From 7e1d3a7627b46e8bb1b9eb4b04d8ed2a7ed120f4 Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Thu, 8 Aug 2024 22:11:32 -0400 Subject: [PATCH 01/11] Fix Dockerfiles --- Makefile | 15 +++++++-------- runtime/Dockerfile | 17 +++++++++++++---- runtime/Dockerfile-lock | 14 +++----------- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/Makefile b/Makefile index 293f9ff..6fd50b5 100644 --- a/Makefile +++ b/Makefile @@ -120,15 +120,14 @@ build: ## Updates runtime environment lockfile using Docker update-lockfile: @echo Generating the lockfile for CPU and GPU within Docker - cd runtime && \ - docker build . \ - --file Dockerfile-lock \ - --build-arg CPU_OR_GPU=${CPU_OR_GPU} \ + docker build runtime \ + --file runtime/Dockerfile-lock \ --tag pixi-lock:local - @echo Copying lockfile to host - docker create --name dummy pixi-lock:local - docker cp dummy:/tmp/pixi.lock runtime/pixi.lock - docker rm -f dummy + @echo Running lock container + docker run \ + --mount type=bind,source="$(shell pwd)"/runtime,target=/tmp \ + --rm \ + pixi-lock:local ## Ensures that your locally built image can import all the Python packages successfully when it runs test-container: _check_image _echo_image _submission_write_perms diff --git a/runtime/Dockerfile b/runtime/Dockerfile index 1dc98af..4044f1b 100644 --- a/runtime/Dockerfile +++ b/runtime/Dockerfile @@ -10,6 +10,15 @@ ENV DEBIAN_FRONTEND=noninteractive \ PYTHONUNBUFFERED=1 \ SHELL=/bin/bash +# Create user andset permissions +ENV RUNTIME_USER=runtimeuser +ENV RUNTIME_UID=1000 +ENV RUNTIME_GID=1000 + +RUN echo "Creating ${RUNTIME_USER} user..." \ + && groupadd --gid ${RUNTIME_GID} ${RUNTIME_USER} \ + && useradd --create-home --gid ${RUNTIME_GID} --no-log-init --uid ${RUNTIME_UID} ${RUNTIME_USER} + COPY apt.txt apt.txt RUN apt-get update --fix-missing \ && apt-get install -y apt-utils 2> /dev/null \ @@ -17,18 +26,18 @@ RUN apt-get update --fix-missing \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /apt.txt -COPY --chown=$MAMBA_USER:$MAMBA_USER pixi.lock /tmp/pixi.lock -COPY --chown=$MAMBA_USER:$MAMBA_USER pixi.toml /tmp/pixi.toml +COPY --chown=$RUNTIME_USER:$RUNTIME_USER pixi.lock /tmp/pixi.lock +COPY --chown=$RUNTIME_USER:$RUNTIME_USER pixi.toml /tmp/pixi.toml RUN pixi install --manifest-path /tmp/pixi.toml -e ${CPU_OR_GPU} && \ pixi clean --manifest-path /tmp/pixi.toml -e ${CPU_OR_GPU} RUN mkdir /code_execution -RUN chown -R ${MAMBA_USER}:${MAMBA_USER} /code_execution +RUN chown -R ${RUNTIME_USER}:${RUNTIME_USER} /code_execution COPY tests /code_execution/tests COPY entrypoint.sh /entrypoint.sh WORKDIR /code_execution -USER ${MAMBA_USER} +USER ${RUNTIME_USER} CMD ["bash", "/entrypoint.sh"] diff --git a/runtime/Dockerfile-lock b/runtime/Dockerfile-lock index d133a82..48e36a7 100644 --- a/runtime/Dockerfile-lock +++ b/runtime/Dockerfile-lock @@ -2,15 +2,7 @@ FROM ghcr.io/prefix-dev/pixi:0.26.1-bookworm-slim USER root -ARG CPU_OR_GPU=gpu - -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - LC_ALL=C.UTF-8 \ - PYTHONUNBUFFERED=1 \ - SHELL=/bin/bash - -COPY --chown=$MAMBA_USER:$MAMBA_USER pixi.lock /tmp/pixi.lock -COPY --chown=$MAMBA_USER:$MAMBA_USER pixi.toml /tmp/pixi.toml -RUN pixi tree --manifest-path /tmp/pixi.toml --platform linux-64 +RUN mkdir -p /tmp +WORKDIR /tmp +ENTRYPOINT ["pixi", "tree", "--manifest-path", "pixi.toml", "--platform", "linux-64", "-v"] From a0e17dd4ec01848ba085b1c17b63518254963e4d Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Thu, 8 Aug 2024 23:55:25 -0400 Subject: [PATCH 02/11] Fix permissions and directories and stuff --- Makefile | 8 ++++++-- runtime/Dockerfile | 21 ++++++++++++--------- runtime/entrypoint.sh | 2 +- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 6fd50b5..ab290eb 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,8 @@ else CPU_OR_GPU ?= gpu endif +BLOCK_INTERNET ?= true + TAG := ${CPU_OR_GPU}-latest LOCAL_TAG := ${CPU_OR_GPU}-local @@ -133,16 +135,18 @@ update-lockfile: test-container: _check_image _echo_image _submission_write_perms docker run \ ${GPU_ARGS} \ + ${NETWORK_ARGS} \ ${TTY_ARGS} \ - --mount type=bind,source="$(shell pwd)"/runtime/tests,target=/tests,readonly \ --pid host \ ${SUBMISSION_IMAGE_ID} \ - python -m pytest -v tests + pixi run -e ${CPU_OR_GPU} python -m pytest tests + ## Open an interactive bash shell within the running container (with network access) interact-container: _check_image _echo_image _submission_write_perms docker run \ ${GPU_ARGS} \ + ${NETWORK_ARGS} \ --mount type=bind,source=${shell pwd}/data,target=/code_execution/data,readonly \ --mount type=bind,source="$(shell pwd)/submission",target=/code_execution/submission \ --shm-size 8g \ diff --git a/runtime/Dockerfile b/runtime/Dockerfile index 4044f1b..ca09139 100644 --- a/runtime/Dockerfile +++ b/runtime/Dockerfile @@ -26,18 +26,21 @@ RUN apt-get update --fix-missing \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /apt.txt -COPY --chown=$RUNTIME_USER:$RUNTIME_USER pixi.lock /tmp/pixi.lock -COPY --chown=$RUNTIME_USER:$RUNTIME_USER pixi.toml /tmp/pixi.toml -RUN pixi install --manifest-path /tmp/pixi.toml -e ${CPU_OR_GPU} && \ - pixi clean --manifest-path /tmp/pixi.toml -e ${CPU_OR_GPU} - +# Set up code execution working directory RUN mkdir /code_execution RUN chown -R ${RUNTIME_USER}:${RUNTIME_USER} /code_execution - -COPY tests /code_execution/tests -COPY entrypoint.sh /entrypoint.sh - WORKDIR /code_execution + +# Switch to runtime user USER ${RUNTIME_USER} +COPY pixi.lock ./pixi.lock +COPY pixi.toml ./pixi.toml + +RUN pixi install -e ${CPU_OR_GPU} --frozen \ + && rm -rf /home/${RUNTIME_USER}/.cache/ + +COPY entrypoint.sh /entrypoint.sh +COPY --chown=${RUNTIME_USER}:${RUNTIME_USER} tests ./tests + CMD ["bash", "/entrypoint.sh"] diff --git a/runtime/entrypoint.sh b/runtime/entrypoint.sh index 538a818..667f2ef 100644 --- a/runtime/entrypoint.sh +++ b/runtime/entrypoint.sh @@ -19,7 +19,7 @@ main () { ls -alh echo "Running submission..." - python main.py + pixi run -e $CPU_OR_GPU python main.py echo "Exporting submission.csv result..." From 1285fe619ab19bb0b66445a4aa34cbbeb2528ea2 Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 00:09:12 -0400 Subject: [PATCH 03/11] Update test command --- .github/workflows/build.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b983289..cf6461e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -56,7 +56,9 @@ jobs: - name: Tests packages in container run: | - docker run $LOGIN_SERVER/$IMAGE:$SHA_TAG python -m pytest tests + docker run $LOGIN_SERVER/$IMAGE:$SHA_TAG \ + --network none \ + pixi run -e ${{ matrix.proc }} python -m pytest tests - name: Log into Azure if: ${{ fromJson(env.SHOULD_PUBLISH) }} @@ -78,4 +80,3 @@ jobs: if: ${{ fromJson(env.SHOULD_PUBLISH) }} run: | docker push $LOGIN_SERVER/$IMAGE --all-tags - From 4e501f517027d32162eaeff8024444f17c974217 Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 00:19:33 -0400 Subject: [PATCH 04/11] Fix command ordering --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf6461e..998bde1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -56,8 +56,8 @@ jobs: - name: Tests packages in container run: | - docker run $LOGIN_SERVER/$IMAGE:$SHA_TAG \ - --network none \ + docker run --network none \ + $LOGIN_SERVER/$IMAGE:$SHA_TAG \ pixi run -e ${{ matrix.proc }} python -m pytest tests - name: Log into Azure From 621fb5aff98558bd37189d1ecd50958a64f8885a Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 10:38:04 -0400 Subject: [PATCH 05/11] Use clean cache command --- runtime/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtime/Dockerfile b/runtime/Dockerfile index ca09139..2ac3f23 100644 --- a/runtime/Dockerfile +++ b/runtime/Dockerfile @@ -38,7 +38,7 @@ COPY pixi.lock ./pixi.lock COPY pixi.toml ./pixi.toml RUN pixi install -e ${CPU_OR_GPU} --frozen \ - && rm -rf /home/${RUNTIME_USER}/.cache/ + && pixi clean cache --yes COPY entrypoint.sh /entrypoint.sh COPY --chown=${RUNTIME_USER}:${RUNTIME_USER} tests ./tests From 3f00c5a9c09144d092d47b7d8def81c11b71fbeb Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 10:40:05 -0400 Subject: [PATCH 06/11] Add maximize build space action --- .github/workflows/build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 998bde1..a4fe380 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,6 +41,13 @@ jobs: LATEST_TAG: ${{ matrix.proc }}-latest steps: + - uses: easimon/maximize-build-space@v10 + with: + remove-dotnet: true + remove-android: true + remove-haskell: true + remove-codeql: true + - uses: actions/checkout@v4 - name: Build Image From b65ce717612b3c3f6ca0c081901378ec917d6712 Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 10:47:26 -0400 Subject: [PATCH 07/11] Add more root reserve space --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a4fe380..09d4d3f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,6 +43,7 @@ jobs: steps: - uses: easimon/maximize-build-space@v10 with: + root-reserve-mb: 24576 remove-dotnet: true remove-android: true remove-haskell: true From 9a619235e65fba0d6c1e8a6282d6205fcf30f44e Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 11:01:05 -0400 Subject: [PATCH 08/11] Remove unwanted software directly --- .github/workflows/build.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 09d4d3f..b67723c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,13 +41,12 @@ jobs: LATEST_TAG: ${{ matrix.proc }}-latest steps: - - uses: easimon/maximize-build-space@v10 - with: - root-reserve-mb: 24576 - remove-dotnet: true - remove-android: true - remove-haskell: true - remove-codeql: true + - name: Remove unwanted software + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/local/lib/android + sudo rm -rf /opt/ghc + sudo rm -rf /opt/hostedtoolcache/CodeQL - uses: actions/checkout@v4 From 15547d428c45151a273a730b56caa36c7dd7c88b Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 11:21:51 -0400 Subject: [PATCH 09/11] Add some diagnostics --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b67723c..b042fb4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,10 +43,16 @@ jobs: steps: - name: Remove unwanted software run: | + echo "Available storage before:" + sudo df -h + echo sudo rm -rf /usr/share/dotnet sudo rm -rf /usr/local/lib/android sudo rm -rf /opt/ghc sudo rm -rf /opt/hostedtoolcache/CodeQL + echo "Available storage before:" + sudo df -h + echo - uses: actions/checkout@v4 From f28d987b65d87f816b5331e9c5a87070393118f4 Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 11:22:00 -0400 Subject: [PATCH 10/11] Print out pixi info --- runtime/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/runtime/Dockerfile b/runtime/Dockerfile index 2ac3f23..025ab69 100644 --- a/runtime/Dockerfile +++ b/runtime/Dockerfile @@ -38,7 +38,8 @@ COPY pixi.lock ./pixi.lock COPY pixi.toml ./pixi.toml RUN pixi install -e ${CPU_OR_GPU} --frozen \ - && pixi clean cache --yes + && pixi clean cache --yes \ + && pixi info COPY entrypoint.sh /entrypoint.sh COPY --chown=${RUNTIME_USER}:${RUNTIME_USER} tests ./tests From cc136a5f84276ffa688ff50820eaa64550676ca9 Mon Sep 17 00:00:00 2001 From: Jay Qi Date: Fri, 9 Aug 2024 11:24:57 -0400 Subject: [PATCH 11/11] Fix typo --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b042fb4..d3b484d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -50,7 +50,7 @@ jobs: sudo rm -rf /usr/local/lib/android sudo rm -rf /opt/ghc sudo rm -rf /opt/hostedtoolcache/CodeQL - echo "Available storage before:" + echo "Available storage after:" sudo df -h echo