Merge pull request #709 from conda-forge/squash-docker

feat: smaller docker image

.github/workflows/tests.yml

@@ -11,6 +11,10 @@ on:
 env:
   PY_COLORS: 1
 
+defaults:
+  run:
+    shell: bash -leo pipefail {0}
+
 jobs:
   tests:
     name: tests
@@ -45,7 +49,6 @@ jobs:
 
       - name: install code
         id: install-code
-        shell: bash -l {0}
         run: |
           git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
           git config --global user.name "conda-forge-curator[bot]"
@@ -56,7 +59,6 @@ jobs:
           GH_TOKEN: ${{ steps.generate_token.outputs.token }}
 
       - name: run test suite
-        shell: bash -l {0}
         run: |
           echo "owner: ${GITHUB_REPOSITORY_OWNER}"
           export CF_WEBSERVICES_TEST=1
@@ -104,7 +106,6 @@ jobs:
 
       - name: install code
         id: install-code
-        shell: bash -l {0}
         run: |
           git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
           git config --global user.name "conda-forge-curator[bot]"
@@ -170,7 +171,6 @@ jobs:
           owner: ${{ github.repository_owner }}
 
       - name: install code
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
@@ -182,7 +182,6 @@ jobs:
           GH_TOKEN: ${{ steps.generate_token.outputs.token }}
 
       - name: run package upload tests
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           export CF_WEBSERVICES_TEST=1
@@ -232,7 +231,6 @@ jobs:
           owner: ${{ github.repository_owner }}
 
       - name: install code
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
@@ -244,7 +242,6 @@ jobs:
           GH_TOKEN: ${{ steps.generate_token.outputs.token }}
 
       - name: run rerender tests
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           if [[ "${GITHUB_HEAD_REF}" != "" ]]; then
@@ -298,7 +295,6 @@ jobs:
           owner: ${{ github.repository_owner }}
 
       - name: install code
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
@@ -310,7 +306,6 @@ jobs:
           GH_TOKEN: ${{ steps.generate_token.outputs.token }}
 
       - name: run linter tests
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           if [[ "${GITHUB_HEAD_REF}" != "" ]]; then
@@ -364,7 +359,6 @@ jobs:
           owner: ${{ github.repository_owner }}
 
       - name: install code
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
@@ -376,7 +370,6 @@ jobs:
           GH_TOKEN: ${{ steps.generate_token.outputs.token }}
 
       - name: run version tests
-        shell: bash -l {0}
         if: ${{ !github.event.pull_request.head.repo.fork }}
         run: |
           if [[ "${GITHUB_HEAD_REF}" != "" ]]; then

Dockerfile_wda

@@ -1,62 +1,94 @@
-FROM quay.io/condaforge/linux-anvil-cos7-x86_64:latest
+FROM mambaorg/micromamba:1.5.10-noble AS build-env
 
-# baseline env
-ENV TMPDIR=/tmp
-ENV CF_FEEDSTOCK_OPS_DIR=/opt/cf-feedstock-ops
-ENV CF_FEEDSTOCK_OPS_ENV=cf-feedstock-ops
+ENV PYTHONDONTWRITEBYTECODE=1
+USER root
+
+# make sure the install below is not cached by docker
+ADD https://loripsum.net/api /opt/docker/etc/gibberish-to-bust-docker-image-cache
+
+COPY conda-lock.yml /tmp/conda-lock.yml
+
+RUN <<EOF
+    groupadd -g 32766 lucky
+    echo "**** install base env ****"
+    micromamba create --yes --quiet --name cf-feedstock-ops --file /tmp/conda-lock.yml
+    echo "**** cleanup ****"
+    micromamba clean --all --force-pkgs-dirs --yes
+    find "${MAMBA_ROOT_PREFIX}" -follow -type f \( -iname '*.a' -o -iname '*.pyc' -o -iname '*.js.map' \) -delete
+    echo "**** finalize ****"
+    chown -R root /opt/conda
+    chgrp -R lucky /opt/conda
+    chmod -R g=u /opt/conda
+    mkdir -p "${MAMBA_ROOT_PREFIX}/locks"
+    chmod 777 "${MAMBA_ROOT_PREFIX}/locks"
+EOF
+
+FROM frolvlad/alpine-glibc:alpine-3.16_glibc-2.34
+LABEL maintainer="conda-forge <[email protected]>"
+
+ENV LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    TMPDIR=/tmp \
+    CF_FEEDSTOCK_OPS_DIR=/opt/cf-feedstock-ops \
+    CF_FEEDSTOCK_OPS_ENV=cf-feedstock-ops
+
+RUN apk add --no-cache bash
+
+COPY --from=build-env /opt/conda /opt/conda
+COPY --from=build-env /usr/bin/micromamba /usr/bin/micromamba
 
 # use bash for a while to make conda manipulations easier
 SHELL ["/bin/bash", "-l", "-c"]
 
-# build the conda env first
-COPY conda-lock.yml $CF_FEEDSTOCK_OPS_DIR/conda-lock.yml
-RUN conda activate base && \
-    conda install conda-lock --yes && \
-    conda-lock install -n $CF_FEEDSTOCK_OPS_ENV $CF_FEEDSTOCK_OPS_DIR/conda-lock.yml && \
-    conda clean --all --yes && \
-    # Lucky group gets permission to write in the conda dir
-    chown -R root /opt/conda && \
-    chgrp -R lucky /opt/conda && chmod -R g=u /opt/conda && \
-    conda deactivate
-
-# deal with entrypoint
-COPY entrypoint_wda /opt/docker/bin/entrypoint
-RUN chmod +x /opt/docker/bin/entrypoint
-
 # not needed right now but keeping just in case
 # now install the main code
 # COPY . $CF_FEEDSTOCK_OPS_DIR
-# RUN conda activate base && \
-#     conda activate $CF_FEEDSTOCK_OPS_ENV && \
+# FIXME: if we add this back, we will need to add an eval of the
+#  micromamba shell hook
+# RUN micromamba activate $CF_FEEDSTOCK_OPS_ENV && \
 #     cd $CF_FEEDSTOCK_OPS_DIR && \
 #     pip install --no-deps --no-build-isolation -e . && \
-#     cd - && \
-#     conda deactivate && \
-#     conda deactivate
-
-# now make the conda user for running tasks and set the user
-RUN useradd --shell /bin/bash -c "" -m conda
-ENV HOME=/home/conda
-ENV USER=conda
-ENV LOGNAME=conda
-ENV MAIL=/var/spool/mail/conda
-ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/conda/bin
-RUN chown conda:conda $HOME && \
-    cp -R /etc/skel $HOME && \
-    chown -R conda:conda $HOME/skel && \
-    (ls -A1 $HOME/skel | xargs -I {} mv -n $HOME/skel/{} $HOME) && \
-    rm -Rf $HOME/skel && \
+#     cd -
+
+# deal with entrypoint, tini, users+groups creation
+COPY entrypoint_wda /opt/docker/bin/entrypoint
+RUN <<EOF
+    chmod +x /opt/docker/bin/entrypoint
+    ln -s /opt/conda/envs/$CF_FEEDSTOCK_OPS_ENV/bin/tini /opt/docker/bin/tini
+    addgroup -g 32766 lucky
+    adduser --disabled-password --shell /bin/bash conda
+EOF
+
+# finalize the conda user
+ENV HOME=/home/conda \
+    USER=conda \
+    LOGNAME=conda \
+    MAIL=/var/spool/mail/conda \
+    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/conda/bin
+RUN <<EOF
+    chown conda:conda $HOME
+    # cp -R /etc/skel $HOME
+    # chown -R conda:conda $HOME/skel
+    # (ls -A1 $HOME/skel | xargs -I {} mv -n $HOME/skel/{} $HOME)
+    # rm -Rf $HOME/skel
     cd $HOME
+EOF
 USER conda
 
 # deal with git config for user and mounted directory
-RUN conda activate $CF_FEEDSTOCK_OPS_ENV && \
-    git config --global --add safe.directory /cf_feedstock_ops_dir && \
-    git config --global init.defaultBranch main && \
-    git config --global user.email "[email protected]" && \
-    git config --global user.name "conda conda" && \
-    conda deactivate && \
-    conda init --all --user
+RUN <<EOF
+    micromamba shell init -s bash -r /opt/conda
+    source $HOME/.bashrc
+    micromamba activate $CF_FEEDSTOCK_OPS_ENV
+    git config --global --add safe.directory /cf_feedstock_ops_dir
+    git config --global init.defaultBranch main
+    git config --global user.email "[email protected]"
+    git config --global user.name "conda conda"
+    micromamba deactivate
+EOF
 
 # put the shell back
 SHELL ["/bin/sh", "-c"]
+
+ENTRYPOINT [ "/opt/docker/bin/tini", "--", "/opt/docker/bin/entrypoint" ]
+CMD [ "/bin/bash" ]

conda-lock.yml

@@ -3,7 +3,7 @@ metadata:
     - url: conda-forge
       used_env_vars: []
   content_hash:
-    linux-64: 211f4af602a6eee83acd0368902507b78acc778b4b2652a5ceffa120eb77f7dc
+    linux-64: b002d340c53ed605fc72b19f0212265885343f12bd7ffabc647ee6faccb5cb28
   platforms:
     - linux-64
   sources:
@@ -191,6 +191,22 @@ package:
     url:
       https://conda.anaconda.org/conda-forge/noarch/backports.tarfile-1.0.0-pyhd8ed1ab_1.conda
     version: 1.0.0
+  - category: main
+    dependencies:
+      __glibc: '>=2.17,<3.0.a0'
+      libgcc: '>=13'
+      python: '>=3.11,<3.12.0a0'
+      python_abi: 3.11.*
+    hash:
+      md5: 20a2ce70d703e1d2b619aa07363961a1
+      sha256: e0bebfacdb16886ee8087c7cc3cb167bc20dbe3ecd7b85d674edabc408f1864a
+    manager: conda
+    name: bcrypt
+    optional: false
+    platform: linux-64
+    url:
+      https://conda.anaconda.org/conda-forge/linux-64/bcrypt-4.2.0-py311h9e33e62_1.conda
+    version: 4.2.0
   - category: main
     dependencies:
       python: '>=3.6'
@@ -1132,6 +1148,38 @@ package:
     platform: linux-64
     url: https://conda.anaconda.org/conda-forge/noarch/dnspython-2.6.1-pyhd8ed1ab_1.conda
     version: 2.6.1
+  - category: main
+    dependencies:
+      paramiko: '>=2.4.3'
+      python: '>=3.8'
+      pywin32-on-windows: ''
+      requests: '>=2.26.0'
+      urllib3: '>=1.26.0'
+      websocket-client: '>=0.32.0'
+    hash:
+      md5: 3e547e36de765ca8f28a7623fb3f255a
+      sha256: eca0bf5605a6ce79021afa1cd234cc74093a239f86cd311872e4d9b0972b5a85
+    manager: conda
+    name: docker-py
+    optional: false
+    platform: linux-64
+    url: https://conda.anaconda.org/conda-forge/noarch/docker-py-7.1.0-pyhd8ed1ab_0.conda
+    version: 7.1.0
+  - category: main
+    dependencies:
+      docker-py: ''
+      python: '>=3.6'
+      six: ''
+    hash:
+      md5: 475bf42fcefc72c1d6a88dd20c22b4a2
+      sha256: bd4a680e4c6a25f155cd3ce58419f693b551cbd31bb3743b6fcc2b6df4e03e0d
+    manager: conda
+    name: docker-squash
+    optional: false
+    platform: linux-64
+    url:
+      https://conda.anaconda.org/conda-forge/noarch/docker-squash-1.2.0-pyhd8ed1ab_0.conda
+    version: 1.2.0
   - category: main
     dependencies:
       python: '>=3.7'
@@ -3188,6 +3236,21 @@ package:
     url:
       https://conda.anaconda.org/conda-forge/noarch/parameterized-0.9.0-pyhd8ed1ab_0.conda
     version: 0.9.0
+  - category: main
+    dependencies:
+      bcrypt: '>=3.2'
+      cryptography: '>=3.3'
+      pynacl: '>=1.5'
+      python: '>=3.6'
+    hash:
+      md5: 3a359c35a1f9ec2859fbddcabcfd4c4d
+      sha256: f2c3ac882c1123a71479c15ecec0c632aa004bc8a8c10daf25d69461ea1da38a
+    manager: conda
+    name: paramiko
+    optional: false
+    platform: linux-64
+    url: https://conda.anaconda.org/conda-forge/noarch/paramiko-3.5.0-pyhd8ed1ab_0.conda
+    version: 3.5.0
   - category: main
     dependencies:
       locket: ''
@@ -3841,6 +3904,20 @@ package:
     platform: linux-64
     url: https://conda.anaconda.org/conda-forge/noarch/pytz-2024.2-pyhd8ed1ab_0.conda
     version: '2024.2'
+  - category: main
+    dependencies:
+      __unix: ''
+      python: '>=2.7'
+    hash:
+      md5: 2807a0becd1d986fe1ef9b7f8135f215
+      sha256: 6502696aaef571913b22a808b15c185bd8ea4aabb952685deb29e6a6765761cb
+    manager: conda
+    name: pywin32-on-windows
+    optional: false
+    platform: linux-64
+    url:
+      https://conda.anaconda.org/conda-forge/noarch/pywin32-on-windows-0.1.0-pyh1179c8e_3.tar.bz2
+    version: 0.1.0
   - category: main
     dependencies:
       __glibc: '>=2.17,<3.0.a0'
@@ -4700,6 +4777,19 @@ package:
     url:
       https://conda.anaconda.org/conda-forge/noarch/webencodings-0.5.1-pyhd8ed1ab_2.conda
     version: 0.5.1
+  - category: main
+    dependencies:
+      python: '>=3.8'
+    hash:
+      md5: f372c576b8774922da83cda2b12f9d29
+      sha256: 44a5e3b97feef24cd719f7851cca9af9799dc9c17d3e0298d5856baab2d682f5
+    manager: conda
+    name: websocket-client
+    optional: false
+    platform: linux-64
+    url:
+      https://conda.anaconda.org/conda-forge/noarch/websocket-client-1.8.0-pyhd8ed1ab_0.conda
+    version: 1.8.0
   - category: main
     dependencies:
       libgcc-ng: '>=12'

conda_forge_webservices/github_actions_integration/linting.py

@@ -16,7 +16,8 @@ def get_recipes_for_linting(gh, repo, pr_id, lints, hints):
             if (
                 fname
                 not in ["recipes/example/meta.yaml", "recipes/example-v1/recipe.yaml"]
-            ) and os.path.basename(fname) in ["meta.yaml", "recipe.yaml"]
+            )
+            and os.path.basename(fname) in ["meta.yaml", "recipe.yaml"]
         )
     else:
         recipes_to_lint = set(fnames)

entrypoint_wda

@@ -1,10 +1,10 @@
 #!/bin/bash
 
 # source profile scripts for conda
-source ~/.bash_profile
+source ~/.bashrc
 
 # activate env
-conda activate $CF_FEEDSTOCK_OPS_ENV
+micromamba activate $CF_FEEDSTOCK_OPS_ENV
 
 # Run whatever the user wants.
 exec "$@"