Workflow for building container image

.github/workflows/containers.yaml

@@ -0,0 +1,119 @@
+name: Create Docker Image
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  REGISTRY: cfaprdbatchcr.azurecr.io
+  IMAGE_NAME: pyrenew-hew
+  PYRENEW_VERSION: v0.1.1
+
+jobs:
+
+  build-dependencies-image:
+    runs-on: cfa-cdcgov
+    name: Build dependencies image
+
+    outputs:
+      tag: ${{ steps.image-tag.outputs.tag }}
+      commit-msg: ${{ steps.commit-message.outputs.message }}
+
+    steps:
+
+      #########################################################################
+      # Retrieving the commit message
+      # We need to ensure we are checking out the commit sha that triggered the
+      # workflow, not the PR's head sha. This is because the PR's head sha may
+      # be a merge commit, which will not have the commit message we need.
+      #########################################################################
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Getting the commit message
+        id: commit-message
+        run: echo "message=$(git log -1 --pretty=%s HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Checking out the latest (may be merge if PR)
+        uses: actions/checkout@v4
+
+      # From: https://stackoverflow.com/a/58035262/2097171
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: branch-name
+
+      #########################################################################
+      # Getting the tag
+      # The tag will be used for both the docker image and the batch pool
+      #########################################################################
+      - name: Figure out tag (either latest if it is main or the branch name)
+        id: image-tag
+        run: |
+          if [ "${{ steps.branch-name.outputs.branch }}" = "main" ]; then
+            echo "tag=latest" >> $GITHUB_OUTPUT
+          else
+            echo "tag=${{ steps.branch-name.outputs.branch }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check cache for base image
+        uses: actions/cache@v4
+        id: cache
+        with:
+          key: docker-dependencies-${{ runner.os }}-${{ hashFiles('./Containerfile.dependencies') }}-${{ steps.image-tag.outputs.tag }}
+          lookup-only: true
+          path:
+            ./Containerfile.dependencies
+
+      - name: Login to the Container Registry
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: "cfaprdbatchcr.azurecr.io"
+          username: "cfaprdbatchcr"
+          password: ${{ secrets.CFAPRDBATCHCR_REGISTRY_PASSWORD }}
+
+      - name: Build and push
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          no-cache: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-dependencies:${{ steps.image-tag.outputs.tag }}
+          file: ./Containerfile.dependencies
+          build-args: |
+            PYRENEW_VERSION=${{ env.PYRENEW_VERSION }}
+
+  build-pipeline-image:
+
+    name: Build pipeline image
+
+    needs: build-dependencies-image
+    runs-on: cfa-cdcgov
+
+    outputs:
+      tag: ${{ needs.build-dependencies-image.outputs.tag }}
+      commit-msg: ${{ needs.build-dependencies-image.outputs.commit-msg }}
+
+    steps:
+
+      - name: Login to the Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: "cfaprdbatchcr.azurecr.io"
+          username: "cfaprdbatchcr"
+          password: ${{ secrets.CFAPRDBATCHCR_REGISTRY_PASSWORD }}
+
+      - name: Build and push model pipeline image for Azure batch
+        id: build_and_push_model_image
+        uses: docker/build-push-action@v6
+        with:
+          push: true # This can be toggled manually for tweaking.
+          tags: |
+            ${{ env.REGISTRY}}/${{ env.IMAGE_NAME }}:${{ needs.build-dependencies-image.outputs.tag }}
+          file: ./Containerfile
+          build-args: |
+            TAG=${{ needs.build-dependencies-image.outputs.tag }}

Containerfile

@@ -1,13 +1,10 @@
-FROM python:3.12
+ARG TAG=local
+
+FROM cfaprdbatchcr.azurecr.io/pyrenew-hew-dependencies:${TAG}
 
-RUN apt-get update
-RUN apt-get install -y r-base
-RUN apt-get install -y cmake
-RUN pip install --root-user-action=ignore -U pip
-RUN pip install --root-user-action=ignore git+https://github.com/cdcgov/pyrenew
 COPY ./hewr ./pyrenew-hew/hewr
 
 WORKDIR pyrenew-hew
 
 COPY .ContainerBuildRprofile .Rprofile
 

Containerfile.dependencies

@@ -0,0 +1,11 @@
+FROM python:3.13
+
+ARG PYRENEW_VERSION=v0.1.1
+
+RUN apt-get update
+RUN apt-get install -y r-base
+RUN apt-get install -y cmake
+RUN pip install --root-user-action=ignore -U pip
+RUN pip install --root-user-action=ignore git+https://github.com/cdcgov/pyrenew.git@$PYRENEW_VERSION
+
+CMD ["bash"]