Merge branch 'master' into fix-env

Author: veprbl

.github/copilot-instructions.md

@@ -0,0 +1,88 @@
+# GitHub Copilot Instructions
+
+This repository builds container images for the Electron-Ion Collider (EIC) scientific software environment.
+
+## Primary Reference
+
+**For comprehensive guidance, see [`AGENTS.md`](../AGENTS.md) in the repository root.**
+
+The `AGENTS.md` file contains detailed information about:
+- Repository architecture and build strategy
+- Spack package management conventions
+- Docker multi-stage build patterns
+- Coding conventions for Dockerfiles, shell scripts, and YAML
+- Common tasks and workflows
+- Testing and validation procedures
+
+## Quick Reference
+
+### Key Technologies
+
+- **Spack** - Scientific package manager
+- **Docker/OCI** - Multi-stage, multi-architecture container builds
+- **GitHub Actions** - CI/CD pipeline
+- **BuildKit** - Advanced Docker build features with caching
+
+### Essential Commands
+
+```bash
+# Build stages locally
+docker buildx build --target builder_concretization_default -f containers/eic/Dockerfile .
+docker buildx build --target final -f containers/eic/Dockerfile .
+
+# Spack environment activation
+spack env activate --dir <path>
+```
+
+### File Modification Guidelines
+
+When modifying files, follow these patterns:
+
+**`spack-environment/packages.yaml`**
+- Use `@X.Y.Z:X` syntax for major version constraints
+- Maintain both `prefer` and `require` sections in `packages:all`
+- Use `any_of: [+variant, '@:']` pattern for optional variants
+
+**`spack-packages.sh`**
+- Add cherry-pick commit hashes with descriptive comment: `## [hash]: [description]`
+
+**Dockerfiles**
+- Use BuildKit syntax: `#syntax=docker/dockerfile:1.10`
+- Enable checks: `#check=error=true`
+- Use heredoc for multi-line RUN: `RUN <<EOF ... EOF`
+- Leverage mount caches for performance
+
+### Version Updates
+
+When updating package versions:
+1. Check if cherry-pick needed in `spack-packages.sh`
+2. Update version in `spack-environment/packages.yaml`
+3. Update in **both** `xl` and `cuda` subdirectories if epic-related
+
+### Testing Changes
+
+Before submitting:
+1. Test concretization with builder stage builds
+2. Verify no unexpected duplicate packages
+3. **Check BOTH CI workflows pass** (GitHub Actions AND GitLab/EICweb)
+4. Update documentation if architecture changes
+
+### Dual CI Workflow
+
+This repository uses **both** GitHub Actions and GitLab CI (EICweb):
+- **GitHub Actions**: Primary workflow for GitHub-hosted builds
+- **GitLab CI**: Mirrored workflow on `eicweb.phy.anl.gov` with dedicated hardware
+- **Both must pass** - passing one is necessary but not sufficient
+
+## Registry Information
+
+Images are published to:
+- **GitHub Container Registry**: `ghcr.io/eic/*`
+- **DockerHub** (optional): `docker.io/eicweb/*`
+
+Buildcache stored at:
+- **GitLab Registry**: `eicweb.phy.anl.gov/containers/eic_container`
+
+## Support
+
+For detailed documentation, see the `docs/` directory or visit the [GitHub repository](https://github.com/eic/containers).

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/build-push.yml

@@ -107,9 +107,10 @@ jobs:
           PLATFORM: linux/amd64
           runner: ubuntu-latest
           arch: amd64
+      fail-fast: false
     steps:
       - name: Checkout 
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Inject enhanced GitHub environment variables
         uses: rlespinasse/github-slug-action@v5
       - name: Load spack version and cherry-picks
@@ -158,7 +159,7 @@ jobs:
         # This is separate from the registry cache which stores image layers
         # Reference: https://docs.docker.com/build/ci/github-actions/cache/#cache-mounts
         # Implementation: https://github.com/reproducible-containers/buildkit-cache-dance
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         id: cache-base-mounts
         with:
           path: cache-mount-base-${{ matrix.BUILD_IMAGE }}-${{ matrix.arch }}
@@ -194,7 +195,7 @@ jobs:
           username: ${{ secrets.GHCR_REGISTRY_USER }}
           password: ${{ secrets.GHCR_REGISTRY_TOKEN }}
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         id: build
         with:
           file: containers/debian/Dockerfile
@@ -233,7 +234,7 @@ jobs:
           mkdir -p /tmp/digests
           echo "${{ steps.meta.outputs.tags }}@${{ steps.build.outputs.digest }}" > /tmp/digests/${{ matrix.BUILD_IMAGE }}-${{ matrix.arch }}.digest
       - name: Upload digest as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: base-${{ matrix.BUILD_IMAGE }}-${{ matrix.arch }}-digest
           path: /tmp/digests/${{ matrix.BUILD_IMAGE }}-${{ matrix.arch }}.digest
@@ -269,7 +270,7 @@ jobs:
           username: ${{ secrets.GHCR_REGISTRY_USER }}
           password: ${{ secrets.GHCR_REGISTRY_TOKEN }}
       - name: Download all digest artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v7
         with:
           path: /tmp/digests
           pattern: base-${{ matrix.BUILD_IMAGE }}-*-digest
@@ -406,14 +407,15 @@ jobs:
           runner: ubuntu-latest
           PLATFORM: linux/amd64
           target: builder_concretization_default
+      fail-fast: false
     steps:
       - name: Free Disk Space (Ubuntu)
         uses: jlumbroso/free-disk-space@v1.3.1
         with:
           android: true
           dotnet: true
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Resolve benchmarks versions
         id: benchmarks
         shell: bash
@@ -451,7 +453,7 @@ jobs:
         # This is separate from the registry cache which stores image layers
         # Reference: https://docs.docker.com/build/ci/github-actions/cache/#cache-mounts
         # Implementation: https://github.com/reproducible-containers/buildkit-cache-dance
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         id: cache-eic-mounts
         with:
           path: cache-mount-eic-${{ matrix.arch }}
@@ -495,7 +497,7 @@ jobs:
           username: ${{ secrets.GHCR_REGISTRY_USER }}
           password: ${{ secrets.GHCR_REGISTRY_TOKEN }}
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         id: build
         with:
           file: containers/eic/Dockerfile
@@ -537,7 +539,7 @@ jobs:
           mkdir -p /tmp/digests
           echo "${{ steps.meta.outputs.tags }}@${{ steps.build.outputs.digest }}" > /tmp/digests/${{ matrix.arch }}.digest
       - name: Upload digest as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: eic-${{ matrix.ENV }}-${{ matrix.arch }}-digest
           path: /tmp/digests/${{ matrix.arch }}.digest
@@ -571,7 +573,7 @@ jobs:
           username: ${{ secrets.GHCR_REGISTRY_USER }}
           password: ${{ secrets.GHCR_REGISTRY_TOKEN }}
       - name: Download all digest artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v7
         with:
           path: /tmp/digests
           pattern: eic-${{ matrix.ENV }}-*-digest

.github/workflows/docs.yml

@@ -27,13 +27,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Pages
-        uses: actions/configure-pages@v4
+        uses: actions/configure-pages@v5
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@v4
         with:
           path: 'docs'
 

.github/workflows/mirror.yaml

@@ -15,7 +15,7 @@ jobs:
       statuses: write
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
       with:
         fetch-depth: 0
     - name: Push to EICweb

.gitlab-ci.yml

@@ -620,8 +620,7 @@ eic_xl:singularity:nightly:
 .benchmarks:default:
   extends: .benchmarks
   variables:
-    - BUILD_TYPE: default
-    - !reference ['.benchmarks', variables]
+    BUILD_TYPE: default
   needs: 
     - job: version
     - job: eic
@@ -639,8 +638,7 @@ eic_xl:singularity:nightly:
 .benchmarks:nightly:
   extends: .benchmarks
   variables:
-    - BUILD_TYPE: nightly
-    - !reference ['.benchmarks', variables]
+    BUILD_TYPE: nightly
   needs: 
     - job: version
     - job: eic