Skip to content

Conversation

@Bevacizumab
Copy link

The original Dockerfile has issues and is not working. Ubuntu and Python versions are not specified, and the link to Psi4 is expired. This pull request fixes the Dockerfile and updates its README.md to match.

The new configuration has been tested on an Apple Silicon Mac (M4). Customization for other platforms is straightforward and can be understood easily with the updated README.md.

Changes to Dockerfile:

  1. Pin versions for Ubuntu (22.04) and Python (3.12).
  2. Add WORKDIR to mount local files.
  3. Set PATH with ENV.
  4. Psi4 is installed with a conda command instead of wget.
  5. Dependencies are installed inside of a virtual environment (fermion).
  6. Reduce the number of RUN commands to reduce the number of layers.

Changes to its README.md:

  1. Put some details on the Dockerfile in the first paragraph of Setting up ~.
  2. Add details to customization.
  3. Change docker run command and introduce a simpler way to mount local files. So some previous explanations are deleted.

@google-cla
Copy link

google-cla bot commented Jul 27, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@mhucka mhucka self-assigned this Aug 1, 2025
@mhucka
Copy link
Contributor

mhucka commented Aug 1, 2025

@Bevacizumab Thank you for this contribution! It looks like Google's bots don't have a record of an agreement to the contributor's license agreement (CLA), so please follow the instructions in the CLA bot comment earlier. (It's simple and doesn't require giving away any rights.)

@Bevacizumab
Copy link
Author

@mhucka Thank you for checking this pull request.

I completed the CLA last week, right after I saw the bot's comment. I've just confirmed that the CLA status is green in the "Checks" tab. It seems you might have been viewing an older notification without refreshing it.

Please let me know if you have any feedback on the code changes themselves. Thank you!

@mhucka
Copy link
Contributor

mhucka commented Aug 2, 2025

I completed the CLA last week, right after I saw the bot's comment. I've just confirmed that the CLA status is green in the "Checks" tab. It seems you might have been viewing an older notification without refreshing it.

Oh, great. Thanks for doing that.

Please let me know if you have any feedback on the code changes themselves. Thank you!

Yes, I will review it.

@mhucka
Copy link
Contributor

mhucka commented Aug 4, 2025

@Bevacizumab Thanks again for your work. There is a problem, but it may be easy to fix.

The Anaconda terms of service requires a license for business organizations. Specifically, under section 1.b of https://www.anaconda.com/legal/terms/terms-of-service (dated 2025-07-25):

When a Business Plan is Required. You must pay for a ‘Business Plan’ Subscription from Anaconda if you are using the Platform on behalf of a for-profit organization with more than 200 total employees or contractors (including all Affiliates) and you do not qualify for free use under Section 1(a) of these Terms (When Your Use is Free).

So, OpenFermion can't use make use of conda, miniconda, or the packages from https://repo.anaconda.com/pkgs/.

However, we can use conda-forge and miniforge. Would it be possible to rewrite your Dockerfile to use the miniforge3 installer and the conda-forge channel?

@Bevacizumab
Copy link
Author

@mhucka Thank you for detailing the issue and introducing me an alternative approach. I wasn't aware of the issue with conda for this project.

However, we can use conda-forge and miniforge. Would it be possible to rewrite your Dockerfile to use the miniforge3 installer and the conda-forge channel?

I will try to update dockerfile with conda-forge and miniforge.

Additionally, i'm planning to pin the versions of the installed five packages (openfermion, cirq, openfermioncirq, openfermionpsi4, and openfermionpyscf) to ensure the reproducibility of dockerfile. Also, I will update README for indicating one can manually change the package versions.

Due to my current schedule, I may not be able to make the changes immediately, but I expect to have it done within the next few weeks (hopefully sooner).

There is a question about the versions of ubuntu and python for this project. I have tentatively used ubuntu 22.04 and python 3.12 because FROM ubuntu and RUN apt-get install -y python3 in the original dockerfile automatically installs ubuntu 22.04 and python 3.12 in my machine. Let me know if there any preferred versions to ubuntu and python for this project. If there are no specific preferences, I will proceed with ubuntu 22.04 and python 3.12.

@Bevacizumab
Copy link
Author

Hello @mhucka. Thank you for your patience over the last few weeks.
I'm glad to let you know that I've updated the dockerfile to use Miniforge3 and conda-forge channel.
I chose not to pin the versions of the installed packages because of the complicated dependency issues this can cause.

The latest changes have been pushed to this pull request.
Could you please take a look when you have a moment?

@Bevacizumab
Copy link
Author

Hi @mhucka, I've just rebased my branch on top of the latest master. Sorry for the long wait.

@mhucka
Copy link
Contributor

mhucka commented Sep 25, 2025

@Bevacizumab Thank you for your continued efforts on this. I've added some review comments.

I will also do a PR to update the .hadolint.yaml configuration to avoid one of the Dockerfile errors it flagged because IMHO it's more of an annoyance than a benefit.

docker/README.md Outdated
## Setting up Docker for the first time

The Dockerfile is based on the [Ubuntu image](https://hub.docker.com/_/ubuntu) (ver. 22.04).
It creates a Python (ver. 3.12) virtual environemnt (named `fermion`) using Miniforge and installs all dependencies within it. Psi4 is installed with a conda [command](https://psicode.org/installs/v191/).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It creates a Python (ver. 3.12) virtual environemnt (named `fermion`) using Miniforge and installs all dependencies within it. Psi4 is installed with a conda [command](https://psicode.org/installs/v191/).
It creates a Python (ver. 3.12) virtual environment (named `fermion`) using Miniforge and installs all dependencies within it. Psi4 is installed with a conda [command](https://psicode.org/installs/v191/).

docker/README.md Outdated

The Dockerfile is based on the [Ubuntu image](https://hub.docker.com/_/ubuntu) (ver. 22.04).
It creates a Python (ver. 3.12) virtual environemnt (named `fermion`) using Miniforge and installs all dependencies within it. Psi4 is installed with a conda [command](https://psicode.org/installs/v191/).
The default configuration uses the latest Miniforge installer on Linux `aarch64` architecture.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this change the default from the previous x86_64 architecture? From our experiences, x86_84-based systems are still more common than arm64 systems.

docker/README.md Outdated
you can open the container with the following option:
```
docker cp [path to file on disk] [container name]:[path in container]
Command Palette -> Dev Containers: Attach to Running Container..
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change refers to a GUI interface, correct? As far as I know, docker does not provide a GUI. There is a separate tool, Docker Desktop, that provides a GUI, but we can't assume that users will be using that. (Also, Docker Desktop has license restrictions.)

Please revert this back to CLI-based instructions.

FROM ubuntu
FROM ubuntu:22.04

USER root
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was in the original Dockerfile, and not a new addition, but it may as well be fixed as part of this PR. The Dockerfile should not need root, so it should be possible to omit this line entirely. (I'm not sure why the original had it in the first place.) Removing the line will solve the check failure about "USER should not be root".

Comment on lines +26 to +25

RUN apt-get update && \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For DL3009, I will add a configuration setting to .hadolint.yaml to disable this particular check because it's just not worth the hassle.

For DL3015, go ahead and add the recommended --no-install-recommends flag.

For DL3008, we should probably pin the versions, although there are pros and cons to doing that. One way to find out the versions that can be used is to do roughly the following:

  1. switch to the x86_64 architecture as discuss in a previous comment above
  2. run the docker build as-is
  3. figure out what versions of the packages were installed by the build
  4. edit the file to add those vesions to the apt install command.

I don't know if it's possible with apt-get install, but try to see if it will let you specify just major.minor versions, not full major.minor.patch.whatever; i.e., "12.3" instead of "12.3.0.build34" etc.

@mhucka mhucka added area/docker Issues and PRs related to the use of Docker area/docs Involves documentation, notebooks, README files, and similar labels Sep 26, 2025
@Bevacizumab Bevacizumab force-pushed the update_docker_readme branch from 0c589ec to cf0f4f9 Compare October 6, 2025 14:47
RUN ln -s /usr/bin/python3 /usr/bin/python

ENTRYPOINT bash
FROM ubuntu:22.04

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: containerImage not pinned by hash
Remediation tip: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:09506232a8004baa32c47d68f1e5c307d648fdd59f5e7eaa42aaf87914100db3
Click Remediation section below for further remediation help
Comment on lines +37 to +45
RUN wget -O Miniforge3.sh "https://github.com/conda-forge/miniforge/releases/download/25.3.1-0/Miniforge3-25.3.1-0-$(uname)-$(uname -m).sh" && \
bash Miniforge3.sh -b -p "${HOME}/conda" && \
conda init bash && \
conda update -n base -c conda-forge conda && \
# Create virtual env (fermion) with installing Psi4
conda create -n fermion psi4 python=3.12 -c conda-forge -y && \
conda install -n fermion pip -y && \
# Install OpenFermion, Cirq, and plugins
conda run -n fermion pip install openfermion \ cirq \ openfermioncirq \ openfermionpsi4 \ openfermionpyscf

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: downloadThenRun not pinned by hash
Click Remediation section below to solve this issue
@Bevacizumab
Copy link
Author

@mhucka Thank you for your good and detailed review comments. It helped me a lot for improving the Dockerfile. I will explain the changes in the commit.

Dockerfile

  • USER root is deleted.
  • I put --no-install-recommends flag for apt-get install.
  • I thank you for adding the configuration setting.
  • I fixed the package versions for apt-get install. Unfortunately, it requires the full strings. I've manually checked all the installed packages' versions for both arm64 and amd64 architectures. Both architectures install the same version for each package.
  • I've made changes to support both linux/arm64 and linux/amd64 architectures (Psi4 only supports these two linux architectures). It is possible by putting uname and uname -m for the wget link of Miniforge.
  • Additionally, I solved DL3003 warning. Each cd was changed to WORKDIR.

README

  • I added information about the architecture support to help anyone who is not familiar with the concept.
  • I corrected the typo environemnt.
  • I deleted the explanation of "the default architecture".
  • I reverted to CLI-based instructions. Mounting local files is a good docker practice. But some might not want to do this. So I provide instructions on how to COPY or not, and how to mount or not.
    I split the explanation of copying local files and git repositories into a new subsection for clearance.

@Bevacizumab Bevacizumab requested a review from mhucka October 13, 2025 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/docker Issues and PRs related to the use of Docker area/docs Involves documentation, notebooks, README files, and similar

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants