Skip to content

docker: smoke-test the example pipeline in read-only mode#731

Open
cailmdaley wants to merge 1 commit into
developfrom
chore/smoke-test-read-only
Open

docker: smoke-test the example pipeline in read-only mode#731
cailmdaley wants to merge 1 commit into
developfrom
chore/smoke-test-read-only

Conversation

@cailmdaley
Copy link
Copy Markdown
Contributor

@cailmdaley cailmdaley commented May 28, 2026

Summary

  • Adds scripts/sh/shapepipe_run_example.sh — a small wrapper that mktemp's a workdir, copies /app/example/ into it, cd's, and execs shapepipe_run. The existing Dockerfile auto-symlink rule (scripts/<lang>/<name>.<ext>/usr/local/bin/<name>) makes it available as shapepipe_run_example on $PATH.
  • Updates the CI smoke step in deploy-image.yml to call the wrapper, and runs it under docker run --read-only --tmpfs /tmp:rw — this emulates apptainer/SIF semantics, so the read-only constraint is now actually exercised in CI.
  • Drive-by: tightens .gitignore from *shapepipe_run_* (which catches any path containing that substring, including the new wrapper) to example/output/shapepipe_run_*.

Why

shapepipe_run -c /app/example/config.ini succeeds under docker because the container filesystem is writable. Under apptainer/SIF it fails:

ERROR: [Errno 30] Read-only file system: './example/output/shapepipe_runs.txt'

OUTPUT_DIR=./example/output resolves under WORKDIR=/app, which is read-only in SIF. CI was passing while the apptainer path silently broke — same class of gap dc13582 closed for uv run pytest, but for the pipeline entry point.

The wrapper closes the gap without changing user-facing config or the entry point. Same command works for both docker and apptainer users.

Verified locally

Built a fresh :develop sandbox at /n17data/cdaley/containers/shapepipe-712-check and ran the wrapper logic via:

apptainer exec /n17data/cdaley/containers/shapepipe-712-check bash -c '
  set -euo pipefail
  WORK="$(mktemp -d -t shapepipe-example-XXXXXX)"
  cp -r /app/example "$WORK/"
  cd "$WORK"
  shapepipe_run -c example/config.ini
'

— pipeline runs all 5 module steps and ends with A total of 0 errors were recorded. Finishing ShapePipe Run.

Test plan

  • CI's Test runtime — shapepipe entry point (read-only fs) step passes (wrapper resolves on PATH; mktemp/cp/cd dance works under --read-only --tmpfs /tmp:rw)
  • No other CI step regresses from the .gitignore retightening (the new pattern is strictly narrower)

🤖 Generated with Claude Code

@cailmdaley @claude
docker: smoke-test the example pipeline in read-only mode
69905da 
`shapepipe_run -c /app/example/config.ini` succeeds in docker because
the container filesystem is writable, but fails under apptainer/SIF
because OUTPUT_DIR=./example/output resolves under WORKDIR=/app which
is read-only:

  ERROR: [Errno 30] Read-only file system: './example/output/shapepipe_runs.txt'

The CI smoke test was passing while the apptainer path silently broke
— same class of gap dc13582 closed for `uv run pytest`, but for the
pipeline entry point.

Fix: a small wrapper `scripts/sh/shapepipe_run_example.sh` that
mktemp's a workdir, copies /app/example into it, cd's, and execs
shapepipe_run. The existing Dockerfile auto-symlink rule makes it
available as `shapepipe_run_example` on $PATH.

The CI step switches to the wrapper and runs it under
`docker run --read-only --tmpfs /tmp:rw`, which emulates SIF
semantics. Any future regression that relies on a writable cwd will
fail here instead of silently breaking apptainer users.

Drive-by: tighten `.gitignore`'s example-output patterns from
`*shapepipe_run_*` (catches anything with that substring, including
this new wrapper) to `example/output/shapepipe_run_*`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cailmdaley