Singularity/Apptainer executor
Description
The Singularity/Apptainer container runtime is very prevalent in High Performance Computing (HPC) environments across research institutions across the world (see The HPC Container Community Survey). Its most important feature is the rootless container setup through user namespaces, as well as good support for GPUs by all major vendors. It is currently only supported indirectly in gitlab-runner through custom executors.
There are custom executors like Jacamar that are actively being used in HPC environments, but they are still more inconvenient than the directly supported Docker executor.
Proposal
Instead of relying on a custom executor, I want to suggest adding a proper Singularity executor based on the shell executor. The advantage of this is that it allows us to share the configuration options between Docker and Singularity (which makes sense for many of the options like default image, volumes, ...), and easy setup through gitlab-runner register
I want to build a Singularity executor by starting off from the Shell executor by
- adding a
singularity pull
call to theprepare
step if necessary (which requires specifying an image storage dir for the SIF images used by Singularity) - prepending
singularity exec --bind ... image-file.sif
to the commands that would normally be executed by the shell - adding suitable flags to control location and cleanup of cache and build files.
An important thing here is that container images are read-only by default, so we don't really need to think about starting or stopping containers, but instead can work on a read-only environment only. In case they need to be writable beyond bound volumes, they can rely on a tmpfs of configurable size.
This could also be generalized into a generic container executor for runtime environments with similar CLI interfaces like singularity, but from the survey, it seems like this would likely not have a big user base in the HPC area.
Links to related issues and merge requests / references
This only seems to have been discussed in https://forum.gitlab.com/t/run-singularity-on-a-shared-gitlab-runner/75825 so far