From cd722fc760eea038f19aafbe5afc12fd38a0cf4c Mon Sep 17 00:00:00 2001 From: Alexander Batashev Date: Sat, 11 Dec 2021 19:18:51 +0300 Subject: [PATCH] [CI] Add container users to video group (#5101) Accessing `/dev/dri` device (GPU) requires user to be in `video` group. Change containers to include `sycl` user into the group. Also change workflow to build containers in pre-commit without pushing to the registry to make sure containers are still buildable. --- .github/workflows/sycl_containers.yaml | 44 +++++++------------ devops/actions/build_container/action.yml | 42 ++++++++++++++++++ devops/containers/ubuntu2004_base.Dockerfile | 2 + devops/containers/ubuntu2004_build.Dockerfile | 2 + 4 files changed, 63 insertions(+), 27 deletions(-) create mode 100644 devops/actions/build_container/action.yml diff --git a/.github/workflows/sycl_containers.yaml b/.github/workflows/sycl_containers.yaml index 85287e8566f5d..e43eedea478b4 100644 --- a/.github/workflows/sycl_containers.yaml +++ b/.github/workflows/sycl_containers.yaml @@ -9,6 +9,9 @@ on: - sycl paths: - 'devops/containers/**' + pull_request: + paths: + - 'devops/containers/**' jobs: base_image_ubuntu2004: @@ -20,21 +23,16 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 2 - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + - name: Build and Push Container + uses: ./devops/actions/build_container with: - registry: ghcr.io + push: ${{ github.event_name != 'pull_request' }} + file: ubuntu2004_base username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and Push Container - uses: docker/build-push-action@v2 - with: - push: true tags: | ghcr.io/${{ github.repository }}/ubuntu2004_base:${{ github.sha }} ghcr.io/${{ github.repository }}/ubuntu2004_base:latest - context: ${{ github.workspace }}/devops - file: ${{ github.workspace }}/devops/containers/ubuntu2004_base.Dockerfile build_image_ubuntu2004: if: github.repository == 'intel/llvm' name: Build Ubuntu Docker image @@ -44,44 +42,36 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 2 - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + - name: Build and Push Container + uses: ./devops/actions/build_container with: - registry: ghcr.io + push: ${{ github.event_name != 'pull_request' }} + file: ubuntu2004_build username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and Push Container - uses: docker/build-push-action@v2 - with: - push: true tags: | ghcr.io/${{ github.repository }}/ubuntu2004_build:${{ github.sha }} ghcr.io/${{ github.repository }}/ubuntu2004_build:latest - context: ${{ github.workspace }}/devops - file: ${{ github.workspace }}/devops/containers/ubuntu2004_build.Dockerfile # This job produces a Docker container with the latest versions of Intel # drivers, that can be found on GitHub. drivers_image_ubuntu2004: if: github.repository == 'intel/llvm' name: Intel Drivers Ubuntu 20.04 Docker image runs-on: ubuntu-latest + needs: base_image_ubuntu2004 steps: - name: Checkout uses: actions/checkout@v2 with: fetch-depth: 2 - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + - name: Build and Push Container + uses: ./devops/actions/build_container with: - registry: ghcr.io + push: ${{ github.event_name != 'pull_request' }} + file: ubuntu2004_intel_drivers username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and Push Container - uses: docker/build-push-action@v2 - with: - push: true tags: | ghcr.io/${{ github.repository }}/ubuntu2004_intel_drivers:latest-${{ github.sha }} ghcr.io/${{ github.repository }}/ubuntu2004_intel_drivers:latest - context: ${{ github.workspace }}/devops - file: ${{ github.workspace }}/devops/containers/ubuntu2004_intel_drivers.Dockerfile + diff --git a/devops/actions/build_container/action.yml b/devops/actions/build_container/action.yml new file mode 100644 index 0000000000000..c27babe7b1bad --- /dev/null +++ b/devops/actions/build_container/action.yml @@ -0,0 +1,42 @@ +name: 'Build Docker container' +description: 'Build Docker container in a standard way' + +inputs: + build-args: + description: "List of build-time variables" + required: false + tags: + description: "List of tags" + required: true + push: + description: "Whether to push Docker image or not" + required: false + default: false + username: + description: "Registry user name" + required: true + password: + description: "Registry user password" + required: true + file: + description: "Dockerfile" + required: true + +runs: + using: "composite" + steps: + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ inputs.username }} + password: ${{ inputs.password }} + - name: Build and Push Container + uses: docker/build-push-action@v2 + with: + push: ${{ inputs.push }} + tags: ${{ inputs.tags }} + build-args: ${{ inputs.build_args }} + context: ${{ github.workspace }}/devops + file: ${{ github.workspace }}/devops/containers/${{ inputs.file }}.Dockerfile + diff --git a/devops/containers/ubuntu2004_base.Dockerfile b/devops/containers/ubuntu2004_base.Dockerfile index 1b2303470c91f..78608a59279a9 100644 --- a/devops/containers/ubuntu2004_base.Dockerfile +++ b/devops/containers/ubuntu2004_base.Dockerfile @@ -13,6 +13,8 @@ RUN /install.sh # discover user home directory and fail a few LIT tests. Fixes UID and GID to # 1001, that is used as default by GitHub Actions. RUN groupadd -g 1001 sycl && useradd sycl -u 1001 -g 1001 -m -s /bin/bash +# Add sycl user to video group so that it can access GPU +RUN usermod -aG video sycl COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh diff --git a/devops/containers/ubuntu2004_build.Dockerfile b/devops/containers/ubuntu2004_build.Dockerfile index 04386da009d03..5dd314794b416 100644 --- a/devops/containers/ubuntu2004_build.Dockerfile +++ b/devops/containers/ubuntu2004_build.Dockerfile @@ -22,6 +22,8 @@ RUN apt install -yqq libnuma-dev wget gnupg2 && \ # discover user home directory and fail a few LIT tests. Fixes UID and GID to # 1001, that is used as default by GitHub Actions. RUN groupadd -g 1001 sycl && useradd sycl -u 1001 -g 1001 -m -s /bin/bash +# Add sycl user to video group so that it can access GPU +RUN usermod -aG video sycl COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh