Apptainer CI

.github/workflows/deploy-ghcr.yml

@@ -0,0 +1,68 @@
+name: Build and deploy as Apptainer container image to GitHub Container Registry
+
+on:
+  pull_request: []
+  push:
+    branches:
+      - master
+  release:
+    types: [ published ]
+
+jobs:
+  build-deploy-container:
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash -leo pipefail {0}
+
+    permissions:
+      packages:
+        write
+
+    strategy:
+      matrix:
+        deffiles: [[singularity/Singularity, latest]]
+
+    env:
+      container: nectarchain
+      registry: ghcr.io
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+
+      - name: Setup Apptainer
+        uses: eWaterCycle/setup-apptainer@v2
+        with:
+          apptainer-version: 1.1.7
+
+      - name: Build ${{ matrix.deffiles[1] }}
+        run: |
+          echo "Preparing to build ${{ env.container }} from ${{ matrix.deffiles[0] }}"
+          if [ ! -f "${{ matrix.deffiles[0]}}" ]; then
+              echo "Singularity definition file ${{ matrix.deffiles[0] }} does not exist"
+              exit 1
+          fi
+          apptainer build ${{ env.container }}.sif ${{ matrix.deffiles[0] }}
+          ls -lh
+
+      - name: Login to GitHub Container Registry
+        # Don't log into registry on pull request.
+        if: github.event_name != 'pull_request'
+        run: |
+          echo ${{ github.token }} | apptainer remote login --username ${{ github.actor }} --password-stdin oras://${{ env.registry }}
+
+      - name: Deploy ${{ matrix.deffiles[1] }}
+        # Don't push the container on a pull request.
+        if: github.event_name != 'pull_request'
+        run: |  
+          apptainer push ${{ env.container }}.sif oras://${{ env.registry }}/${{ github.repository }}:${{ matrix.deffiles[1] }}
+
+      - name: Post Login to GitHub Container Registry
+        # Don't log out from registry on pull request.
+        if: github.event_name != 'pull_request'
+        run: |
+          apptainer remote logout oras://${{ env.registry }}

.github/workflows/deploy.yml → .github/workflows/deploy-pypi.yml

@@ -6,7 +6,7 @@ on:
       - 'v*'
 
 jobs:
-  deploy:
+  deploy-pypi:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

singularity/Singularity

@@ -3,17 +3,23 @@
 # Built from mambaforge, with special conda environment containing nectarchain
 #
 # Jean-Philippe Lenain <[email protected]>
-# Time-stamp: "2023-04-06 14:42:19 jlenain"
+# Time-stamp: "2023-04-08 00:20:24 jlenain"
 #
 # Typically, build this image with:
-# `sudo singularity build nectarchain.sif Singularity`
+# `sudo apptainer build nectarchain.sif singularity/Singularity`
 #
 # Then, typically run an instance of this image with:
-# `singularity shell nectarchain.sif`
+# `apptainer shell nectarchain.sif`
 
 Bootstrap: docker
 From: condaforge/mambaforge
 
+%setup
+    mkdir -p ${SINGULARITY_ROOTFS}/opt/cta/nectarchain
+
+%files
+    . /opt/cta/nectarchain
+
 # From https://github.com/hpcng/singularity/issues/5075#issuecomment-594391772
 %environment
     action="${0##*/}"
@@ -27,9 +33,7 @@ From: condaforge/mambaforge
     fi
 
 %post
-    ORIG=$PWD
-
-    # CA certificates
+    # Install CA certificates
     apt -y update
     # cf. https://serverfault.com/a/992421
     DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt -y install software-properties-common curl
@@ -40,24 +44,20 @@ From: condaforge/mambaforge
     . /opt/conda/etc/profile.d/conda.sh
     . /opt/conda/etc/profile.d/mamba.sh
     mamba update --quiet --name base conda mamba
-    mkdir -p /opt/cta
-    cd /opt/cta
 
     # Install nectarchain
-    git clone https://github.com/cta-observatory/nectarchain.git
-    mamba env create --quiet --file nectarchain/environment.yml --prefix /opt/conda/envs/nectarchain
+    mamba env create --quiet --file /opt/cta/nectarchain/environment.yml --prefix /opt/conda/envs/nectarchain
     mamba activate nectarchain
-    cd nectarchain
+    cd /opt/cta/nectarchain
     pip install -e .
 
     # Optionally install and configure DIRAC:
-    mamba install -y -c conda-forge dirac-grid
+    mamba install --quiet -y -c conda-forge dirac-grid
     conda env config vars set X509_CERT_DIR=${CONDA_PREFIX}/etc/grid-security/certificates X509_VOMS_DIR=${CONDA_PREFIX}/etc/grid-security/vomsdir X509_VOMSES=${CONDA_PREFIX}/etc/grid-security/vomses
     mamba deactivate
     mamba activate nectarchain
-    pip install CTADIRAC
-    pip install COMDIRAC
-
+    pip install CTADIRAC COMDIRAC
+
     # Since there is no proxy available at build time, manually configure the CTADIRAC client
     cat <<EOF > ${CONDA_PREFIX}/etc/dirac.cfg
 DIRAC