From 327b7b75a552a82064ee589c380c2bc225a46f93 Mon Sep 17 00:00:00 2001 From: Bogdan Burlacu Date: Thu, 4 Jun 2026 19:05:40 +0300 Subject: [PATCH 1/2] Clean up Dockerfiles and add image publishing workflow - Strip dead comments from baseDockerfile; combine sed+apt into one layer - Add ARG BASE_IMAGE to alg-Dockerfile and tir/Dockerfile so CI can inject the published registry tag without affecting local builds (default remains srbench/base for local use) - Add docker.yml workflow to publish base + per-algorithm images to DockerHub on version tags (not on every push) --- .github/workflows/docker.yml | 87 ++++++++++++++++++++++++++++++++++++ alg-Dockerfile | 3 +- algorithms/tir/Dockerfile | 3 +- baseDockerfile | 59 ++---------------------- 4 files changed, 94 insertions(+), 58 deletions(-) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..e4573e2f --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,87 @@ +name: Docker Images + +on: + push: + tags: ['v*'] + +env: + ORG: ${{ secrets.DOCKER_HUB_USERNAME }} + +jobs: + base: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - uses: docker/setup-buildx-action@v3 + - uses: docker/build-push-action@v5 + with: + context: . + file: baseDockerfile + push: true + tags: ${{ env.ORG }}/srbench:base + cache-from: type=gha,scope=base + cache-to: type=gha,scope=base,mode=max + + algorithms: + needs: base + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + algorithm: + - afp + - bingo + - brush + - bsr + - e2et + - eplex + - eql + - feat + - ffx + - geneticengine + - gpgomea + - gplearn + - gpzgd + - itea + - lightgbm + - nesymres + - operon + - ps-tree + - pysr + - qlattice + - rils-rols + - sklearn + - tir + - tpsr + - udsr + - xgboost + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - uses: docker/setup-buildx-action@v3 + - name: Resolve Dockerfile + id: dockerfile + run: | + if [ -f "algorithms/${{ matrix.algorithm }}/Dockerfile" ]; then + echo "path=algorithms/${{ matrix.algorithm }}/Dockerfile" >> $GITHUB_OUTPUT + else + echo "path=alg-Dockerfile" >> $GITHUB_OUTPUT + fi + - uses: docker/build-push-action@v5 + with: + context: . + file: ${{ steps.dockerfile.outputs.path }} + build-args: | + ALGORITHM=${{ matrix.algorithm }} + BASE_IMAGE=${{ env.ORG }}/srbench:base + push: true + tags: ${{ env.ORG }}/srbench-${{ matrix.algorithm }}:latest + cache-from: type=gha,scope=${{ matrix.algorithm }} + cache-to: type=gha,scope=${{ matrix.algorithm }},mode=max diff --git a/alg-Dockerfile b/alg-Dockerfile index f8b4e9c5..19c4abf6 100644 --- a/alg-Dockerfile +++ b/alg-Dockerfile @@ -1,4 +1,5 @@ -FROM srbench/base AS build +ARG BASE_IMAGE=srbench/base +FROM ${BASE_IMAGE} AS build ################################################################################ # Install env diff --git a/algorithms/tir/Dockerfile b/algorithms/tir/Dockerfile index afdcc375..463759ab 100644 --- a/algorithms/tir/Dockerfile +++ b/algorithms/tir/Dockerfile @@ -1,4 +1,5 @@ -FROM srbench/base AS build +ARG BASE_IMAGE=srbench/base +FROM ${BASE_IMAGE} AS build ################################################################################ USER root diff --git a/baseDockerfile b/baseDockerfile index 765a3308..ac2020f1 100644 --- a/baseDockerfile +++ b/baseDockerfile @@ -1,72 +1,19 @@ -################################################################################# -## Notes: this image is large and many improvements are possible. -## Sources: -## - https://uwekorn.com/2021/03/01/deploying-conda-environments-in-docker-how-to-do-it-right.html -## - https://pythonspeed.com/articles/conda-docker-image-size/ -## micromamba is failing for PySR, so sticking with mambaforge for now. -## FROM --platform=linux/amd64 mambaorg/micromamba:0.21.2 as build -##FROM condaforge/mambaforge:4.11.0-2 as base -## FROM condaforge/miniforge-pypy3:24.3.0-0 AS base -#FROM condaforge/miniforge-pypy3:23.11.0-0 AS base -################################################################################# -## Nvidia code ################################################################## -################################################################################# -#ENV PATH /usr/local/nvidia/bin/:$PATH -#ENV LD_LIBRARY_PATH /usr/local/nvidia/lib:/usr/local/nvidia/lib64:$LD_LIBRARY_PATH -## Tell nvidia-docker the driver spec that we need as well as to -## use all available devices, which are mounted at /usr/local/nvidia. -## The LABEL supports an older version of nvidia-docker, the env -## variables a newer one. -#ENV NVIDIA_VISIBLE_DEVICES all -#ENV NVIDIA_DRIVER_CAPABILITIES compute,utility -#LABEL com.nvidia.volumes.needed="nvidia_driver" -################################################################################ FROM mambaorg/micromamba:1.5.8 -# Install base packages. USER root - ARG DEBIAN_FRONTEND=noninteractive -# # proxy for apt -# ENV MIRROR="mirrors\.ocf\.berkeley\.edu" - -# RUN sed -i -e "s/archive\.ubuntu\.com/${MIRROR}/" /etc/apt/sources.list -# RUN sed -i -e "s/security\.ubuntu\.com/${MIRROR}/" /etc/apt/sources.list -# RUN sed -i -e "s/http/https/" /etc/apt/sources.list -# -# ENV MIRROR="debian\.csail\.mit\.edu" -# ENV MIRROR="us\.debian\.org" -# ENV MIRROR="debian\.cc\.lehigh\.edu" -# ENV MIRROR="debian\.cs\.binghamton\.edu" -# ENV MIRROR="debian\.mirror\.constant\.com" - -# RUN sed -i -e "s/deb\.debian\.org/${MIRROR}/" /etc/apt/sources.list.d/debian.sources -RUN sed -i -e "s/http/https/" /etc/apt/sources.list.d/debian.sources -# COPY debian.sources /etc/apt/list/sources.list.d/ -RUN apt update \ - && apt install -y \ - # default-jdk \ +RUN sed -i -e "s/http/https/" /etc/apt/sources.list.d/debian.sources \ + && apt update \ + && apt install -y \ rsync \ - # bzip2 \ - # ca-certificates \ curl \ git \ - # wget \ build-essential \ libgmp3-dev \ libblas-dev \ liblapack-dev \ libgsl-dev \ - vim \ - # jq \ && rm -rf /var/lib/apt/lists/* USER $MAMBA_USER - -# Install env -################################################################################ -#USER $MAMBA_USER -# SHELL ["/bin/bash", "-c"] -#VOLUME ["/srbench"] -# WORKDIR "/srbench" From d6c0a0897669920d716824257a44b84413ae5bd8 Mon Sep 17 00:00:00 2001 From: Bogdan Burlacu Date: Thu, 4 Jun 2026 20:08:12 +0300 Subject: [PATCH 2/2] Fix docker.yml image naming and add permissions - Use ORG/base and ORG/ naming to match make_docker_compose_file.sh - Publish versioned tags alongside :latest when triggered by a v* tag - Add permissions: contents: read (least-privilege) --- .github/workflows/docker.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e4573e2f..cee7f478 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,6 +4,9 @@ on: push: tags: ['v*'] +permissions: + contents: read + env: ORG: ${{ secrets.DOCKER_HUB_USERNAME }} @@ -22,7 +25,9 @@ jobs: context: . file: baseDockerfile push: true - tags: ${{ env.ORG }}/srbench:base + tags: | + ${{ env.ORG }}/base:latest + ${{ env.ORG }}/base:${{ github.ref_name }} cache-from: type=gha,scope=base cache-to: type=gha,scope=base,mode=max @@ -80,8 +85,10 @@ jobs: file: ${{ steps.dockerfile.outputs.path }} build-args: | ALGORITHM=${{ matrix.algorithm }} - BASE_IMAGE=${{ env.ORG }}/srbench:base + BASE_IMAGE=${{ env.ORG }}/base:${{ github.ref_name }} push: true - tags: ${{ env.ORG }}/srbench-${{ matrix.algorithm }}:latest + tags: | + ${{ env.ORG }}/${{ matrix.algorithm }}:latest + ${{ env.ORG }}/${{ matrix.algorithm }}:${{ github.ref_name }} cache-from: type=gha,scope=${{ matrix.algorithm }} cache-to: type=gha,scope=${{ matrix.algorithm }},mode=max