diff --git a/.github/workflows/docker-autobuild-release.yaml b/.github/workflows/docker-autobuild-release.yaml new file mode 100644 index 00000000..28b77a1c --- /dev/null +++ b/.github/workflows/docker-autobuild-release.yaml @@ -0,0 +1,119 @@ +name: Docker automatic build and publish with repository releases + +on: + push: + tags: [ 'v*.*.*' ] + +env: + REGISTRY: ghcr.io + +jobs: + build-and-push-base-ops: + runs-on: ubuntu-latest + name: Build and push vre-base-ops image + strategy: + matrix: + context: [ + 'base-ops' + ] + + permissions: + contents: read + packages: write + + steps: + - name: Docker Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Log in to the GH Container Registry + id: login + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata for ${{ matrix.environments }} + id: metadata + uses: docker/metadata-action@v5.3.0 + with: + flavor: | + latest=true + tags: | + type=ref,event=tag + # ghcr.io/vre-hub/{vre}-{base-ops}:{tag} + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ github.event.repository.name }}-${{ matrix.environments }} + + - name: Build and push ${{ matrix.environments }} + id: build + uses: docker/build-push-action@v5.1.0 + with: + context: ./${{ matrix.environments }} + file: ./${{ matrix.environments }}/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') + + build-and-push-container: + runs-on: ubuntu-latest + name: Build and push vre operation images + strategy: + matrix: + context: [ + 'iam-reana-sync', + 'iam-rucio-sync', + 'rucio-client', + 'rucio-noise', + ] + + permissions: + contents: read + packages: write + + steps: + - name: Docker Checkout + uses: actions/checkout@v4 + + - name: Get tag + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Check env output + run: echo "tag" is ${{ env.RELEASE_VERSION }} + + - name: Log in to the GH Container Registry + id: login + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata for ${{ matrix.environments }} + id: metadata + uses: docker/metadata-action@v5.3.0 + with: + flavor: | + latest=true + tags: | + type=ref,event=tag + # ghcr.io/vre-hub/{vre}-{container_name}:{tag} + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ github.event.repository.name }}-${{ matrix.environments }} + + - name: Build and push ${{ matrix.environments }} + id: build + uses: docker/build-push-action@v5.1.0 + with: + context: ./${{ matrix.environments }} + file: ./${{ matrix.environments }}/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') + TAG=${{ env.RELEASE_VERSION }} + + diff --git a/.github/workflows/docker-base-ops.yaml b/.github/workflows/docker-base-ops.yaml deleted file mode 100644 index 86b7cbd1..00000000 --- a/.github/workflows/docker-base-ops.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: Docker base container for VRE ops build - -# Build image with changes to any file within containers/base-ops/ -# and when a new tag is created. -on: - push: - paths: - - containers/base-ops/** - tags: - - '**' - -env: - CONTAINER: base-ops - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }}-$CONTAINER - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push Docker image - id: build-and-push - working-directory: containers/base-ops - run: | - docker build --build-arg BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - git clone https://github.com/vre-hub/vre.git - cd vre - # Echo the output, substitute the `-g` with a `-` and export the result. - # The `-g` is by default on git describe because of historical reasons. - echo "tag_describe is $(git describe --tags | sed 's/-g/-/g')" - export tag_describe=$(git describe --tags | sed 's/-g/-/g') - cd .. - docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - rm -rf vre - \ No newline at end of file diff --git a/.github/workflows/docker-iam-reana-sync.yaml b/.github/workflows/docker-iam-reana-sync.yaml deleted file mode 100644 index 08a24df1..00000000 --- a/.github/workflows/docker-iam-reana-sync.yaml +++ /dev/null @@ -1,58 +0,0 @@ -name: Docker iam reana sync build - -on: - push: - branches: - - main - paths: - - containers/iam-reana-sync/** - -env: - CONTAINER: iam-reana-sync - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }}-$CONTAINER - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push Docker image - id: build-and-push - working-directory: containers/${{ env.CONTAINER }} - run: | - git clone https://github.com/vre-hub/vre.git - cd vre - # Echo the output, substitute the `-g` with a `-` and export the result. - # The `-g` is by default on git describe because of historical reasons. - echo "tag_describe is $(git describe --tags | sed 's/-g/-/g')" - export tag_describe=$(git describe --tags | sed 's/-g/-/g') - cd .. - docker build --build-arg BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - rm -rf vre diff --git a/.github/workflows/docker-iam-rucio-sync.yaml b/.github/workflows/docker-iam-rucio-sync.yaml deleted file mode 100644 index 032e5ab2..00000000 --- a/.github/workflows/docker-iam-rucio-sync.yaml +++ /dev/null @@ -1,58 +0,0 @@ -name: Docker iam rucio sync build - -on: - push: - branches: - - main - paths: - - containers/iam-rucio-sync/** - -env: - CONTAINER: iam-rucio-sync - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }}-$CONTAINER - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push Docker image - id: build-and-push - working-directory: containers/${{ env.CONTAINER }} - run: | - git clone https://github.com/vre-hub/vre.git - cd vre - # Echo the output, substitute the `-g` with a `-` and export the result. - # The `-g` is by default on git describe because of historical reasons. - echo "tag_describe is $(git describe --tags | sed 's/-g/-/g')" - export tag_describe=$(git describe --tags | sed 's/-g/-/g') - cd .. - docker build --build-arg BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - rm -rf vre diff --git a/.github/workflows/docker-rucio-client.yaml b/.github/workflows/docker-rucio-client.yaml deleted file mode 100644 index 0e8d4204..00000000 --- a/.github/workflows/docker-rucio-client.yaml +++ /dev/null @@ -1,63 +0,0 @@ -name: Docker rucio client build - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - push: - branches: - - main - paths: - - containers/rucio-client/** - -env: - CONTAINER: rucio-client - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }}-$CONTAINER - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push Docker image - id: build-and-push - working-directory: containers/${{ env.CONTAINER }} - run: | - git clone https://github.com/vre-hub/vre.git - cd vre - # Echo the output, substitute the `-g` with a `-` and export the result. - # The `-g` is by default on git describe because of historical reasons. - echo "tag_describe is $(git describe --tags | sed 's/-g/-/g')" - export tag_describe=$(git describe --tags | sed 's/-g/-/g') - cd .. - docker build . --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - rm -rf vre diff --git a/.github/workflows/docker-rucio-noise.yaml b/.github/workflows/docker-rucio-noise.yaml deleted file mode 100644 index a54a1399..00000000 --- a/.github/workflows/docker-rucio-noise.yaml +++ /dev/null @@ -1,58 +0,0 @@ -name: Docker rucio noise build - -on: - push: - branches: - - main - paths: - - containers/rucio-noise/** - -env: - CONTAINER: rucio-noise - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }}-$CONTAINER - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push Docker image - id: build-and-push - working-directory: containers/${{ env.CONTAINER }} - run: | - git clone https://github.com/vre-hub/vre.git - cd vre - # Echo the output, substitute the `-g` with a `-` and export the result. - # The `-g` is by default on git describe because of historical reasons. - echo "tag_describe is $(git describe --tags | sed 's/-g/-/g')" - export tag_describe=$(git describe --tags | sed 's/-g/-/g') - cd .. - docker build --build-arg BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} - docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag_describe} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - rm -rf vre diff --git a/containers/eos-fuse-mount/Dockerfile b/containers/eos-fuse-mount/Dockerfile deleted file mode 100644 index 88e09804..00000000 --- a/containers/eos-fuse-mount/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -FROM centos:7 - -RUN yum -y install curl gnupg epel-release - -ADD yum-repo/eos7-depend.repo /etc/yum.repos.d/eos7-depend.repo -ADD yum-repo/eos7-tag.repo /etc/yum.repos.d/eos7-tag.repo - -# Install EOS fuse client -RUN yum update -y \ - && yum install -y zeromq-devel jemalloc-devel librichacl-devel \ - && yum install -y \ - eos-fuse \ - eos-fusex \ - initscripts \ - jq \ - procps-ng \ - && yum clean all - -# ESCAPE grid-security and VOMS setup -RUN yum update -y \ - && yum install -y wget voms-clients-java xrootd-client - -RUN curl -Lo /etc/yum.repos.d/egi-trustanchors.repo https://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo \ - && yum update -y - -RUN yum install -y ca-policy-egi-core - -RUN mkdir -p /etc/vomses \ - && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses -O /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses - -RUN mkdir -p /etc/grid-security/vomsdir/escape \ - && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc -O /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc - -# Install CERN CA certs from CERN maintained mirrors -COPY ./linuxsupport7s-stable.repo /etc/yum.repos.d/ -RUN yum install -y CERN-CA-certs - -# Setup merged CERN CA file -# RUN mkdir /certs \ -# && touch /certs/rucio_ca.pem \ -# && cat /etc/grid-security/certificates/CERN-Root-2.pem >> /certs/rucio_ca.pem \ -# && cat /etc/grid-security/certificates/CERN-GridCA.pem >> /certs/rucio_ca.pem - -ADD mount.sh /mount.sh -ADD conf/fuse.eulake.conf.json /etc/eos/fuse.eulake.conf -ADD conf/fuse.sss.keytab /etc/eos/fuse.sss.keytab -RUN chmod 400 /etc/eos/fuse.sss.keytab - -CMD ["/mount.sh"] diff --git a/containers/eos-fuse-mount/README.md b/containers/eos-fuse-mount/README.md deleted file mode 100644 index 27e002f5..00000000 --- a/containers/eos-fuse-mount/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# EOS FUSE Mount DaemonSet - -This Container mounts an EOS storage using FUSE. The container is currently used as a Kubernetes DaemonSet in the cluster. - -The secret keytab and config to mount the EOS instance called `EOS_FUSE_SSS_KEYTAB` and `FUSE_EULAKE_CONF_JSON` are stored in GitHub Actions secrets. diff --git a/containers/eos-fuse-mount/linuxsupport7s-stable.repo b/containers/eos-fuse-mount/linuxsupport7s-stable.repo deleted file mode 100644 index 9ac9a2b1..00000000 --- a/containers/eos-fuse-mount/linuxsupport7s-stable.repo +++ /dev/null @@ -1,9 +0,0 @@ -# Example modified for cc7 taken from https://gitlab.cern.ch/linuxsupport/rpmci/-/blob/master/kojicli/linuxsupport8s-stable.repo -[linuxsupport7s-stable] -name=linuxsupport [stable] -baseurl=https://linuxsoft.cern.ch/cern/centos/7/cern/$basearch -enabled=1 -gpgcheck=False -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-koji file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kojiv2 -priority=1 -protect=1 diff --git a/containers/eos-fuse-mount/mount.sh b/containers/eos-fuse-mount/mount.sh deleted file mode 100644 index 517be8ff..00000000 --- a/containers/eos-fuse-mount/mount.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -EOSXD_MOUNT_HEALTH_CHECK_INTERVAL=5 - -function mount { - echo "eos: adding fuse mount /eos" - mkdir -p /eos || true - - /usr/bin/eosxd -o allow_other,rw,fsname=eulake & -} - -function check_mount { - EOSXD=$(pgrep -u root -f "eosxd" || true) - if [[ -z "${EOSXD}" ]] - then - echo "/eos should be mounted but corresponding eosxd is not running. Re-mounting." - umount /eos || true - mount - fi -} - -function exit_script() { - SIGNAL=$1 - echo "Caught $SIGNAL! Unmounting /eos..." - umount /eos || true - trap - $SIGNAL # clear the trap - exit $? -} - -trap "exit_script INT" INT -trap "exit_script TERM" TERM - -mount - -while true; do - sleep "${EOSXD_MOUNT_HEALTH_CHECK_INTERVAL}" - check_mount -done diff --git a/containers/eos-fuse-mount/yum-repo/EGI-trustanchors.repo b/containers/eos-fuse-mount/yum-repo/EGI-trustanchors.repo deleted file mode 100644 index 170b7633..00000000 --- a/containers/eos-fuse-mount/yum-repo/EGI-trustanchors.repo +++ /dev/null @@ -1,6 +0,0 @@ -[EGI-trustanchors] -name=EGI-trustanchors -baseurl=http://repository.egi.eu/sw/production/cas/1/current/ -gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 -gpgcheck=1 -enabled=1 diff --git a/containers/eos-fuse-mount/yum-repo/eos7-depend.repo b/containers/eos-fuse-mount/yum-repo/eos7-depend.repo deleted file mode 100644 index 8aa76296..00000000 --- a/containers/eos-fuse-mount/yum-repo/eos7-depend.repo +++ /dev/null @@ -1,6 +0,0 @@ -[eos-depend] -name=dependencies for EOS releases from EOS project -baseurl=http://storage-ci.web.cern.ch/storage-ci/eos/citrine-depend/el-$releasever/$basearch/ -enabled=1 -gpgcheck=0 -priority=10 diff --git a/containers/eos-fuse-mount/yum-repo/eos7-tag.repo b/containers/eos-fuse-mount/yum-repo/eos7-tag.repo deleted file mode 100644 index 219b608b..00000000 --- a/containers/eos-fuse-mount/yum-repo/eos7-tag.repo +++ /dev/null @@ -1,6 +0,0 @@ -[eos-tag] -name=tagged EOS releases from EOS project -baseurl=http://storage-ci.web.cern.ch/storage-ci/eos/citrine/tag/el-$releasever/$basearch/ -enabled=1 -gpgcheck=0 -priority=10 diff --git a/containers/iam-reana-sync/Dockerfile b/containers/iam-reana-sync/Dockerfile index 77e6e8e7..eeb5b9c3 100644 --- a/containers/iam-reana-sync/Dockerfile +++ b/containers/iam-reana-sync/Dockerfile @@ -1,8 +1,11 @@ ARG BASETAG=0.9.1-alpha.3 +ARG BUILD_DATE # To be changed to specific version+hsa FROM reanahub/reana-server:${BASETAG} -LABEL maintainer="E. Gazzarrini" +LABEL maintainer="VRE TEAM @ CERN 2023 - E. Gazzarrini, E. Garcia" +LABEL org.opencontainers.image.source https://github.com/vre-hub/vre +LABEL org.label-schema.build-date=${BUILD_DATE} # Workdir is /home COPY requirements.txt add_reana_users.py generate_email_list.py /home/ diff --git a/containers/iam-rucio-sync/Dockerfile b/containers/iam-rucio-sync/Dockerfile index 57ab3993..77501d72 100644 --- a/containers/iam-rucio-sync/Dockerfile +++ b/containers/iam-rucio-sync/Dockerfile @@ -1,11 +1,12 @@ -ARG BASETAG=v0.1.2 +# ARG TAG should be updated with the latest-1 version in case no tag is provided +ARG TAG=v1.0.0-rc.1 +ARG BUILD_DATE # To be changed to specific version+hsa -FROM ghcr.io/vre-hub/vre-base-ops:${BASETAG} +FROM ghcr.io/vre-hub/vre-base-ops:${TAG} LABEL maintainer="VRE Team @ CERN 22/23 - E. Garcia, E. Gazzarrini, D. Gosein" LABEL org.opencontainers.image.source https://github.com/vre-hub/vre -ARG BUILD_DATE -LABEL org.label-schema.build-date=$BUILD_DATE +LABEL org.label-schema.build-date=${BUILD_DATE} # Workdir is /home COPY requirements.txt sync_iam_rucio.py iam-sync.conf /home/ diff --git a/containers/rucio-client/Dockerfile b/containers/rucio-client/Dockerfile index 3eedebaa..191ec5c0 100644 --- a/containers/rucio-client/Dockerfile +++ b/containers/rucio-client/Dockerfile @@ -1,41 +1,20 @@ -ARG BASEIMAGE=rucio/rucio-clients +# ARG TAG should be updated with the latest-1 version in case no tag is provided +ARG TAG=v1.0.0-rc.1 +ARG BUILD_DATE -ARG BASETAG=release-1.30.0 -FROM $BASEIMAGE:$BASETAG +FROM ghcr.io/vre-hub/vre-base-ops:${TAG} LABEL maintainer="VRE Team @ CERN 22/23 - E. Garcia, E. Gazzarrini, D. Gosein" +LABEL org.opencontainers.image.source https://github.com/vre-hub/vre +LABEL org.label-schema.build-date=${BUILD_DATE} USER root +# install reana-client +RUN pip install reana-client==0.9.1 -RUN yum upgrade -y \ - && yum clean all \ - && rm -rf /var/cache/yum - -# EGI trust anchors -RUN curl -Lo /etc/yum.repos.d/egi-trustanchors.repo https://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo \ - && yum update -y - -RUN yum clean metadata -RUN yum -y install wget ca-certificates ca-policy-egi-core - -# CERN cert -COPY ./linuxsupport7s-stable.repo /etc/yum.repos.d/ -RUN yum install -y CERN-CA-certs - -# ESCAPE VOMS setup -RUN mkdir -p /etc/vomses \ - && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses -O /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses -RUN mkdir -p /etc/grid-security/vomsdir/escape \ - && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc -O /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc - +# WORKDIR /home set on the base-ops image +USER user # ESCAPE Rucio setup ADD --chown=user:user rucio.cfg.escape.j2 /opt/user/rucio.cfg.j2 - -# install reana-client ENV LC_ALL=en_US.UTF-8 -RUN pip install --upgrade pip -RUN pip install reana-client==0.9.0 - -USER user -WORKDIR /home/user ENTRYPOINT ["/bin/bash"] diff --git a/containers/rucio-noise/Dockerfile b/containers/rucio-noise/Dockerfile index 8142ab2e..bc8aebef 100644 --- a/containers/rucio-noise/Dockerfile +++ b/containers/rucio-noise/Dockerfile @@ -1,10 +1,11 @@ -ARG BASETAG=v0.1.2 +# ARG TAG should be updated with the latest-1 version in case no tag is provided +ARG TAG=v1.0.0-rc.1 +ARG BUILD_DATE -FROM ghcr.io/vre-hub/vre-base-ops:${BASETAG} +FROM ghcr.io/vre-hub/vre-base-ops:${TAG} LABEL maintainer="VRE Team @ CERN 22/23 - E. Garcia, E. Gazzarrini, D. Gosein" LABEL org.opencontainers.image.source https://github.com/vre-hub/vre -ARG BUILD_DATE -LABEL org.label-schema.build-date=$BUILD_DATE +LABEL org.label-schema.build-date=${BUILD_DATE} # Workdir is /home COPY produce_noise.sh requirements.txt rses.txt /home/