137 lines
4.9 KiB
Docker
137 lines
4.9 KiB
Docker
#
|
|
# NOTE: Use the Makefiles to build this image correctly.
|
|
#
|
|
|
|
ARG BASE_IMG=<base>
|
|
FROM $BASE_IMG
|
|
|
|
ARG TARGETARCH
|
|
|
|
# args - software versions (python)
|
|
ARG MINIFORGE_VERSION=23.3.1-1
|
|
ARG PIP_VERSION=23.2.1
|
|
ARG PYTHON_VERSION=3.11.6
|
|
|
|
# args - software versions (R)
|
|
ARG RSTUDIO_VERSION=2023.09.0-463
|
|
ARG R_BASE_VERSION=4.3.1
|
|
ARG R_RETICULATE_VERSION=1.34.0
|
|
ARG R_PNG_VERSION=0.1_8
|
|
|
|
USER root
|
|
|
|
# install - binary rstudio dependencies
|
|
RUN apt-get -yq update \
|
|
&& apt-get -yq install --no-install-recommends \
|
|
dpkg-sig \
|
|
libapparmor1 \
|
|
libc6 \
|
|
libclang-dev \
|
|
libedit2 \
|
|
libpq5 \
|
|
libssl-dev \
|
|
psmisc \
|
|
rrdtool \
|
|
sudo \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# setup environment for conda
|
|
ENV CONDA_DIR /opt/conda
|
|
ENV PATH "${CONDA_DIR}/bin:${PATH}"
|
|
RUN mkdir -p ${CONDA_DIR} \
|
|
&& echo ". /opt/conda/etc/profile.d/conda.sh" >> ${HOME}/.bashrc \
|
|
&& echo ". /opt/conda/etc/profile.d/conda.sh" >> /etc/profile \
|
|
&& echo "conda activate base" >> ${HOME}/.bashrc \
|
|
&& echo "conda activate base" >> /etc/profile \
|
|
&& chown -R ${NB_USER}:users ${CONDA_DIR} \
|
|
&& chown -R ${NB_USER}:users ${HOME}
|
|
|
|
# setup environment for R
|
|
ENV R_HOME ${CONDA_DIR}/lib/R
|
|
|
|
USER $NB_UID
|
|
|
|
# install - conda, pip, python
|
|
RUN case "${TARGETARCH}" in \
|
|
amd64) MINIFORGE_ARCH="x86_64" ;; \
|
|
arm64) MINIFORGE_ARCH="aarch64" ;; \
|
|
ppc64le) MINIFORGE_ARCH="ppc64le" ;; \
|
|
*) echo "Unsupported architecture: ${TARGETARCH}"; exit 1 ;; \
|
|
esac \
|
|
&& curl -fsSL "https://github.com/conda-forge/miniforge/releases/download/${MINIFORGE_VERSION}/Miniforge3-${MINIFORGE_VERSION}-Linux-${MINIFORGE_ARCH}.sh" -o /tmp/Miniforge3.sh \
|
|
&& curl -fsSL "https://github.com/conda-forge/miniforge/releases/download/${MINIFORGE_VERSION}/Miniforge3-${MINIFORGE_VERSION}-Linux-${MINIFORGE_ARCH}.sh.sha256" -o /tmp/Miniforge3.sh.sha256 \
|
|
&& echo "$(cat /tmp/Miniforge3.sh.sha256 | awk '{ print $1; }') /tmp/Miniforge3.sh" | sha256sum -c - \
|
|
&& rm /tmp/Miniforge3.sh.sha256 \
|
|
&& /bin/bash /tmp/Miniforge3.sh -b -f -p ${CONDA_DIR} \
|
|
&& rm /tmp/Miniforge3.sh \
|
|
&& conda config --system --set auto_update_conda false \
|
|
&& conda config --system --set show_channel_urls true \
|
|
&& echo "conda ${MINIFORGE_VERSION:0:-2}" >> ${CONDA_DIR}/conda-meta/pinned \
|
|
&& echo "python ${PYTHON_VERSION}" >> ${CONDA_DIR}/conda-meta/pinned \
|
|
&& conda install -y -q \
|
|
python=${PYTHON_VERSION} \
|
|
conda=${MINIFORGE_VERSION:0:-2} \
|
|
pip=${PIP_VERSION} \
|
|
&& conda update -y -q --all \
|
|
&& conda clean -a -f -y
|
|
|
|
# install - r packages
|
|
RUN echo "r-base ${R_BASE_VERSION}" >> ${CONDA_DIR}/conda-meta/pinned \
|
|
&& conda install -y -q \
|
|
r-base=${R_BASE_VERSION} \
|
|
r-reticulate=${R_RETICULATE_VERSION} \
|
|
r-png=${R_PNG_VERSION} \
|
|
&& conda clean -a -f -y
|
|
|
|
# set default CRAN repo to RSPM (it has pre-compiled R packages, increasing user install speed)
|
|
RUN echo 'options(repos=c(CRAN="https://packagemanager.rstudio.com/all/__linux__/jammy/latest"))' >> ${R_HOME}/etc/Rprofile.site \
|
|
&& echo 'options(HTTPUserAgent=sprintf("R/%s R (%s)", getRversion(), paste(getRversion(), R.version$platform, R.version$arch, R.version$os)))' >> ${R_HOME}/etc/Rprofile.site
|
|
|
|
# R needs TZ set
|
|
ENV TZ Etc/UTC
|
|
RUN echo "TZ=${TZ}" >> ${R_HOME}/etc/Renviron.site
|
|
|
|
USER root
|
|
|
|
# install - rstudio-server
|
|
RUN case "${TARGETARCH}" in \
|
|
amd64) RSTUDIO_DEB_URL="https://download2.rstudio.org/server/jammy/amd64/rstudio-server-${RSTUDIO_VERSION}-amd64.deb" ;; \
|
|
arm64) RSTUDIO_DEB_URL="https://s3.amazonaws.com/rstudio-ide-build/server/jammy/arm64/rstudio-server-${RSTUDIO_VERSION}-arm64.deb" ;; \
|
|
*) echo "Unsupported architecture: ${TARGETARCH}"; exit 1 ;; \
|
|
esac \
|
|
&& curl -fsSL "${RSTUDIO_DEB_URL}" -o /tmp/rstudio-server.deb \
|
|
# add rstudio public code-signing keys
|
|
&& gpg --keyserver keys.gnupg.net --keyserver pgp.surfnet.nl --recv-keys 3F32EE77E331692F \
|
|
&& gpg --keyserver keys.openpgp.org --recv-keys 51C0B5BB19F92D60 \
|
|
# validate the build signature
|
|
&& dpkg-sig --verify /tmp/rstudio-server.deb \
|
|
&& dpkg -i /tmp/rstudio-server.deb \
|
|
&& rm -f /tmp/rstudio-server.deb \
|
|
# use advisory file-locks to improve PVC support
|
|
&& echo "lock-type=advisory" > /etc/rstudio/file-locks \
|
|
# allow kubeflow to display rstudio in an iframe
|
|
&& echo "www-frame-origin=same" >> /etc/rstudio/rserver.conf \
|
|
# allows the non-root NB_USER to run rstudio
|
|
&& chown -R ${NB_USER}:users /etc/rstudio \
|
|
&& chown -R ${NB_USER}:users /run/rstudio-server* \
|
|
&& chown -R ${NB_USER}:users /usr/lib/rstudio-server \
|
|
&& chown -R ${NB_USER}:users /var/lib/rstudio-server
|
|
|
|
# tell rstudio to use conda python by setting `RETICULATE_PYTHON` with `--rsession-path=/opt/rsession.sh`
|
|
COPY --chown=${NB_USER}:users --chmod=755 rsession.sh /opt
|
|
RUN chmod +x /opt/rsession.sh
|
|
|
|
# s6 - copy scripts
|
|
COPY --chown=${NB_USER}:users --chmod=755 s6/ /etc
|
|
|
|
# s6 - 01-copy-tmp-home
|
|
RUN mkdir -p /tmp_home \
|
|
&& cp -r ${HOME} /tmp_home \
|
|
&& chown -R ${NB_USER}:users /tmp_home
|
|
|
|
USER $NB_UID
|
|
|
|
EXPOSE 8888
|
|
|
|
ENTRYPOINT ["/init"] |