Add Dockerfile and workflow for building and pushing Docker image to …

…GHCR (#25)

* Add Dockerfile and workflow for building and pushing Docker image to ghcr

* Cache R and pip packages

* Temporarily simplify Dockerfile to test caching

* Attempt to fix up cache paths for GitHub workflow

* Temporarily try a simpler R package for testing cache

* Try using cache dir env vars to pass mount paths to Dockerfile RUN commands

* Revert pip/renv caching for now

* Remove explicit permissions from publish-docker-image job in deploy workflow

* Change SHA Docker tagging scheme to follow GitHub tags instead

* Switch to PPM for R package installs

* Install more system dependencies into Dockerfile

* Fixup renv install in Dockerfile

* Simplify Pipfile to only keep dvc dependency

* Try explicitly copying renv path to make sure it gets added in Dockerfile

* Disable build provenance

.github/workflows/deploy.yaml

@@ -0,0 +1,52 @@
+name: deploy
+
+on:
+  pull_request:
+  push:
+    branches: [main, '*-assessment-year']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  publish-docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          # Tag the following types of images:
+          #   * On a branch, tag with the branch name (e.g. `master`)
+          #   * On a PR, tag with the PR number (e.g. `pr-12`)
+          #   * On all events, tag with the short git SHA (e.g. `e956384`)
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=ref,event=tag
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          provenance: false

Dockerfile

@@ -0,0 +1,40 @@
+FROM rocker/r-ver:4.3.1
+
+# Use PPM for binary installs
+ENV RENV_CONFIG_REPOS_OVERRIDE "https://packagemanager.posit.co/cran/__linux__/jammy/latest"
+ENV RENV_PATHS_LIBRARY renv/library
+
+# Install system dependencies
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    libcurl4-openssl-dev libssl-dev libxml2-dev libgit2-dev git \
+    libudunits2-dev python3-dev python3-pip libgdal-dev libgeos-dev \
+    libproj-dev libfontconfig1-dev libharfbuzz-dev libfribidi-dev pandoc
+
+# Install pipenv for Python dependencies
+RUN pip install pipenv
+
+# Copy pipenv files into the image. The reason this is a separate step from
+# the later step that adds files from the working directory is because we want
+# to avoid having to reinstall dependencies every time a file in the directory
+# changes, as Docker will bust the cache of every layer following a layer that
+# needs to change
+COPY Pipfile .
+COPY Pipfile.lock .
+
+# Install Python dependencies
+RUN pipenv install --system --deploy
+
+# Copy R bootstrap files into the image
+COPY renv.lock .
+COPY .Rprofile .
+COPY renv/ renv/
+
+# Install R dependencies
+RUN Rscript -e 'renv::restore()'
+
+# Copy the directory into the container
+ADD ./ model-res-avm/
+
+# Copy R dependencies into the app directory
+RUN mv renv model-res-avm/renv
+WORKDIR model-res-avm/

Pipfile

@@ -4,11 +4,7 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-numpy = "*"
-pandas = "*"
-scipy = "*"
-scikit-learn = "*"
-dvc = "*"
+"dvc[s3]" = "*"
 
 [dev-packages]