updated container builder for arm64 images

.github/workflows/container.yml

@@ -11,6 +11,10 @@ on:
         required: true
         type: string
         description: 'name of the container build file to use'
+      ref:
+        required: false
+        type: string
+        description: 'git ref to checkout (defaults to version)'
   workflow_dispatch:
     inputs:
       version:
@@ -21,30 +25,45 @@ on:
         required: true
         type: string
         description: 'name of the container build file to use'
+      ref:
+        required: false
+        type: string
+        description: 'git ref to checkout (defaults to version)'
 
 env:
   REGISTRY: ghcr.io
 
 jobs:
-  build-and-push-image:
-    name: "🐳 Build and push image"
-    runs-on: ubuntu-latest
+  build:
+    name: "🐳 Build (${{ matrix.platform }})"
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
     permissions:
       contents: read
       packages: write
 
     steps:
+    - name: "🔧 Prepare"
+      id: prepare
+      run: |
+        platform=${{ matrix.platform }}
+        echo "pair=${platform//\//-}" >> $GITHUB_OUTPUT
+        slug=$(echo "${{ inputs.buildfilename }}" | sed 's|[^a-zA-Z0-9]|-|g; s/^-*//; s/-*$//')
+        echo "slug=${slug}" >> $GITHUB_OUTPUT
+
     - name: "🛍️ Checkout repository"
       uses: actions/checkout@v4
       with:
-        ref: ${{ inputs.version }}
-        fetch-depth: 0
-
-    - name: "🎛 Set up QEMU"
-      uses: docker/setup-qemu-action@v3
+        ref: ${{ inputs.ref || inputs.version }}
 
     - name: "👷 Set up Docker Buildx"
-      id: buildx
       uses: docker/setup-buildx-action@v3
 
     - name: "🏷 Prepare OCI annotations"
@@ -68,23 +87,11 @@ jobs:
         export nameonly="${filename%.*}"
         if [ ${nameonly} == ${filename} ]; then echo "SUFFIX=" >> $GITHUB_ENV ; else echo "SUFFIX=-${nameonly}" >> $GITHUB_ENV; fi
 
-    - name: "🏷 Get SDK version from latest tag"
-      id: sdkversion
-      run: |
-        export version=$(git describe --tags --abbrev=0)
-        echo "CLAMS_VERSION=${version}" >> $GITHUB_OUTPUT
-
-    - name: "🏷 Prepare docker tags, labels"
+    - name: "🏷 Prepare docker labels"
       id: meta
       uses: docker/metadata-action@v5
-      env:
-        CLAMS_VERSION: ${{ steps.sdkversion.outputs.CLAMS_VERSION }}
       with:
         images: ${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }}
-        tags: |
-          type=pep440,pattern={{version}},value=${{ env.CLAMS_VERSION }}
-          type=ref,event=tag
-          type=ref,event=pr
         labels: |
           ${{ env.EXISTING_LABELS }}
 
@@ -95,18 +102,84 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: "🏗 Build and push image"
-      uses: docker/build-push-action@v5
-      env:
-        CLAMS_VERSION: ${{ steps.sdkversion.outputs.CLAMS_VERSION }}
+    - name: "🏗 Build and push by digest"
+      id: build
+      uses: docker/build-push-action@v6
       with:
         context: ${{ env.CONTEXT }}
-        platforms: linux/amd64,linux/arm64
+        platforms: ${{ matrix.platform }}
         file: ${{ inputs.buildfilename }}
-        tags: ${{ steps.meta.outputs.tags }}
-        # using {{ steps.meta.outputs.labels }} doesn't work with multi-line variable ($EXISTING_LABLES)
         labels: ${{ env.DOCKER_METADATA_OUTPUT_LABELS }}
         build-args: |
-          clams_version=${{ env.CLAMS_VERSION }}
-        push: true
+          clams_version=${{ inputs.version }}
+        outputs: type=image,"name=${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }}",push-by-digest=true,name-canonical=true,push=true
+
+    - name: "📤 Export digest"
+      run: |
+        mkdir -p /tmp/digests
+        digest="${{ steps.build.outputs.digest }}"
+        touch "/tmp/digests/${digest#sha256:}"
 
+    - name: "📦 Upload digest"
+      uses: actions/upload-artifact@v4
+      with:
+        name: digests-${{ steps.prepare.outputs.slug }}-${{ steps.prepare.outputs.pair }}
+        path: /tmp/digests/*
+        if-no-files-found: error
+        retention-days: 1
+
+  merge:
+    name: "🔗 Create multi-platform manifest"
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: "🔧 Prepare"
+      id: prepare
+      run: |
+        slug=$(echo "${{ inputs.buildfilename }}" | sed 's|[^a-zA-Z0-9]|-|g; s/^-*//; s/-*$//')
+        echo "slug=${slug}" >> $GITHUB_OUTPUT
+
+    - name: "🏷 Get image name suffix"
+      id: getsuffix
+      run: |
+        export filename=$(basename ${{ inputs.buildfilename }})
+        export nameonly="${filename%.*}"
+        if [ ${nameonly} == ${filename} ]; then echo "SUFFIX=" >> $GITHUB_ENV ; else echo "SUFFIX=-${nameonly}" >> $GITHUB_ENV; fi
+
+    - name: "📥 Download digests"
+      uses: actions/download-artifact@v4
+      with:
+        path: /tmp/digests
+        pattern: digests-${{ steps.prepare.outputs.slug }}-*
+        merge-multiple: true
+
+    - name: "👷 Set up Docker Buildx"
+      uses: docker/setup-buildx-action@v3
+
+    - name: "🏷 Prepare docker tags"
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }}
+        tags: |
+          type=pep440,pattern={{version}},value=${{ inputs.version }}
+          type=ref,event=tag
+          type=ref,event=pr
+
+    - name: "🔏 Log in to registry"
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: "🔗 Create manifest list and push"
+      working-directory: /tmp/digests
+      run: |
+        docker buildx imagetools create \
+          $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+          $(printf '${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }}@sha256:%s ' *)

.github/workflows/containers.yml

@@ -134,15 +134,6 @@ jobs:
       buildfilename: './container/opencv4-torch2.containerfile'
       version: ${{ needs.set-version.outputs.version }}
 
-  call-build-tf2-hf:
-    name: "🤙 Call container workflow with `tf2-hf`"
-    needs: ['set-version', 'call-build-tf2']
-    uses: ./.github/workflows/container.yml
-    secrets: inherit
-    with:
-      buildfilename: './container/tf2-hf.containerfile'
-      version: ${{ needs.set-version.outputs.version }}
-
   call-build-hf:
     name: "🤙 Call container workflow with `hf`"
     needs: ['set-version', 'call-build-torch2']
@@ -152,15 +143,6 @@ jobs:
       buildfilename: './container/hf.containerfile'
       version: ${{ needs.set-version.outputs.version }}
 
-  call-build-ffmpeg-tf2-hf:
-    name: "🤙 Call container workflow with `ffmpeg-tf2-hf`"
-    needs: ['set-version', 'call-build-ffmpeg-tf2']
-    uses: ./.github/workflows/container.yml
-    secrets: inherit
-    with:
-      buildfilename: './container/ffmpeg-tf2-hf.containerfile'
-      version: ${{ needs.set-version.outputs.version }}
-
   call-build-ffmpeg-hf:
     name: "🤙 Call container workflow with `ffmpeg-hf`"
     needs: ['set-version', 'call-build-ffmpeg-torch2']
@@ -170,15 +152,6 @@ jobs:
       buildfilename: './container/ffmpeg-hf.containerfile'
       version: ${{ needs.set-version.outputs.version }}
 
-  call-build-opencv4-tf2-hf:
-    name: "🤙 Call container workflow with `opencv4-tf2-hf`"
-    needs: ['set-version', 'call-build-opencv4-tf2']
-    uses: ./.github/workflows/container.yml
-    secrets: inherit
-    with:
-      buildfilename: './container/opencv4-tf2-hf.containerfile'
-      version: ${{ needs.set-version.outputs.version }}
-
   call-build-opencv4-hf:
     name: "🤙 Call container workflow with `opencv4-hf`"
     needs: ['set-version', 'call-build-opencv4-torch2']

container/ffmpeg-hf.containerfile

@@ -2,6 +2,6 @@ ARG clams_version
 FROM ghcr.io/clamsproject/clams-python-ffmpeg-torch2:$clams_version
 LABEL org.opencontainers.image.description="clams-python-ffmpeg-hf image is shipped with clams-python, ffmpeg, and vairous huggingface libraries (PyTorch backend)"
 
-RUN pip install --no-cache-dir transformers[torch,tokenizers]==4.*
+RUN pip install --no-cache-dir transformers[torch,tokenizers]==5.*
 RUN pip install --no-cache-dir datasets
 

container/hf.containerfile

@@ -2,6 +2,6 @@ ARG clams_version
 FROM ghcr.io/clamsproject/clams-python-torch2:$clams_version
 LABEL org.opencontainers.image.description="clams-python-hf image is shipped with clams-python and vairous huggingface libraries (PyTorch backend)"
 
-RUN pip install --no-cache-dir transformers[torch,tokenizers]==4.*
+RUN pip install --no-cache-dir transformers[torch,tokenizers]==5.*
 RUN pip install --no-cache-dir datasets
 

container/opencv4-hf.containerfile

@@ -2,6 +2,6 @@ ARG clams_version
 FROM ghcr.io/clamsproject/clams-python-opencv4-torch2:$clams_version
 LABEL org.opencontainers.image.description="clams-python-opencv4-hf image is shipped with clams-python, opencv4 (ffmpeg backend), and vairous huggingface libraries (PyTorch backend)"
 
-RUN pip install --no-cache-dir transformers[torch,tokenizers]==4.*
+RUN pip install --no-cache-dir transformers[torch,tokenizers]==5.*
 RUN pip install --no-cache-dir datasets
 

container/opencv4.containerfile

@@ -28,8 +28,7 @@ RUN cmake \
       -D BUILD_PERF_TESTS=OFF \
       -D BUILD_TESTS=OFF \
       -D CMAKE_INSTALL_PREFIX=/usr/local \
-      -D OPENCV_EXTRA_MODULES_PATH=${OPENCV_EXTRA_MODULES_PATH} \
-      -D BUILD_opencv_python3=ON \
+      -D OPENCV_EXTRA_MODULES_PATH=${OPENCV_EXTRA_PATH}/modules \
       -D BUILD_opencv_python3=OFF \
       -D PYTHON3_EXECUTABLE=$(which python3) \
       -D PYTHON_DEFAULT_EXECUTABLE=$(which python3) \