Conversation
I think we should keep the container build as simple as possible and focused just on what is needed for PINP rather than anything singularity related.
we can just make a symlink during container build that points to a folder in `/run` that will refer to a tmpfs at runtime instead of needing to mount a tmpfs explicitly.
This fixes the warning about running uwsgi without its master process. We need to use the same trick of running python in the background that we use in the git container so that we can translate sigterm into sending sigint to python in order for the container to shut down cleanly.
Various scripts rely on the project name being singularity (because it influences the names of volumes and containers created by compose for this project), however we currently just inherit the project name from the basename of the CWD. If you want to be able to use multiple worktrees with this repo or want to be able to clone it in a folder not named singularity you need to set the project name explicitly. As with all stuff in `.env` this can be overridden during deployment using actual environment vars. This would be something to change when doing multi-instance deployments.
The existing technique of just using `.git` as a build context for getting the singularity git repo source to build the git container only works if `.git` is actually a directory. When using multiple worktrees this is not the case. We can have the users create a symlink `gitdir` that points to wherever the singularity project git directory actually exists which in the normal case can just be `./.git` but can be a symlink to wherever the master copy is with multiple worktrees, or an empty folder if you want to deploy from source code (e.g. download .zip of master) without a proper clone. Update CI start.sh to properly handle the new requirement.
This allows the possibility of persisting /var/lib/containers/storage via a volume / bind mount between invocations of the container to speed up CI. Without it, the volumes are not reset and the tests fail.
f696c32 to
3920b1a
Compare
Create a 'podman' user, set up their subuid and subgid maps and switch to that user for the actual running of the script.
This allows us to maintain state between CI runs to speed them up.
The step only installs podman not podman compose.
really these are two different steps and for caching we will want them to access different caches
cache the artifacts involved in building the test container within the runner and cache the artifacts involved in building the actual containers being tested within the test container using a bind mount volume.
3920b1a to
0532535
Compare
theyoyojo
requested changes
Jul 22, 2025
theyoyojo
approved these changes
Jul 24, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With this PR we introduce caching to speed up CI along with a stack of other small cleanups I discovered.
The podman in podman aspect of the testing is now also fully rootless, you can run
podman build --build-context=singularity_git_repo=. -t singularity-test .andpodman run --privileged --rm localhost/singularity-test:latestas a non root user within the repo to build and run the tests in a PINP container.