diff --git a/.dockerignore b/.dockerignore index 28856791..f4b11987 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,2 @@ .git -.github \ No newline at end of file +.github diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 12301490..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" diff --git a/.github/hadolint-matcher.json b/.github/hadolint-matcher.json deleted file mode 100644 index f7209745..00000000 --- a/.github/hadolint-matcher.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "problemMatcher": [ - { - "owner": "hadolint", - "pattern": [ - { - "regexp": "(.*)\\:(\\d+)\\s(.*)", - "file": 1, - "line": 2, - "message": 3 - } - ] - } - ] -} diff --git a/.github/shellcheck-matcher.json b/.github/shellcheck-matcher.json deleted file mode 100644 index 1c8be36f..00000000 --- a/.github/shellcheck-matcher.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "problemMatcher": [ - { - "owner": "shellcheck", - "pattern": [ - { - "regexp": "^(.+):(\\d+):(\\d+):\\s(note|warning|error):\\s(.*)\\s\\[(SC\\d+)\\]$", - "file": 1, - "line": 2, - "column": 3, - "message": 5, - "code": 6 - } - ] - } - ] -} diff --git a/.github/workflows/anaconda_alpine_ci.yml b/.github/workflows/anaconda_alpine_ci.yml deleted file mode 100644 index abf384a4..00000000 --- a/.github/workflows/anaconda_alpine_ci.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Build Anaconda3 Alpine Image -on: - push: - paths: - - 'anaconda3/alpine/Dockerfile' - - '.github/workflows/anaconda_alpine_ci.yml' - pull_request: - paths: - - 'anaconda3/alpine/Dockerfile' - - '.github/workflows/anaconda_alpine_ci.yml' - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 - with: - version: latest - driver-opts: network=host - - - name: build anaconda3/alpine - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: ./anaconda3/alpine - builder: ${{ steps.buildx.outputs.name }} - file: ./anaconda3/alpine/Dockerfile - tags: continuumio/anaconda3/alpine:latest - push: false diff --git a/.github/workflows/anaconda_amazonlinux_ci.yml b/.github/workflows/anaconda_amazonlinux_ci.yml index 349afaa3..87bd31fa 100644 --- a/.github/workflows/anaconda_amazonlinux_ci.yml +++ b/.github/workflows/anaconda_amazonlinux_ci.yml @@ -1,6 +1,8 @@ name: Build Anaconda3 amazonlinux Image on: push: + branches: + - main tags: - 'anaconda3-*' paths: @@ -12,34 +14,47 @@ on: - '.github/workflows/anaconda_amazonlinux_ci.yml' workflow_dispatch: +permissions: {} + jobs: build: runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 with: + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} platforms: linux/arm64/v8 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 with: - version: latest - driver-opts: network=host + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} - name: Docker meta id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: | continuumio/anaconda3 @@ -47,11 +62,12 @@ jobs: type=ref,event=branch,suffix=-amazonlinux type=ref,event=pr,suffix=-amazonlinux type=match,pattern=anaconda3-(.*),group=1,suffix=-amazonlinux + type=match,pattern=anaconda3-(.*)-(.*),group=1,suffix=-amazonlinux flavor: | latest=false - name: build-push anaconda3/amazonlinux - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ./anaconda3/amazonlinux builder: ${{ steps.buildx.outputs.name }} @@ -59,4 +75,4 @@ jobs: platforms: linux/arm64/v8 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/anaconda_debian_ci.yml b/.github/workflows/anaconda_debian_ci.yml index a58e00b1..79b06933 100644 --- a/.github/workflows/anaconda_debian_ci.yml +++ b/.github/workflows/anaconda_debian_ci.yml @@ -1,6 +1,8 @@ name: Build Anaconda3 Debian Image on: push: + branches: + - main tags: - 'anaconda3-*' paths: @@ -12,34 +14,47 @@ on: - '.github/workflows/anaconda_debian_ci.yml' workflow_dispatch: +permissions: {} + jobs: build: runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 with: - platforms: linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} + platforms: linux/amd64,linux/arm64/v8,linux/s390x - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 with: - version: latest - driver-opts: network=host + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} - name: Docker meta id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: | continuumio/anaconda3 @@ -47,14 +62,15 @@ jobs: type=ref,event=branch type=ref,event=pr type=match,pattern=anaconda3-(.*),group=1 + type=match,pattern=anaconda3-(.*)-(.*),group=1,suffix=-amazonlinux - name: build-push anaconda3/debian - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ./anaconda3/debian builder: ${{ steps.buildx.outputs.name }} file: ./anaconda3/debian/Dockerfile - platforms: linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x + platforms: linux/amd64,linux/arm64/v8,linux/s390x tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/anaconda_pkg_build_linux.yml b/.github/workflows/anaconda_pkg_build_linux.yml index e13c731e..8e0d6491 100644 --- a/.github/workflows/anaconda_pkg_build_linux.yml +++ b/.github/workflows/anaconda_pkg_build_linux.yml @@ -1,33 +1,46 @@ name: Build and publish Linux package builder images on: - push: - tags: - - 'pkg-build-*' - paths: - - 'anaconda-pkg-build/linux/Dockerfile' - - '.github/workflows/anaconda_pkg_build_linux.yml' - pull_request: - paths: - - 'anaconda-pkg-build/linux/Dockerfile' - - '.github/workflows/anaconda_pkg_build_linux.yml' + #push: + # branches: + # - main + # tags: + # - 'pkg-build-*' + # paths: + # - 'anaconda-pkg-build/linux/Dockerfile' + # - '.github/workflows/anaconda_pkg_build_linux.yml' + #pull_request: + # paths: + # - 'anaconda-pkg-build/linux/Dockerfile' + # - '.github/workflows/anaconda_pkg_build_linux.yml' workflow_dispatch: +permissions: {} + jobs: build: runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Public ECR - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') with: registry: public.ecr.aws username: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -36,18 +49,21 @@ jobs: AWS_REGION: us-east-1 - name: Set up QEMU - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 with: - version: latest - driver-opts: network=host + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} - name: Docker meta id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: | continuumio/anaconda-pkg-build @@ -58,41 +74,14 @@ jobs: type=match,pattern=pkg-build-(.*),group=1 - name: build-push pkg-builder - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ./anaconda-pkg-build/linux builder: ${{ steps.buildx.outputs.name }} file: ./anaconda-pkg-build/linux/Dockerfile - platforms: linux/amd64,linux/ppc64le,linux/arm64/v8,linux/s390x + platforms: linux/amd64,linux/arm64/v8,linux/s390x build-args: | BASEVERSION=7 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} - - - name: Docker meta for Concourse - id: concourse-meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 - with: - images: | - continuumio/anaconda-pkg-build - public.ecr.aws/y0o4y9o3/anaconda-pkg-build - tags: | - type=ref,event=branch,suffix=-amd64 - type=ref,event=pr,suffix=-amd64 - type=match,pattern=pkg-build-(.*),group=1,suffix=-amd64 - flavor: | - latest=false - - - name: build-push pkg-builder-concourse - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: ./anaconda-pkg-build/linux - builder: ${{ steps.buildx.outputs.name }} - file: ./anaconda-pkg-build/linux/Dockerfile - platforms: linux/amd64 - build-args: | - BASEVERSION=7 - tags: ${{ steps.concourse-meta.outputs.tags }} - labels: ${{ steps.concourse-meta.outputs.labels }} - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/anaconda_pkg_build_linux_alma.yml b/.github/workflows/anaconda_pkg_build_linux_alma.yml new file mode 100644 index 00000000..b4552ff2 --- /dev/null +++ b/.github/workflows/anaconda_pkg_build_linux_alma.yml @@ -0,0 +1,87 @@ +name: Build and publish AlmaLinux 8 package builder images +on: + # push: + # branches: + # - main + # tags: + # - 'pkg-build-alma-*' + # paths: + # - 'anaconda-pkg-build/linux/alma/Dockerfile' + # - '.github/workflows/anaconda_pkg_build_linux_alma.yml' + # pull_request: + # paths: + # - 'anaconda-pkg-build/linux/alma/Dockerfile' + # - '.github/workflows/anaconda_pkg_build_linux_alma.yml' + workflow_dispatch: + +permissions: {} + +jobs: + build: + runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Login to DockerHub + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to Public ECR + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + registry: public.ecr.aws + username: ${{ secrets.AWS_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + env: + AWS_REGION: us-east-1 + + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + with: + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + with: + images: | + continuumio/anaconda-pkg-build + public.ecr.aws/y0o4y9o3/anaconda-pkg-build + tags: | + type=ref,event=branch,suffix=-almalinux-8 + type=ref,event=pr,suffix=-almalinux-8 + type=match,pattern=pkg-build-(.*),group=1,suffix=-almalinux-8 + flavor: | + latest=false + + - name: build-push pkg-builder + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: ./anaconda-pkg-build/linux/alma + builder: ${{ steps.buildx.outputs.name }} + file: ./anaconda-pkg-build/linux/alma/Dockerfile + platforms: linux/amd64,linux/arm64/v8 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/anaconda_pkg_build_linux_cuda.yml b/.github/workflows/anaconda_pkg_build_linux_cuda.yml new file mode 100644 index 00000000..36471dd7 --- /dev/null +++ b/.github/workflows/anaconda_pkg_build_linux_cuda.yml @@ -0,0 +1,87 @@ +name: Build and publish Linux CUDA package builder images +on: + #push: + # branches: + # - main + # tags: + # - 'pkg-build-*' + # paths: + # - 'anaconda-pkg-build/linux/cuda/Dockerfile' + # - '.github/workflows/anaconda_pkg_build_linux_cuda.yml' + #pull_request: + # paths: + # - 'anaconda-pkg-build/linux/cuda/Dockerfile' + # - '.github/workflows/anaconda_pkg_build_linux_cuda.yml' + workflow_dispatch: + +permissions: {} + +jobs: + build: + runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Login to DockerHub + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to Public ECR + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + registry: public.ecr.aws + username: ${{ secrets.AWS_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + env: + AWS_REGION: us-east-1 + + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + with: + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + with: + images: | + continuumio/anaconda-pkg-build + public.ecr.aws/y0o4y9o3/anaconda-pkg-build + tags: | + type=ref,event=branch,suffix=-cuda + type=ref,event=pr,suffix=-cuda + type=match,pattern=pkg-build-(.*),group=1,suffix=-cuda + + - name: build-push pkg-builder + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: ./anaconda-pkg-build/linux/cuda + builder: ${{ steps.buildx.outputs.name }} + file: ./anaconda-pkg-build/linux/cuda/Dockerfile + platforms: linux/amd64 + build-args: | + CUDA_VERSION=12.4.1 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/anaconda_pkg_build_linux_cuda_rocky8.yml b/.github/workflows/anaconda_pkg_build_linux_cuda_rocky8.yml new file mode 100644 index 00000000..18b99f91 --- /dev/null +++ b/.github/workflows/anaconda_pkg_build_linux_cuda_rocky8.yml @@ -0,0 +1,87 @@ +name: Build and publish Linux CUDA package builder images +on: + push: + branches: + - main + tags: + - 'pkg-build-*' + paths: + - 'anaconda-pkg-build/linux/cuda-rocky8/Dockerfile' + - '.github/workflows/anaconda_pkg_build_linux_cuda_rocky8.yml' + pull_request: + paths: + - 'anaconda-pkg-build/linux/cuda-rocky8/Dockerfile' + - '.github/workflows/anaconda_pkg_build_linux_cuda_rocky8.yml' + workflow_dispatch: + +permissions: {} + +jobs: + build: + runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Login to DockerHub + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to Public ECR + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + registry: public.ecr.aws + username: ${{ secrets.AWS_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + env: + AWS_REGION: us-east-1 + + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + with: + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + with: + images: | + continuumio/anaconda-pkg-build + public.ecr.aws/y0o4y9o3/anaconda-pkg-build + tags: | + type=ref,event=branch,suffix=-cuda-rocky8 + type=ref,event=pr,suffix=-cuda-rocky8 + type=match,pattern=pkg-build-(.*),group=1,suffix=-cuda-rocky8 + + - name: build-push pkg-builder + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: ./anaconda-pkg-build/linux/cuda-rocky8 + builder: ${{ steps.buildx.outputs.name }} + file: ./anaconda-pkg-build/linux/cuda-rocky8/Dockerfile + platforms: linux/amd64 + build-args: | + CUDA_VERSION=12.4.1 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/anaconda_pkg_build_linux_rocky8.yml b/.github/workflows/anaconda_pkg_build_linux_rocky8.yml new file mode 100644 index 00000000..8c0d78f4 --- /dev/null +++ b/.github/workflows/anaconda_pkg_build_linux_rocky8.yml @@ -0,0 +1,87 @@ +name: Build and publish Rocky Linux 8 package builder images +on: + push: + branches: + - main + tags: + - 'pkg-build-*' + paths: + - 'anaconda-pkg-build/linux/rocky8/Dockerfile' + - '.github/workflows/anaconda_pkg_build_linux_rocky8.yml' + pull_request: + paths: + - 'anaconda-pkg-build/linux/rocky8/Dockerfile' + - '.github/workflows/anaconda_pkg_build_linux_rocky8.yml' + workflow_dispatch: + +permissions: {} + +jobs: + build: + runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Login to DockerHub + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to Public ECR + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') + with: + registry: public.ecr.aws + username: ${{ secrets.AWS_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + env: + AWS_REGION: us-east-1 + + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + with: + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + with: + images: | + continuumio/anaconda-pkg-build + public.ecr.aws/y0o4y9o3/anaconda-pkg-build + tags: | + type=ref,event=branch,suffix=-rockylinux-8 + type=ref,event=pr,suffix=-rockylinux-8 + type=match,pattern=pkg-build-(.*),group=1,suffix=-rockylinux-8 + flavor: | + latest=false + + - name: build-push pkg-builder + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: ./anaconda-pkg-build/linux/rocky8 + builder: ${{ steps.buildx.outputs.name }} + file: ./anaconda-pkg-build/linux/rocky8/Dockerfile + platforms: linux/amd64,linux/arm64/v8 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/concourse_rsync_resource.yml b/.github/workflows/concourse_rsync_resource.yml deleted file mode 100644 index 110ae57c..00000000 --- a/.github/workflows/concourse_rsync_resource.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Build and publish the concourse-rsync-resource image -on: - push: - tags: - - 'crr-*' - paths: - - 'concourse-rsync-resource/Dockerfile' - - '.github/workflows/concourse_rsync_resource.yml' - pull_request: - paths: - - 'concourse-rsync-resource/Dockerfile' - - '.github/workflows/concourse_rsync_resource.yml' - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - with: - submodules: true - - - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to Public ECR - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' - with: - registry: public.ecr.aws - username: ${{ secrets.AWS_ACCESS_KEY_ID }} - password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - env: - AWS_REGION: us-east-1 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 - with: - version: latest - driver-opts: network=host - - - name: Docker meta - id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 - with: - images: | - continuumio/concourse-rsync-resource - public.ecr.aws/y0o4y9o3/concourse-rsync-resource - tags: | - type=ref,event=branch - type=ref,event=pr - type=match,pattern=crr-(.*),group=1 - - - name: build-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: ./concourse-rsync-resource - builder: ${{ steps.buildx.outputs.name }} - file: ./concourse-rsync-resource/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 710af445..6b12328e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,28 +1,20 @@ -name: Lint with Hadolint +name: pre-commit on: - pull_request: - paths: - - '**/Dockerfile' - - '.github/workflows/lint.yml' push: - paths: - - '**/Dockerfile' - - '.github/workflows/lint.yml' + branches: + - main + pull_request: + +permissions: {} jobs: - lint: + check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - - name: Lint Dockerfiles - run: | - echo "::add-matcher::.github/hadolint-matcher.json" - make lint-docker - echo "::remove-matcher owner=hadolint::" - - name: Install shellcheck - run: sudo apt-get install -y shellcheck - - name: Lint Shell Scripts - run: | - echo "::add-matcher::.github/shellcheck-matcher.json" - make lint-sh - echo "::remove-matcher owner=shellcheck::" + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + with: + python-version: '3.14' + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 diff --git a/.github/workflows/miniconda_alpine_ci.yml b/.github/workflows/miniconda_alpine_ci.yml deleted file mode 100644 index 19bdb47d..00000000 --- a/.github/workflows/miniconda_alpine_ci.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Build Miniconda3 Alpine Image -on: - push: - tags: - - 'miniconda3-v*.*.*-alpine' - paths: - - 'miniconda3/alpine/Dockerfile' - - '.github/workflows/miniconda_alpine_ci.yml' - pull_request: - paths: - - 'miniconda3/alpine/Dockerfile' - - '.github/workflows/miniconda_alpine_ci.yml' - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - - - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 - with: - version: latest - driver-opts: network=host - - - name: Docker meta - id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 - with: - images: continuumio/miniconda3 - tags: | - type=ref,event=branch,suffix=-alpine - type=ref,event=pr,suffix=-alpine - type=match,pattern=miniconda3-v(.*)-alpine,group=1,suffix=-alpine - flavor: | - latest=false - - - name: build miniconda3/alpine - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: ./miniconda3/alpine - builder: ${{ steps.buildx.outputs.name }} - file: ./miniconda3/alpine/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/miniconda_debian_ci.yml b/.github/workflows/miniconda_debian_ci.yml index a930de54..70530787 100644 --- a/.github/workflows/miniconda_debian_ci.yml +++ b/.github/workflows/miniconda_debian_ci.yml @@ -1,8 +1,10 @@ name: Build Miniconda3 Debian Image on: push: + branches: + - main tags: - - 'miniconda3-v*.*.*' + - 'miniconda3-*.*.*' paths: - 'miniconda3/debian/Dockerfile' - '.github/workflows/miniconda_debian_ci.yml' @@ -12,47 +14,62 @@ on: - '.github/workflows/miniconda_debian_ci.yml' workflow_dispatch: +permissions: {} + jobs: build: runs-on: ubuntu-latest + env: + # renovate: datasource=docker depName=moby/buildkit + BUILDKIT_IMAGE_VERSION: v0.22.0@sha256:832fa7aa1eb3deb56fa62ae933bfa42dad9a83ff4824dbbaf173b49c722b59d0 + # renovate: datasource=github-releases depName=docker/buildx + BUILDX_VERSION: v0.33.0 + # renovate: datasource=docker depName=tonistiigi/binfmt + QEMU_IMAGE_VERSION: qemu-v9.2.2@sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 with: - platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x + image: tonistiigi/binfmt:${{ env.QEMU_IMAGE_VERSION }} + platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 with: - version: latest - driver-opts: network=host + cache-binary: false + driver-opts: network=host,image=moby/buildkit:${{ env.BUILDKIT_IMAGE_VERSION }} + version: ${{ env.BUILDX_VERSION }} - name: Docker meta id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: continuumio/miniconda3 tags: | type=ref,event=branch type=ref,event=pr - type=match,pattern=miniconda3-v(.*),group=1 + type=match,pattern=miniconda3-(.*),group=1 + type=match,pattern=miniconda3-(.*)-(.*),group=1 - name: build miniconda3/debian - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ./miniconda3/debian builder: ${{ steps.buildx.outputs.name }} file: ./miniconda3/debian/Dockerfile tags: ${{ steps.meta.outputs.tags }} - platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x - push: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} diff --git a/.github/workflows/miniconda_nanoserver_ci.yml b/.github/workflows/miniconda_nanoserver_ci.yml deleted file mode 100644 index 4f86fba5..00000000 --- a/.github/workflows/miniconda_nanoserver_ci.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Build Miniconda3 Nanoserver Image -on: - push: - tags: - - 'miniconda3-v*.*.*-nanoserver' - paths: - - 'miniconda3/nanoserver/Dockerfile' - - '.github/workflows/miniconda_nanoserver_ci.yml' - pull_request: - paths: - - 'miniconda3/nanoserver/Dockerfile' - - '.github/workflows/miniconda_nanoserver_ci.yml' - workflow_dispatch: - -jobs: - build: - runs-on: windows-2019 - steps: - - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - - - name: Login to DockerHub - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 - with: - images: continuumio/miniconda3 - tags: | - type=ref,event=branch,suffix=-nanoserver - type=ref,event=pr,suffix=-nanoserver - type=match,pattern=miniconda3-v(.*)-nanoserver,group=1,suffix=-nanoserver - flavor: | - latest=false - - # The build push action does not support windows builds yet, - # thus using raw commands https://github.com/docker/build-push-action/issues/18 - # TODO: Parse and use the meta action generated tag list - - name: Build - run: | - echo "${{ steps.meta.outputs.tags }}" - cd miniconda3/nanoserver && docker build . -t continuumio/miniconda3:master-nanoserver && docker image inspect continuumio/miniconda3:master-nanoserver - - - name: Push - if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags') - run: | - cd miniconda3/nanoserver && docker push continuumio/miniconda3:master-nanoserver diff --git a/.gitmodules b/.gitmodules index be023ef4..e69de29b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +0,0 @@ -[submodule "concourse-rsync-resource"] - path = concourse-rsync-resource - url = ../../AnacondaRecipes/concourse-rsync-resource.git - branch = master diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..49df0088 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,35 @@ +# Apply to all files without commiting: +# pre-commit run --all-files +# Update this file: +# pre-commit autoupdate +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v6.0.0 + hooks: + - id: check-added-large-files + - id: fix-byte-order-marker + - id: check-case-conflict + - id: check-merge-conflict + - id: check-yaml + - id: detect-private-key + - id: end-of-file-fixer + - id: mixed-line-ending + - id: trailing-whitespace + - repo: https://github.com/hadolint/hadolint + rev: v2.14.0 + hooks: + - id: hadolint-docker + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.37.1 + hooks: + - id: check-github-workflows + - id: check-renovate + args: ["--regex-variant", "nonunicode"] + - repo: https://github.com/codespell-project/codespell + rev: v2.4.2 + hooks: + - id: codespell + - repo: meta + hooks: + - id: check-hooks-apply + - id: check-useless-excludes diff --git a/Makefile b/Makefile index 54a25b77..828f4f09 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,6 @@ SHELL := /bin/bash -o pipefail -o errexit -lint: lint-docker lint-sh - -lint-docker: - export LINT_ERRORS=0; \ - IFS=$$'\n'; for dockerfile in $(shell git ls-files | { grep Dockerfile || echo ""; }); do \ - docker run --rm -i -v "$$(pwd)":/workdir -w /workdir ghcr.io/hadolint/hadolint /bin/hadolint "$${dockerfile}" || LINT_ERRORS=$$((LINT_ERRORS+1)); \ - done; \ - exit "$${LINT_ERRORS}" - -lint-sh: - export LINT_ERRORS=0; \ - IFS=$$'\n'; for shellscript in $(shell git ls-files -z | xargs -0 file | grep "shell script" | cut -d: -f1 || echo ""); do \ - shellcheck --enable=all "$${shellscript}" || LINT_ERRORS=$$((LINT_ERRORS+1)); \ - done; \ - exit "$${LINT_ERRORS}" +lint: + pre-commit run --all-files .PHONY: $(MAKECMDGOALS) diff --git a/README.md b/README.md index ef201b26..8b236a13 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,10 @@ # Anaconda and Miniconda Docker Images and Documentation +>[!CAUTION] +>The `continuumio` images are deprecated. Updates to `continuumio/miniconda3` will be +>discontinued after version `26.7.x`. The latest Docker images for Miniconda are +>available at [`anaconda/miniconda`](https://hub.docker.com/r/anaconda/miniconda). + Docker images for Anaconda/Miniconda that are available from DockerHub: https://hub.docker.com/r/continuumio/ @@ -19,6 +24,63 @@ https://hub.docker.com/r/continuumio/anaconda-pkg-build/tags?page=1&ordering=las image | description | version | pulls | stars ---------------- | ----------------------------------------- | ------- | ----- | ----- -[anaconda3](https://hub.docker.com/r/continuumio/anaconda3) | Container with a bootstrapped Anaconda installation | [![](https://img.shields.io/docker/v/continuumio/anaconda3?sort=semver)](https://hub.docker.com/r/continuumio/anaconda3) | [![](https://img.shields.io/docker/pulls/continuumio/anaconda3)](https://hub.docker.com/r/continuumio/anaconda3) | [![](https://img.shields.io/docker/stars/continuumio/anaconda3)](https://hub.docker.com/r/continuumio/anaconda3) -[miniconda3](https://hub.docker.com/r/continuumio/miniconda3) | Container with a bootstrapped Miniconda installation | [![](https://img.shields.io/docker/v/continuumio/miniconda3?sort=semver)](https://hub.docker.com/r/continuumio/miniconda3) | [![](https://img.shields.io/docker/pulls/continuumio/miniconda3)](https://hub.docker.com/r/continuumio/miniconda3) | [![](https://img.shields.io/docker/stars/continuumio/miniconda3)](https://hub.docker.com/r/continuumio/miniconda3) +[anaconda3](https://hub.docker.com/r/continuumio/anaconda3) | Container with a bootstrapped Anaconda installation | [![](https://img.shields.io/docker/v/continuumio/anaconda3/latest?label=version)](https://hub.docker.com/r/continuumio/anaconda3) | [![](https://img.shields.io/docker/pulls/continuumio/anaconda3)](https://hub.docker.com/r/continuumio/anaconda3) | [![](https://img.shields.io/docker/stars/continuumio/anaconda3)](https://hub.docker.com/r/continuumio/anaconda3) +[miniconda3](https://hub.docker.com/r/continuumio/miniconda3) | Container with a bootstrapped Miniconda installation | [![](https://img.shields.io/docker/v/continuumio/miniconda3/latest?label=version)](https://hub.docker.com/r/continuumio/miniconda3) | [![](https://img.shields.io/docker/pulls/continuumio/miniconda3)](https://hub.docker.com/r/continuumio/miniconda3) | [![](https://img.shields.io/docker/stars/continuumio/miniconda3)](https://hub.docker.com/r/continuumio/miniconda3) [Anaconda Package Build](https://hub.docker.com/r/continuumio/anaconda-pkg-build/tags?page=1&ordering=last_updated) | Container with a bootstrapped Anaconda installation with GCC | [![](https://img.shields.io/docker/v/continuumio/anaconda-pkg-build?sort=semver)](https://hub.docker.com/r/continuumio/anaconda-pkg-build) | [![](https://img.shields.io/docker/pulls/continuumio/anaconda-pkg-build)](https://hub.docker.com/r/continuumio/anaconda-pkg-build) | [![](https://img.shields.io/docker/stars/continuumio/anaconda-pkg-build)](https://hub.docker.com/r/continuumio/anaconda-pkg-build) + +## Updating and publishing Docker images + +Docker images are updated by changing the appropriate `Dockerfile`s in each subdirectory. +For Miniconda (`miniconda3`) and Anaconda Distribution (`anaconda3`) this is automatically done by `renovate`. + +To publish a Docker image, a release has to be created. +The scheme for the release tag name is specified in each workflow file, for example: + +``` +on: + push: + branches: + - main + tags: + - 'anaconda3-*' +``` + +If an image with the same version needs to be republished, the version number should be amended with `.postN` where `N` is an integer. + +## Automatic updates using renovate + +Docker images using the Miniconda or Anaconda Distribution installers can be updated using `renovate`. + +### Updates with sha256 checks + +To update Dockerfiles that contain sha256 checks, the full URL and sha256 sums need to be provided for each installer: + +``` +# renovate datasource=custom.miniconda +ARG INSTALLER_URL="" +ARG SHA256SUM="" +``` + +The sha variable must be in the line beneath the installer URL. +For Anaconda Distribution, the `datasource` must be changed to `custom.anaconda`. + +The variable names can have suffixes if there are multiple installers in one file, for example: +``` +# renovate datasource=custom.miniconda +ARG INSTALLER_URL_LINUX64="" +ARG SHA256SUM_LINUX64="" +# renovate datasource=custom.miniconda +ARG INSTALLER_URL_AARCH64="" +ARG SHA256SUM_AARCH64="" +``` + +### Simple version number updates + +If not checksums are needed, the Dockerfile can be simplified: + +``` +# renovate: datasource=custom.miniconda depName=Linux-x86_64.sh +ARG INSTALLER_VERSION= +``` + +`Linux-x86_64.sh` can be replaced by any installer suffix supported in the latest release. diff --git a/anaconda-pkg-base/linux/README.md b/anaconda-pkg-base/linux/README.md new file mode 100644 index 00000000..9ad58c4f --- /dev/null +++ b/anaconda-pkg-base/linux/README.md @@ -0,0 +1,25 @@ +# Base `Dockerfile`s for testing on linux-{amd64, aarch64, s390x} + +Based on [anaconda-pkg-build](https://github.com/ContinuumIO/docker-images/blob/master/anaconda-pkg-build/linux/Dockerfile), but without miniconda3 pre-installed. This allows testing of miniconda3/anaconda3/other installers including testing conda-build. + + +## Build examples + +``` +docker build -f ubuntu.Dockerfile -t anaconda-base/ubuntu2004 . +docker build -f defaults.Dockerfile -t anaconda-base/defaults . +``` + +## Run examples + +``` +docker run -it --rm anaconda-base/ubuntu2004 +docker run -it --rm anaconda-base/defaults +``` + +The images can also be used with Dockers platform emulation via qemu: + +* Required once to enable cross-platform emulation: `docker run --privileged --rm tonistiigi/binfmt --install all` +* Building/running with the `--platform` arg: + * `docker build --platform linux/s390x -f ubuntu.Dockerfile -t anaconda-base/ubuntu2004` + * `docker run --platform linux/s390x -it --rm anaconda-base/ubuntu2004` diff --git a/qa-images/s390x/clefos.Dockerfile b/anaconda-pkg-base/linux/defaults.Dockerfile similarity index 77% rename from qa-images/s390x/clefos.Dockerfile rename to anaconda-pkg-base/linux/defaults.Dockerfile index 30e2a509..3410789c 100644 --- a/qa-images/s390x/clefos.Dockerfile +++ b/anaconda-pkg-base/linux/defaults.Dockerfile @@ -1,8 +1,11 @@ -# Dockerfile for container images that Anaconda, Inc. used to provide test containers for QA. +FROM centos:7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 AS base-amd64 -ARG BASEVERSION=7 +FROM amazonlinux:2.0.20260413.0@sha256:4b3bb9ce33d248600f267f2acc965325587b3bcfaae72fe0bf9cff85fbbb17f6 AS base-arm64 -FROM clefos:${BASEVERSION} +FROM clefos:7.7.1908@sha256:2bcecd8dcbee4e8cc4fcffff01e8db2d01d7967507c7e718a160fa29750fa4af AS base-s390x + +# hadolint ignore=DL3006 +FROM base-$TARGETARCH # hadolint ignore=DL3031,DL3033 RUN yum install -q -y deltarpm \ @@ -35,6 +38,10 @@ RUN yum install -q -y deltarpm \ #mesa-libGL \ #mesa-libGLU \ #---------------------------------------- + # Vendor-neutral OpenGL + #---------------------------------------- + libglvnd-opengl \ + #---------------------------------------- # X11 virtual framebuffer; useful for testing GUI apps #---------------------------------------- xorg-x11-server-Xvfb \ @@ -57,8 +64,10 @@ RUN yum install -q -y deltarpm \ file \ net-tools \ openssh-clients \ + procps-ng \ psmisc \ rsync \ + tar \ util-linux \ #wget \ which \ diff --git a/qa-images/s390x/ubuntu.Dockerfile b/anaconda-pkg-base/linux/ubuntu.Dockerfile similarity index 94% rename from qa-images/s390x/ubuntu.Dockerfile rename to anaconda-pkg-base/linux/ubuntu.Dockerfile index fd6f9bed..d213debf 100644 --- a/qa-images/s390x/ubuntu.Dockerfile +++ b/anaconda-pkg-base/linux/ubuntu.Dockerfile @@ -1,6 +1,4 @@ -# Dockerfile for container images that Anaconda, Inc. used to provide test containers for QA. - -ARG BASEVERSION=20.04 +ARG BASEVERSION=26.04@sha256:5e275723f82c67e387ba9e3c24baa0abdcb268917f276a0561c97bef9450d0b4 FROM ubuntu:${BASEVERSION} diff --git a/anaconda-pkg-build/linux/Dockerfile b/anaconda-pkg-build/linux/Dockerfile index e965bacb..7abd66da 100644 --- a/anaconda-pkg-build/linux/Dockerfile +++ b/anaconda-pkg-build/linux/Dockerfile @@ -1,19 +1,13 @@ # Dockerfile for container images that Anaconda, Inc. uses to build conda # packages released on the "defaults" (repo.anaconda.com) channels. -ARG BASEVERSION=7 +ARG GCC_VER=11.2.0 -FROM centos:${BASEVERSION} AS base-amd64 -ARG GCC_VER=7.5 +FROM centos:7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 AS base-amd64 -FROM centos:${BASEVERSION} AS base-ppc64le -ARG GCC_VER=7.3 +FROM amazonlinux:2.0.20260413.0@sha256:4b3bb9ce33d248600f267f2acc965325587b3bcfaae72fe0bf9cff85fbbb17f6 AS base-arm64 -FROM amazonlinux:2 AS base-arm64 -ARG GCC_VER=10.2 - -FROM clefos:${BASEVERSION} AS base-s390x -ARG GCC_VER=7.5 +FROM clefos:7.7.1908@sha256:2bcecd8dcbee4e8cc4fcffff01e8db2d01d7967507c7e718a160fa29750fa4af AS base-s390x # hadolint ignore=DL3006 FROM base-$TARGETARCH @@ -75,6 +69,7 @@ RUN yum install -q -y deltarpm \ file \ net-tools \ openssh-clients \ + procps-ng \ psmisc \ rsync \ tar \ @@ -88,13 +83,16 @@ ENV LANG en_US.UTF-8 ENV LANGUAGE en_US:en ENV LC_ALL en_US.UTF-8 -ARG MC_VER=py39_4.10.3 +# renovate: datasource=custom.miniconda_installer depName=Linux-x86_64.sh +ARG INSTALLER_VERSION=py313_26.3.2-2 RUN curl -sSL -o /tmp/miniconda.sh \ - "https://repo.anaconda.com/miniconda/Miniconda3-${MC_VER}-Linux-$(uname -m)".sh \ + "https://repo.anaconda.com/miniconda/Miniconda3-${INSTALLER_VERSION}-Linux-$(uname -m)".sh \ && sha256sum /tmp/miniconda.sh \ && /bin/bash /tmp/miniconda.sh -bfp /opt/conda \ - && rm -fv /tmp/miniconda.sh + && rm -fv /tmp/miniconda.sh \ + # ensure there are no out of range userids + && chown -R root:root /opt/conda # hadolint ignore=DL3059 RUN MC_ARCH="$(uname -m)" \ @@ -102,6 +100,10 @@ RUN MC_ARCH="$(uname -m)" \ && /opt/conda/bin/conda update --all --quiet --yes \ && /opt/conda/bin/conda install --quiet --yes conda-build \ && /opt/conda/bin/conda clean --all --yes \ + && rm -fv /opt/conda/.condarc \ + && /opt/conda/bin/conda config --system --set show_channel_urls True \ + && /opt/conda/bin/conda config --system --set add_pip_as_python_dependency False \ + && /opt/conda/bin/conda config --show-sources \ # Cache our C and C++ compilers so we don't have to download them with # each build; skipping the Fortran compiler as it's not used often # enough to justify the cache space. Note that we do NOT want to @@ -113,13 +115,8 @@ RUN MC_ARCH="$(uname -m)" \ # Note, too, that this MUST come _after_ the `conda clean --all` above, # or the compilers will be dumped from the package cache. && /opt/conda/bin/conda install --download-only --quiet --yes \ - "gcc_linux-$subdir=${GCC_VER}" "gxx_linux-$subdir=${GCC_VER}" - -# hadolint ignore=DL3059 -RUN rm -fv /opt/conda/.condarc \ - && /opt/conda/bin/conda config --system --set show_channel_urls True \ - && /opt/conda/bin/conda config --system --set add_pip_as_python_dependency False \ - && /opt/conda/bin/conda config --show-sources + "gcc_linux-$subdir=${GCC_VER}" "gxx_linux-$subdir=${GCC_VER}" \ + && /opt/conda/bin/conda clean --index-cache --yes ENV PATH="/opt/conda/bin:${PATH}" diff --git a/anaconda-pkg-build/linux/alma/Dockerfile b/anaconda-pkg-build/linux/alma/Dockerfile new file mode 100644 index 00000000..579435bb --- /dev/null +++ b/anaconda-pkg-build/linux/alma/Dockerfile @@ -0,0 +1,117 @@ +# Dockerfile for container images that Anaconda, Inc. uses to build conda +# packages released on the "defaults" (repo.anaconda.com) channels. + +ARG GCC_VER=11.2.0 + +FROM almalinux:8.10-20240923@sha256:d7dbaf57916185b2be09e1eaa1156b543f3937164ffa08d7fdc020a0a3800a5a + +# hadolint ignore=DL3031,DL3033 +RUN \ + # Hack to force locale generation, if needed + yum update -q -y glibc-common \ + && yum install -q -y \ + #---------------------------------------- + # X11-related libraries needed for various CDTs + #---------------------------------------- + libX11 \ + libXau \ + libxcb \ + libXcomposite \ + libXcursor \ + libXdamage \ + libXdmcp \ + libXext \ + libXfixes \ + libXi \ + libXinerama \ + libXrandr \ + libXrender \ + libXScrnSaver \ + libXt \ + libXtst \ + #---------------------------------------- + # MESA 3D graphics library + #---------------------------------------- + #mesa-libEGL \ + #mesa-libGL \ + #mesa-libGLU \ + #---------------------------------------- + # Vendor-neutral OpenGL + #---------------------------------------- + libglvnd-opengl \ + #---------------------------------------- + # X11 virtual framebuffer; useful for testing GUI apps + #---------------------------------------- + xorg-x11-server-Xvfb \ + #---------------------------------------- + # Other hardware and low-level system libraries + #---------------------------------------- + #alsa-lib \ + #libselinux \ + #pam \ + #pciutils-libs \ + #---------------------------------------- + # Low-level and basic system utilities. + # + # NOTE: previous versions of this image included tools like `patch` + # and `make`; these days, we prefer package recipes list the + # equivalent conda packages as build dependencies, rather than + # assume the build container provides these tools. + #---------------------------------------- + curl \ + file \ + net-tools \ + openssh-clients \ + procps-ng \ + psmisc \ + rsync \ + tar \ + util-linux \ + #wget \ + which \ + && yum clean all + +# Set the locale +ENV LANG=en_US.UTF-8 +ENV LANGUAGE=en_US:en +ENV LC_ALL=en_US.UTF-8 + +# this should not be renovated. If it is, conda-build v24.1.2 won't be able to +# be installed, which will make this image not usable in Anaconda's current CI +ARG INSTALLER_VERSION=py312_24.5.0-0 + +RUN curl -sSL -o /tmp/miniconda.sh \ + "https://repo.anaconda.com/miniconda/Miniconda3-${INSTALLER_VERSION}-Linux-$(uname -m)".sh \ + && sha256sum /tmp/miniconda.sh \ + && /bin/bash /tmp/miniconda.sh -bfp /opt/conda \ + && rm -fv /tmp/miniconda.sh \ + # ensure there are no out of range userids + && chown -R root:root /opt/conda + +# hadolint ignore=DL3059 +RUN MC_ARCH="$(uname -m)" \ + && if [ "${MC_ARCH}" = "x86_64" ]; then subdir="64"; else subdir="${MC_ARCH}"; fi \ + && /opt/conda/bin/conda update --all --quiet --yes \ + && /opt/conda/bin/conda install --quiet --yes conda-build=24.1.2 \ + && /opt/conda/bin/conda clean --all --yes \ + && rm -fv /opt/conda/.condarc \ + && /opt/conda/bin/conda config --system --set show_channel_urls True \ + && /opt/conda/bin/conda config --system --set add_pip_as_python_dependency False \ + && /opt/conda/bin/conda config --show-sources \ + # Cache our C and C++ compilers so we don't have to download them with + # each build; skipping the Fortran compiler as it's not used often + # enough to justify the cache space. Note that we do NOT want to + # _actually install_ the compilers in the base environment, as doing so + # runs the risk of buggy recipes falling back to those compilers via + # `$PATH`, rather than erroring out due to missing compilers in the + # `build`/`host` requirements. + # + # Note, too, that this MUST come _after_ the `conda clean --all` above, + # or the compilers will be dumped from the package cache. + && /opt/conda/bin/conda install --download-only --quiet --yes \ + "gcc_linux-$subdir=${GCC_VER}" "gxx_linux-$subdir=${GCC_VER}" \ + && /opt/conda/bin/conda clean --index-cache --yes + +ENV PATH="/opt/conda/bin:${PATH}" + +CMD [ "/bin/bash" ] diff --git a/anaconda-pkg-build/linux/cuda-rocky8/Dockerfile b/anaconda-pkg-build/linux/cuda-rocky8/Dockerfile new file mode 100644 index 00000000..39e5ba82 --- /dev/null +++ b/anaconda-pkg-build/linux/cuda-rocky8/Dockerfile @@ -0,0 +1,121 @@ +# This container has the CUDA compilers installed. For versions less than 12, they're used, +# because defaults' cudatoolkit <= 11.8 package doesn't provide compilers. +# But not for versions equal and greater than 12. +ARG CUDA_VERSION=12.4.1 +ARG GCC_VER=11.2.0 +FROM nvidia/cuda:${CUDA_VERSION}-devel-rockylinux8 + +# this is mostly copied from public.ecr.aws/y0o4y9o3/anaconda-pkg-build + +# ulimit needs to be turned down: https://bugzilla.redhat.com/show_bug.cgi?id=1537564 +# hadolint ignore=DL3031,DL3033,SC3045 +RUN ulimit -n 1024 \ + # Hack to force locale generation, if needed + && yum update -q -y glibc-common \ + && yum install -q -y \ + #---------------------------------------- + # X11-related libraries needed for various CDTs + #---------------------------------------- + libX11 \ + libXau \ + libxcb \ + libXcomposite \ + libXcursor \ + libXdamage \ + libXdmcp \ + libXext \ + libXfixes \ + libXi \ + libXinerama \ + libXrandr \ + libXrender \ + libXScrnSaver \ + libXt \ + libXtst \ + #---------------------------------------- + # MESA 3D graphics library + #---------------------------------------- + #mesa-libEGL \ + #mesa-libGL \ + #mesa-libGLU \ + #---------------------------------------- + # Vendor-neutral OpenGL + #---------------------------------------- + libglvnd-opengl \ + #---------------------------------------- + # X11 virtual framebuffer; useful for testing GUI apps + #---------------------------------------- + xorg-x11-server-Xvfb \ + #---------------------------------------- + # Other hardware and low-level system libraries + #---------------------------------------- + #alsa-lib \ + #libselinux \ + #pam \ + #pciutils-libs \ + #---------------------------------------- + # Low-level and basic system utilities. + # + # NOTE: previous versions of this image included tools like `patch` + # and `make`; these days, we prefer package recipes list the + # equivalent conda packages as build dependencies, rather than + # assume the build container provides these tools. + #---------------------------------------- + curl \ + file \ + net-tools \ + openssh-clients \ + procps-ng \ + psmisc \ + rsync \ + tar \ + util-linux \ + diffutils \ + #wget \ + which \ + && yum clean all + +# Set the locale +ENV LANG=en_US.UTF-8 +ENV LANGUAGE=en_US:en +ENV LC_ALL=en_US.UTF-8 + +# this should not be renovated. If it is, conda-build v24.1.2 won't be able to +# be installed, which will make this image not usable in Anaconda's current CI +ARG INSTALLER_VERSION=py312_24.5.0-0 + +RUN curl -sSL -o /tmp/miniconda.sh \ + "https://repo.anaconda.com/miniconda/Miniconda3-${INSTALLER_VERSION}-Linux-$(uname -m)".sh \ + && sha256sum /tmp/miniconda.sh \ + && /bin/bash /tmp/miniconda.sh -bfp /opt/conda \ + && rm -fv /tmp/miniconda.sh \ + # ensure there are no out of range userids + && chown -R root:root /opt/conda + +# hadolint ignore=DL3059 +RUN MC_ARCH="$(uname -m)" \ + && if [ "${MC_ARCH}" = "x86_64" ]; then subdir="64"; else subdir="${MC_ARCH}"; fi \ + && /opt/conda/bin/conda update --all --quiet --yes \ + && /opt/conda/bin/conda install --quiet --yes conda-build=24.1.2 \ + && /opt/conda/bin/conda clean --all --yes \ + && rm -fv /opt/conda/.condarc \ + && /opt/conda/bin/conda config --system --set show_channel_urls True \ + && /opt/conda/bin/conda config --system --set add_pip_as_python_dependency False \ + && /opt/conda/bin/conda config --show-sources \ + # Cache our C and C++ compilers so we don't have to download them with + # each build; skipping the Fortran compiler as it's not used often + # enough to justify the cache space. Note that we do NOT want to + # _actually install_ the compilers in the base environment, as doing so + # runs the risk of buggy recipes falling back to those compilers via + # `$PATH`, rather than erroring out due to missing compilers in the + # `build`/`host` requirements. + # + # Note, too, that this MUST come _after_ the `conda clean --all` above, + # or the compilers will be dumped from the package cache. + && /opt/conda/bin/conda install --download-only --quiet --yes \ + "gcc_linux-$subdir=${GCC_VER}" "gxx_linux-$subdir=${GCC_VER}" \ + && /opt/conda/bin/conda clean --index-cache --yes + +ENV PATH="/opt/conda/bin:${PATH}" + +CMD [ "/bin/bash" ] diff --git a/anaconda-pkg-build/linux/cuda/Dockerfile b/anaconda-pkg-build/linux/cuda/Dockerfile new file mode 100644 index 00000000..e7019ef2 --- /dev/null +++ b/anaconda-pkg-build/linux/cuda/Dockerfile @@ -0,0 +1,119 @@ +# This container has the CUDA compilers installed. For versions less than 12, they're used, +# because defaults' cudatoolkit <= 11.8 package doesn't provide compilers. +# But not for versions equal and greater than 12. +ARG CUDA_VERSION=11.8.0 +FROM nvidia/cuda:${CUDA_VERSION}-devel-centos7 + +# this is mostly copied from public.ecr.aws/y0o4y9o3/anaconda-pkg-build + +# ulimit needs to be turned down: https://bugzilla.redhat.com/show_bug.cgi?id=1537564 +# hadolint ignore=DL3031,DL3033,SC3045 +RUN ulimit -n 1024 \ + && yum install -q -y deltarpm \ + # Hack to force locale generation, if needed + && yum update -q -y glibc-common \ + && yum install -q -y \ + #---------------------------------------- + # X11-related libraries needed for various CDTs + #---------------------------------------- + libX11 \ + libXau \ + libxcb \ + libXcomposite \ + libXcursor \ + libXdamage \ + libXdmcp \ + libXext \ + libXfixes \ + libXi \ + libXinerama \ + libXrandr \ + libXrender \ + libXScrnSaver \ + libXt \ + libXtst \ + #---------------------------------------- + # MESA 3D graphics library + #---------------------------------------- + #mesa-libEGL \ + #mesa-libGL \ + #mesa-libGLU \ + #---------------------------------------- + # Vendor-neutral OpenGL + #---------------------------------------- + libglvnd-opengl \ + #---------------------------------------- + # X11 virtual framebuffer; useful for testing GUI apps + #---------------------------------------- + xorg-x11-server-Xvfb \ + #---------------------------------------- + # Other hardware and low-level system libraries + #---------------------------------------- + #alsa-lib \ + #libselinux \ + #pam \ + #pciutils-libs \ + #---------------------------------------- + # Low-level and basic system utilities. + # + # NOTE: previous versions of this image included tools like `patch` + # and `make`; these days, we prefer package recipes list the + # equivalent conda packages as build dependencies, rather than + # assume the build container provides these tools. + #---------------------------------------- + curl \ + file \ + net-tools \ + openssh-clients \ + procps-ng \ + psmisc \ + rsync \ + tar \ + util-linux \ + #wget \ + which \ + && yum clean all + +# Set the locale +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +# renovate: datasource=custom.miniconda_installer depName=Linux-x86_64.sh +ARG INSTALLER_VERSION=py313_26.3.2-2 + +RUN curl -sSL -o /tmp/miniconda.sh \ + "https://repo.anaconda.com/miniconda/Miniconda3-${INSTALLER_VERSION}-Linux-$(uname -m)".sh \ + && sha256sum /tmp/miniconda.sh \ + && /bin/bash /tmp/miniconda.sh -bfp /opt/conda \ + && rm -fv /tmp/miniconda.sh \ + # ensure there are no out of range userids + && chown -R root:root /opt/conda + +# hadolint ignore=DL3059 +RUN MC_ARCH="$(uname -m)" \ + && if [ "${MC_ARCH}" = "x86_64" ]; then subdir="64"; else subdir="${MC_ARCH}"; fi \ + && /opt/conda/bin/conda update --all --quiet --yes \ + && /opt/conda/bin/conda install --quiet --yes conda-build \ + && /opt/conda/bin/conda clean --all --yes \ + && rm -fv /opt/conda/.condarc \ + && /opt/conda/bin/conda config --system --set show_channel_urls True \ + && /opt/conda/bin/conda config --system --set add_pip_as_python_dependency False \ + && /opt/conda/bin/conda config --show-sources \ + # Cache our C and C++ compilers so we don't have to download them with + # each build; skipping the Fortran compiler as it's not used often + # enough to justify the cache space. Note that we do NOT want to + # _actually install_ the compilers in the base environment, as doing so + # runs the risk of buggy recipes falling back to those compilers via + # `$PATH`, rather than erroring out due to missing compilers in the + # `build`/`host` requirements. + # + # Note, too, that this MUST come _after_ the `conda clean --all` above, + # or the compilers will be dumped from the package cache. + && /opt/conda/bin/conda install --download-only --quiet --yes \ + "gcc_linux-$subdir=${GCC_VER}" "gxx_linux-$subdir=${GCC_VER}" \ + && /opt/conda/bin/conda clean --index-cache --yes + +ENV PATH="/opt/conda/bin:${PATH}" + +CMD [ "/bin/bash" ] diff --git a/anaconda-pkg-build/linux/rocky8/Dockerfile b/anaconda-pkg-build/linux/rocky8/Dockerfile new file mode 100644 index 00000000..3cf4c7e1 --- /dev/null +++ b/anaconda-pkg-build/linux/rocky8/Dockerfile @@ -0,0 +1,86 @@ +# Dockerfile for container images that Anaconda, Inc. uses to build conda +# packages released on the "defaults" (repo.anaconda.com) channels. + +ARG GCC_VER=11.2.0 + +FROM rockylinux:8.9.20231119@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c + +# hadolint ignore=DL3031,DL3033 +RUN \ + # Hack to force locale generation, if needed + yum update -q -y glibc-common \ + && yum install -q -y \ + #---------------------------------------- + # X11 virtual framebuffer; useful for testing GUI apps + #---------------------------------------- + xorg-x11-server-Xvfb \ + #---------------------------------------- + # Low-level and basic system utilities. + # + # NOTE: previous versions of this image included tools like `patch` + # and `make`; these days, we prefer package recipes list the + # equivalent conda packages as build dependencies, rather than + # assume the build container provides these tools. + #---------------------------------------- + curl \ + diffutils \ + file \ + findutils \ + nano \ + net-tools \ + openssh-clients \ + procps-ng \ + psmisc \ + rsync \ + tar \ + util-linux \ + #wget \ + which \ + && yum clean all + +# Set the locale +ENV LANG=en_US.UTF-8 +ENV LANGUAGE=en_US:en +ENV LC_ALL=en_US.UTF-8 + +# renovate: datasource=custom.miniconda_installer depName=Linux-x86_64.sh +ARG INSTALLER_VERSION=py313_26.3.2-2 + +RUN curl -sSL -o /tmp/miniconda.sh \ + "https://repo.anaconda.com/miniconda/Miniconda3-${INSTALLER_VERSION}-Linux-$(uname -m)".sh \ + && sha256sum /tmp/miniconda.sh \ + && /bin/bash /tmp/miniconda.sh -bfp /opt/conda \ + && rm -fv /tmp/miniconda.sh \ + # ensure there are no out of range userids + && chown -R root:root /opt/conda + +# hadolint ignore=DL3059 +RUN MC_ARCH="$(uname -m)" \ + && if [ "${MC_ARCH}" = "x86_64" ]; then subdir="64"; else subdir="${MC_ARCH}"; fi \ + && /opt/conda/bin/conda update --all --quiet --yes \ + && /opt/conda/bin/conda install --quiet --yes conda-build \ + && /opt/conda/bin/conda clean --all --yes \ + && rm -fv /opt/conda/.condarc \ + && /opt/conda/bin/conda config --system --add channels defaults \ + && /opt/conda/bin/conda config --system --set show_channel_urls True \ + && /opt/conda/bin/conda config --system --set add_pip_as_python_dependency False \ + && /opt/conda/bin/conda config --system --set report_errors False \ + && /opt/conda/bin/conda config --system --set conda_build.pkg_format ".tar.bz2" \ + && /opt/conda/bin/conda config --show-sources \ + # Cache our C and C++ compilers so we don't have to download them with + # each build; skipping the Fortran compiler as it's not used often + # enough to justify the cache space. Note that we do NOT want to + # _actually install_ the compilers in the base environment, as doing so + # runs the risk of buggy recipes falling back to those compilers via + # `$PATH`, rather than erroring out due to missing compilers in the + # `build`/`host` requirements. + # + # Note, too, that this MUST come _after_ the `conda clean --all` above, + # or the compilers will be dumped from the package cache. + && /opt/conda/bin/conda install --download-only --quiet --yes \ + "gcc_linux-$subdir=${GCC_VER}" "gxx_linux-$subdir=${GCC_VER}" \ + && /opt/conda/bin/conda clean --index-cache --yes + +ENV PATH="/opt/conda/bin:${PATH}" + +CMD [ "/bin/bash" ] diff --git a/anaconda3/alpine/Dockerfile b/anaconda3/alpine/Dockerfile deleted file mode 100644 index 90dd304b..00000000 --- a/anaconda3/alpine/Dockerfile +++ /dev/null @@ -1,75 +0,0 @@ -FROM alpine:3.9 as alpine-glibc - -LABEL maintainer="Vlad Frolov" -LABEL src=https://github.com/frol/docker-alpine-glibc -ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 -ENV PATH /opt/conda/bin:$PATH - -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] - -# hadolint ignore=DL3018 -RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \ - ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" && \ - ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ - ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ - ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ - apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \ - echo \ - "-----BEGIN PUBLIC KEY-----\ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2u1KJKUu/fW4A25y9m\ - y70AGEa/J3Wi5ibNVGNn1gT1r0VfgeWd0pUybS4UmcHdiNzxJPgoWQhV2SSW1JYu\ - tOqKZF5QSN6X937PTUpNBjUvLtTQ1ve1fp39uf/lEXPpFpOPL88LKnDBgbh7wkCp\ - m2KzLVGChf83MS0ShL6G9EQIAUxLm99VpgRjwqTQ/KfzGtpke1wqws4au0Ab4qPY\ - KXvMLSPLUp7cfulWvhmZSegr5AdhNw5KNizPqCJT8ZrGvgHypXyiFvvAH5YRtSsc\ - Zvo9GI2e2MaZyo9/lvb+LbLEJZKEQckqRj4P26gmASrZEPStwc+yqy1ShHLA0j6m\ - 1QIDAQAB\ - -----END PUBLIC KEY-----" | sed 's/ */\n/g' > "/etc/apk/keys/sgerrand.rsa.pub" && \ - wget -q \ - "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ - apk add --no-cache \ - "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ - \ - rm "/etc/apk/keys/sgerrand.rsa.pub" && \ - /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ - echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ - \ - apk del glibc-i18n && \ - \ - rm "/root/.wget-hsts" && \ - apk del .build-dependencies && \ - rm \ - "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" - -FROM alpine-glibc - -LABEL maintainer="Anaconda, Inc" -ENV ANACONDA_VERSION 2021.05 -ENV ANACONDA_MD5 25e3ebae8905450ddac0f5c93f89c467 - -# Create non-root user, install dependencies, install Anaconda -RUN addgroup -S anaconda && \ - adduser -D -u 10151 anaconda -G anaconda && \ - wget --quiet https://repo.continuum.io/archive/Anaconda3-$ANACONDA_VERSION-Linux-x86_64.sh -O anaconda.sh && \ - echo "${ANACONDA_MD5} anaconda.sh" > anaconda.md5 && \ - if ! md5sum -s -c anaconda.md5; then exit 1; fi && \ - mkdir -p /opt && \ - sh ./anaconda.sh -b -p /opt/conda && \ - rm anaconda.sh anaconda.md5 && \ - ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ - chown -R anaconda /opt && \ - echo ". /opt/conda/etc/profile.d/conda.sh" >> /home/anaconda/.profile && \ - echo "conda activate base" >> /home/anaconda/.profile && \ - find /opt/conda/ -follow -type f -name '*.a' -delete && \ - find /opt/conda/ -follow -type f -name '*.js.map' -delete && \ - /opt/conda/bin/conda clean -afy - -USER 10151 -ENV PATH "/bin:/sbin:/usr/bin" - -CMD [ "sh", "--login", "-i" ] diff --git a/anaconda3/amazonlinux/Dockerfile b/anaconda3/amazonlinux/Dockerfile index 32aae6f4..4e9c29b5 100644 --- a/anaconda3/amazonlinux/Dockerfile +++ b/anaconda3/amazonlinux/Dockerfile @@ -1,7 +1,11 @@ -FROM amazonlinux:2 +FROM amazonlinux:2.0.20260413.0@sha256:4b3bb9ce33d248600f267f2acc965325587b3bcfaae72fe0bf9cff85fbbb17f6 ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 -ENV PATH /opt/conda/bin:$PATH +ENV PATH=/opt/conda/bin:$PATH + +# renovate: datasource=custom.anaconda_installer +ARG INSTALLER_URL="https://repo.anaconda.com/archive/Anaconda3-2024.10-1-Linux-aarch64.sh" +ARG SHA256SUM="489c608e8bddd2cf29dfbdd811cf99087cd6b6a0615d41c6f9058ce340594b65" # hadolint ignore=DL3008 # hadolint ignore=DL3033 @@ -25,12 +29,14 @@ RUN yum install -y \ subversion && \ yum clean all && \ rm -rf /var/cache/yum && \ - wget --quiet https://repo.anaconda.com/archive/Anaconda3-2021.11-Linux-aarch64.sh -O ~/anaconda.sh && \ - /bin/bash ~/anaconda.sh -b -p /opt/conda && \ - rm ~/anaconda.sh && \ + wget --quiet ${INSTALLER_URL} -O anaconda.sh && \ + echo "${SHA256SUM} anaconda.sh" > shasum && \ + sha256sum --check --status shasum && \ + /bin/bash anaconda.sh -b -p /opt/conda && \ + rm anaconda.sh shasum && \ ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \ - echo "conda activate base" >> ~/.bashrc && \ + echo "conda activate" >> ~/.bashrc && \ find /opt/conda/ -follow -type f -name '*.a' -delete && \ find /opt/conda/ -follow -type f -name '*.js.map' -delete && \ /opt/conda/bin/conda clean -afy diff --git a/anaconda3/debian/Dockerfile b/anaconda3/debian/Dockerfile index 5731f414..d950bc41 100644 --- a/anaconda3/debian/Dockerfile +++ b/anaconda3/debian/Dockerfile @@ -1,7 +1,17 @@ -FROM debian:bullseye-slim +FROM debian:13.4-slim@sha256:cedb1ef40439206b673ee8b33a46a03a0c9fa90bf3732f54704f99cb061d2c5a ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 -ENV PATH /opt/conda/bin:$PATH +ENV PATH=/opt/conda/bin:$PATH + +# renovate: datasource=custom.anaconda_installer +ARG INSTALLER_URL_LINUX64="https://repo.anaconda.com/archive/Anaconda3-2024.10-1-Linux-x86_64.sh" +ARG SHA256SUM_LINUX64="3ba0a298155c32fbfd80cbc238298560bf69a2df511783054adfc151b76d80d8" +# renovate: datasource=custom.anaconda_installer +ARG INSTALLER_URL_S390X="https://repo.anaconda.com/archive/Anaconda3-2024.10-1-Linux-s390x.sh" +ARG SHA256SUM_S390X="e00bd5e6c275695e8050a45aa85790315f504c95243dfe3632f505284310f3c4" +# renovate: datasource=custom.anaconda_installer +ARG INSTALLER_URL_AARCH64="https://repo.anaconda.com/archive/Anaconda3-2024.10-1-Linux-aarch64.sh" +ARG SHA256SUM_AARCH64="489c608e8bddd2cf29dfbdd811cf99087cd6b6a0615d41c6f9058ce340594b65" # hadolint ignore=DL3008 RUN set -x && \ @@ -30,26 +40,23 @@ RUN set -x && \ && rm -rf /var/lib/apt/lists/* && \ UNAME_M="$(uname -m)" && \ if [ "${UNAME_M}" = "x86_64" ]; then \ - ANACONDA_URL="https://repo.anaconda.com/archive/Anaconda3-2021.11-Linux-x86_64.sh"; \ - SHA256SUM="fedf9e340039557f7b5e8a8a86affa9d299f5e9820144bd7b92ae9f7ee08ac60"; \ + INSTALLER_URL=${INSTALLER_URL_LINUX64}; \ + SHA256SUM=${SHA256SUM_LINUX64}; \ elif [ "${UNAME_M}" = "s390x" ]; then \ - ANACONDA_URL="https://repo.anaconda.com/archive/Anaconda3-2021.11-Linux-s390x.sh"; \ - SHA256SUM="1504e9259816c5804eff1304fe7e339517b9fc1a08bfd991bc525a7efb6568f1"; \ + INSTALLER_URL=${INSTALLER_URL_S390X}; \ + SHA256SUM=${SHA256SUM_S390X}; \ elif [ "${UNAME_M}" = "aarch64" ]; then \ - ANACONDA_URL="https://repo.anaconda.com/archive/Anaconda3-2021.11-Linux-aarch64.sh"; \ - SHA256SUM="4daacb88fbd3a6c14e28cd3b37004ed4c2643e2b187302e927eb81a074e837bc"; \ - elif [ "${UNAME_M}" = "ppc64le" ]; then \ - ANACONDA_URL="https://repo.anaconda.com/archive/Anaconda3-2021.11-Linux-ppc64le.sh"; \ - SHA256SUM="7eb6a95925ee756240818599f8dcbba7a155adfb05ef6cd5336aa3c083de65f3"; \ + INSTALLER_URL=${INSTALLER_URL_AARCH64}; \ + SHA256SUM=${SHA256SUM_AARCH64}; \ fi && \ - wget "${ANACONDA_URL}" -O anaconda.sh -q && \ + wget "${INSTALLER_URL}" -O anaconda.sh -q && \ echo "${SHA256SUM} anaconda.sh" > shasum && \ sha256sum --check --status shasum && \ /bin/bash anaconda.sh -b -p /opt/conda && \ rm anaconda.sh shasum && \ ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \ - echo "conda activate base" >> ~/.bashrc && \ + echo "conda activate" >> ~/.bashrc && \ find /opt/conda/ -follow -type f -name '*.a' -delete && \ find /opt/conda/ -follow -type f -name '*.js.map' -delete && \ /opt/conda/bin/conda clean -afy diff --git a/ci/anaconda-alpine b/ci/anaconda-alpine deleted file mode 100644 index 851f0ff1..00000000 --- a/ci/anaconda-alpine +++ /dev/null @@ -1 +0,0 @@ -2021.05-alpine diff --git a/ci/anaconda-amazonlinux b/ci/anaconda-amazonlinux deleted file mode 100644 index f629fd8e..00000000 --- a/ci/anaconda-amazonlinux +++ /dev/null @@ -1 +0,0 @@ -2021.05-arm64 diff --git a/ci/anaconda-debian b/ci/anaconda-debian deleted file mode 100644 index fd10862f..00000000 --- a/ci/anaconda-debian +++ /dev/null @@ -1 +0,0 @@ -2021.05 diff --git a/ci/build-docker-images.yaml b/ci/build-docker-images.yaml deleted file mode 100644 index a940e5d1..00000000 --- a/ci/build-docker-images.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# fly -t concourse set-pipeline -p docker-images -c build-docker-images.yaml -l config.yaml - -resource_types: -- name: docker-manifest - type: docker-image - source: - repository: mbialon/concourse-docker-manifest-resource - -resources: -- name: image-manifest - type: docker-manifest - source: - repository: mbialon/image - username: condabot - password: ((dockerhub_password)) - -- name: docker-images - type: git - source: - uri: https://((recipe-repo-access-token))@github.com/ContinuumIO/docker-images.git - branch: master - -- name: docker-image-miniconda - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/miniconda - username: condabot - -- name: docker-image-miniconda2 - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/miniconda2 - username: condabot - -- name: docker-image-miniconda3 - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/miniconda3 - username: condabot - -- name: docker-image-anaconda - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/anaconda - username: condabot - -- name: docker-image-anaconda2 - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/anaconda2 - username: condabot - -- name: docker-image-anaconda3 - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/anaconda3 - username: condabot - -- name: anaconda3-amd64-debian - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/anaconda3 - username: condabot - tag: 2021.05 - -- name: anaconda3-amd64-alpine - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/anaconda3 - username: condabot - tag: 2021.05-alpine - -- name: anaconda3-arm64-amazonlinux - type: docker-image - source: - password: ((dockerhub_password)) - repository: continuumio/anaconda3 - username: condabot - tag: 2021.05-amazonlinux - -jobs: - - name: build_miniconda - plan: - - get: docker-images - - put: docker-image-miniconda - params: - build: docker-images/miniconda/alpine - tag_file: docker-images/ci/miniconda-alpine - - put: docker-image-miniconda - params: - build: docker-images/miniconda/debian - tag_as_latest: true - tag_file: docker-images/ci/miniconda-debian - - name: build_miniconda2 - plan: - - get: docker-images - - put: docker-image-miniconda2 - params: - build: docker-images/miniconda/alpine - tag_file: docker-images/ci/miniconda-alpine - - put: docker-image-miniconda2 - params: - build: docker-images/miniconda/debian - tag_as_latest: true - tag_file: docker-images/ci/miniconda-debian - - name: build_miniconda3 - plan: - - get: docker-images - - put: docker-image-miniconda3 - params: - build: docker-images/miniconda3/alpine - tag_file: docker-images/ci/miniconda-alpine - - put: docker-image-miniconda3 - params: - build: docker-images/miniconda3/debian - tag_as_latest: true - tag_file: docker-images/ci/miniconda-debian - - - name: build_anaconda - plan: - - get: docker-images - - put: docker-image-anaconda - params: - build: docker-images/anaconda/alpine - tag_file: docker-images/ci/anaconda-alpine - - put: docker-image-anaconda - params: - build: docker-images/anaconda/debian - tag_as_latest: true - tag_file: docker-images/ci/anaconda-debian - - name: build_anaconda2 - plan: - - get: docker-images - - put: docker-image-anaconda2 - params: - build: docker-images/anaconda/alpine - tag_file: docker-images/ci/anaconda-alpine - - put: docker-image-anaconda2 - params: - build: docker-images/anaconda/debian - tag_as_latest: true - tag_file: docker-images/ci/anaconda-debian - - name: build_anaconda3 - plan: - - get: docker-images - - put: docker-image-anaconda3 - params: - build: docker-images/anaconda3/alpine - tag_file: docker-images/ci/anaconda-alpine - - put: docker-image-anaconda3 - params: - build: docker-images/anaconda3/debian - tag_as_latest: true - tag_file: docker-images/ci/anaconda-debian - - put: docker-image-anaconda3 - params: - build: docker-images/anaconda3/amazonlinux - tag_file: docker-images/ci/anaconda-amazonlinux - - name: build manifest from images - plan: - - get: anaconda3-amd64-debian - - get: anaconda3-amd64-alpine - - get: anaconda3-arm64-amazonlinux - - put: build manifest - params: - tag_file: docker-images/ci/anaconda-debian - manifests: - - arch: amd64 - os: linux - digest_file: anaconda3-amd64-debian/digest - - arch: amd64 - os: linux - digest_file: anaconda3-amd64-alpine/digest - - arch: arm64 - os: linux - digest_file: anaconda3-amazonlinux/digest diff --git a/ci/config.yaml b/ci/config.yaml deleted file mode 100644 index bfd28789..00000000 --- a/ci/config.yaml +++ /dev/null @@ -1,2 +0,0 @@ -recipe-repo-access-token: ((common.recipe-repo-access-token)) -dockerhub_password: ((docker-images.dockerhub_password)) diff --git a/ci/miniconda-alpine b/ci/miniconda-alpine deleted file mode 100644 index 887c446a..00000000 --- a/ci/miniconda-alpine +++ /dev/null @@ -1 +0,0 @@ -4.9.2-alpine diff --git a/ci/miniconda-debian b/ci/miniconda-debian deleted file mode 100644 index dad10c76..00000000 --- a/ci/miniconda-debian +++ /dev/null @@ -1 +0,0 @@ -4.9.2 diff --git a/concourse-rsync-resource b/concourse-rsync-resource deleted file mode 160000 index c2e0ddff..00000000 --- a/concourse-rsync-resource +++ /dev/null @@ -1 +0,0 @@ -Subproject commit c2e0ddffa13968961063bedd738d3d2872c3d1e5 diff --git a/miniconda3/alpine/Dockerfile b/miniconda3/alpine/Dockerfile deleted file mode 100644 index 1b27fb8b..00000000 --- a/miniconda3/alpine/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -FROM alpine:3.14 as alpine-glibc - -LABEL maintainer="Vlad Frolov" -LABEL src=https://github.com/frol/docker-alpine-glibc -ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 - -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] - -# hadolint ignore=DL3018 -RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \ - ALPINE_GLIBC_PACKAGE_VERSION="2.33-r0" && \ - ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ - ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ - ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ - apk add -q --no-cache --virtual=.build-dependencies wget ca-certificates && \ - echo \ - "-----BEGIN PUBLIC KEY-----\ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2u1KJKUu/fW4A25y9m\ - y70AGEa/J3Wi5ibNVGNn1gT1r0VfgeWd0pUybS4UmcHdiNzxJPgoWQhV2SSW1JYu\ - tOqKZF5QSN6X937PTUpNBjUvLtTQ1ve1fp39uf/lEXPpFpOPL88LKnDBgbh7wkCp\ - m2KzLVGChf83MS0ShL6G9EQIAUxLm99VpgRjwqTQ/KfzGtpke1wqws4au0Ab4qPY\ - KXvMLSPLUp7cfulWvhmZSegr5AdhNw5KNizPqCJT8ZrGvgHypXyiFvvAH5YRtSsc\ - Zvo9GI2e2MaZyo9/lvb+LbLEJZKEQckqRj4P26gmASrZEPStwc+yqy1ShHLA0j6m\ - 1QIDAQAB\ - -----END PUBLIC KEY-----" | sed 's/ */\n/g' > "/etc/apk/keys/sgerrand.rsa.pub" && \ - wget -q \ - "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ - apk add -q --no-cache \ - "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ - \ - rm "/etc/apk/keys/sgerrand.rsa.pub" && \ - /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ - echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ - \ - apk del -q glibc-i18n && \ - \ - rm "/root/.wget-hsts" && \ - apk del -q .build-dependencies && \ - rm \ - "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ - "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" - - -FROM alpine-glibc - -LABEL maintainer="Anaconda, Inc" - -ENV PATH /opt/conda/bin:$PATH - -# Leave these args here to better use the Docker build cache -ARG CONDA_VERSION=py39_4.10.3 -ARG SHA256SUM=1ea2f885b4dbc3098662845560bc64271eb17085387a70c2ba3f29fff6f8d52f - -# hadolint ignore=DL3018 -RUN apk add -q --no-cache bash procps && \ - wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-x86_64.sh -O miniconda.sh && \ - echo "${SHA256SUM} miniconda.sh" > miniconda.sha256 && \ - if ! sha256sum -cs miniconda.sha256; then exit 1; fi && \ - mkdir -p /opt && \ - sh miniconda.sh -b -p /opt/conda && \ - rm miniconda.sh miniconda.sha256 && \ - ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ - echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \ - echo "conda activate base" >> ~/.bashrc && \ - find /opt/conda/ -follow -type f -name '*.a' -delete && \ - find /opt/conda/ -follow -type f -name '*.js.map' -delete && \ - /opt/conda/bin/conda clean -afy - -CMD ["/bin/bash"] diff --git a/miniconda3/debian/Dockerfile b/miniconda3/debian/Dockerfile index 09abc8ba..4b451e97 100644 --- a/miniconda3/debian/Dockerfile +++ b/miniconda3/debian/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:13.4-slim@sha256:cedb1ef40439206b673ee8b33a46a03a0c9fa90bf3732f54704f99cb061d2c5a LABEL maintainer="Anaconda, Inc" @@ -22,37 +22,50 @@ RUN apt-get update -q && \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ENV PATH /opt/conda/bin:$PATH +ENV PATH=/opt/conda/bin:$PATH +ARG DEPRECATION_MESSAGE="::warning::This image is deprecated.\n\n\ +Updates to this image will be discontinued after version \`26.7.x\`. \ +The latest Miniconda Docker images are available as \`anaconda/miniconda\`. \ +For more information, visit: https://hub.docker.com/r/anaconda/miniconda\n" + +# Deprecation warning script +RUN printf '#!/bin/bash\nprintf "'%s'" >&2\nexec "$@"\n' "${DEPRECATION_MESSAGE}" \ + > /usr/local/bin/docker-entrypoint.sh && \ + chmod +x /usr/local/bin/docker-entrypoint.sh + +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] CMD [ "/bin/bash" ] # Leave these args here to better use the Docker build cache -ARG CONDA_VERSION=py39_4.10.3 +# renovate: datasource=custom.miniconda_installer +ARG INSTALLER_URL_LINUX64="https://repo.anaconda.com/miniconda/Miniconda3-py313_26.3.2-2-Linux-x86_64.sh" +ARG SHA256SUM_LINUX64="2284bafb7863a23411b19874d216e237964d4b32dd9beb6807fa8b2d84570961" +# renovate: datasource=custom.miniconda_installer +ARG INSTALLER_URL_AARCH64="https://repo.anaconda.com/miniconda/Miniconda3-py313_26.3.2-2-Linux-aarch64.sh" +ARG SHA256SUM_AARCH64="81a5e828724478a7a036027a74356ceff0206147d3b1243c8ba32e0cfa187967" RUN set -x && \ UNAME_M="$(uname -m)" && \ if [ "${UNAME_M}" = "x86_64" ]; then \ - MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-x86_64.sh"; \ - SHA256SUM="1ea2f885b4dbc3098662845560bc64271eb17085387a70c2ba3f29fff6f8d52f"; \ - elif [ "${UNAME_M}" = "s390x" ]; then \ - MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-s390x.sh"; \ - SHA256SUM="1faed9abecf4a4ddd4e0d8891fc2cdaa3394c51e877af14ad6b9d4aadb4e90d8"; \ + INSTALLER_URL="${INSTALLER_URL_LINUX64}"; \ + SHA256SUM="${SHA256SUM_LINUX64}"; \ elif [ "${UNAME_M}" = "aarch64" ]; then \ - MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-aarch64.sh"; \ - SHA256SUM="4879820a10718743f945d88ef142c3a4b30dfc8e448d1ca08e019586374b773f"; \ - elif [ "${UNAME_M}" = "ppc64le" ]; then \ - MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-${CONDA_VERSION}-Linux-ppc64le.sh"; \ - SHA256SUM="fa92ee4773611f58ed9333f977d32bbb64769292f605d518732183be1f3321fa"; \ + INSTALLER_URL="${INSTALLER_URL_AARCH64}"; \ + SHA256SUM="${SHA256SUM_AARCH64}"; \ fi && \ - wget "${MINICONDA_URL}" -O miniconda.sh -q && \ + wget "${INSTALLER_URL}" -O miniconda.sh -q && \ echo "${SHA256SUM} miniconda.sh" > shasum && \ - if [ "${CONDA_VERSION}" != "latest" ]; then sha256sum --check --status shasum; fi && \ + sha256sum --check --status shasum && \ mkdir -p /opt && \ - sh miniconda.sh -b -p /opt/conda && \ + bash miniconda.sh -b -p /opt/conda && \ rm miniconda.sh shasum && \ ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \ - echo "conda activate base" >> ~/.bashrc && \ + echo "conda activate" >> ~/.bashrc && \ + /opt/conda/bin/conda tos accept && \ + /opt/conda/bin/conda remove --force-remove -y conda-anaconda-tos && \ + rm -rf ~/.conda/tos && \ find /opt/conda/ -follow -type f -name '*.a' -delete && \ find /opt/conda/ -follow -type f -name '*.js.map' -delete && \ /opt/conda/bin/conda clean -afy diff --git a/miniconda3/nanoserver/Dockerfile b/miniconda3/nanoserver/Dockerfile deleted file mode 100644 index b7419020..00000000 --- a/miniconda3/nanoserver/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -FROM mcr.microsoft.com/windows/servercore:1809 AS buildbase - -WORKDIR /tmp - -# default and makes hadolint skip this intermediate container -SHELL [ "cmd", "/S", "/C" ] - -RUN powershell (New-Object System.Net.WebClient).DownloadFile('https://repo.anaconda.com/miniconda/Miniconda3-py39_4.10.3-Windows-x86_64.exe', 'Miniconda3.exe') && \ - powershell (Get-FileHash .\Miniconda3.exe).Hash -eq 'b33797064593ab2229a0135dc69001bea05cb56a20c2f243b1231213642e260a' && \ - powershell Unblock-File Miniconda3.exe && \ - Miniconda3.exe /InstallationType=JustMe /RegisterPython=1 /S /D=C:\Miniconda3 - -FROM mcr.microsoft.com/windows/nanoserver:1809 - -# default and makes hadolint skip this container -SHELL [ "cmd", "/S", "/C" ] - -COPY --from=buildbase C:/Miniconda3 C:/Miniconda3 - -USER ContainerAdministrator - -RUN C:\Miniconda3\Library\bin\conda init && \ - C:\Miniconda3\Library\bin\conda clean -afy - -# Test -RUN conda list && \ - conda create --name testenv numpy --dry-run && \ - conda clean -afy - -CMD ["cmd"] diff --git a/qa-images/s390x/README.md b/qa-images/s390x/README.md deleted file mode 100644 index 3116ae1c..00000000 --- a/qa-images/s390x/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# `Dockerfile`s for creating test images for QA to use. - -Based on [anaconda-pkg-build](https://github.com/ContinuumIO/docker-images/blob/master/anaconda-pkg-build/linux/Dockerfile). - -## Build examples - -``` -docker build -f ubuntu.Dockerfile -t anaconda-qa/ubuntu20 . -docker build -f clefos.Dockerfile -t anaconda-qa/clefos7 . -``` - -## Run examples - -``` -docker run -it --rm anaconda-qa/ubuntu20 -docker run -it --rm anaconda-qa/clefos7 -``` \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..41b97f92 --- /dev/null +++ b/renovate.json @@ -0,0 +1,31 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "github>anaconda/renovate-config", + "github>anaconda/renovate-config:anaconda-installers" + ], + "customManagers": [ + { + "customType": "regex", + "managerFilePatterns": [ + "/Dockerfile/" + ], + "matchStrings": [ + "# renovate:\\s*datasource=(?[\\w\\.]+?)\\sARG INSTALLER_URL\\w*=[\"']https:\\/\\/repo\\.anaconda\\.com\\/\\w+\\/\\w+-(?(py\\d+_)?[\\d\\.]+\\-\\d+?)-(?[\\w\\-\\.]+?)[\"']\\sARG SHA256SUM\\w*=[\"'](?[a-f\\d]+?)[\"']\\s", + "# renovate:\\s*datasource=(?[\\w\\.]+?) depName=(?[\\w\\-\\.]+?)\\sARG INSTALLER_VERSION=(?(py\\d+_)?[\\d\\.]+\\-\\d+?)\\s" + ], + "versioningTemplate": "regex:^(py\\d+_)?(?\\d+)\\.(?\\d+)(\\.(?\\d+))?(\\-(?\\d+))?$" + } + ], + "packageRules": [ + { + "matchDatasources": [ + "docker" + ], + "matchPackageNames": [ + "tonistiigi/binfmt" + ], + "versioning": "regex:^qemu-v(?\\d+)\\.(?\\d+)\\.(?\\d+)$" + } + ] +} diff --git a/scripts/build_anaconda.sh b/scripts/build_anaconda.sh deleted file mode 100644 index 5234c476..00000000 --- a/scripts/build_anaconda.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -set -o errtrace -o nounset -o pipefail -o errexit - -function usage { - echo -e "Usage: ./build_anaconda.sh -v version [-r repository] \n" - exit 1 -} -REPO="continuumio" - -while [[ $# -gt 0 ]] -do -key="$1" - -case ${key} in - -v|--version) - VERSION="$2" - shift - shift - ;; - -r|--repository) - REPO="$2" - shift - shift - ;; - *) - usage - exit 0 - shift - ;; -esac -done - -cd .. - -echo "ANACONDA3 ALPINE" - -pushd anaconda3/alpine -docker build . -t "${REPO}/anaconda3:${VERSION}-alpine" -popd - -echo "ANACONDA3 DEBIAN" - -pushd anaconda3/debian -docker build . -t "${REPO}/anaconda3:${VERSION}" -t "${REPO}/anaconda3:latest" -popd diff --git a/scripts/conda_build_in_docker.sh b/scripts/conda_build_in_docker.sh deleted file mode 100755 index 103e2ee7..00000000 --- a/scripts/conda_build_in_docker.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash - -set -o errtrace -o nounset -o pipefail -o errexit -x - -# -# This script allows you to build (linux) conda recipes with the only requirement that you have docker installed -# -# Examples -# -------- -# -# $ mkdir /tmp/conda_pkg -# $ ./conda_build_in_docker.sh ~/vc/conda-recipes/jinja2 /tmp/conda_pkg -# $ ls /tmp/conda_pkg -# jinja2-2.7.3-py27_0.tar.bz2 repodata.json repodata.json.bz2 -# -# You can also run the script with custom channels: -# -# $ ./conda_build_in_docker.sh ~/vc/conda-recipes/jinja2 /tmp/conda_pkg stuarteberg,asmeurer -# -# -# Notes -# ----- -# Your user need to be in the docker group (docker is not invoked with "sudo"). -# To add your user to the docker group you may write: -# -# $ sudo adduser $(whoami) docker -# -# TODO -# ---- -# Provide an mechanism to re-use package cache between -# invocations. Could be a 4th positional argument: -# and then -v $ABS_PKG_CACHE:/opt/conda/pkgs - -ABS_RECIPE_PATH=$(unset CDPATH && cd "$1" && echo "${PWD}") -ABS_OUTPUT_PATH=$(unset CDPATH && cd "$2" && echo "${PWD}") -CONDA_ENVS="" -# shellcheck disable=SC2154 -if [ -n "${CONDA_PY}" ]; then - CONDA_ENVS="${CONDA_ENVS} -e CONDA_PY" -fi -# shellcheck disable=SC2154 -if [ -n "${CONDA_NPY}" ]; then - CONDA_ENVS="${CONDA_ENVS} -e CONDA_NPY" -fi -# Since docker run as uid 0 by default we export our uid and gid and set ownership -# of files in our volume /output before exiting the container. -# shellcheck disable=SC2086 -cat <<'EOF' | docker run --rm ${CONDA_ENVS} -e CONDA_CHANNELS="$3" -e HOST_UID="$(id -u)" -e HOST_GID="$(id -g)" -v "${ABS_RECIPE_PATH}:/recipe:ro" -v "${ABS_OUTPUT_PATH}:/output" -i continuumio/anaconda bash -x -set -o errtrace -o nounset -o pipefail -o errexit -IFS=',' read -a array <<< "$CONDA_CHANNELS" -for element in "${array[@]}" -do - conda config --add channels "$element" -done -conda info -conda config --set always_yes true -conda install patchelf -conda update -n root conda-build -conda build /recipe -cp `conda info --root`/conda-bld/linux-64/* /output -chown $HOST_GID:$HOST_UID /output/* -EOF