Skip to content

GitLab

Unverified Commit be48b4cf authored by Dillon Cullinan's avatar Dillon Cullinan Committed by GitHub
Browse files

ci: Fix Dockerfile mount secrets (#2960) 


Signed-off-by: default avatarDillon Cullinan <dcullinan@nvidia.com>
parent 6f14e941
Show whitespace changes
Inline Side-by-side
Showing with 18 additions and 16 deletions
container/Dockerfile
View file @ be48b4cf
# syntax=docker/dockerfile:1.10.0
# SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
...@@ -35,8 +36,6 @@ ARG ARCH_ALT=x86_64 ...@@ -35,8 +36,6 @@ ARG ARCH_ALT=x86_64
ARG USE_SCCACHE ARG USE_SCCACHE
ARG SCCACHE_BUCKET="" ARG SCCACHE_BUCKET=""
ARG SCCACHE_REGION="" ARG SCCACHE_REGION=""
ARG AWS_ACCESS_KEY_ID=""
ARG AWS_SECRET_ACCESS_KEY=""
# NIXL configuration # NIXL configuration
ARG NIXL_UCX_REF=v1.19.0 ARG NIXL_UCX_REF=v1.19.0
...@@ -58,8 +57,6 @@ ARG PYTHON_VERSION ...@@ -58,8 +57,6 @@ ARG PYTHON_VERSION
ARG USE_SCCACHE ARG USE_SCCACHE
ARG SCCACHE_BUCKET ARG SCCACHE_BUCKET
ARG SCCACHE_REGION ARG SCCACHE_REGION
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG NIXL_UCX_REF ARG NIXL_UCX_REF
ARG NIXL_REF ARG NIXL_REF
...@@ -164,7 +161,9 @@ ENV PATH=/usr/local/bin/etcd/:$PATH ...@@ -164,7 +161,9 @@ ENV PATH=/usr/local/bin/etcd/:$PATH
################################## ##################################
# Build and install UCX # Build and install UCX
RUN rm -rf /opt/hpcx/ucx && \ RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \
rm -rf /opt/hpcx/ucx && \
rm -rf /usr/local/ucx && \ rm -rf /usr/local/ucx && \
echo "Building UCX with reference $NIXL_UCX_REF" && \ echo "Building UCX with reference $NIXL_UCX_REF" && \
cd /usr/local/src && \ cd /usr/local/src && \
...@@ -214,7 +213,9 @@ ENV NIXL_SRC_DIR=/opt/nixl \ ...@@ -214,7 +213,9 @@ ENV NIXL_SRC_DIR=/opt/nixl \
NIXL_PLUGIN_DIR=/opt/nvidia/nvda_nixl/lib/${ARCH_ALT}-linux-gnu/plugins NIXL_PLUGIN_DIR=/opt/nvidia/nvda_nixl/lib/${ARCH_ALT}-linux-gnu/plugins
# Build and install NIXL # Build and install NIXL
RUN git clone --depth 1 --branch ${NIXL_REF} "https://github.com/ai-dynamo/nixl.git" ${NIXL_SRC_DIR} && \ RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \
git clone --depth 1 --branch ${NIXL_REF} "https://github.com/ai-dynamo/nixl.git" ${NIXL_SRC_DIR} && \
cd ${NIXL_SRC_DIR} && \ cd ${NIXL_SRC_DIR} && \
if [ "$ARCH" = "arm64" ]; then \ if [ "$ARCH" = "arm64" ]; then \
nixl_build_args="-Ddisable_gds_backend=true"; \ nixl_build_args="-Ddisable_gds_backend=true"; \
...@@ -230,7 +231,9 @@ RUN git clone --depth 1 --branch ${NIXL_REF} "https://github.com/ai-dynamo/nixl. ...@@ -230,7 +231,9 @@ RUN git clone --depth 1 --branch ${NIXL_REF} "https://github.com/ai-dynamo/nixl.
# Build NIXL Python module # Build NIXL Python module
# TODO OPS-590: Move gds_path selection based on arch into NIXL build and re-enable gds backend for arm64 # TODO OPS-590: Move gds_path selection based on arch into NIXL build and re-enable gds backend for arm64
RUN if [ "$ARCH" = "arm64" ]; then \ RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \
if [ "$ARCH" = "arm64" ]; then \
cd ${NIXL_SRC_DIR} && uv build . --out-dir /opt/dynamo/wheelhouse/nixl \ cd ${NIXL_SRC_DIR} && uv build . --out-dir /opt/dynamo/wheelhouse/nixl \
--config-settings=setup-args="-Ddisable_gds_backend=true"; \ --config-settings=setup-args="-Ddisable_gds_backend=true"; \
else \ else \
...@@ -272,8 +275,6 @@ ARG ENABLE_KVBM ...@@ -272,8 +275,6 @@ ARG ENABLE_KVBM
ARG USE_SCCACHE ARG USE_SCCACHE
ARG SCCACHE_BUCKET ARG SCCACHE_BUCKET
ARG SCCACHE_REGION ARG SCCACHE_REGION
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
WORKDIR /opt/dynamo WORKDIR /opt/dynamo
...@@ -317,7 +318,9 @@ COPY lib/ /opt/dynamo/lib/ ...@@ -317,7 +318,9 @@ COPY lib/ /opt/dynamo/lib/
COPY components/ /opt/dynamo/components/ COPY components/ /opt/dynamo/components/
# Build wheels # Build wheels
RUN uv build --wheel --out-dir /opt/dynamo/dist && \ RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \
uv build --wheel --out-dir /opt/dynamo/dist && \
cd /opt/dynamo/lib/bindings/python && \ cd /opt/dynamo/lib/bindings/python && \
uv pip install maturin[patchelf] && \ uv pip install maturin[patchelf] && \
if [ "$ENABLE_KVBM" = "true" ]; then \ if [ "$ENABLE_KVBM" = "true" ]; then \
......
container/Dockerfile.vllm
View file @ be48b4cf
# syntax=docker/dockerfile:1.10.0
# SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
...@@ -20,8 +21,6 @@ ARG TORCH_BACKEND="cu128" ...@@ -20,8 +21,6 @@ ARG TORCH_BACKEND="cu128"
ARG USE_SCCACHE ARG USE_SCCACHE
ARG SCCACHE_BUCKET="" ARG SCCACHE_BUCKET=""
ARG SCCACHE_REGION="" ARG SCCACHE_REGION=""
ARG AWS_ACCESS_KEY_ID=""
ARG AWS_SECRET_ACCESS_KEY=""
# Match 0.10.1.1 vLLM release # Match 0.10.1.1 vLLM release
# https://github.com/vllm-project/vllm/releases/tag/v0.10.1.1 # https://github.com/vllm-project/vllm/releases/tag/v0.10.1.1
...@@ -121,8 +120,6 @@ ARG USE_SCCACHE ...@@ -121,8 +120,6 @@ ARG USE_SCCACHE
ARG ARCH_ALT ARG ARCH_ALT
ARG SCCACHE_BUCKET ARG SCCACHE_BUCKET
ARG SCCACHE_REGION ARG SCCACHE_REGION
ARG AWS_ACCESS_KEY_ID=""
ARG AWS_SECRET_ACCESS_KEY=""
ENV ARCH_ALT=${ARCH_ALT} ENV ARCH_ALT=${ARCH_ALT}
RUN if [ "$USE_SCCACHE" = "true" ]; then \ RUN if [ "$USE_SCCACHE" = "true" ]; then \
...@@ -139,6 +136,8 @@ ENV SCCACHE_BUCKET=${USE_SCCACHE:+${SCCACHE_BUCKET}} \ ...@@ -139,6 +136,8 @@ ENV SCCACHE_BUCKET=${USE_SCCACHE:+${SCCACHE_BUCKET}} \
# Install VLLM and related dependencies # Install VLLM and related dependencies
RUN --mount=type=bind,source=./container/deps/,target=/tmp/deps \ RUN --mount=type=bind,source=./container/deps/,target=/tmp/deps \
--mount=type=cache,target=/root/.cache/uv \ --mount=type=cache,target=/root/.cache/uv \
--mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \
# TODO - split vllm, DeepEP, DeepGeMM, PPLX installs # TODO - split vllm, DeepEP, DeepGeMM, PPLX installs
# Should be able to select how you want your build to go # Should be able to select how you want your build to go
cp /tmp/deps/vllm/install_vllm.sh /tmp/install_vllm.sh && \ cp /tmp/deps/vllm/install_vllm.sh /tmp/install_vllm.sh && \
......
container/build.sh
View file @ be48b4cf
...@@ -602,8 +602,8 @@ if [ "$USE_SCCACHE" = true ]; then ...@@ -602,8 +602,8 @@ if [ "$USE_SCCACHE" = true ]; then
BUILD_ARGS+=" --build-arg USE_SCCACHE=true" BUILD_ARGS+=" --build-arg USE_SCCACHE=true"
BUILD_ARGS+=" --build-arg SCCACHE_BUCKET=${SCCACHE_BUCKET}" BUILD_ARGS+=" --build-arg SCCACHE_BUCKET=${SCCACHE_BUCKET}"
BUILD_ARGS+=" --build-arg SCCACHE_REGION=${SCCACHE_REGION}" BUILD_ARGS+=" --build-arg SCCACHE_REGION=${SCCACHE_REGION}"
BUILD_ARGS+=" --build-arg AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" BUILD_ARGS+=" --secret id=aws-key-id,env=AWS_ACCESS_KEY_ID"
BUILD_ARGS+=" --build-arg AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" BUILD_ARGS+=" --secret id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY"
fi fi
LATEST_TAG="--tag dynamo:latest-${FRAMEWORK,,}" LATEST_TAG="--tag dynamo:latest-${FRAMEWORK,,}"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment