post-create.sh

#!/bin/bash
# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0

set -eu

# Use WORKSPACE_DIR if set (should be set by Dockerfile.local_dev)
# Otherwise, use /workspace as fallback
WORKSPACE_DIR="${WORKSPACE_DIR:-/workspace}"

# Ensure we're not running as root
if [ "$(id -u)" -eq 0 ]; then
    echo "❌ ERROR: This script should not be run as root!"
    echo "The script should run as the 'dynamo' user, not root."
    echo "Current user: $(whoami) (UID: $(id -u))"
    exit 1
fi

# Verify we're running as the expected user
if [ "$(whoami)" != "dynamo" ]; then
    echo "⚠️  WARNING: Expected to run as 'dynamo' user, but running as '$(whoami)'"
    echo "This might cause permission issues."
fi

echo "Running post-create script as user: $(whoami) (UID: $(id -u))"

trap 'echo "❌ ERROR: Command failed at line $LINENO: $BASH_COMMAND"; echo "⚠️ This was unexpected and setup was not completed. Can try to resolve yourself and then manually run the rest of the commands in this file or file a bug."' ERR

retry() {
    # retries for connectivity issues in installs
    local retries=3
    local count=0
    until "$@"; do
        exit_code=$?
        wait_time=$((2 ** count))
        echo "Command failed with exit code $exit_code. Retrying in $wait_time seconds..."
        sleep $wait_time
        count=$((count + 1))
        if [ $count -ge $retries ]; then
            echo "Command failed after $retries attempts."
            return $exit_code
        fi
    done
    return 0
}

show_and_run() {
    # Run commands with debug output shown
    set -x
    "$@"
    { set +x; } 2>/dev/null
}

set -x

# Pre-commit hooks
cd $WORKSPACE_DIR && pre-commit install && retry pre-commit install-hooks
pre-commit run --all-files || true # don't fail the build if pre-commit hooks fail

# Use CARGO_TARGET_DIR from environment (should be set by Dockerfile.local_dev)
# Fallback to $WORKSPACE_DIR/target if not set
export CARGO_TARGET_DIR=${CARGO_TARGET_DIR:-$WORKSPACE_DIR/target}
mkdir -p $CARGO_TARGET_DIR

uv pip uninstall --yes ai-dynamo ai-dynamo-runtime 2>/dev/null || true

# Build project, with `dev` profile it will be saved at $CARGO_TARGET_DIR/debug
cargo build --locked --profile dev --features dynamo-llm/block-manager

# install the python bindings

# Install maturin if not already installed.
# TODO: Uncomment for SGLANG. Right now, the CI team is making a refactor
#       to the Dockerfile, so this is a temporary fix.
# if ! command -v maturin &> /dev/null; then
#     echo "Installing maturin..."
#     retry uv pip install maturin[patchelf]
# else
#     echo "maturin is already installed"
# fi

# install ai-dynamo-runtime
(cd $WORKSPACE_DIR/lib/bindings/python && retry maturin develop)

# install ai-dynamo
cd $WORKSPACE_DIR && retry env DYNAMO_BIN_PATH=$CARGO_TARGET_DIR/debug uv pip install -e .

{ set +x; } 2>/dev/null

echo -e "\n" >> ~/.bashrc
echo "# === This section is generated by the post-create.sh script ===" >> ~/.bashrc

if ! grep -q "export GPG_TTY=" ~/.bashrc; then
    show_and_run echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
fi

# Unset empty tokens/variables to avoid issues with authentication and SSH
if ! grep -q "# Unset empty tokens" ~/.bashrc; then
    echo -e "\n# Unset empty tokens and environment variables" >> ~/.bashrc
    echo '[ -z "${HF_TOKEN:-}" ] && unset HF_TOKEN' >> ~/.bashrc
    echo '[ -z "${GITHUB_TOKEN:-}" ] && unset GITHUB_TOKEN' >> ~/.bashrc
    echo '[ -z "${SSH_AUTH_SOCK:-}" ] && unset SSH_AUTH_SOCK' >> ~/.bashrc
fi

# Check SSH agent forwarding status
if [ -n "${SSH_AUTH_SOCK:-}" ]; then
    if ssh-add -l > /dev/null 2>&1; then
        echo "SSH agent forwarding is working - found $(ssh-add -l | wc -l) key(s):"
        ssh-add -l
    else
        echo "⚠️ SSH_AUTH_SOCK is set but ssh-add failed - agent may not be accessible"
    fi
else
    echo "⚠️ SSH agent forwarding not configured - SSH_AUTH_SOCK is not set"
fi

show_and_run $WORKSPACE_DIR/deploy/sanity_check.py

cat <<EOF

✅ SUCCESS: Built cargo project, installed Python bindings, configured pre-commit hooks

Example commands:
  cargo build --locked --profile dev              # Build Rust project in $CARGO_TARGET_DIR
  cd lib/bindings/python && maturin develop --uv  # Update Python bindings (if you changed them)
  cargo fmt && cargo clippy                       # Format and lint code before committing
  cargo doc --no-deps                             # Generate documentation
  uv pip install -e .                             # Install various Python packages Dynamo depends on
EOF