DIRACGrid
diff --git a/‎.dockerignore‎
Lines changed: 9 additions & 0 deletions b/‎.dockerignore‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.github/workflows/deployment.yml‎
Lines changed: 23 additions & 35 deletions b/‎.github/workflows/deployment.yml‎
Lines changed: 23 additions & 35 deletions
diff --git a/‎.github/workflows/main.yml‎
Lines changed: 33 additions & 33 deletions b/‎.github/workflows/main.yml‎
Lines changed: 33 additions & 33 deletions
diff --git a/‎.gitignore‎
Lines changed: 4 additions & 1 deletion b/‎.gitignore‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 2 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎containers/Dockerfile‎
Lines changed: 66 additions & 0 deletions b/‎containers/Dockerfile‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎containers/client/Dockerfile‎
Lines changed: 0 additions & 12 deletions b/‎containers/client/Dockerfile‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎containers/entrypoint.sh‎
Lines changed: 63 additions & 0 deletions b/‎containers/entrypoint.sh‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎containers/services/Dockerfile‎
Lines changed: 0 additions & 12 deletions b/‎containers/services/Dockerfile‎
Lines changed: 0 additions & 12 deletions
@@ -0,0 +1,9 @@
+# Pixi environments (can be very large)
+.pixi/
+
+# Documentation build output
+site/
+
+# Python build artifacts
+*.egg-info/
+__pycache__/
@@ -97,7 +97,7 @@ jobs:
 
   docker:
     needs: deploy-pypi
-    timeout-minutes:  30
+    timeout-minutes: 30
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -112,58 +112,46 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Download diracx wheels
-        uses: actions/download-artifact@v8
-        with:
-            name: diracx-whl
-      - name: "Find wheels"
-        id: find_wheel
-        run: |
-          # We need to copy them there to be able to access them in the RUN --mount
-          cp diracx*.whl containers/client/
-          cp diracx*.whl containers/services/
-          for wheel_fn in *.whl; do
-            pkg_name=$(basename "${wheel_fn}" | cut -d '-' -f 1)
-            echo "${pkg_name}-wheel-name=$(ls "${pkg_name}"-*.whl)" >> $GITHUB_OUTPUT
-          done
 
-      - name: Build and push client (release)
+      - name: Build and push services (release)
         uses: docker/build-push-action@v7
         if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
         with:
-          context: containers/client/
-          push: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
-          tags: "ghcr.io/diracgrid/diracx/client:${{ needs.deploy-pypi.outputs.new-version }}"
+          context: .
+          file: containers/Dockerfile
+          build-args: PIXI_ENV=container-services
+          push: true
+          tags: "ghcr.io/diracgrid/diracx/services:${{ needs.deploy-pypi.outputs.new-version }}"
           platforms: linux/amd64,linux/arm64
-          build-args: EXTRA_PACKAGES_TO_INSTALL=DIRACCommon~=9.0.0
-      - name: Build and push services (release)
+      - name: Build and push client (release)
         uses: docker/build-push-action@v7
         if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
         with:
-          context: containers/services/
-          push: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
-          tags: "ghcr.io/diracgrid/diracx/services:${{ needs.deploy-pypi.outputs.new-version }}"
+          context: .
+          file: containers/Dockerfile
+          build-args: PIXI_ENV=container-client
+          push: true
+          tags: "ghcr.io/diracgrid/diracx/client:${{ needs.deploy-pypi.outputs.new-version }}"
           platforms: linux/amd64,linux/arm64
-          build-args: EXTRA_PACKAGES_TO_INSTALL=DIRACCommon~=9.0.0
 
-      - name: Build and push client (dev)
+      - name: Build and push services (dev)
         uses: docker/build-push-action@v7
         with:
-          context: containers/client/
+          context: .
+          file: containers/Dockerfile
+          build-args: PIXI_ENV=container-services
           push: ${{ github.event_name != 'pull_request' && github.repository == 'DIRACGrid/diracx' && github.ref_name == 'main' }}
-          tags: ghcr.io/diracgrid/diracx/client:dev
+          tags: ghcr.io/diracgrid/diracx/services:dev
           platforms: linux/amd64,linux/arm64
-          build-args: |
-            EXTRA_PACKAGES_TO_INSTALL=git+https://github.com/DIRACGrid/DIRAC.git@integration#egg=diraccommon\&subdirectory=dirac-common
-      - name: Build and push services (dev)
+      - name: Build and push client (dev)
         uses: docker/build-push-action@v7
         with:
-          context: containers/services/
+          context: .
+          file: containers/Dockerfile
+          build-args: PIXI_ENV=container-client
           push: ${{ github.event_name != 'pull_request' && github.repository == 'DIRACGrid/diracx' && github.ref_name == 'main' }}
-          tags: ghcr.io/diracgrid/diracx/services:dev
+          tags: ghcr.io/diracgrid/diracx/client:dev
           platforms: linux/amd64,linux/arm64
-          build-args: |
-            EXTRA_PACKAGES_TO_INSTALL=git+https://github.com/DIRACGrid/DIRAC.git@integration#egg=diraccommon\&subdirectory=dirac-common
 
   update-charts:
     name: Update Helm charts
 
@@ -121,44 +121,34 @@ jobs:
         with:
           cache: false
           environments: ${{ matrix.extension == 'diracx' && 'default' || 'default-gubbins' }}
-      - name: Build gubbins wheels
-        if: ${{ matrix.extension == 'gubbins' }}
-        run: |
-          for pkg_dir in $PWD/diracx-*; do
-            echo "Building $pkg_dir"
-            pixi exec python-build --outdir $PWD/extensions/containers/services/ $pkg_dir
-          done
-          # Also build the diracx metapackage
-          pixi exec python-build --outdir $PWD/extensions/containers/services/ .
-          # And build the gubbins package
-          for pkg_dir in $PWD/extensions/gubbins/gubbins-*; do
-            # Skip the testing package
-            if [[ "${pkg_dir}" =~ .*testing.* ]];
-            then
-              echo "Do not build ${pkg_dir}";
-              continue;
-            fi
-            echo "Building $pkg_dir"
-            pixi exec python-build --outdir $PWD/extensions/containers/services/ $pkg_dir
-          done
       - name: Set up Docker Buildx
-        if: ${{ matrix.extension == 'gubbins' }}
         uses: docker/setup-buildx-action@v4
-      - name: Build container for gubbins
-        if: ${{ matrix.extension == 'gubbins' }}
+      - name: Build services image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: containers/Dockerfile
+          build-args: |
+            PIXI_ENV=${{ matrix.extension == 'diracx' && 'container-services' || 'gubbins-container-services' }}
+            DIRACX_EXTENSIONS=${{ matrix.extension == 'diracx' && 'diracx' || 'gubbins,diracx' }}
+          tags: ghcr.io/${{ matrix.extension == 'diracx' && 'diracgrid/diracx' || 'gubbins' }}/services:dev
+          outputs: type=docker,dest=/tmp/services_image.tar
+      - name: Build client image
         uses: docker/build-push-action@v7
         with:
-          context: extensions/containers/services
-          tags: gubbins/services:dev
-          outputs: type=docker,dest=/tmp/gubbins_services_image.tar
+          context: .
+          file: containers/Dockerfile
           build-args: |
-            EXTENSION_CUSTOM_SOURCES_TO_INSTALL=/bindmount/gubbins_db*.whl,/bindmount/gubbins_logic*.whl,/bindmount/gubbins_routers*.whl,/bindmount/gubbins_client*.whl
-      - name: Load image
-        if: ${{ matrix.extension == 'gubbins' }}
+            PIXI_ENV=${{ matrix.extension == 'diracx' && 'container-client' || 'gubbins-container-client' }}
+            DIRACX_EXTENSIONS=${{ matrix.extension == 'diracx' && 'diracx' || 'gubbins,diracx' }}
+          tags: ghcr.io/${{ matrix.extension == 'diracx' && 'diracgrid/diracx' || 'gubbins' }}/client:dev
+          outputs: type=docker,dest=/tmp/client_image.tar
+      - name: Load images
         run: |
-          docker load --input /tmp/gubbins_services_image.tar
-          # Free up disk space by removing the tarball after loading the image
-          rm -Rf /tmp/gubbins_services_image.tar
+          docker load --input /tmp/services_image.tar
+          rm -f /tmp/services_image.tar
+          docker load --input /tmp/client_image.tar
+          rm -f /tmp/client_image.tar
           docker builder prune -af || true
           docker image ls -a
       - name: Start demo
@@ -191,16 +181,26 @@ jobs:
             # Copy gubbins-charts to a temporary location and build dependencies
             cp -r ./extensions/gubbins-charts /tmp/
             ../diracx-charts/.demo/helm dependency build /tmp/gubbins-charts
+            # Replace the downloaded subchart with the locally-cloned one to
+            # ensure we have the pixi-compatible ConfigMap entrypoint
+            rm -f /tmp/gubbins-charts/charts/diracx-*.tgz
+            ../diracx-charts/.demo/helm package ../diracx-charts/diracx -d /tmp/gubbins-charts/charts/
 
             demo_args+=("--extension-chart-path" "/tmp/gubbins-charts")
             demo_args+=("--ci-values" "./extensions/gubbins_values.yaml")
-            demo_args+=("--load-docker-image" "gubbins/services:dev")
+            demo_args+=("--load-docker-image" "ghcr.io/gubbins/services:dev")
+            demo_args+=("--load-docker-image" "ghcr.io/gubbins/client:dev")
+            demo_args+=("--prune-loaded-images")
             demo_source_dirs+=("/tmp/gubbins/")
           elif [ ${{ matrix.extension }} != 'diracx' ]; then
             echo "Unknown extension: ${{ matrix.extension }}"
             exit 1
           else
             demo_args+=("--set-value" "developer.autoReload=false")
+            demo_args+=("--set-value" "global.imagePullPolicy=IfNotPresent")
+            demo_args+=("--load-docker-image" "ghcr.io/diracgrid/diracx/services:dev")
+            demo_args+=("--load-docker-image" "ghcr.io/diracgrid/diracx/client:dev")
+            demo_args+=("--prune-loaded-images")
           fi
 
           # Run the demo with the provided arguments
 
@@ -97,7 +97,6 @@ docs/source/_build
 
 # pixi environments
 .pixi
-pixi.lock
 *.egg-info
 docs/templates/_builtin_markdown.jinja
 
@@ -106,3 +105,7 @@ docs/templates/_builtin_markdown.jinja
 
 # docs site
 site
+
+# DiracX specific
+# No point in committing the pixi.lock for gubbins as it cannot work properly within the diracx repo
+extensions/gubbins/pixi.lock
@@ -28,6 +28,7 @@ repos:
       - id: check-yaml
         args: ["--unsafe"]
       - id: check-added-large-files
+        exclude: pixi\.lock$
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
     rev: "v0.15.7"
@@ -66,6 +67,7 @@ repos:
     hooks:
       - id: codespell
         args: ["-w"]
+        exclude: pixi\.lock$
 
   - repo: https://github.com/adamchainz/blacken-docs
     rev: 1.20.0
 
@@ -0,0 +1,66 @@
+FROM ghcr.io/prefix-dev/pixi:latest AS build
+
+ARG PIXI_ENV=container-services
+ARG DIRACX_EXTENSIONS=diracx
+
+WORKDIR /app
+COPY pixi.toml pixi.lock ./
+
+# Copy source directories needed for path-based installs
+COPY .git/ .git/
+COPY diracx-api/ diracx-api/
+COPY diracx-cli/ diracx-cli/
+COPY diracx-client/ diracx-client/
+COPY diracx-core/ diracx-core/
+COPY diracx-db/ diracx-db/
+COPY diracx-logic/ diracx-logic/
+COPY diracx-routers/ diracx-routers/
+COPY diracx-testing/ diracx-testing/
+COPY pyproject.toml ./
+COPY README.md ./
+COPY extensions/gubbins/gubbins-api/ extensions/gubbins/gubbins-api/
+COPY extensions/gubbins/gubbins-cli/ extensions/gubbins/gubbins-cli/
+COPY extensions/gubbins/gubbins-client/ extensions/gubbins/gubbins-client/
+COPY extensions/gubbins/gubbins-core/ extensions/gubbins/gubbins-core/
+COPY extensions/gubbins/gubbins-db/ extensions/gubbins/gubbins-db/
+COPY extensions/gubbins/gubbins-logic/ extensions/gubbins/gubbins-logic/
+COPY extensions/gubbins/gubbins-routers/ extensions/gubbins/gubbins-routers/
+COPY extensions/gubbins/gubbins-testing/ extensions/gubbins/gubbins-testing/
+COPY extensions/gubbins/pyproject.toml extensions/gubbins/
+COPY extensions/gubbins/README.md extensions/gubbins/
+
+# Switch to non-editable installs (same workaround as CI)
+RUN sed -i 's@editable = true@editable = false@g' pixi.toml
+
+RUN pixi install --frozen -e ${PIXI_ENV}
+
+# Generate activation script
+RUN pixi shell-hook -e ${PIXI_ENV} > /activate.sh
+
+FROM ubuntu:24.04
+
+ARG PIXI_ENV=container-services
+ARG DIRACX_EXTENSIONS=diracx
+ENV PIXI_ENV=${PIXI_ENV}
+ENV DIRACX_EXTENSIONS=${DIRACX_EXTENSIONS}
+
+EXPOSE 8000
+
+# Copy the installed environment
+COPY --from=build /app/.pixi/envs/${PIXI_ENV} /app/.pixi/envs/${PIXI_ENV}
+COPY --from=build /activate.sh /activate.sh
+COPY containers/entrypoint.sh /entrypoint.sh
+
+# In many clusters the container is run as a random uid for security reasons.
+# If we mark the environment directory as group 0 and give it group write
+# permissions then we're still able to manage the environment from inside the
+# container.
+RUN chmod -R g=u /app/.pixi
+
+# Compatibility shim: the Helm chart invokes this micromamba entrypoint path
+RUN printf '#!/bin/bash\nsource /activate.sh\nexec "$@"\n' > /usr/local/bin/_entrypoint.sh && \
+    chmod +x /usr/local/bin/_entrypoint.sh
+
+# Use tini as init (installed by pixi in the env)
+ENTRYPOINT ["/bin/bash", "-c", \
+            "exec /app/.pixi/envs/${PIXI_ENV}/bin/tini -- /entrypoint.sh \"$@\"", "--"]
@@ -0,0 +1,63 @@
+#!/bin/bash
+set -e
+
+source /activate.sh
+
+function install_sources() {
+    extension_name=$1
+    source_prefix=$2
+    image_packages=$3
+
+    IFS=','
+    to_install=()
+    for dir in ${!source_prefix}; do
+        for package_name in ${!image_packages}; do
+            if [[ "${package_name}" == "." ]]; then
+                wheel_name="${extension_name}"
+            else
+                wheel_name="${extension_name}_${package_name}"
+            fi
+            wheels=( $(find "${dir}" -name "${wheel_name}-*.whl") )
+            if [[ ${#wheels[@]} -gt 1 ]]; then
+                echo "ERROR: Multiple wheels found for ${package_name} in ${dir}"
+                exit 1
+            elif [[ ${#wheels[@]} -eq 1 ]]; then
+                to_install+=("${wheels[0]}")
+            else
+                if [[ "${package_name}" == "." ]]; then
+                    src_dir=("${dir}")
+                else
+                    src_dir=("${dir}-${package_name}")
+                fi
+                if [[ -f "${src_dir}/pyproject.toml" ]]; then
+                    to_install+=("${src_dir}")
+                fi
+            fi
+        done
+    done
+    if [[ ${#to_install[@]} -gt 0 ]]; then
+        pip install --no-deps "${to_install[@]}"
+    fi
+}
+
+
+if [[ -n "${DIRACX_EXTENSIONS:-}" ]]; then
+    # Install extensions in reverse order so that the base (diracx) is
+    # installed last, allowing extension packages to override base packages.
+    IFS=', ' read -r -a extension_array <<< "$DIRACX_EXTENSIONS"
+    for (( idx=${#extension_array[@]}-1 ; idx>=0 ; idx-- )) ; do
+        extension_name="${extension_array[idx]}"
+        source_prefix="${extension_name^^}_CUSTOM_SOURCE_PREFIXES"
+        image_packages="${extension_name^^}_IMAGE_PACKAGES"
+
+        if [[ -n "${!source_prefix:-}" ]]; then
+            install_sources "${extension_name}" "${source_prefix}" "${image_packages}"
+        fi
+    done
+elif [[ -n "${DIRACX_CUSTOM_SOURCE_PREFIXES:-}" ]]; then
+    # No extensions, just diracx
+    install_sources "diracx" "DIRACX_CUSTOM_SOURCE_PREFIXES" "DIRACX_IMAGE_PACKAGES"
+fi
+
+
+exec "$@"