Supporting EL9 and ARM64

.github/workflows/docker-publish.yml

@@ -18,14 +18,14 @@ on:
   workflow_dispatch:
 
 env:
-  # Use docker.io for Docker Hub if empty
+  # Defaults to docker.io (Docker Hub) if empty
   REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
 
 jobs:
-  build-and-push-image:
+  build-images:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -34,17 +34,36 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        context: ['docker-c7', 'docker-c8']
+        context: ['docker-c7', 'docker-c8', 'docker-c9']
+        # Define platform for images
+        include:
+          - context: docker-c7
+            platform: linux/amd64
+          - context: docker-c8
+            platform: linux/amd64,linux/arm64
+          - context: docker-c9
+            platform: linux/amd64,linux/arm64
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      # https://github.com/docker/setup-qemu-action
+      # Setup QEMU environment to build multiarch images
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # https://github.com/docker/setup-buildx-action
+      # Build multiarch images with buildx
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -54,16 +73,18 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.context }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
+          provenance: false
           context: ${{ matrix.context }}
+          platforms: ${{ matrix.platform }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

docker-c7/Dockerfile

@@ -65,3 +65,7 @@ RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf
 RUN yum -y update && \
     yum clean all && \
     rm -rf /var/cache/yum
+
+LABEL source=https://github.com/stfc/grid-workernode
+LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \
+It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."

docker-c8/Dockerfile

@@ -46,3 +46,7 @@ RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf
 RUN dnf -y update && \
     dnf clean all && \
     rm -rf /var/cache/dnf
+
+LABEL source=https://github.com/stfc/grid-workernode
+LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \
+It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."

docker-c9/Dockerfile

@@ -0,0 +1,52 @@
+FROM rockylinux:9
+
+RUN dnf -y install zip curl-minimal
+
+# Create all possible pool accounts
+RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash -
+
+# CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version)
+RUN dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \
+                   https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_9/noarch/cvmfs-config-egi-2.6-1.7.obs.el9.noarch.rpm
+
+# EPEL
+RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
+
+# Basic dependencies
+RUN dnf -y install \
+  freetype \
+  expat \
+  gcc \
+  glibc-headers \
+  time \
+  man \
+  unzip \
+  quota \
+  attr \
+  tcsh \
+  numactl
+
+# Boost (need to ensure gfal CLI from CVMFS will work for some VOs)
+RUN dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \
+                   boost-regex boost-serialization boost-system boost-test \
+                   boost-thread boost-wave
+
+# Apptainer
+RUN dnf -y install apptainer
+
+# Disable overlay and loop device management in Apptainer
+RUN sed -i '/enable overlay/c\enable overlay = no' /etc/apptainer/apptainer.conf && \
+    sed -i '/enable underlay/c\enable underlay = yes' /etc/apptainer/apptainer.conf && \
+    sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf
+
+# Deny setuid in Apptainer
+RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf
+
+# Update & cleanup
+RUN dnf -y update && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+LABEL source=https://github.com/stfc/grid-workernode
+LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \
+It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."