAGE_NAME="${GITHUB_REPOSITORY##*/}"
+          [[ -z "${IMAGE_TAG:-}" ]] && IMAGE_TAG="$(date +%s)"
+        
+          # Log in:
+          apptainer remote login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} oras://ghcr.io
+
+          # Push the image:
+          apptainer push -U "${IMAGE_PATH}" oras://ghcr.io/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
+
+          # Tag the image as latest if it's not a pre-release:
+          if [[ "${IMAGE_TAG}" != "latest" ]] && [[ ! "${IMAGE_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+-.+$ ]]; then
+            oras tag -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} latest
+          fi
+          echo "Done" >&2

.github/workflows/build-documentation.yml

@@ -0,0 +1,54 @@
+name: Apptainer Build
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - README.md.esh
+      - .github/workflows/scripts/esh
+      - .github/workflows/build-documentation.yml
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    name: Build documentation
+    permissions: write-all
+    steps:
+      - name: Check out code for the container build
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Build documentation
+        shell: bash
+        run: |
+          set -eux -o pipefail
+          
+          # Run esh to fill in the variables:
+          "${GITHUB_WORKSPACE}/.github/workflows/scripts/esh" "${GITHUB_WORKSPACE}/README.md.esh" > "${GITHUB_WORKSPACE}/README.md"
+  
+          # Stage files:
+          git add README.md
+
+          # Build additions to commit message:
+          commit_args=()
+
+          # Get the last commit message, if any:
+          last_commit_msg="$(git log -1 --pretty=format:%B || true)"
+
+          if git diff --staged --name-only "README.md" | grep -Fq "README.md"; then
+            commit_args+=(-m "GITHUB_ACTION=\"${GITHUB_ACTION:-}\": Templated \"README.md\" for GITHUB_REPOSITORY=\"${GITHUB_REPOSITORY}\"")
+          fi
+
+          if (( "${#commit_args[@]}" > 1 )); then
+
+            # Don't append to commit message:
+            if [[ "${GITHUB_REF_TYPE:-}" == "tag" ]] && [[ "${GITHUB_REF}" =~ ^.*@.*$ ]]; then
+              echo "Not appending commit messages because this is a tagged release" >&2
+              commit_args=()
+            fi
+
+            # Set up git config for push:
+            git config --local user.email "${{ github.event.sender.id }}+${{ github.event.sender.login }}@users.noreply.github.com"
+            git config --local user.name ${{ github.event.sender.login }}
+            git commit -a "${last_commit_msg:+-m ${last_commit_msg:-}}" "${commit_args[@]}"  && git push --force
+          fi