Updates via chatgpt

Susan Vanderplas · Susan Vanderplas · commit da706b792a25 · 2025-08-13T14:32:35.000-05:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,9 +1,9 @@
 name: Render and deploy Quarto files
+
 on:
   push:
   pull_request:
 
-
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -16,40 +16,77 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       GH_PAT: ${{ secrets.GH_PAT }}
       GITHUB_PAT: ${{ secrets.GH_PAT }}
-      RENV_CACHE: ~/.cache/renv
-      PIP_CACHE: ~/.cache/pip
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      # Prepare cache directories so they always exist
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Make sure caches exist even on first run
       - name: Prepare cache dirs
         run: |
           mkdir -p ~/.cache/pip
-          mkdir -p ~/.cache/renv
+          mkdir -p ~/.local/share/renv
 
-      # Cache Python packages
-      - name: Cache pip packages
+      - name: Cache pip (downloads/wheels)
         uses: actions/cache@v4
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ hashFiles('setup/requirements.txt') }}
           restore-keys: |
             ${{ runner.os }}-pip-
 
-      # Cache R packages from renv
-      - name: Cache R packages
+      - name: Cache renv (global cache, not project folder)
         uses: actions/cache@v4
         with:
-          path: renv
-          key: ${{ runner.os }}-renv-${{ hashFiles('renv.lock') }}
+          path: ~/.local/share/renv
+          key: ${{ runner.os }}-renv-${{ hashFiles('setup/renv.lock') }}
           restore-keys: |
             ${{ runner.os }}-renv-
 
-      # Build Docker image
-      - name: Build Docker image
-        run: docker build -t local/quarto-reticulate:latest .
+      - name: Build Docker image with layer cache
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          tags: local/quarto-reticulate:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 
-      # Run Docker container (optional test)
-      - name: Test build inside container
-        run: docker run --rm local/quarto-reticulate:latest
+      # Run inside the container against the mounted repo
+      - name: Render & publish with cached renv/pip
+        run: |
+          docker run --rm \
+            -v "${{ github.workspace }}:/project" \
+            -v "${HOME}/.local/share/renv:/root/.local/share/renv" \
+            -v "${HOME}/.cache/pip:/root/.cache/pip" \
+            -e RENV_PATHS_CACHE=/root/.local/share/renv \
+            -e PIP_CACHE_DIR=/root/.cache/pip \
+            -e NEWSAPI_KEY="${{ secrets.NEWSAPI_KEY }}" \
+            -e GH_APP_ID="${{ secrets.GH_APP_ID }}" \
+            -e GH_APP_SECRET="${{ secrets.GH_APP_SECRET }}" \
+            -e GH_PAT_DEMO="${{ secrets.GH_PAT_DEMO }}" \
+            -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" \
+            -e GH_PAT="${{ secrets.GH_PAT }}" \
+            -e GITHUB_PAT="${{ secrets.GH_PAT }}" \
+            local/quarto-reticulate:latest \
+            /bin/sh -c '
+              set -e
+              # R deps from renv in setup/
+              if [ -f "/project/renv.lock" ]; then
+                Rscript -e "renv::restore(project = '/project', prompt = FALSE)"
+              fi
+              # Python deps
+              if [ -f "/project/setup/requirements.txt" ]; then
+                python3 -m venv /root/.virtualenvs/venv
+                /root/.virtualenvs/venv/bin/pip install --upgrade pip
+                /root/.virtualenvs/venv/bin/pip install --cache-dir ${PIP_CACHE_DIR} -r /project/setup/requirements.txt
+                export PATH=/root/.virtualenvs/venv/bin:$PATH
+              fi
+              # Quarto
+              cd /project
+              quarto render && quarto publish
+            '
diff --git a/Dockerfile b/Dockerfile
@@ -1,77 +1,48 @@
-# Base image
-FROM rocker/verse:latest
+# Fast, sane base with R + tools
+FROM rocker/verse:4.5
 
-# Set environment variables so renv/pip use them
-ENV R_CACHE=/root/.cache/R/
-ENV RENV_CACHE=/root/.cache/R/renv/
-ENV PIP_CACHE=/root/.cache/pip
-
-# Install Python
-RUN apt-get update && apt-get install -y \
-    python3 python3-pip python3-venv python3-dev\
-    && rm -rf /var/lib/apt/lists/*
-
-# Install system dependencies
-RUN apt-get update && apt-get upgrade -y && \
-    apt-get install -y --no-install-recommends \
-      make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev \
-      libsqlite3-dev curl libncursesw5-dev xz-utils tk-dev libxml2-dev \
-      libxmlsec1-dev libffi-dev liblzma-dev \
+ENV DEBIAN_FRONTEND=noninteractive
+# Default cache locations (can be overridden at runtime)
+ENV RENV_PATHS_CACHE=/root/.local/share/renv \
+    PIP_CACHE_DIR=/root/.cache/pip
+
+# --- Layer 1: OS deps (cacheable)
+RUN --mount=type=cache,target=/var/cache/apt \
+    --mount=type=cache,target=/var/lib/apt \
+    apt-get update && apt-get install -y --no-install-recommends \
+      python3 python3-pip python3-venv python3-dev \
+      libcurl4-openssl-dev libssl-dev libxml2-dev \
       libtesseract-dev libpoppler-cpp-dev tesseract-ocr \
-      libleptonica-dev libpng-dev libjpeg-dev libtiff-dev imagemagick \
-      gdal-bin libgdal-dev libsecret-1-dev \
-      default-jdk openjdk-11-jdk \
+      libleptonica-dev libpng-dev libjpeg-dev libtiff-dev \
+      imagemagick gdal-bin libgdal-dev libsecret-1-dev \
       libglpk-dev libudunits2-dev \
-      gnupg software-properties-common
+      curl gnupg ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 
-# Install GitHub CLI
-RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | \
-      dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
+# --- Layer 2: GitHub CLI (optional)
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+      | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
     chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg && \
     echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
       > /etc/apt/sources.list.d/github-cli.list && \
     apt-get update && apt-get install -y gh && \
     rm -rf /var/lib/apt/lists/*
 
-# Install Quarto CLI separately
-RUN curl -fsSL https://quarto.org/download/latest/quarto-linux-amd64.deb -o quarto.deb && \
-    apt-get update && apt-get install -y ./quarto.deb && \
-    rm quarto.deb
-
-# Environment variables
-ENV JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64/"
-ENV PATH=/root/.pyenv/bin:$PATH
-ENV VENV_PATH="/root/.virtualenvs/venv"
-ENV REQ_FILE="/project/setup/requirements.txt"
-ENV DEBIAN_FRONTEND=noninteractive
-
-# Make sure these exist
-# RUN mkdir -p ${RENV_CACHE} ${PIP_CACHE}
-
-# Install tinytex system-wide (for LaTeX support)
-RUN --mount=type=cache,target=${R_CACHE} Rscript -e "install.packages('tinytex'); tinytex::install_tinytex(force=T)"
-
-# Install minimal R packages for system-level support
-RUN --mount=type=cache,target=${R_CACHE} Rscript -e "install.packages(c('digest','devtools','renv','reticulate','yaml'))"
+# --- Layer 3: Quarto
+RUN curl -fsSL https://quarto.org/download/latest/quarto-linux-amd64.deb -o /tmp/quarto.deb && \
+    apt-get update && apt-get install -y /tmp/quarto.deb && rm -f /tmp/quarto.deb && \
+    rm -rf /var/lib/apt/lists/*
 
-# Copy renv.lock and renv directory for layer caching, install R dependencies via renv
-COPY renv.lock /project/renv.lock
-COPY renv /project/renv
+# --- Layer 4: TinyTeX (LaTeX)
+RUN Rscript -e "install.packages('tinytex', repos='https://cloud.r-project.org'); tinytex::install_tinytex()"
 
-# Restore R deps from renv.lock using persistent cache
-RUN --mount=type=cache,target=${R_CACHE} Rscript -e 'renv::restore(lockfile = "/project/renv.lock", prompt = FALSE)'
+# Optional: a couple of helper R packages used during checks
+RUN Rscript -e "install.packages(c('digest'), repos='https://cloud.r-project.org')"
 
-# Copy Python requirements file if exists (cached separately)
-COPY setup/requirements.txt ${REQ_FILE}
-RUN --mount=type=cache,target=${PIP_CACHE} python3 -m venv /root/.virtualenvs/venv && \
-    "${VENV_PATH}/bin/pip" install --cache-dir "${PIP_CACHE}" -r "${REQ_FILE}"
+# Ensure cache dirs always exist (first-run safe)
+RUN mkdir -p ${RENV_PATHS_CACHE} ${PIP_CACHE_DIR} /root/.virtualenvs
 
-# Copy the rest of the project
-COPY . /project
 WORKDIR /project
 
-# Verify Environment
-RUN Rscript -e "renv::status();renv::diagnostics();devtools::session_info();reticulate::py_config()"
-
-# Default command
-CMD ["/bin/sh", "-c", "quarto render && quarto publish"]
+# Default command: render then publish
+CMD ["/bin/sh","-c","quarto render && quarto publish"]
