|
4 | 4 | # SPDX-License-Identifier: Apache-2.0 |
5 | 5 |
|
6 | 6 | # Specify DOCKER_IMAGE_MIRROR if you want to use a mirror of hub.docker.com |
| 7 | +ARG PYTHON_IMAGE=python:3.12-slim |
7 | 8 | ARG DOCKER_IMAGE_MIRROR="" |
8 | | -FROM ${DOCKER_IMAGE_MIRROR}ubuntu:24.04 AS workshop |
9 | 9 |
|
10 | | -ARG USERNAME |
| 10 | +# ============================ |
| 11 | +# Workshop |
| 12 | +# ============================ |
| 13 | +FROM ${DOCKER_IMAGE_MIRROR}${PYTHON_IMAGE} AS workshop |
11 | 14 |
|
| 15 | +ARG USERNAME |
12 | 16 | ARG TORCH_WHEEL |
13 | | -ENV TORCH_WHEEL=$TORCH_WHEEL |
14 | | - |
15 | 17 | ARG TORCH_AO_WHEEL |
16 | | -ENV TORCH_AO_WHEEL=$TORCH_AO_WHEEL |
17 | | - |
18 | | -RUN if ! [ "$(arch)" = "aarch64" ] ; then exit 1; fi |
19 | | - |
20 | | -RUN apt-get update && apt-get install -y \ |
21 | | - # We need pip to install things, this will also bring in a minimal python3 |
22 | | - python3-pip \ |
23 | | - # So that we can create a virtual environment |
24 | | - python3-venv \ |
25 | | - # So that we can call python instead of python3 |
26 | | - python-is-python3 \ |
27 | | - # To allow users to install new things if they want |
28 | | - sudo \ |
29 | | - && rm -rf /var/lib/apt/lists/* |
30 | | - |
31 | | -# DOCKER_USER for the Docker user |
| 18 | + |
| 19 | +ENV DEBIAN_FRONTEND=noninteractive |
32 | 20 | ENV DOCKER_USER=${USERNAME} |
33 | 21 |
|
34 | | -# Create user only if it doesn't already exist |
35 | | -RUN id "$DOCKER_USER" >/dev/null 2>&1 || useradd --create-home -s /bin/bash -m "$DOCKER_USER" |
36 | | - |
37 | | -# Set password and add to sudo group |
38 | | -RUN echo "$DOCKER_USER:ToolSolutionsPyTorch" | chpasswd && adduser "$DOCKER_USER" sudo || true |
39 | | - |
40 | | -RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers |
41 | | -RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections |
42 | | - |
43 | | -# Import profile for bash |
44 | | -COPY bash_profile /home/$DOCKER_USER/.bash_profile |
45 | | -RUN chown $DOCKER_USER:$DOCKER_USER /home/$DOCKER_USER/.bash_profile |
46 | | - |
47 | | -# Add welcome message to warn about dev quality |
48 | | -COPY welcome.txt /home/$DOCKER_USER/ |
49 | | -RUN echo '[ ! -z "$TERM" -a -r /home/$DOCKER_USER/welcome.txt ] && cat /home/$DOCKER_USER/welcome.txt' >> /etc/bash.bashrc |
50 | | -RUN echo 'export PATH="$HOME/.local/bin:$PATH"' >> /etc/bash.bashrc |
51 | | - |
52 | | -# Grab the SECURITY.md from the root directory |
53 | | -COPY --from=rootdir SECURITY.md /home/$DOCKER_USER/ |
54 | | - |
55 | | -# Remove system Python stuff. Should be safe to wipe after the line above, because |
56 | | -# python3 -m pip now uses the /usr/local install |
57 | | -RUN apt-get update && apt-get purge -y \ |
58 | | - python3-pip \ |
59 | | - python3-setuptools \ |
60 | | - python3-pkg-resources \ |
61 | | - python3-wheel \ |
62 | | - python3-distutils \ |
63 | | - python3-lib2to3 \ |
64 | | - python3-dev \ |
65 | | - python3.12-dev \ |
66 | | - && apt-get autoremove -y \ |
67 | | - && rm -rf /var/lib/apt/lists/* |
68 | | - |
69 | | -# Move to userland |
70 | | -WORKDIR /home/$DOCKER_USER |
| 22 | +RUN test "$(arch)" = "aarch64" |
| 23 | + |
| 24 | +# Install OS dependencies |
| 25 | +RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* |
| 26 | + |
| 27 | +# Create user |
| 28 | +RUN set -eux && id "$DOCKER_USER" >/dev/null 2>&1 || useradd --create-home -s /bin/bash "$DOCKER_USER" |
| 29 | + |
| 30 | +# Copy bash profile and welcome text into user home |
| 31 | +COPY --chown=$DOCKER_USER:$DOCKER_USER bash_profile /home/$DOCKER_USER/.bash_profile |
| 32 | +COPY --chown=$DOCKER_USER:$DOCKER_USER welcome.txt /home/$DOCKER_USER/welcome.txt |
| 33 | + |
| 34 | +# Switch to userland |
71 | 35 | USER $DOCKER_USER |
| 36 | +WORKDIR /home/$DOCKER_USER |
72 | 37 |
|
73 | | -# Create a per-user virtualenv and use that for everything Python |
| 38 | +# Create virtual environment |
74 | 39 | RUN python -m venv /home/$DOCKER_USER/.venv |
| 40 | +ENV PATH="/home/$DOCKER_USER/.venv/bin:${PATH}" |
75 | 41 |
|
76 | | -# Make the venv python/pip first on PATH for all subsequent layers and at runtime |
77 | | -ENV PATH="/home/$DOCKER_USER/.venv/bin:$PATH" |
| 42 | +# Install uv for quicker package installations |
| 43 | +RUN pip install uv |
78 | 44 |
|
79 | 45 | # Update to newer pip/setuptools/wheel (setuptools >= 70.0.0 due to CVE-2024-6345 |
80 | 46 | # and CVE-2025-47273, wheel >= 0.38.0 due to CVE-2022-40898) and delete old system |
81 | 47 | # version (we essentially use apt:python3-pip to bootstrap pip) |
82 | | -RUN pip install --upgrade pip~=25.2 setuptools~=78.1.1 wheel~=0.45.1 |
83 | | - |
84 | | -# Base requirements for examples, excluding torch and torch* |
85 | | -COPY requirements.txt ./ |
86 | | -RUN pip install -r requirements.txt |
87 | | - |
88 | | -# Check TORCH_WHEEL was set and copy |
89 | | -RUN test -n "$TORCH_WHEEL" |
90 | | -COPY $TORCH_WHEEL /home/$DOCKER_USER/ |
| 48 | +RUN uv pip install --upgrade pip~=25.2 setuptools~=78.1.1 wheel~=0.45.1 |
91 | 49 |
|
92 | | -# Check TORCH_AO_WHEEL was set and copy |
93 | | -RUN test -n "$TORCH_AO_WHEEL" |
94 | | -COPY $TORCH_AO_WHEEL /home/$DOCKER_USER/ |
| 50 | +# Install non-torch requirements |
| 51 | +COPY --chown=$DOCKER_USER:$DOCKER_USER requirements.txt . |
| 52 | +RUN uv pip install -r requirements.txt |
95 | 53 |
|
96 | | -# Install torch* packages, these should be the latest stable (but pinned to |
97 | | -# minor). We need --no-deps here because the torch* packages depend on the |
98 | | -# corresponding version of torch. Note: if you add something to this list, you |
99 | | -# will need to manually add their dependencies. We don't use the nightly |
100 | | -# versions which corresponding to our torch build because they can disappear, |
101 | | -# and we usually don't need features from the nightlies. |
102 | | -# Note: torchvision is pinned to a nightly build, this can be updated |
103 | | -# at the next vision release, and the `--extra-index-url` removed. |
104 | | -RUN pip install --pre torchvision==0.25.0.dev20260130 --index-url https://download.pytorch.org/whl/nightly/cpu --no-deps |
| 54 | +# Bring wheels into image |
| 55 | +RUN test -n "${TORCH_WHEEL}" && test -n "${TORCH_AO_WHEEL}" |
| 56 | +COPY --chown=$DOCKER_USER:$DOCKER_USER ${TORCH_WHEEL} /home/$DOCKER_USER/ |
| 57 | +COPY --chown=$DOCKER_USER:$DOCKER_USER ${TORCH_AO_WHEEL} /home/$DOCKER_USER/ |
105 | 58 |
|
106 | | -# We need --no-deps because the torch version won't match the versions on torch* |
107 | | -RUN pip install "$(basename "$TORCH_WHEEL")" --no-deps \ |
108 | | - && rm "$(basename "$TORCH_WHEEL")" |
| 59 | +# Install wheels |
| 60 | +RUN set -eux && uv pip install --no-deps "$(basename "$TORCH_WHEEL")" && rm "$(basename "$TORCH_WHEEL")" |
| 61 | +RUN set -eux && uv pip install --no-deps "$(basename "$TORCH_AO_WHEEL")" && rm "$(basename "$TORCH_AO_WHEEL")" |
| 62 | +RUN uv pip install --pre torchvision==0.25.0.dev20260130 --index-url https://download.pytorch.org/whl/nightly/cpu --no-deps |
109 | 63 |
|
110 | | -# We need --no-deps because this won't match the torch version |
111 | | -RUN pip install "$(basename "$TORCH_AO_WHEEL")" --no-deps \ |
112 | | - && rm "$(basename "$TORCH_AO_WHEEL")" |
| 64 | +# Copy examples/tests into image |
| 65 | +COPY --chown=$DOCKER_USER:$DOCKER_USER examples/ /home/$DOCKER_USER/ |
| 66 | +COPY --chown=$DOCKER_USER:$DOCKER_USER pytorch/test /home/$DOCKER_USER/pytorch/test |
113 | 67 |
|
114 | | -# Setup Examples and tests |
115 | | -COPY examples/ /home/$DOCKER_USER/ |
116 | | -COPY pytorch/test /home/$DOCKER_USER/pytorch/test |
117 | | - |
118 | | -# Move build into final image as a single layer. |
119 | | -FROM ${DOCKER_IMAGE_MIRROR}ubuntu:24.04 |
| 68 | +# ============================ |
| 69 | +# Final flat image |
| 70 | +# ============================ |
| 71 | +FROM ${DOCKER_IMAGE_MIRROR}${PYTHON_IMAGE} |
120 | 72 |
|
121 | 73 | ARG USERNAME |
122 | | - |
| 74 | +ENV DEBIAN_FRONTEND=noninteractive |
123 | 75 | ENV DOCKER_USER=${USERNAME} |
124 | 76 |
|
125 | | -COPY --from=workshop / / |
126 | | -RUN chown $DOCKER_USER:$DOCKER_USER /home/$DOCKER_USER |
| 77 | +# Runtime OS bits + UI |
| 78 | +RUN set -eux && \ |
| 79 | + apt-get update && \ |
| 80 | + rm -rf /var/lib/apt/lists/* && \ |
| 81 | + if ! id "$DOCKER_USER" >/dev/null 2>&1; then useradd --create-home -s /bin/bash "$DOCKER_USER"; fi && \ |
| 82 | + echo '[ -n "$TERM" -a -r "$HOME/welcome.txt" ] && cat "$HOME/welcome.txt"' >> /etc/bash.bashrc && \ |
| 83 | + echo 'export PATH="$HOME/.local/bin:$HOME/.venv/bin:$PATH"' >> /etc/bash.bashrc |
| 84 | + |
| 85 | +# Bring in prepped env + code |
| 86 | +COPY --from=workshop --chown=$DOCKER_USER:$DOCKER_USER /home/$DOCKER_USER /home/$DOCKER_USER |
127 | 87 |
|
128 | 88 | USER $DOCKER_USER |
129 | 89 | WORKDIR /home/$DOCKER_USER |
130 | 90 |
|
131 | | -# Ensure the venv is on PATH in the final image as well |
132 | | -ENV PATH="/home/$DOCKER_USER/.venv/bin:$PATH" |
| 91 | +ENV PATH="/home/$DOCKER_USER/.venv/bin:${PATH}" |
133 | 92 |
|
134 | 93 | CMD ["bash", "-l"] |
0 commit comments