Add image based on newer ubuntu

.github/workflows/docker.yml

@@ -14,42 +14,78 @@ jobs:
     strategy:
       matrix:
         image:
+          - circleci_ubuntu-22.04
           - circleci_ubuntu-20.04
           - mrchem_ubuntu-18.04
           - circleci_ubuntu-18.04
           - circleci_ubuntu-18.04-conda
 
+    # Defines custom environment variables for the workflow. 
+    env:
+      # the Container registry domain
+      REGISTRY: ghcr.io
+
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in
+    # this job.
+    permissions:
+      actions: read
+      contents: read
+      packages: write
+
+    strategy:
+      # Keep going on other deployments if anything bloops
+      fail-fast: false
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
+      # Uses the `docker/login-action` action to log in to the Container
+      # registry registry using the account and password that will publish the
+      # packages. Once published, the packages are scoped to the account
+      # defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # This step uses
+      # [docker/metadata-action](https://github.com/docker/metadata-action#about)
+      # to extract tags and labels that will be applied to the specified image.
+      # The `id` "meta" allows the output of this step to be referenced in a
+      # subsequent step. The `images` value provides the base name for the tags
+      # and labels.
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
-          # NOTE cannot use ${{ github.repository_owner }} directly, because we
-          # can't lowercase with GHA functions
           images: |
-            ghcr.io/mrchemsoft/metamr/${{ matrix.image }}
+            ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}
           flavor: |
             latest=true
           tags: |
             type=sha
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push Docker images
-        uses: docker/build-push-action@v2
+      # This step uses the `docker/build-push-action` action to build the
+      # image, based on your repository's `Dockerfile`. If the build succeeds,
+      # it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the
+      # set of files located in the specified path. For more information, see
+      # "[Usage](https://github.com/docker/build-push-action#usage)" in the
+      # README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image
+      # with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
         with:
-          context: ${{ matrix.image }}
+          context: docker/${{ matrix.image }}
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          secrets: |
+            "docker_github_api=${{ secrets.DOCKER_GITHUB_API }}"

circleci_ubuntu-22.04/Dockerfile

@@ -0,0 +1,37 @@
+FROM ubuntu:22.04
+
+# Set an encoding to make things work smoothly.
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+
+# Add a timestamp for the build. Also, bust the cache.
+ADD http://worldtimeapi.org/api/ip /opt/docker/etc/timestamp
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get --yes -qq update \
+ && apt-get --yes -qq upgrade \
+ && apt-get --yes -qq install \
+                      bzip2 \
+		              cmake \
+                      cpio \
+                      curl \
+                      g++ \
+                      gcc \
+                      git \
+                      libeigen3-dev \
+                      libidn11-dev \
+                      libopenmpi-dev \
+                      openmpi-bin \
+                      python3 \
+		              python-is-python3 \
+ && rm -rf /var/lib/apt/lists/*
+
+# Run common commands
+COPY run_commands /opt/docker/bin/run_commands
+RUN /opt/docker/bin/run_commands
+
+ENV PATH $PATH:/root/.local/bin
+
+ENV LD_LIBRARY_PATH /root/.local/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+
+SHELL ["/bin/bash"]

circleci_ubuntu-22.04/hooks/post_push

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Tag the latest build with the short git sha. Push the tag in addition
+# to the "latest" tag already pushed.
+GIT_SHA_TAG=${SOURCE_COMMIT:0:12}
+docker tag $IMAGE_NAME $DOCKER_REPO:$GIT_SHA_TAG
+docker push $DOCKER_REPO:$GIT_SHA_TAG
+
+# Invoke all downstream build triggers.
+for url in $(echo $NEXT_BUILD_TRIGGERS | sed "s/,/ /g")
+do
+    curl -X POST $url
+done

circleci_ubuntu-22.04/run_commands

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Create lucky group
+groupadd -g 32766 lucky
+
+# create user merzbow
+echo 'mightybuilder ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+# merzbow will have the same uid as the host, so the container can write
+# to mounted volumes
+# Adapted from https://denibertovic.com/posts/handling-permissions-with-docker-volumes/
+USER_ID=${HOST_USER_ID:-9001}
+useradd --shell /bin/bash -u "$USER_ID" -G lucky -o -c "" -m merzbow
+export HOME=/home/merzbow
+export USER=merzbow
+export LOGNAME=merzbow
+export MAIL=/var/spool/mail/merzbow
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/merzbow/bin
+chown -R merzbow:merzbow $HOME
+cp -R /etc/skel $HOME && chown -R merzbow:merzbow $HOME/skel && (ls -A1 $HOME/skel | xargs -I {} mv -n $HOME/skel/{} $HOME) && rm -Rf $HOME/skel
+cd $HOME || exit