# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 # # NOTE FOR dynamo_base AND wheel_builder STAGES: # # All changes to dynamo_base and wheel_builder stages should be replicated across # Dockerfile and Dockerfile. images.: # - Dockerfile # - Dockerfile.vllm # - Dockerfile.sglang # - Dockerfile.trtllm # This duplication was introduced purposely to quickly enable Docker layer caching and # deduplication. Please ensure these stages stay in sync until the duplication can be # addressed. # # Throughout this file, we make certain paths group-writable because this allows # both the dynamo user (UID 1000) and Dev Container users (UID != 1000) to work # properly without needing slow chown -R operations (which can add 2-10 extra # minutes). # # DEVELOPMENT PATHS THAT MUST BE GROUP-WRITABLE (for virtualenv containers): # /workspace - Users create/modify project files # /home/dynamo - Users create config/cache files # /home/dynamo/.local - SGLang uses $HOME/.local/lib/python3.10/site-packages for pip install # # HOW TO ACHIEVE GROUP-WRITABLE PERMISSIONS: # 1. SHELL + /etc/profile.d - Login shell sources umask 002 globally for all RUN commands (775/664) # 2. COPY --chmod=775 - Sets permissions on copied children (not destination) # 3. chmod g+w (no -R) - Fixes destination dirs only (milliseconds vs minutes) # This section contains build arguments that are common and shared with # the plain Dockerfile, so they should NOT have a default. The source of truth is from build.sh. ARG BASE_IMAGE ARG BASE_IMAGE_TAG ARG PYTHON_VERSION ARG ENABLE_KVBM ARG ENABLE_MEDIA_NIXL ARG ENABLE_MEDIA_FFMPEG ARG CARGO_BUILD_JOBS ARG RUNTIME_IMAGE="lmsysorg/sglang" ARG RUNTIME_IMAGE_TAG="v0.5.6.post2-runtime" # SCCACHE configuration ARG USE_SCCACHE ARG SCCACHE_BUCKET="" ARG SCCACHE_REGION="" # NIXL configuration ARG NIXL_UCX_REF ARG NIXL_REF ARG NIXL_GDRCOPY_REF ARG NIXL_LIBFABRIC_REF # Define general architecture ARGs for supporting both x86 and aarch64 builds. # ARCH: Used for package suffixes (e.g., amd64, arm64) # ARCH_ALT: Used for Rust targets, manylinux suffix (e.g., x86_64, aarch64) # # Default values are for x86/amd64: # --build-arg ARCH=amd64 --build-arg ARCH_ALT=x86_64 # # For arm64/aarch64, build with: # --build-arg ARCH=arm64 --build-arg ARCH_ALT=aarch64 # # NOTE: There isn't an easy way to define one of these values based on the other value # without adding if statements everywhere, so just define both as ARGs for now. ARG ARCH=amd64 ARG ARCH_ALT=x86_64 ################################## ########## Base Image ############ ################################## FROM ${BASE_IMAGE}:${BASE_IMAGE_TAG} AS dynamo_base ARG ARCH ARG ARCH_ALT USER root WORKDIR /opt/dynamo # Install uv package manager COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ # Install NATS server ENV NATS_VERSION="v2.10.28" RUN --mount=type=cache,target=/var/cache/apt \ wget --tries=3 --waitretry=5 https://github.com/nats-io/nats-server/releases/download/${NATS_VERSION}/nats-server-${NATS_VERSION}-${ARCH}.deb && \ dpkg -i nats-server-${NATS_VERSION}-${ARCH}.deb && rm nats-server-${NATS_VERSION}-${ARCH}.deb # Install etcd ENV ETCD_VERSION="v3.5.21" RUN wget --tries=3 --waitretry=5 https://github.com/etcd-io/etcd/releases/download/$ETCD_VERSION/etcd-$ETCD_VERSION-linux-${ARCH}.tar.gz -O /tmp/etcd.tar.gz && \ mkdir -p /usr/local/bin/etcd && \ tar -xvf /tmp/etcd.tar.gz -C /usr/local/bin/etcd --strip-components=1 && \ rm /tmp/etcd.tar.gz ENV PATH=/usr/local/bin/etcd/:$PATH # Rust Setup # Rust environment setup ENV RUSTUP_HOME=/usr/local/rustup \ CARGO_HOME=/usr/local/cargo \ PATH=/usr/local/cargo/bin:$PATH \ RUST_VERSION=1.90.0 # Define Rust target based on ARCH_ALT ARG ARG RUSTARCH=${ARCH_ALT}-unknown-linux-gnu # Install Rust RUN wget --tries=3 --waitretry=5 "https://static.rust-lang.org/rustup/archive/1.28.1/${RUSTARCH}/rustup-init" && \ chmod +x rustup-init && \ ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${RUSTARCH} && \ rm rustup-init && \ chmod -R a+w $RUSTUP_HOME $CARGO_HOME ################################## ##### Wheel Build Image ########## ################################## # Redeclare ARCH_ALT ARG so it's available for interpolation in the FROM instruction ARG ARCH_ALT FROM quay.io/pypa/manylinux_2_28_${ARCH_ALT} AS wheel_builder # Redeclare ARGs for this stage ARG ARCH ARG ARCH_ALT ARG CARGO_BUILD_JOBS WORKDIR /workspace # Copy CUDA from base stage COPY --from=dynamo_base /usr/local/cuda /usr/local/cuda COPY --from=dynamo_base /etc/ld.so.conf.d/hpcx.conf /etc/ld.so.conf.d/hpcx.conf # Set environment variables first so they can be used in COPY commands ENV CARGO_BUILD_JOBS=${CARGO_BUILD_JOBS:-16} \ RUSTUP_HOME=/usr/local/rustup \ CARGO_HOME=/usr/local/cargo \ CARGO_TARGET_DIR=/opt/dynamo/target \ PATH=/usr/local/cargo/bin:$PATH # Copy artifacts from base stage COPY --from=dynamo_base $RUSTUP_HOME $RUSTUP_HOME COPY --from=dynamo_base $CARGO_HOME $CARGO_HOME # Install system dependencies RUN yum groupinstall -y 'Development Tools' && \ dnf install -y almalinux-release-synergy && \ dnf config-manager --set-enabled powertools && \ dnf install -y \ # Build tools cmake \ ninja-build \ clang-devel \ gcc-c++ \ flex \ wget \ # Kernel module build dependencies dkms \ # Protobuf support protobuf-compiler \ # RDMA/InfiniBand support (required for UCX build with --with-verbs) libibverbs \ libibverbs-devel \ rdma-core \ rdma-core-devel \ libibumad \ libibumad-devel \ librdmacm-devel \ numactl-devel \ # Libfabric support hwloc \ hwloc-devel # Ensure a modern protoc is available (required for --experimental_allow_proto3_optional) RUN set -eux; \ PROTOC_VERSION=25.3; \ case "${ARCH_ALT}" in \ x86_64) PROTOC_ZIP="protoc-${PROTOC_VERSION}-linux-x86_64.zip" ;; \ aarch64) PROTOC_ZIP="protoc-${PROTOC_VERSION}-linux-aarch_64.zip" ;; \ *) echo "Unsupported architecture: ${ARCH_ALT}" >&2; exit 1 ;; \ esac; \ wget --tries=3 --waitretry=5 -O /tmp/protoc.zip "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/${PROTOC_ZIP}"; \ rm -f /usr/local/bin/protoc /usr/bin/protoc; \ unzip -o /tmp/protoc.zip -d /usr/local bin/protoc include/*; \ chmod +x /usr/local/bin/protoc; \ ln -s /usr/local/bin/protoc /usr/bin/protoc; \ protoc --version # Point build tools explicitly at the modern protoc ENV PROTOC=/usr/local/bin/protoc ENV CUDA_PATH=/usr/local/cuda \ PATH=/usr/local/cuda/bin:$PATH \ LD_LIBRARY_PATH=/usr/local/cuda/lib64:/usr/local/lib:/usr/local/lib64:$LD_LIBRARY_PATH \ NVIDIA_DRIVER_CAPABILITIES=video,compute,utility # Create virtual environment for building wheels ARG PYTHON_VERSION ENV VIRTUAL_ENV=/workspace/.venv RUN uv venv ${VIRTUAL_ENV} --python $PYTHON_VERSION && \ uv pip install --upgrade meson pybind11 patchelf maturin[patchelf] ARG NIXL_UCX_REF ARG NIXL_REF ARG NIXL_GDRCOPY_REF # Build and install gdrcopy RUN git clone --depth 1 --branch ${NIXL_GDRCOPY_REF} https://github.com/NVIDIA/gdrcopy.git && \ cd gdrcopy/packages && \ CUDA=/usr/local/cuda ./build-rpm-packages.sh && \ rpm -Uvh gdrcopy-kmod-*.el8.noarch.rpm && \ rpm -Uvh gdrcopy-*.el8.${ARCH_ALT}.rpm && \ rpm -Uvh gdrcopy-devel-*.el8.noarch.rpm # Install SCCACHE if requested ARG USE_SCCACHE ARG SCCACHE_BUCKET ARG SCCACHE_REGION COPY container/use-sccache.sh /tmp/use-sccache.sh RUN if [ "$USE_SCCACHE" = "true" ]; then \ /tmp/use-sccache.sh install; \ fi # Set SCCACHE environment variables ENV SCCACHE_BUCKET=${USE_SCCACHE:+${SCCACHE_BUCKET}} \ SCCACHE_REGION=${USE_SCCACHE:+${SCCACHE_REGION}} # Build FFmpeg from source # Do not delete the source tarball for legal reasons ARG FFMPEG_VERSION=7.1 RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \ if [ "$ENABLE_MEDIA_FFMPEG" = "true" ]; then \ export SCCACHE_S3_KEY_PREFIX=${SCCACHE_S3_KEY_PREFIX:-${ARCH}} && \ if [ "$USE_SCCACHE" = "true" ]; then \ export CMAKE_C_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CXX_COMPILER_LAUNCHER="sccache" && \ export RUSTC_WRAPPER="sccache"; \ fi && \ dnf install -y pkg-config && \ cd /tmp && \ curl -LO https://ffmpeg.org/releases/ffmpeg-${FFMPEG_VERSION}.tar.xz && \ tar xf ffmpeg-${FFMPEG_VERSION}.tar.xz && \ cd ffmpeg-${FFMPEG_VERSION} && \ ./configure \ --prefix=/usr/local \ --disable-gpl \ --disable-nonfree \ --disable-programs \ --disable-doc \ --disable-static \ --disable-x86asm \ --disable-postproc \ --disable-network \ --disable-encoders \ --disable-muxers \ --disable-bsfs \ --disable-devices \ --disable-libdrm \ --enable-shared && \ make -j$(nproc) && \ make install && \ /tmp/use-sccache.sh show-stats "FFMPEG" && \ ldconfig && \ mkdir -p /usr/local/src/ffmpeg && \ mv /tmp/ffmpeg-${FFMPEG_VERSION}* /usr/local/src/ffmpeg/; \ fi # Build and install UCX RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \ export SCCACHE_S3_KEY_PREFIX="${SCCACHE_S3_KEY_PREFIX:-${ARCH}}" && \ if [ "$USE_SCCACHE" = "true" ]; then \ export CMAKE_C_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CXX_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CUDA_COMPILER_LAUNCHER="sccache"; \ fi && \ cd /usr/local/src && \ git clone https://github.com/openucx/ucx.git && \ cd ucx && \ git checkout $NIXL_UCX_REF && \ ./autogen.sh && \ ./contrib/configure-release \ --prefix=/usr/local/ucx \ --enable-shared \ --disable-static \ --disable-doxygen-doc \ --enable-optimizations \ --enable-cma \ --enable-devel-headers \ --with-cuda=/usr/local/cuda \ --with-verbs \ --with-dm \ --with-gdrcopy=/usr/local \ --with-efa \ --enable-mt && \ make -j && \ make -j install-strip && \ /tmp/use-sccache.sh show-stats "UCX" && \ echo "/usr/local/ucx/lib" > /etc/ld.so.conf.d/ucx.conf && \ echo "/usr/local/ucx/lib/ucx" >> /etc/ld.so.conf.d/ucx.conf && \ ldconfig ARG NIXL_LIBFABRIC_REF RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \ export SCCACHE_S3_KEY_PREFIX="${SCCACHE_S3_KEY_PREFIX:-${ARCH}}" && \ if [ "$USE_SCCACHE" = "true" ]; then \ export CMAKE_C_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CXX_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CUDA_COMPILER_LAUNCHER="sccache"; \ fi && \ cd /usr/local/src && \ git clone https://github.com/ofiwg/libfabric.git && \ cd libfabric && \ git checkout $NIXL_LIBFABRIC_REF && \ ./autogen.sh && \ ./configure --prefix="/usr/local/libfabric" \ --disable-verbs \ --disable-psm3 \ --disable-opx \ --disable-usnic \ --disable-rstream \ --enable-efa \ --with-cuda=/usr/local/cuda \ --enable-cuda-dlopen \ --with-gdrcopy \ --enable-gdrcopy-dlopen && \ make -j$(nproc) && \ make install && \ /tmp/use-sccache.sh show-stats "LIBFABRIC" && \ echo "/usr/local/libfabric/lib" > /etc/ld.so.conf.d/libfabric.conf && \ ldconfig # build and install nixl RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \ export SCCACHE_S3_KEY_PREFIX="${SCCACHE_S3_KEY_PREFIX:-${ARCH}}" && \ if [ "$USE_SCCACHE" = "true" ]; then \ export CMAKE_C_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CXX_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CUDA_COMPILER_LAUNCHER="sccache"; \ fi && \ source ${VIRTUAL_ENV}/bin/activate && \ git clone --depth 1 --branch ${NIXL_REF} "https://github.com/ai-dynamo/nixl.git" && \ cd nixl && \ mkdir build && \ meson setup build/ --prefix=/opt/nvidia/nvda_nixl --buildtype=release \ -Dcudapath_lib="/usr/local/cuda/lib64" \ -Dcudapath_inc="/usr/local/cuda/include" \ -Ducx_path="/usr/local/ucx" \ -Dlibfabric_path="/usr/local/libfabric" && \ cd build && \ ninja && \ ninja install && \ /tmp/use-sccache.sh show-stats "NIXL" ENV NIXL_LIB_DIR=/opt/nvidia/nvda_nixl/lib64 \ NIXL_PLUGIN_DIR=/opt/nvidia/nvda_nixl/lib64/plugins \ NIXL_PREFIX=/opt/nvidia/nvda_nixl ENV LD_LIBRARY_PATH=${NIXL_LIB_DIR}:${NIXL_PLUGIN_DIR}:/usr/local/ucx/lib:/usr/local/ucx/lib/ucx:${LD_LIBRARY_PATH} RUN echo "$NIXL_LIB_DIR" > /etc/ld.so.conf.d/nixl.conf && \ echo "$NIXL_PLUGIN_DIR" >> /etc/ld.so.conf.d/nixl.conf && \ ldconfig RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \ export SCCACHE_S3_KEY_PREFIX="${SCCACHE_S3_KEY_PREFIX:-${ARCH}}" && \ if [ "$USE_SCCACHE" = "true" ]; then \ export CMAKE_C_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CXX_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CUDA_COMPILER_LAUNCHER="sccache"; \ fi && \ cd /workspace/nixl && \ uv build . --out-dir /opt/dynamo/dist/nixl --python $PYTHON_VERSION # Copy source code (order matters for layer caching) COPY pyproject.toml README.md LICENSE Cargo.toml Cargo.lock rust-toolchain.toml hatch_build.py /opt/dynamo/ COPY launch/ /opt/dynamo/launch/ COPY lib/ /opt/dynamo/lib/ COPY components/ /opt/dynamo/components/ # Build dynamo wheels ARG ENABLE_KVBM RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=aws-secret-id,env=AWS_SECRET_ACCESS_KEY \ export SCCACHE_S3_KEY_PREFIX=${SCCACHE_S3_KEY_PREFIX:-${ARCH}} && \ if [ "$USE_SCCACHE" = "true" ]; then \ export CMAKE_C_COMPILER_LAUNCHER="sccache" && \ export CMAKE_CXX_COMPILER_LAUNCHER="sccache" && \ export RUSTC_WRAPPER="sccache"; \ fi && \ source ${VIRTUAL_ENV}/bin/activate && \ cd /opt/dynamo && \ uv build --wheel --out-dir /opt/dynamo/dist && \ cd /opt/dynamo/lib/bindings/python && \ FEATURES=""; \ if [ "$ENABLE_MEDIA_NIXL" = "true" ]; then \ FEATURES="$FEATURES dynamo-llm/media-nixl"; \ fi; \ if [ "$ENABLE_MEDIA_FFMPEG" = "true" ]; then \ FEATURES="$FEATURES media-ffmpeg"; \ fi; \ if [ -n "$FEATURES" ]; then \ maturin build --release --features "$FEATURES" --out /opt/dynamo/dist; \ else \ maturin build --release --out /opt/dynamo/dist; \ fi && \ if [ "$ENABLE_KVBM" = "true" ]; then \ cd /opt/dynamo/lib/bindings/kvbm && \ maturin build --release --out target/wheels && \ auditwheel repair \ --exclude libnixl.so \ --exclude libnixl_build.so \ --exclude libnixl_common.so \ --plat manylinux_2_28_${ARCH_ALT} \ --wheel-dir /opt/dynamo/dist \ target/wheels/*.whl; \ fi && \ /tmp/use-sccache.sh show-stats "Dynamo" ################################## ########## Runtime Image ######### ################################## FROM ${RUNTIME_IMAGE}:${RUNTIME_IMAGE_TAG} AS runtime # cleanup unnecessary libs RUN apt remove -y python3-apt &&\ pip uninstall -y termplotlib # This ARG is still utilized for SGLANG Version extraction ARG RUNTIME_IMAGE_TAG WORKDIR /workspace # Install NATS and ETCD COPY --from=dynamo_base /usr/bin/nats-server /usr/bin/nats-server COPY --from=dynamo_base /usr/local/bin/etcd/ /usr/local/bin/etcd/ ENV PATH=/usr/local/bin/etcd:$PATH # Create dynamo user with group 0 for OpenShift compatibility RUN userdel -r ubuntu > /dev/null 2>&1 || true \ && useradd -m -s /bin/bash -g 0 dynamo \ && [ `id -u dynamo` -eq 1000 ] \ && mkdir -p /home/dynamo/.cache /opt/dynamo \ # Non-recursive chown - only the directories themselves, not contents && chown dynamo:0 /home/dynamo /home/dynamo/.cache /opt/dynamo /workspace \ # No chmod needed: umask 002 handles new files, COPY --chmod handles copied content # Set umask globally for all subsequent RUN commands (must be done as root before USER dynamo) # NOTE: Setting ENV UMASK=002 does NOT work - umask is a shell builtin, not an environment variable && mkdir -p /etc/profile.d && echo 'umask 002' > /etc/profile.d/00-umask.sh USER dynamo # Copy attribution files COPY --chmod=664 --chown=dynamo:0 ATTRIBUTION* LICENSE /workspace/ # Copy ffmpeg RUN --mount=type=bind,from=wheel_builder,source=/usr/local/,target=/tmp/usr/local/ \ cp -rnL /tmp/usr/local/include/libav* /tmp/usr/local/include/libsw* /usr/local/include/; \ cp -nL /tmp/usr/local/lib/libav*.so /tmp/usr/local/lib/libsw*.so /usr/local/lib/; \ cp -nL /tmp/usr/local/lib/pkgconfig/libav*.pc /tmp/usr/local/lib/pkgconfig/libsw*.pc /usr/lib/pkgconfig/; \ cp -r /tmp/usr/local/src/ffmpeg /usr/local/src/; \ true # in case ffmpeg not enabled # Pattern: COPY --chmod=775 ; chmod g+w done later as root because COPY --chmod only affects /*, not COPY --chmod=775 --chown=dynamo:0 benchmarks/ /workspace/benchmarks/ COPY --chmod=775 --chown=dynamo:0 --from=wheel_builder /opt/dynamo/dist/*.whl /opt/dynamo/wheelhouse/ ENV SGLANG_VERSION="${RUNTIME_IMAGE_TAG%%-*}" RUN --mount=type=bind,source=.,target=/mnt/local_src \ pip install --no-cache-dir --break-system-packages \ /opt/dynamo/wheelhouse/ai_dynamo_runtime*.whl \ /opt/dynamo/wheelhouse/ai_dynamo*any.whl \ sglang==${SGLANG_VERSION} # Install common and test dependencies RUN --mount=type=bind,source=.,target=/mnt/local_src \ pip install --no-cache-dir --break-system-packages \ --requirement /mnt/local_src/container/deps/requirements.txt \ --requirement /mnt/local_src/container/deps/requirements.test.txt \ sglang==${SGLANG_VERSION} && \ cd /workspace/benchmarks && \ pip install --break-system-packages --no-cache . && \ # pip/uv bypasses umask when creating .egg-info files, but chmod -R is fast here (small directory) chmod -R g+w /workspace/benchmarks && \ # Install NVIDIA packages that are needed for DeepEP to work properly # This is done in the upstream runtime image too, but we overrode these packages earlier pip install --no-cache-dir --break-system-packages --force-reinstall --no-deps \ nvidia-nccl-cu12==2.28.3 \ nvidia-cudnn-cu12==9.16.0.29 \ nvidia-cutlass-dsl==4.3.0 # Copy tests, deploy and components for CI with correct ownership # Pattern: COPY --chmod=775 ; chmod g+w done later as root because COPY --chmod only affects /*, not COPY --chmod=775 --chown=dynamo:0 tests /workspace/tests COPY --chmod=775 --chown=dynamo:0 examples /workspace/examples COPY --chmod=775 --chown=dynamo:0 deploy /workspace/deploy COPY --chmod=775 --chown=dynamo:0 components/ /workspace/components/ COPY --chmod=775 --chown=dynamo:0 recipes/ /workspace/recipes/ # Enable forceful shutdown of inflight requests ENV SGLANG_FORCE_SHUTDOWN=1 # Our scripting assumes /workspace is where dynamo is located # In order to maintain the ability to have sglang and dynamo # in the same workspace, symlink /workspace to /sgl-workspace/dynamo USER root RUN ln -s /workspace /sgl-workspace/dynamo USER dynamo ARG DYNAMO_COMMIT_SHA ENV DYNAMO_COMMIT_SHA=${DYNAMO_COMMIT_SHA} ENV PATH=/home/dynamo/.local/bin:$PATH ########################################################### ########## Development (run.sh, runs as root user) ######## ########################################################### # # PURPOSE: Local development environment for use with run.sh (not Dev Container plug-in) # # This stage runs as root and provides: # - Development tools and utilities for local debugging # - Support for vscode/cursor development outside the Dev Container plug-in # # Use this stage if you need a full-featured development environment with extra tools, # but do not use it with the Dev Container plug-in. FROM runtime AS dev # Don't want ubuntu to be editable, just change uid and gid. ARG WORKSPACE_DIR=/workspace USER root # Install utilities as root RUN apt-get update -y && \ apt-get install -y --no-install-recommends \ # Install utilities nvtop \ wget \ tmux \ vim \ git \ openssh-client \ iproute2 \ rsync \ zip \ unzip \ htop \ # Build Dependencies autoconf \ automake \ cmake \ libtool \ meson \ net-tools \ pybind11-dev \ # Rust build dependencies clang \ libclang-dev \ protobuf-compiler \ pkg-config && \ rm -rf /var/lib/apt/lists/* # Set umask for group-writable files in dev stage (runs as root) RUN mkdir -p /etc/profile.d && echo 'umask 002' > /etc/profile.d/00-umask.sh SHELL ["/bin/bash", "-l", "-o", "pipefail", "-c"] # Set workspace directory variable ENV WORKSPACE_DIR=${WORKSPACE_DIR} \ DYNAMO_HOME=${WORKSPACE_DIR} \ RUSTUP_HOME=/usr/local/rustup \ CARGO_HOME=/usr/local/cargo \ CARGO_TARGET_DIR=/workspace/target \ PATH=/usr/local/cargo/bin:$PATH # Copy rust installation from dynamo_base to avoid duplication efforts # Pattern: COPY --chmod=775 ; chmod g+w because COPY --chmod only affects /*, not COPY --from=dynamo_base --chmod=775 /usr/local/rustup /usr/local/rustup COPY --from=dynamo_base --chmod=775 /usr/local/cargo /usr/local/cargo RUN chmod g+w /usr/local/rustup /usr/local/cargo # Install maturin, for maturin develop # Editable install of dynamo COPY pyproject.toml README.md hatch_build.py /workspace/ RUN pip install maturin[patchelf] && \ pip install --no-deps -e . ENTRYPOINT ["/opt/nvidia/nvidia_entrypoint.sh"] CMD []