55# https://gitlab-master.nvidia.com/dl/JoC/nemo-ci/-/blob/main/.gitlab-ci.yml
66# We should keep versions in our container up to date to ensure that we get the latest tested perf improvements and
77# training loss curves from NeMo.
8- ARG BASE_IMAGE=nvcr.io/nvidia/pytorch:24.10 -py3
8+ ARG BASE_IMAGE=nvcr.io/nvidia/pytorch:24.12 -py3
99
1010FROM rust:1.82.0 as rust-env
1111
1212RUN rustup set profile minimal && \
13- rustup install 1.82.0 && \
14- rustup target add x86_64-unknown-linux-gnu && \
15- rustup default 1.82.0
13+ rustup install 1.82.0 && \
14+ rustup target add x86_64-unknown-linux-gnu && \
15+ rustup default 1.82.0
1616
1717FROM ${BASE_IMAGE} AS bionemo2-base
1818
@@ -73,23 +73,21 @@ RUN rm -rf /build
7373
7474# Addressing Security Scan Vulnerabilities
7575RUN rm -rf /opt/pytorch/pytorch/third_party/onnx
76- RUN apt-get update && \
77- apt-get install -y openssh-client=1:8.9p1-3ubuntu0.10 && \
78- rm -rf /var/lib/apt/lists/*
79- RUN apt purge -y libslurm37 libpmi2-0 && \
80- apt autoremove -y
8176
8277
8378# Use UV to install python packages from the workspace. This just installs packages into the system's python
84- # environment, and does not use the current uv.lock file.
79+ # environment, and does not use the current uv.lock file. Note that with python 3.12, we now need to set
80+ # UV_BREAK_SYSTEM_PACKAGES, since the pytorch base image has made the decision not to use a virtual environment and UV
81+ # does not respect the PIP_BREAK_SYSTEM_PACKAGES environment variable set in the base dockerfile.
8582COPY --from=ghcr.io/astral-sh/uv:0.4.25 /uv /usr/local/bin/uv
8683ENV UV_LINK_MODE=copy \
8784 UV_COMPILE_BYTECODE=1 \
8885 UV_PYTHON_DOWNLOADS=never \
8986 UV_SYSTEM_PYTHON=true \
90- UV_NO_CACHE=1
87+ UV_NO_CACHE=1 \
88+ UV_BREAK_SYSTEM_PACKAGES=1
9189
92- # Install the bionemo-geomtric requirements ahead of copying over the rest of the repo, so that we can cache their
90+ # Install the bionemo-geometric requirements ahead of copying over the rest of the repo, so that we can cache their
9391# installation. These involve building some torch extensions, so they can take a while to install.
9492RUN --mount=type=bind,source=./sub-packages/bionemo-geometric/requirements.txt,target=/requirements-pyg.txt \
9593 uv pip install --no-build-isolation -r /requirements-pyg.txt
@@ -108,12 +106,23 @@ ENV PATH="/usr/local/cargo/bin:/usr/local/rustup/bin:${PATH}"
108106ENV RUSTUP_HOME="/usr/local/rustup"
109107
110108# Note, we need to mount the .git folder here so that setuptools-scm is able to fetch git tag for version.
109+ # Includes a hack to install tensorstore 0.1.45, which doesn't distribute a pypi wheel for python 3.12, and the metadata
110+ # in the source distribution doesn't match the expected pypi version.
111111RUN --mount=type=bind,source=./.git,target=./.git \
112112 --mount=type=bind,source=./requirements-test.txt,target=/requirements-test.txt \
113113 --mount=type=bind,source=./requirements-cve.txt,target=/requirements-cve.txt \
114114 <<EOF
115115set -eo pipefail
116- uv pip install maturin --no-build-isolation && uv pip install --no-build-isolation \
116+ uv pip install maturin --no-build-isolation
117+
118+ pip install --use-deprecated=legacy-resolver --no-build-isolation \
119+ tensorstore==0.1.45
120+ sed -i 's/^Version: 0\. 0\. 0$/Version: 0.1.45/' \
121+ /usr/local/lib/python3.12/dist-packages/tensorstore-0.0.0.dist-info/METADATA
122+ mv /usr/local/lib/python3.12/dist-packages/tensorstore-0.0.0.dist-info \
123+ /usr/local/lib/python3.12/dist-packages/tensorstore-0.1.45.dist-info
124+
125+ uv pip install --no-build-isolation \
117126 ./3rdparty/* \
118127 ./sub-packages/bionemo-* \
119128 -r /requirements-cve.txt \
@@ -209,9 +218,6 @@ COPY --from=rust-env /usr/local/rustup /usr/local/rustup
209218ENV PATH="/usr/local/cargo/bin:/usr/local/rustup/bin:${PATH}"
210219ENV RUSTUP_HOME="/usr/local/rustup"
211220
212- RUN uv pip uninstall maturin
213- RUN uv pip install maturin --no-build-isolation
214-
215221RUN <<EOF
216222set -eo pipefail
217223find . -name __pycache__ -type d -print | xargs rm -rf
0 commit comments