Create a new tier-1 "container" site with dockerfiles for oneapi and gcc.

configs/sites/tier1/container/Dockerfile.gcc

@@ -0,0 +1,138 @@
+# Spack-Stack Container Build for tier1/container GCC site
+# See the README.md for building instructions.
+
+## ---------- build base container used by builder and runtime ----------
+FROM ubuntu:24.04 AS ubuntu_base
+
+ARG BUILD_JOBS=4
+ARG SPACK_STACK_TEMPLATE=unified-dev
+
+SHELL ["/bin/bash", "-c"]
+
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Etc/UTC \
+    LANGUAGE=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    COMPILER=gcc
+
+# Install core packages.
+RUN set -euo pipefail; \
+    apt-get -yqq update && \
+    apt-get -yqq upgrade && \
+    apt-get -yqq install --no-install-recommends \
+        # Core build tools.
+        build-essential \
+        gcc-13 \
+        gcc++-13 \
+        gfortran-13 \
+        cpp-13 \
+        make \
+        llvm-14 \
+        autoconf \
+        # External dependencies.
+        libcurl4-openssl-dev \
+        libmysqlclient-dev \
+        libqt5svg5-dev \
+        qt5-qmake \
+        qt5dxcb-plugin \
+        qtbase5-dev \
+        zstd \
+        # Shell tools, source retrieval and networking.
+        sed \
+        file \
+        less \
+        bzip2 \
+        unzip \
+        ca-certificates \
+        curl \
+        git \
+        git-lfs \
+        gpg \
+        environment-modules \
+        tcl \
+        tcl-dev \
+        vim \
+        wget \
+        nano \
+        locales && \
+    locale-gen en_US.UTF-8 && \
+    # Update alternatives for compilers and tools
+    update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-13 100 && \
+    update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 100 && \
+    update-alternatives --install /usr/bin/gfortran gfortran /usr/bin/gfortran-13 100 && \
+    update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-14 100 && \
+    rm -rf /var/lib/apt/lists/*
+
+
+## ---------- build spack-stack environment ----------
+FROM ubuntu_base AS builder
+
+ENV SPACK_STACK_DIR=/opt/spack-stack \
+    SPACK_ROOT=/opt/spack-stack/spack
+
+
+# Copy spack-stack from build context. Note the build context must be the
+# root of the spack-stack repository (see the README.md for details).
+COPY . ${SPACK_STACK_DIR}
+
+# Create spack-stack environment
+WORKDIR /opt/spack-stack
+RUN mkdir -p /tmp/spack-stack && \
+    source setup.sh && \
+    spack stack create env \
+        --site container \
+        --template ${SPACK_STACK_TEMPLATE} \
+        --name container \
+        --prefix /opt/spack-software/ \
+        --compiler $COMPILER && \
+    cd ${SPACK_STACK_DIR}/envs/container && \
+    spack env activate . && \
+    spack concretize 2>&1 | tee log.concretize && \
+    spack install --fail-fast -j ${BUILD_JOBS} 2>&1 | tee log.install && \
+    spack module tcl refresh -y && \
+    spack stack setup-meta-modules && \
+    # Save output of spack find.
+    spack find 2>&1 | tee /opt/spack-software/spack_find.out && \
+    spack clean --all
+
+## ---------- Create runtime container ----------
+FROM ubuntu_base AS runtime
+
+COPY --from=builder /opt/spack-software/ /opt/spack-software/
+
+ENV CC=gcc \
+    CXX=g++ \
+    FC=gfortran
+
+# Container-wide rc script with compiler defaults, MPI policy, module paths.
+RUN echo "ulimit -s unlimited" > /etc/spack_container_rc.sh \
+    && echo "ulimit -v unlimited" >> /etc/spack_container_rc.sh \
+    && echo "export CC=gcc" >> /etc/spack_container_rc.sh \
+    && echo "export CXX=g++" >> /etc/spack_container_rc.sh \
+    && echo "export FC=gfortran" >> /etc/spack_container_rc.sh \
+    && echo "# OpenMPI settings for running as root and oversubscription." >> /etc/spack_container_rc.sh \
+    && echo "export OMPI_ALLOW_RUN_AS_ROOT=1" >> /etc/spack_container_rc.sh \
+    && echo "export OMPI_ALLOW_RUN_AS_ROOT_CONFIRM=1" >> /etc/spack_container_rc.sh \
+    && echo "export PRTE_MCA_rmaps_default_mapping_policy=:oversubscribe" >> /etc/spack_container_rc.sh \
+    && echo "# TCL module path for the spack-stack environment." >> /etc/spack_container_rc.sh \
+    && echo "source /etc/profile.d/modules.sh" >> /etc/spack_container_rc.sh \
+    && echo "module use /opt/spack-software/modules/Core" >> /etc/spack_container_rc.sh \
+    && echo "source /etc/spack_container_rc.sh" >> /etc/bash.bashrc \
+    && printf "[credential]\n    helper = cache --timeout=7200\n" >> /root/.gitconfig \
+    && mkdir /root/.pmix \
+    && echo "rmaps_default_mapping_policy=:oversubscribe" >> /root/.pmix/mca-params.conf
+
+# Nonroot user for MPI
+RUN useradd -U -k /etc/skel -s /bin/bash -d /home/nonroot -m nonroot --uid 43891 \
+ && echo "ulimit -s unlimited" >> /home/nonroot/.bashrc \
+ && echo "ulimit -v unlimited" >> /home/nonroot/.bashrc \
+ && printf "[credential]\n    helper = cache --timeout=7200\n" >> /home/nonroot/.gitconfig \
+ && mkdir /home/nonroot/.pmix \
+ && chown -R nonroot:nonroot /home/nonroot/.gitconfig /home/nonroot/.pmix
+
+# Ensure the container rc is run by non-login shells too.
+ENV BASH_ENV=/etc/spack_container_rc.sh
+
+CMD ["/bin/bash"]

configs/sites/tier1/container/Dockerfile.oneapi

@@ -0,0 +1,151 @@
+# Spack-Stack Container Build for tier1/container Intel oneapi site
+# See the README.md for building instructions.
+
+## ---------- build base container used by builder and runtime ----------
+FROM ubuntu:24.04 AS ubuntu_base
+
+ARG BUILD_JOBS=4
+ARG SPACK_STACK_TEMPLATE=unified-dev
+
+SHELL ["/bin/bash", "-c"]
+
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Etc/UTC \
+    LANGUAGE=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    COMPILER=intel
+
+# Install core packages.
+RUN set -euo pipefail; \
+    apt-get -yqq update && \
+    apt-get -yqq upgrade && \
+    apt-get -yqq install --no-install-recommends \
+        # Core build tools.
+        build-essential \
+        gcc-13 \
+        gcc++-13 \
+        gfortran-13 \
+        cpp-13 \
+        make \
+        llvm-14 \
+        autoconf \
+        # External dependencies.
+        libcurl4-openssl-dev \
+        libmysqlclient-dev \
+        libqt5svg5-dev \
+        qt5-qmake \
+        qt5dxcb-plugin \
+        qtbase5-dev \
+        zstd \
+        # Shell tools, source retrieval and networking.
+        sed \
+        file \
+        less \
+        bzip2 \
+        unzip \
+        ca-certificates \
+        curl \
+        git \
+        git-lfs \
+        gpg \
+        environment-modules \
+        tcl \
+        tcl-dev \
+        vim \
+        wget \
+        nano \
+        locales && \
+    locale-gen en_US.UTF-8 && \
+    # Update alternatives for compilers and tools
+    update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-13 100 && \
+    update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 100 && \
+    update-alternatives --install /usr/bin/gfortran gfortran /usr/bin/gfortran-13 100 && \
+    update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-14 100 && \
+    # Install the intel
+    apt install -y apt-utils gpg && \
+    wget -O- https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB \
+        | gpg --dearmor \
+        | tee /usr/share/keyrings/oneapi-archive-keyring.gpg > /dev/null && \
+    echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" \
+        | tee /etc/apt/sources.list.d/oneAPI.list && \
+    apt update && \
+    apt install -y \
+        intel-oneapi-compiler-dpcpp-cpp-2025.3 \
+        intel-oneapi-compiler-fortran-2025.3 \
+        intel-oneapi-mpi-devel-2021.17 \
+        intel-oneapi-tbb-devel-2022.3 \
+        intel-oneapi-mkl-devel-2025.3 && \
+    /opt/intel/oneapi/modulefiles-setup.sh --output-dir=/opt/intel/oneapi/modulefiles && \
+    echo "source /etc/profile.d/modules.sh && module use /opt/intel/oneapi/modulefiles" > /etc/profile.d/z01_oneapi_modules.sh && \
+    rm -rf /var/lib/apt/lists/*
+
+
+## ---------- build spack-stack environment ----------
+FROM ubuntu_base AS builder
+
+ENV SPACK_STACK_DIR=/opt/spack-stack \
+    SPACK_ROOT=/opt/spack-stack/spack
+
+
+# Copy spack-stack from build context. Note the build context must be the
+# root of the spack-stack repository (see the README.md for details).
+COPY . ${SPACK_STACK_DIR}
+
+# Create spack-stack environment
+WORKDIR /opt/spack-stack
+RUN mkdir -p /tmp/spack-stack && \
+    source setup.sh && \
+    spack stack create env \
+        --site container \
+        --template ${SPACK_STACK_TEMPLATE} \
+        --name container \
+        --prefix /opt/spack-software/ \
+        --compiler oneapi && \
+    cd ${SPACK_STACK_DIR}/envs/container && \
+    spack env activate . && \
+    spack concretize 2>&1 | tee log.concretize && \
+    spack install --fail-fast -j ${BUILD_JOBS} 2>&1 | tee log.install && \
+    spack module tcl refresh -y && \
+    spack stack setup-meta-modules && \
+    # Save output of spack find.
+    spack find 2>&1 | tee /opt/spack-software/spack_find.out && \
+    spack clean --all
+
+## ---------- Create runtime container ----------
+FROM ubuntu_base AS runtime
+
+COPY --from=builder /opt/spack-software/ /opt/spack-software/
+
+ENV CC=icx \
+    CXX=icpx \
+    FC=ifx
+
+# Container-wide rc script with compiler defaults, MPI policy, module paths.
+RUN echo "ulimit -s unlimited" > /etc/spack_container_rc.sh \
+    && echo "ulimit -v unlimited" >> /etc/spack_container_rc.sh \
+    && echo "export CC=icx" >> /etc/spack_container_rc.sh \
+    && echo "export CXX=icpx" >> /etc/spack_container_rc.sh \
+    && echo "export FC=ifx" >> /etc/spack_container_rc.sh \
+    && echo "# TCL module path for the spack-stack environment." >> /etc/spack_container_rc.sh \
+    && echo "export MODULEPATH=/opt/spack-software/modules/Core" >> /etc/spack_container_rc.sh \
+    && echo "source /etc/profile.d/modules.sh" >> /etc/spack_container_rc.sh \
+    && echo "module use /opt/intel/oneapi/modulefiles" >> /etc/spack_container_rc.sh \
+    && echo "module use /opt/spack-software/modules/Core" >> /etc/spack_container_rc.sh \
+    && echo "source /etc/spack_container_rc.sh" >> /etc/bash.bashrc \
+    && printf "[credential]\n    helper = cache --timeout=7200\n" >> /root/.gitconfig \
+    && mkdir /root/.pmix
+
+# Nonroot user for MPI
+RUN useradd -U -k /etc/skel -s /bin/bash -d /home/nonroot -m nonroot --uid 43891 \
+ && echo "ulimit -s unlimited" >> /home/nonroot/.bashrc \
+ && echo "ulimit -v unlimited" >> /home/nonroot/.bashrc \
+ && printf "[credential]\n    helper = cache --timeout=7200\n" >> /home/nonroot/.gitconfig \
+ && mkdir /home/nonroot/.pmix \
+ && chown -R nonroot:nonroot /home/nonroot/.gitconfig /home/nonroot/.pmix
+
+# Ensure the container rc is run by non-login shells too.
+ENV BASH_ENV=/etc/spack_container_rc.sh
+
+CMD ["/bin/bash"]

configs/sites/tier1/container/README.md

@@ -0,0 +1,37 @@
+# Container Site
+
+This site config is used to build the official Spack-stack containers. This new tier-1 container site superceedes the legacy spack-based container builds and orients the container builder around common configs and a common site definition. The motivation for this site is to have our shared containers more closely match sites with loadable modules and developer tools-pre installed.
+
+
+# Building
+
+This container is not a typical site config and is installed slightly differently to accomodate the use of a dockerfile. Please follow the instructions here to build it.
+
+## Prerequisites
+- Docker
+- At least 100 GB of disk space for the build
+- Sufficient RAM (8GB+ recommended)
+
+## Quick Build
+
+The build context is the spack-stack repository root.  The Dockerfile
+copies the entire local checkout (including the submodules) into
+the image, so any local changes to configs, templates, or spack-ext
+are automatically reflected in the container.
+
+```bash
+docker build \
+    -t spack-stack-gcc:local \
+    -f "$(git rev-parse --show-toplevel)/configs/sites/tier1/container/Dockerfile.gcc" \
+    --build-arg SPACK_STACK_TEMPLATE=unified-dev \
+    --build-arg BUILD_JOBS=10 \
+    "$(git rev-parse --show-toplevel)"  2>&1 | tee ${HOME}/log.docker_gcc
+
+
+docker build \
+    -t spack-stack-oneapi:local \
+    -f "$(git rev-parse --show-toplevel)/configs/sites/tier1/container/Dockerfile.oneapi" \
+    --build-arg SPACK_STACK_TEMPLATE=unified-dev \
+    --build-arg BUILD_JOBS=10 \
+    "$(git rev-parse --show-toplevel)" 2>&1 | tee ${HOME}/log.docker_oneapi
+```

configs/sites/tier1/container/config.yaml

@@ -0,0 +1,9 @@
+config:
+  build_jobs: 10
+
+  # Container-specific paths for build and staging areas.
+  # Use /tmp for transient build data (not preserved in final image).
+  build_stage: /tmp/spack-stack/cache/build_stage
+  test_stage: /tmp/spack-stack/cache/test_stage
+  source_cache: /tmp/spack-stack/cache/source_cache
+  misc_cache: /tmp/spack-stack/cache/misc_cache

configs/sites/tier1/container/modules.yaml

@@ -0,0 +1,7 @@
+modules:
+  default:
+    enable::
+    - tcl
+    tcl:
+      include:
+      - python