Describe the bug
Because we use the docker bootstrap agent , the base image is required to be on a public docker registry.
To Reproduce
$ docker pull quay.io/bioconda/base-glibc-busybox-bash:latest
# create a "local" image for the sake of demonstration:
$ docker tag quay.io/bioconda/base-glibc-busybox-bash:latest testfoo:latest
$ DEST_BASE_IMAGE='testfoo:latest' mulled-build --verbose --singularity -c conda-forge --test 'python -V' build-and-test python
... lots of output ...
[Mar 6 15:26:39] INFO Invoke Task [singularity]
[Mar 6 15:26:39] STEP Run image [quay.io/singularity/singularity:v3.10.4] with command [[mkdir -p /usr/local/var/singularity/mnt/container && singularity build /import/python /import/Singularity.def && chown 1001:1001 /import/python]]
[Mar 6 15:26:39] DEBU Creating container [step-c3d4d1b415]
[Mar 6 15:26:39] DEBU Created container [cbc913c47b02 step-c3d4d1b415], starting it
[Mar 6 15:26:39] DEBU Container [cbc913c47b02 step-c3d4d1b415] started, waiting for completion
[Mar 6 15:26:39] SERR INFO: Starting build...
[Mar 6 15:26:41] SERR FATAL: While performing build: conveyor failed to get: reading manifest latest in docker.io/library/testfoo: errors:
[Mar 6 15:26:41] SERR denied: requested access to the resource is denied
[Mar 6 15:26:41] SERR unauthorized: authentication required
[Mar 6 15:26:41] ERRO Task processing failed: Unexpected exit code [255] of container [cbc913c47b02 step-c3d4d1b415], container preserved
Expected behavior
It would be expected that local base images are usable, especially since the base image is already local to where you're building since it would've been pulled when building the docker container in the previous step. One reason that it's not is because the Singularity build occurs in docker, so to use the docker-daemon agent, we'd need to mount the socket (and use --privileged?).
Alternatively, rather than building the Singularity container from the base image, we could just convert the locally-built Docker container from the previous step. It doesn't need to be pulled from the daemon, either, we could docker save the image to a tar file and convert that. Converting the docker container would also fix #15715, but as I mention on that issue, there may be reasons for not doing so that I'm not aware of.
Describe the bug Because we use the
docker
bootstrap agent , the base image is required to be on a public docker registry.To Reproduce
Expected behavior It would be expected that local base images are usable, especially since the base image is already local to where you're building since it would've been pulled when building the docker container in the previous step. One reason that it's not is because the Singularity build occurs in docker, so to use the
docker-daemon
agent, we'd need to mount the socket (and use--privileged
?).Alternatively, rather than building the Singularity container from the base image, we could just convert the locally-built Docker container from the previous step. It doesn't need to be pulled from the daemon, either, we could
docker save
the image to a tar file and convert that. Converting the docker container would also fix #15715, but as I mention on that issue, there may be reasons for not doing so that I'm not aware of.