Issue #2678: add container build job on gitlab (#2688)

* Issue #2678: add container build job on gitlab * Update documentation for the automated docker build * A manual action to build the wheels container for x86_64 * Make specifying the tag through a variable mandatory As a consequence, only run on manually-triggered pipelines * document which variables need to be set when starting the podman machine on the m1 runner
neuronsimulator · Feb 8, 2024 · f7aba0a · f7aba0a
1 parent 1de44de
commit f7aba0a
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 3 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -7,7 +7,6 @@ include:
   - project: hpc/gitlab-upload-logs
     file: enable-upload.yml
 
-
 # see https://gitlab.com/gitlab-org/gitlab/-/issues/263401 for why we specify the flags like this now
 # 130 characters seems to be the point at which jobs refuse to run
 .matrix:
@@ -263,3 +262,60 @@ test:neuron:nmodl:nvhpc:omp:legacy:
 test:neuron:nmodl:nvhpc:omp:
   extends: [.test_neuron, .gpu_node]
   needs: ["build:neuron:nmodl:nvhpc:omp"]
+
+
+# Container building
+mac_m1_container_build:
+  stage: .pre
+  tags:
+    - macos-arm64
+  script:
+    - if [ -z "${ARM64_IMAGE_TAG}" ]; then
+    -   echo "Please set the ARM64_IMAGE_TAG variable"
+    -   exit 1
+    - fi
+    - cd packaging/python
+    - echo "Replacing symlinks with their targets to keep podman happy"
+    - find . -type l -exec cp $(realpath {}) ./TEMP \; -exec rm {} \; -exec mv TEMP {} \;
+    - ls -l
+    - export BUILDAH_FORMAT=docker # enables ONBUILD instructions which are not OCI compatible
+    - machine_status=$(podman machine inspect | awk '/State/ {print $2}' | tr -d '",')
+      # If you start the machine yourself, make sure BUILDAH_FORMAT and the http proxy variables are set in the shell before doing so!
+    - if [[ "${machine_status}" != "running" ]]; then
+    -     echo "Machine is in ${machine_status} status - starting"
+    -     podman machine start
+    - fi
+    - podman build -t neuronsimulator/neuron_wheel:${ARM64_IMAGE_TAG} --build-arg MANYLINUX_IMAGE=manylinux2014_aarch64 -f Dockerfile .
+    - podman login -u ${DOCKER_HUB_USER} -p ${DOCKER_HUB_AUTH_TOKEN} docker.io
+    - podman push neuronsimulator/neuron_wheel:${ARM64_IMAGE_TAG}
+    - podman rmi localhost/neuronsimulator/neuron_wheel:${ARM64_IMAGE_TAG}
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web"
+  when: manual
+
+x86_64_container_build:
+  stage: .pre
+  image:
+    name: quay.io/buildah/stable
+    entrypoint: [""]
+  variables:
+    KUBERNETES_CPU_LIMIT: 4
+    KUBERNETES_CPU_REQUEST: 2
+    KUBERNETES_MEMORY_LIMIT: 8Gi
+    KUBERNETES_MEMORY_REQUEST: 4Gi
+  tags:
+    - kubernetes
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web"
+  when: manual
+  script:
+    - if [ -z "${X86_IMAGE_TAG}" ]; then
+    -   echo "Please set the X86_IMAGE_TAG variable"
+    -   exit 1
+    - fi
+    - export STORAGE_DRIVER=vfs    # allows to build inside containers without additional mounts
+    - export BUILDAH_FORMAT=docker # enables ONBUILD instructions which are not OCI compatible
+    - cd packaging/python
+    - buildah bud --iidfile image_id -t neuronsimulator/neuron_wheel:${X86_IMAGE_TAG} -f Dockerfile .
+    - buildah login -u ${DOCKER_HUB_USER} -p ${DOCKER_HUB_AUTH_TOKEN} docker.io
+    - buildah push $(<image_id) docker://docker.io/neuronsimulator/neuron_wheel:${X86_IMAGE_TAG}
diff --git a/docs/install/python_wheels.md b/docs/install/python_wheels.md
@@ -35,7 +35,23 @@ Refer to the following image for the NEURON Docker Image workflow:
 ![](images/docker-workflow.png)
 
 
-### Building the docker image
+### Building the docker images automatically
+If you run the workflow manually on Gitlab (with the "Run pipeline" button), it will now have the `mac_m1_container_build` and `x86_64_container_build` jobs added to it. These jobs need to be started manually and will not affect the overal workflow status. They don't need to be run every time, just when a refresh of the container images is necessary.
+They will build the container images and push to docker hub. If you want to, you can still build manually (see next section), but there shouldn't be a requirement to do so any more.
+
+A word of warning: podman on OSX uses a virtual machine. The job can take care of starting it, but we generally try to have it running to avoid jobs cleaning up after themselves and killing the machine for other jobs. When starting the machine, set the variables that need to be set during the container build, ie. proxy and `BUILDAH_FORMAT`.
+
+`BUILDAH_FORMAT` ensures that `ONBUILD` instructions are enabled.
+
+```
+export http_proxy=http://bbpproxy.epfl.ch:80
+export https_proxy=http://bbpproxy.epfl.ch:80
+export HTTP_PROXY=http://bbpproxy.epfl.ch:80
+export HTTPS_PROXY=http://bbpproxy.epfl.ch:80
+export BUILDAH_FORMAT=docker
+```
+
+### Building the docker image manually
 After making updates to any of the docker files, you can build the image with:
 ```
 cd nrn/packaging/python
@@ -284,4 +300,4 @@ will download the wheel and its dependencies to `tmp/` and then you can test it
 
 ```bash
 ./packaging/python/test_wheels.sh python3 ./tmp/NEURON_gpu_nightly-...whl true
-```
+```