You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Move common/dockerfiles/Dockerfile.base (and the rest of the image chain that inherits from dr_base) off ubuntu:18.04. Target Ubuntu 22.04 (jammy) at minimum, ideally 24.04 (noble). Upgrade the deploy box in the same effort so the description fields in docker-bake.hcl can be re-enabled.
Why now
Ubuntu 18.04 standard support ended April 2023; the image only continues to receive ESM updates through Canonical's paid program. Beyond the EOL itself, several costs have accrued:
Dockerfile.base carries three out-of-tree PPAs (apt-fast/stable, deadsnakes/ppa, savoury1/llvm-defaults-10) and a workaround MIT apt mirror just to make a usable build environment on top of the stale base.
Dockerfile.downloaders is pinned to aspera-cli 4.10.0 because newer versions require glibc 2.28+ and 18.04 ships 2.27. The runtime tests that exercise ascp are skipped as a result. See Dockerfile.downloaders lines 17-23.
The deploy box (also Ubuntu 18.04) ships Buildx v0.10.5, which doesn't support description fields in variable blocks. docker-bake.hcl lines 20-22 document this and keep the descriptions commented out as a TODO.
Dockerfile.compendia uses nvidia/cuda:11.8.0-runtime-ubuntu18.04, which has no ARM64 variant. Newer CUDA images on jammy/noble bases have better arch coverage, which dovetails with the ARM64 work.
Target version
Recommend Ubuntu 22.04 (jammy) as the primary target. Active LTS through April 2027, ships Python 3.10 and LLVM 14 in the default repos, removes the need for the deadsnakes and savoury PPAs. 24.04 (noble) is the more future-proof choice but introduces Python 3.12 which may need broader compatibility checking against current Django and bioinformatics dependencies. 20.04 (focal) is already at standard-support EOL and should be skipped.
Hard pin: keep R 3.4.4 / Bioconductor 3.6
R is not part of this upgrade. All seven workers/R/dependencies/*/renv.lock files currently pin R.Version = 3.4.4 and resolve Bioconductor packages out of the archived Bioc 3.6 mirror. Today this works because Ubuntu 18.04's r-base-core apt package happens to ship R 3.4.4. On 22.04 it ships R 4.1.x and on 24.04 it ships R 4.3.x, so a vanilla apt-get install r-base-core after the upgrade would silently break every renv restore. We need to install R 3.4.4 explicitly and not rely on the distro's r-base-core.
Implications for the upgrade:
Drop r-base-core from the apt-fast install list in Dockerfile.base.
Replace it with an explicit R 3.4.4 install. Two options worth testing:
Build from source: wget https://cran.r-project.org/src/base/R-3/R-3.4.4.tar.gz, ./configure --enable-R-shlib, make, make install. Reproducible and self-contained; ~5-10 min build time on top of cache misses.
Pull a prebuilt binary if a maintained one exists for the target Ubuntu (e.g. rocker, r-hub, or a CRAN apt archive). Cheaper but couples us to a third-party build.
Whichever path is chosen, the resulting R --version output must report 3.4.4. The renv.lock files stay untouched.
The R build needs the same C/Fortran/dev libraries currently installed for the rest of the image (gfortran, libssl, libpng, libtiff, libcairo, etc.); the apt list does not shrink much by dropping r-base-core.
This keeps the R/Bioc surface frozen so the upgrade is strictly a base-OS and Python/LLVM bump, not a multi-axis change.
Scope of changes
Images
common/dockerfiles/Dockerfile.base: change FROM ubuntu:18.04 to FROM ubuntu:22.04 (or 24.04). Drop add-apt-repository ppa:deadsnakes/ppa and ppa:savoury1/llvm-defaults-10. Replace python3.8 with python3.10 (or 3.12) and llvm-10-dev with llvm-14-dev. Drop r-base-core from the apt list and install R 3.4.4 explicitly (see Hard pin section above). Re-evaluate whether the MIT apt mirror fallback and apt-fast PPA are still worth carrying.
workers/dockerfiles/Dockerfile.compendia: bump FROM nvidia/cuda:11.8.0-runtime-ubuntu18.04 to a CUDA image based on the new Ubuntu version. CUDA 12.x ships ubuntu22.04 variants. Same R 3.4.4 explicit install applies here since it carries its own apt block.
workers/dockerfiles/Dockerfile.downloaders: unpin aspera-cli once glibc 2.28+ is available; re-enable the ascp runtime tests that were skipped under the pin.
Deploy box
Upgrade the EC2 instance(s) that run the deploy step to Ubuntu 22.04+ so Buildx v0.13+ can be installed.
Uncomment the description = ... lines in docker-bake.hcl once the deploy box is on a sufficient Buildx version.
Dependency surfaces likely to need attention
All workers/R/dependencies/*/renv.lock files - leave untouched. The hard pin on R 3.4.4 / Bioc 3.6 means renv restore should produce the same package set it does today.
*/requirements.txt - validate against the target Python version. cython, cython3, and any C-extension wheels are the most likely friction points.
Salmon and SRA Toolkit are downloaded as prebuilt binaries; the current pinned versions were chosen to be compatible with 18.04. Confirm they still run on the new base or bump versions.
Risks
Python version bump can ripple into Django, DRF, and third-party libraries. Likely the largest single source of churn.
Building R 3.4.4 from source on a modern toolchain may surface compiler warnings-as-errors or deprecated header issues. A small patch set may be needed; document any patches inline in the Dockerfile.
Image size and build time may shift; cache key changes will invalidate the public Docker Hub cache on first build. The R-from-source step is the most expensive new layer and should be ordered for cacheability.
The compendia image's GPU compatibility matrix changes with the CUDA version bump; needs validation against current production GPU instance types.
Acceptance criteria
Dockerfile.base uses ubuntu:22.04 (or 24.04) with no out-of-tree Python or LLVM PPAs.
Dockerfile.base (and Dockerfile.compendia) install R 3.4.4 explicitly; R --version inside the built images reports 3.4.4.
All renv.lock files are byte-identical to their state before this upgrade; renv restore succeeds against the unchanged Bioc 3.6 archive URLs.
Dockerfile.compendia uses a CUDA image based on the new Ubuntu version.
Dockerfile.downloaders no longer pins aspera-cli; the previously skipped ascp tests are re-enabled.
Common, foreman, workers, and api test suites pass against the new images.
Deploy box upgraded; description lines in docker-bake.hcl uncommented; a real bake run succeeds end-to-end.
No remaining references to 18.04, bionic, or ubuntu18 anywhere in the repo.
Suggested sequencing
Land the deploy-box upgrade and Buildx bump on its own so the bake tooling is ready.
Cut Dockerfile.base over to the new Ubuntu in a single PR. Expect a follow-up cleanup PR for renv regeneration.
Cut Dockerfile.compendia to the new CUDA base separately so GPU validation is isolated.
Unpin aspera-cli and re-enable skipped tests as a final cleanup PR.
References
common/dockerfiles/Dockerfile.base (current base image definition)
Upgrade base image from Ubuntu 18.04
Goal
Move
common/dockerfiles/Dockerfile.base(and the rest of the image chain that inherits fromdr_base) offubuntu:18.04. Target Ubuntu 22.04 (jammy) at minimum, ideally 24.04 (noble). Upgrade the deploy box in the same effort so thedescriptionfields indocker-bake.hclcan be re-enabled.Why now
Ubuntu 18.04 standard support ended April 2023; the image only continues to receive ESM updates through Canonical's paid program. Beyond the EOL itself, several costs have accrued:
Dockerfile.basecarries three out-of-tree PPAs (apt-fast/stable,deadsnakes/ppa,savoury1/llvm-defaults-10) and a workaround MIT apt mirror just to make a usable build environment on top of the stale base.Dockerfile.downloadersis pinned toaspera-cli 4.10.0because newer versions require glibc 2.28+ and 18.04 ships 2.27. The runtime tests that exercise ascp are skipped as a result. SeeDockerfile.downloaderslines 17-23.descriptionfields in variable blocks.docker-bake.hcllines 20-22 document this and keep the descriptions commented out as a TODO.Dockerfile.compendiausesnvidia/cuda:11.8.0-runtime-ubuntu18.04, which has no ARM64 variant. Newer CUDA images on jammy/noble bases have better arch coverage, which dovetails with the ARM64 work.Target version
Recommend Ubuntu 22.04 (jammy) as the primary target. Active LTS through April 2027, ships Python 3.10 and LLVM 14 in the default repos, removes the need for the deadsnakes and savoury PPAs. 24.04 (noble) is the more future-proof choice but introduces Python 3.12 which may need broader compatibility checking against current Django and bioinformatics dependencies. 20.04 (focal) is already at standard-support EOL and should be skipped.
Hard pin: keep R 3.4.4 / Bioconductor 3.6
R is not part of this upgrade. All seven
workers/R/dependencies/*/renv.lockfiles currently pinR.Version = 3.4.4and resolve Bioconductor packages out of the archived Bioc 3.6 mirror. Today this works because Ubuntu 18.04'sr-base-coreapt package happens to ship R 3.4.4. On 22.04 it ships R 4.1.x and on 24.04 it ships R 4.3.x, so a vanillaapt-get install r-base-coreafter the upgrade would silently break every renv restore. We need to install R 3.4.4 explicitly and not rely on the distro'sr-base-core.Implications for the upgrade:
r-base-corefrom theapt-fast installlist inDockerfile.base.wget https://cran.r-project.org/src/base/R-3/R-3.4.4.tar.gz,./configure --enable-R-shlib,make,make install. Reproducible and self-contained; ~5-10 min build time on top of cache misses.R --versionoutput must report3.4.4. Therenv.lockfiles stay untouched.r-base-core.This keeps the R/Bioc surface frozen so the upgrade is strictly a base-OS and Python/LLVM bump, not a multi-axis change.
Scope of changes
Images
common/dockerfiles/Dockerfile.base: changeFROM ubuntu:18.04toFROM ubuntu:22.04(or24.04). Dropadd-apt-repository ppa:deadsnakes/ppaandppa:savoury1/llvm-defaults-10. Replacepython3.8withpython3.10(or3.12) andllvm-10-devwithllvm-14-dev. Dropr-base-corefrom the apt list and install R 3.4.4 explicitly (see Hard pin section above). Re-evaluate whether the MIT apt mirror fallback andapt-fastPPA are still worth carrying.workers/dockerfiles/Dockerfile.compendia: bumpFROM nvidia/cuda:11.8.0-runtime-ubuntu18.04to a CUDA image based on the new Ubuntu version. CUDA 12.x ships ubuntu22.04 variants. Same R 3.4.4 explicit install applies here since it carries its own apt block.workers/dockerfiles/Dockerfile.downloaders: unpinaspera-clionce glibc 2.28+ is available; re-enable the ascp runtime tests that were skipped under the pin.Deploy box
description = ...lines indocker-bake.hclonce the deploy box is on a sufficient Buildx version.Dependency surfaces likely to need attention
workers/R/dependencies/*/renv.lockfiles - leave untouched. The hard pin on R 3.4.4 / Bioc 3.6 means renv restore should produce the same package set it does today.*/requirements.txt- validate against the target Python version.cython,cython3, and any C-extension wheels are the most likely friction points.Risks
Acceptance criteria
Dockerfile.baseusesubuntu:22.04(or24.04) with no out-of-tree Python or LLVM PPAs.Dockerfile.base(andDockerfile.compendia) install R 3.4.4 explicitly;R --versioninside the built images reports3.4.4.renv.lockfiles are byte-identical to their state before this upgrade; renv restore succeeds against the unchanged Bioc 3.6 archive URLs.Dockerfile.compendiauses a CUDA image based on the new Ubuntu version.Dockerfile.downloadersno longer pinsaspera-cli; the previously skipped ascp tests are re-enabled.descriptionlines indocker-bake.hcluncommented; a realbakerun succeeds end-to-end.18.04,bionic, orubuntu18anywhere in the repo.Suggested sequencing
Dockerfile.baseover to the new Ubuntu in a single PR. Expect a follow-up cleanup PR for renv regeneration.Dockerfile.compendiato the new CUDA base separately so GPU validation is isolated.References
common/dockerfiles/Dockerfile.base(current base image definition)workers/dockerfiles/Dockerfile.downloaderslines 17-23 (glibc 2.27 / aspera pin)workers/dockerfiles/Dockerfile.compendialine 4 (CUDA + Ubuntu 18 base)docker-bake.hcllines 20-22 (Buildx version TODO)