Add WRF-Chem Apptainer container definition files#95
Conversation
Add Apptainer .def files for building WRF-Chem containers on AlmaLinux 9, including dependency, preprocessing, WRF-Chem, and full build definitions, along with a README documenting usage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Multi-stage Docker build translating wrf-chem_full_almalinux9.def for environments where Docker is preferred over Apptainer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…url and libcurl-minimal conflict
Build WRF directly in /opt/WRF instead of /tmp/build with a symlink, so WPS configure/link finds external/io_netcdf/libwrfio_nf.a under the WRF_DIR path it expects. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Builds the docker/wrf-chem image on ubuntu-latest and pushes to ghcr.io/ncar/i-wrf/wrf-chem on pushes to main and on wrf-chem-v* tags. PRs that touch docker/wrf-chem build-only to validate the Dockerfile without publishing a package version. Uses BuildKit GHA layer cache (mode=max) so incremental builds skip the expensive WRF/WPS compiles, and runs a disk-cleanup step up front to stay under the runner's ~14 GB free-space ceiling. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
NCAR's org policy restricts third-party actions, so replace docker/setup-buildx-action, docker/login-action, docker/metadata-action, docker/build-push-action, and jlumbroso/free-disk-space with inline shell equivalents. Layer cache moves from type=gha to type=registry (sibling :buildcache tag in GHCR), which needs no runtime tokens. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
OCI registries reject uppercase characters in repository paths, so the NCAR owner segment must be lowercased before use. GitHub Actions expressions have no lowercase function, so derive IMAGE via bash parameter expansion in a dedicated step. Also silence the Node 20 deprecation warning by opting into Node 24 for JavaScript actions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
@georgemccabe The docker build as a GitHub Action was successful. Once this is merged then the full workflow will publish it to |
| cache_from="--cache-from=type=registry,ref=${cache_ref}" | ||
| cache_to="" | ||
| push_flag="" | ||
| if [[ "$DO_PUSH" == "true" ]]; then |
There was a problem hiding this comment.
It might be cleaner to build the image in 1 step, then push the image in another step. This would make the logs easier to navigate, as the build log is very long. You would also be able to easily see from the workflow job summary page if the push was performed or not, as the step that does the push would be clearly skipped.
georgemccabe
left a comment
There was a problem hiding this comment.
I made some optional suggestions in-line. This is great functionality to add. It would be nice to eventually add a way to push an image to DockerHub instead of GHCR, where we host the the stable images used in the I-WRF User's Guide instructions. We should discuss the criteria for when we make updates to those images, as we don't want to clutter the tags with development versions that need to be tested.
Summary
.deffiles for building WRF-Chem 4.7.1 / WPS 4.6.0 containers on AlmaLinux 9, supporting both single-layer (distribution) and multi-layer (development) builds.github/workflows/build-wrf-chem-docker.yml) that builds the Docker image onubuntu-latestand publishes it to GHCR on merges tomainand onwrf-chem-v*tags. PRs that touchdocker/wrf-chem/**build-only to validate the Dockerfile without publishing.Closes #76
Docker build workflow
Because macOS (Apple Silicon) can't realistically produce an
amd64WRF-Chem image locally, the Docker build is delegated to GitHub Actions:ubuntu-latest(4 vCPU / 16 GB RAM / ~14 GB free disk).docker buildxwith adocker-containerbuilder (required for advanced cache backends).ghcr.io/ncar/i-wrf/wrf-chem:buildcache(type=registry,mode=max). First build is cold; subsequent builds skip cached stages.GITHUB_TOKENwithpackages: write; no separate secrets to manage.docker/metadata-actionis blocked by NCAR's third-party-action policy):main→:main,:latest,:sha-<short>wrf-chem-vX.Y.Z→:X.Y.Z,:latestworkflow_dispatch→:manual-<short>:pr-<num>actions/checkout@v4(GitHub-owned). All other steps are raw shell /dockerCLI to satisfy NCAR's "actions must be from a repository owned by NCAR or created by GitHub" restriction.Test plan
wrf.exe,real.exe, preprocessing tools)apptainer build --fakeroot wrf-chem_full_almalinux9.sif wrf-chem_full_almalinux9.defmainpushes image toghcr.io/ncar/i-wrf/wrf-chem:main/:latestand seeds:buildcachewrf-chem-v4.7.1to publish a versioned imageghcr.io/ncar/i-wrf/wrf-chem:4.7.1🤖 Generated with Claude Code