From 42ed4536f50dcdf269a3337f22cab2eb290503c8 Mon Sep 17 00:00:00 2001 From: KarhouTam <787992532@qq.com> Date: Sun, 4 Feb 2024 11:04:35 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=B3=20chore(Docker):=20Update=20Docker?= =?UTF-8?q?file=20and=20related=20CI=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/docker-publish.yml | 74 +++++++++++++++------------- Dockerfile | 21 ++------ README.md | 33 ++++--------- 3 files changed, 54 insertions(+), 74 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 373136d..7185112 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -13,9 +13,10 @@ on: env: # Use docker.io for Docker Hub if empty - REGISTRY: docker.io + GHCR_REGISTRY: ghcr.io + ALIYUN_REGISTRY: registry.cn-hangzhou.aliyuncs.com # github.repository as / - IMAGE_NAME: karhoutam/flbench + IMAGE_NAME: ${{ github.repository }} jobs: @@ -33,14 +34,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 - with: - cosign-release: 'v2.1.1' - # Set up BuildKit Docker container builder to be able to build # multi-platform images and export cache # https://github.com/docker/setup-buildx-action @@ -49,46 +42,61 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} + - name: Log into registry ${{ env.GHCR_REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: - registry: ${{ env.REGISTRY }} - username: karhoutam - password: ${{ secrets.DOCKER_HUB_PASSWORD }} + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata - id: meta + id: meta-ghcr uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image - id: build-and-push + id: build-and-push-to-GitHub-container-registry uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta-ghcr.outputs.tags }} + labels: ${{ steps.meta-ghcr.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} \ No newline at end of file + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.ALIYUN_REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.ALIYUN_REGISTRY }} + username: ${{ secrets.ALIYUN_USERNAME }} + password: ${{ secrets.ALIYUN_TOKEN }} + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta-aliyun + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.ALIYUN_REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push-to-Aliyun-container-registry + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta-aliyun.outputs.tags }} + labels: ${{ steps.meta-aliyun.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 853350b..dda2bf4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,9 @@ -ARG IMAGE_SOURCE=registry.cn-hangzhou.aliyuncs.com/karhou/linux:ubuntu-basic +FROM ubuntu:22.04 -FROM ${IMAGE_SOURCE} - -ARG CHINA_MAINLAND=true - -WORKDIR /etc/apt - -RUN if [ "${CHINA_MAINLAND}" = "false" ]; then \ - rm sources.list && \ - mv sources.list.bak sources.list ; \ - fi - RUN apt update && \ - apt install python3-pip -y && \ + apt install build-essential git python3.10 python3-pip -y && \ cd /usr/bin && \ - ln -s python3.10 python - -RUN if [ "${CHINA_MAINLAND}" = "true" ]; then \ - pip config set global.index-url https://mirrors.sustech.edu.cn/pypi/simple ; \ - fi + ln -s python3.10 python WORKDIR /root diff --git a/README.md b/README.md index 2bd5e64..8da24ed 100644 --- a/README.md +++ b/README.md @@ -114,39 +114,26 @@ conda env create -f environment.yml ### Poetry 🎶 -**At China mainland** -``` +```sh +# For those China mainland users poetry install --no-root -``` -**Not at China mainland** -``` +# For those oversea users sed -i "10,14d" pyproject.toml && poetry lock --no-update && poetry install --no-root ``` ### Docker 🐳 -#### Pull from Docker Hub (Linux Only) -``` -docker pull karhoutam/flbench:master -``` - -#### Build locally +```shell +# For those China mainland users +docker pull registry.cn-hangzhou.aliyuncs.com/karhoutam/fl-bench:master -**At China mainland** -``` -docker build -t fl-bench . -``` +# For those oversea users +docker pull ghcr.io/karhoutam/fl-bench:master -**Not at China mainland** +# An example for building container +docker run -it --name fl-bench --privileged -p 8097:8097 --gpus all ghcr.io/karhoutam/fl-bench:master ``` -docker build \ --t fl-bench \ ---build-arg IMAGE_SOURCE=karhou/ubuntu:basic \ ---build-arg CHINA_MAINLAND=false \ -. -``` - ## Easy Run 🏃‍♂️