diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index 4e1168c..bf706d7 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -5,6 +5,10 @@ on: branches: - main +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: release: runs-on: ubuntu-latest @@ -38,70 +42,45 @@ jobs: needs: release if: needs.release.outputs.released == 'true' runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write - name: Build Singularity container + name: Build container steps: - - name: Set up Go 1.16 - uses: actions/setup-go@v1 - with: - go-version: 1.16 - id: go - - - name: Install Singularity dependencies - run: | - sudo apt-get update && sudo apt-get install -y \ - build-essential \ - libssl-dev \ - uuid-dev \ - libgpgme11-dev \ - squashfs-tools \ - libseccomp-dev \ - pkg-config + - name: Check out code for the container build + uses: actions/checkout@v4 - - name: Install Singularity - env: - SINGULARITY_VERSION: 3.9.0 - GOPATH: /tmp/go - - run: | - mkdir -p $GOPATH - sudo mkdir -p /usr/local/var/singularity/mnt && \ - mkdir -p $GOPATH/src/github.com/sylabs && \ - cd $GOPATH/src/github.com/sylabs && \ - wget -qO- https://github.com/sylabs/singularity/releases/download/v${SINGULARITY_VERSION}/singularity-ce-${SINGULARITY_VERSION}.tar.gz | \ - tar xzv && \ - cd singularity-ce-${SINGULARITY_VERSION} && \ - ./mconfig -p /usr/local && \ - make -C builddir && \ - sudo make -C builddir install + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Check out code for the container build - uses: actions/checkout@v2 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + tags: | + type=raw,value=latest,enable={{is_default_branch}} + ${{ needs.release.outputs.version }} + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Login to GitHub package registry - run: | - echo ${{ secrets.GITHUB_TOKEN }} | singularity remote login -u ${{ github.actor }} --password-stdin oras://ghcr.io + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - - name: Build and deploy Singularity container - run: | - recipe=singularity.def - basename=oncoliner - tag=${{ needs.release.outputs.version }} - # Check if container exists - base64token=$(echo ${{ secrets.GITHUB_TOKEN }} | base64) - echo "Checking if container $basename:$tag already exists" - if curl -s -H "Authorization: Bearer $base64token" https://ghcr.io/v2/${{ github.repository_owner }}/${basename}/tags/list | grep $tag; then - echo "Container $basename:$tag already exists, skipping build" - continue - fi - # Build container - sudo -E singularity build $basename.sif $recipe - # Push container and name by tag - url="oras://ghcr.io/${{ github.repository_owner }}/${basename}:${tag}" - echo "Pushing container to $url" - singularity push $basename.sif $url - # Push container to latest tag - url="oras://ghcr.io/${{ github.repository_owner }}/${basename}:latest" - echo "Pushing container to $url" - singularity push $basename.sif $url - rm $basename.sif + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/Dockerfile b/Dockerfile index c3aa500..daf65cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,8 @@ FROM ubuntu:20.04 LABEL author="Rodrigo Martin " -RUN export DEBIAN_FRONTEND=noninteractive - # Install dependencies -RUN apt-get update && apt-get upgrade -y && apt-get install -y \ +RUN apt-get update && apt-get upgrade -y && DEBIAN_FRONTEND=noninteractive apt-get install -y \ python3 \ python3-pip \ libz-dev \ diff --git a/README.md b/README.md index 9796dba..b8d11ba 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ It is highly recommended to use ONCOLINER with Docker or Singularity. However, y We recommend using [`singularity-ce`](https://github.com/sylabs/singularity) with a version higher than 3.9.0. You can download the Singularity container using the following command (does not require root privileges): ``` -singularity pull oncoliner.sif oras://ghcr.io/eucancan/oncoliner:latest +singularity pull oncoliner.sif docker://ghcr.io/eucancan/oncoliner:latest ``` If you want to build the container yourself, you can use the [`singularity.def`](singularity.def) file (requires root privileges): diff --git a/singularity.def b/singularity.def index a113a93..2e8e06e 100644 --- a/singularity.def +++ b/singularity.def @@ -11,10 +11,8 @@ oncoliner_launcher.py /oncoliner/oncoliner_launcher.py author="Rodrigo Martin " %post -export DEBIAN_FRONTEND=noninteractive - # Install dependencies -apt-get update && apt-get upgrade -y && apt-get install -y \ +apt-get update && apt-get upgrade -y && DEBIAN_FRONTEND=noninteractive apt-get install -y \ python3 \ python3-pip \ libz-dev \ @@ -29,4 +27,4 @@ pip install pysam pandas variant-extractor jinja2 markupsafe rjsmin rcssmin djan %runscript exec /bin/bash "$@" %startscript -exec /bin/bash "$@" +exec /bin/bash "$@" \ No newline at end of file