Skip to content

Latest commit

 

History

History
71 lines (44 loc) · 5.13 KB

USAGE.md

File metadata and controls

71 lines (44 loc) · 5.13 KB

Using the RAPIDS devcontainers

See the list of rapidsai/devcontainers tags on DockerHub.

Using the pre-built images

We publish a matrix of pre-built images to DockerHub to accelerate initializing local devcontainers, GitHub Codespaces, and CI jobs.

The features that comprise the image are noted in the image tags. If no version is defined for a tool or SDK, the image includes the latest available version at image build time.

NOTE: git, git-lfs, github-cli, gitlab-cli, cmake, ninja, sccache, and our devcontainer-utils are included in each pre-built image.

The pre-built images can be used as the "image", or as the base of a Dockerfile in "build", in devcontainer.json:

devcontainer.json using pre-built image
{
"image": "rapidsai/devcontainers:23.10-cpp-llvm16-cuda12.0-nvhpc23.5-ubuntu22.04",
"hostRequirements": { "gpu": true },
"workspaceFolder": "/home/coder/${localWorkspaceFolderBasename}",
"workspaceMount": "source=${localWorkspaceFolder},target=/home/coder/${localWorkspaceFolderBasename},type=bind"
}

You can also build a custom devcontainer by composing individual features:

devcontainer.json using individual features
{
"image": "ubuntu:22.04",
"features": {
"ghcr.io/rapidsai/devcontainers/features/cmake:23.10": {},
"ghcr.io/rapidsai/devcontainers/features/ninja:23.10": {},
"ghcr.io/rapidsai/devcontainers/features/sccache:23.10": {
"version": "0.5.4"
}
},
"overrideFeatureInstallOrder": [
"ghcr.io/rapidsai/devcontainers/features/cmake",
"ghcr.io/rapidsai/devcontainers/features/ninja",
"ghcr.io/rapidsai/devcontainers/features/sccache"
],
"workspaceFolder": "/home/coder/${localWorkspaceFolderBasename}",
"workspaceMount": "source=${localWorkspaceFolder},target=/home/coder/${localWorkspaceFolderBasename},type=bind"
}

NOTE: Feature updates published since your most recent image build will invalidate your docker image layer cache, meaning it can take the devcontainers CLI longer to initialize containers composed from individual features.

Build caching with sccache

The devcontainers configure CMake to use sccache as C, C++, CUDA, and Rust compiler launchers. Refer to the sccache docs for configuring the various storage back-ends.

Build caching with private S3 buckets

You can use a private S3 bucket as the sccache storage back-end.

If you're using a GitHub action to assume AWS roles in CI, or are comfortable distributing and managing S3 credentials, you can define the SCCACHE_BUCKET, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY variables in the container environment.

Using GitHub OAuth to issue S3 credentials via Hashicorp Vault

The devcontainer-utils feature includes a devcontainer-utils-vault-s3-init script that uses GitHub OAuth and Hashicorp Vault to issue temporary S3 credentials to authorized users.

NOTE: This script runs in the devcontainer's postAttachCommand, but it does nothing unless SCCACHE_BUCKET and VAULT_HOST are in the container environment.

The devcontainer-utils-vault-s3-init script performs the following actions, exiting early if any step is unsuccessful:

  1. Log in via the GitHub CLI
  2. Authenticate via Vault's GitHub auth method
  3. Use Vault to generate temporary AWS credentials
  4. Store results in ~/.aws and install crontab to re-authenticate

The above steps can be customized via the following environment variables:

# The hostname of the Vault instance to use
VAULT_HOST="https://vault.ops.k8s.rapids.ai"

# List of GitHub organizations for which Vault can generate credentials.
# The scripts assumes the Vault instance exposes an authentication endpoint
# for each org at `$VAULT_HOST/v1/auth/github-$org/login`.
# https://developer.hashicorp.com/vault/docs/auth/github#authentication
VAULT_GITHUB_ORGS="nvidia nv-morpheus nv-legate rapids"

# The TTL for the generated AWS credentials
VAULT_S3_TTL=43200

# The URI to the Vault API that generates AWS credentials
# The full URL expands to `$VAULT_HOST/$VAULT_S3_URI?ttl=$VAULT_S3_TTL`
# https://developer.hashicorp.com/vault/api-docs/secret/aws#generate-credentials
VAULT_S3_URI="v1/aws/creds/devs"