Open jmernin opened 2 years ago
jmernin
commented
2 years ago After a little research, I think I found a way for this to work on my new machine, by adding a specific value for the --platform argument (before the name of the container image), as follows:
$ docker run --name="avg" -dit --mount type=bind,source=$(pwd)/share,target=/share --env-file=default.env --platform linux/amd64 lucab85/avgThis command seems to run without any warnings, which is quite hopeful.
jmernin
commented
2 years ago While the container was able to run, I'm not sure of the video conversion process is actually working correctly, as I get this error when I try to run the pptx2ari.sh command:
Converting PPTX to PDF
Fatal exception: Signal 11
Stack:
/usr/lib/x86_64-linux-gnu/libuno_sal.so.3(+0x37ae3)[0x4005ad1ae3]
/usr/lib/x86_64-linux-gnu/libuno_sal.so.3(+0x37cc4)[0x4005ad1cc4]
/lib/x86_64-linux-gnu/libc.so.6(+0x38920)[0x4005b47920]
/usr/lib/x86_64-linux-gnu/libuno_cppu.so.3(+0x17e55)[0x4007a8ce55]
/usr/lib/x86_64-linux-gnu/libuno_cppu.so.3(+0x163e4)[0x4007a8b3e4]
/usr/lib/libreoffice/program/libmergedlo.so(+0x28154cc)[0x40040524cc]
/usr/lib/libreoffice/program/libmergedlo.so(+0x281b9c5)[0x40040589c5]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN3utl10ConfigItemC2ERKN3rtl8OUStringE14ConfigItemMode+0x7e)[0x4004058b7e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN19SvtSysLocaleOptionsC1Ev+0x18d)[0x400408737d]
/usr/lib/libreoffice/program/libmergedlo.so(_Z7InitVCLv+0x246)[0x400446e1e6]
/usr/lib/libreoffice/program/libmergedlo.so(_Z10ImplSVMainv+0x335)[0x400446eb55]
/usr/lib/libreoffice/program/libmergedlo.so(soffice_main+0x181)[0x40036069e1]
/usr/lib/libreoffice/program/soffice.bin(+0x107c)[0x400000107c]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xcd)[0x4005b327fd]
/usr/lib/libreoffice/program/soffice.bin(+0x10ba)[0x40000010ba]
qemu: uncaught target signal 6 (Aborted) - core dumped
Error in docxtractr::convert_to_pdf(path, pdf_file = pdf_file) :
Conversion from PPTX to PDF did not succeed
In addition: Warning message:
In system(cmd, intern = TRUE) :
running command '"/usr/bin/soffice" --convert-to pdf --headless --outdir "/tmp/Rtmpgil59Z" "/tmp/Rtmpgil59Z/file15108e051.pptx"' had status 134It looks like we might need to build a Multi-Arch image: https://www.docker.com/blog/multi-arch-images/
lucab85
commented
2 years ago I'm testing the building pipeline for platforms: linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x
lucab85
commented
2 years ago Container build repeatedly fails hitting Rate limits for GitHub Apps. Previously the limit was not hit because the container was build only for x86_64, now failure is on arm64 build.
Failure is on command installGithub.r line 38 of Dockerfile https://github.com/lucab85/avg/blob/devel/Dockerfile#L38
I added the GITHUB_TOKEN secret without success.
I opened a issue report to the github action without success docker/build-push-action 403 api rate limit #605 . The root cause might be related to Docker BuildKit secret mounting for Docker Builder process.
The full error could be seen in the latest built: https://github.com/lucab85/avg/actions
#9 294.8 Downloading GitHub repo jhudsl/didactr@HEAD
#9 296.8 Error: Failed to install 'unknown package' from GitHub:
#9 296.8 HTTP error 403.
#9 296.8 API rate limit exceeded for 20.237.249.124. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
#9 296.8
#9 296.8 Rate limit remaining: 0/60
#9 296.8 Rate limit reset at: 2022-05-04 21:53:04 UTC
#9 296.8
#9 296.8 To increase your GitHub API rate limit
#9 296.8 - Use `usethis::create_github_token()` to create a Personal Access Token.
#9 296.8 - Use `usethis::edit_r_environ()` and add the token as `GITHUB_PAT`.
#9 ERROR: process "/bin/sh -c installGithub.r --deps TRUE jhudsl/ariExtra jhudsl/ari jhudsl/text2speech jhudsl/didactr" did not complete successfully: exit code: 1
tomjenkinson
commented
2 years ago @lucab85 I am definitely not an expert on this so please don't take this as steps to perform. That said, I wonder if it could be because you appear to be passing it as a secret github_token in https://github.com/lucab85/avg/blob/devel/.github/workflows/ci-devel.yml but you then seem to be referring to it by capitalised in GITHUB_TOKEN (capitalised) https://github.com/lucab85/avg/blob/devel/Dockerfile#L6 or maybe it is cat /run/secrets/GITHUB_TOKEN that maybe should be fully lowercase like cat /run/secrets/github_token (or maybe both types of reference? I don't know sorry). If that doesn't help I would wonder how installGithub.r works in combination with the secret - I couldn't find the file.
jmernin
commented
2 years ago Someone else (that I shared this issue link with) also asked if Docker Rate Limiting could be a factor as well?
lucab85
commented
2 years ago Hello @tomjenkinson you could find the source code of the installGithub.r executable in the r-cran-littler debian package. This is the Dockerfile for the parent rocker/r-base container.
tomjenkinson
commented
2 years ago I no expert in this area, please use caution when considering my response.
My guess is that installGithub.r is not aware of the secret you are trying to pass in. I have a feeling when you have https://github.com/lucab85/avg/blob/devel/Dockerfile#L6-L7 it's more like how an example would work. In this case I think you might be passing the secret to the docker RUN command in a file (as in --mount=type=secret,id=github_token on line 6), but it's then combined with an example at the same time (the cat'ing of the file on line 7) - in other words I think --mount=type=secret,id=github_token is essentially putting the secret in /run/secrets/github_token but just for that RUN line.
I did search and found this https://stackoverflow.com/questions/23391839/clone-private-git-repo-with-dockerfile where you can find a reference to using -mount=type=secret,id=ssh_id in a RUN command which might add credibility that the mount is related to the RUN command. rather than say an environment for the Dockerfile. Here, I am not saying to move away from installGithub.r and say clone things yourself, but rather to hypothesize how secret handling may be working. Reading the response from crazy-max on https://github.com/docker/build-push-action/issues/605 I think this point about the specific RUN command could be inferred too: "the RUN command that needs it"
It could be useful to speak with the littler community to understand the right way to pass a token to installGithub.r.
sjwoodman
commented
2 years ago I would agree with @tomjenkinson - if this is the same installGithub.r (I think it is as the executable linked above is just a wrapper) then it suggests you need to pass an auth_token argument or set a GITHUB_PAT ENV_VAR.
https://www.rdocumentation.org/packages/devtools/versions/1.13.6/topics/install_github
tomjenkinson
commented
2 years ago Please be very careful with your testing to not reveal your github secret.
If installGithub.r does use GITHUB_PAT then I think something like this shows a bit how it might be used.
A local test file called mysecret (for instance) with content:
test
A "Dockerfile" - where "[command that uses $GITHUB_PAT]" would be replaced by the use of installGithub.r for instance:
FROM fedora
RUN --mount=type=secret,id=github_token export GITHUB_PAT=`cat /run/secrets/github_token` ; [command that uses $GITHUB_PAT]A command to test that dockerfile, hopefully this is something a bit like how the github action works when processing the yml but I really don't know (and of the filename mysecret is the one I have locally) - I don't know how to test the github yml offline:
docker build --secret id=github_token,src=mysecret .
I recently switched to a new MacBook Pro powered by the Apple M1 Silicon chipset and I ran into some problems while trying to set up the AVG environment there. Specifically, I got this warning when I ran the
docker runcommand:Could it be that we need to build an alternative version of the the base image, that suits the M1 chipset?