Single docker file + Apptainer Support

[bendhouseart]

• Combines containers into single image
• Add instructions on how to create and run an apptainer version of that single image ezBIDS container

Would like some feedback/review before merge.

[mnoergaard]

(base) martinnorgaard@pop-os:~/Downloads$ apptainer run --fakeroot --writable-tmpfs --cleanenv --no-home ezbids-everything.sif
INFO: User not listed in /etc/subuid, trying root-mapped namespace
INFO: Using fakeroot command combined with root-mapped namespace
/.singularity.d/libs/faked: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.33' not found (required by /.singularity.d/libs/faked) /.singularity.d/libs/faked: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.34' not found (required by /.singularity.d/libs/faked)
fakeroot: error while starting the `faked' daemon.
/.singularity.d/libs/fakeroot: 1: kill: Usage: kill [-s sigspec | -signum | -sigspec] [pid | job]... or
kill -l [exitstatus]

[mnoergaard]

But when I spin it up with sudo, it works like a charm

(base) martinnorgaard@pop-os:~/Downloads$ sudo apptainer run --writable-tmpfs --cleanenv --no-home ezbids-everything.sif
[sudo] password for martinnorgaard:
2025-09-18 10:31:57,162 INFO Set uid to user 0 succeeded
2025-09-18 10:31:57,166 INFO supervisord started with pid 6124
2025-09-18 10:31:58,175 INFO spawned: 'api' with pid 6147
2025-09-18 10:31:58,177 INFO spawned: 'handler' with pid 6148
2025-09-18 10:31:58,195 INFO spawned: 'mongodb' with pid 6149
2025-09-18 10:31:58,197 INFO spawned: 'ui' with pid 6150
2025-09-18 10:31:59,191 INFO success: api entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-09-18 10:31:59,191 INFO success: handler entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-09-18 10:31:59,191 INFO success: mongodb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-09-18 10:31:59,200 INFO success: ui entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

[mnoergaard]

So I think it complains due to the version of Apptainer that I am using, which was built on a different base than what you used to build the sif. So we should align this in the documentation. But if we can just distribute the docker images, then user can built the sif with whatever base they want, and then fakeroot should work (I think).

[mnoergaard]

(base) martinnorgaard@pop-os:/Downloads/ezbids_docker$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ezbids-everything latest b8241a21e941 2 minutes ago 4.5GB
ezbids_docker-ui latest ac35e4d581c0 6 minutes ago 1.45GB
ezbids_docker-handler latest 005809e9181c 6 minutes ago 3.86GB
ezbids_docker-api latest bd7929c82a34 13 minutes ago 1.79GB
ghcr.io/nipreps/petprep main aad9b02f71e9 4 weeks ago 24.3GB
(base) martinnorgaard@pop-os:/Downloads/ezbids_docker$ apptainer build ezbids-everything.sif ezbids-everything
FATAL: Unable to build from ezbids-everything: unable to open file ezbids-everything: open ezbids-everything: no such file or directory
(base) martinnorgaard@pop-os:~/Downloads/ezbids_docker$ apptainer build ezbids-everything.sif docker-daemon://ezbids-everything:latest
INFO: Starting build...
FATAL: While performing build: conveyor failed to get: while converting reference: loading image from docker engine: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

So think we should add the choice of saving the image to a tar, and then build the sif from that. E.g.

docker save ezbids-everything:latest -o ezbids-everything.tar

[bendhouseart]

Does that work? I didn't get a chance to try it today (I'm not at all opposed).

[bendhouseart]

So I think it complains due to the version of Apptainer that I am using, which was built on a different base than what you used to build the sif. So we should align this in the documentation. But if we can just distribute the docker images, then user can built the sif with whatever base they want, and then fakeroot should work (I think).

Sudo should not be a thing, can you check to see what version of apptainer you're running? I'm running 1.4.2-1 and I believe i installed the version withoutsuid (see here and here but that could be a centOS/Fedora difference.

I've added some CI to test apptainer, but I agree that the best next step is to push the single docker image version of ezBIDS to dockerhub before we worry too much more about apptainer.

Let's merge this PR so we can get the actions integrated into master at least, then work on polishing up both the documentation and the commands used to build/run/export this.

[bendhouseart]

Ahh I take it back the apptainer build is running I just failed to rename the workflow file when I copied a previous one. https://github.com/openneuropet/ezbids_docker/actions/runs/17834591843/job/50708403465

Nevermind about merging, we can sort things out here.

[bendhouseart]

Okay it passes CI build and upload tests for both SIF and single docker image. I think this is good to go, but feel free to hold off on merging until you verify that the same steps in the CI work for you locally. Otherwise, press that merge button and let's plan on adding push to docker hub actions in the next PR.