See the list of rapidsai/devcontainers
tags on DockerHub.
We publish a matrix of pre-built images to DockerHub to accelerate initializing local devcontainers, GitHub Codespaces, and CI jobs.
The features that comprise the image are noted in the image tags. If no version is defined for a tool or SDK, the image includes the latest available version at image build time.
NOTE:
git
,git-lfs
,github-cli
,gitlab-cli
,cmake
,ninja
,sccache
, and our devcontainer-utils are included in each pre-built image.
Using in devcontainer.json
The pre-built images can be used as the "image"
, or as the base of a Dockerfile in "build"
, in devcontainer.json
:
devcontainer.json using pre-built image
{
"image": "rapidsai/devcontainers:23.10-cpp-llvm16-cuda12.0-nvhpc23.5-ubuntu22.04",
"hostRequirements": { "gpu": true },
"workspaceFolder": "/home/coder/${localWorkspaceFolderBasename}",
"workspaceMount": "source=${localWorkspaceFolder},target=/home/coder/${localWorkspaceFolderBasename},type=bind"
}
You can also build a custom devcontainer by composing individual features:
devcontainer.json using individual features
{
"image": "ubuntu:22.04",
"features": {
"ghcr.io/rapidsai/devcontainers/features/cmake:23.10": {},
"ghcr.io/rapidsai/devcontainers/features/ninja:23.10": {},
"ghcr.io/rapidsai/devcontainers/features/sccache:23.10": {
"version": "0.5.4"
}
},
"overrideFeatureInstallOrder": [
"ghcr.io/rapidsai/devcontainers/features/cmake",
"ghcr.io/rapidsai/devcontainers/features/ninja",
"ghcr.io/rapidsai/devcontainers/features/sccache"
],
"workspaceFolder": "/home/coder/${localWorkspaceFolderBasename}",
"workspaceMount": "source=${localWorkspaceFolder},target=/home/coder/${localWorkspaceFolderBasename},type=bind"
}
NOTE: Feature updates published since your most recent image build will invalidate your docker image layer cache, meaning it can take the devcontainers CLI longer to initialize containers composed from individual features.
The devcontainers configure CMake to use sccache as C, C++, CUDA, and Rust compiler launchers. Refer to the sccache docs for configuring the various storage back-ends.
You can use a private S3 bucket as the sccache
storage back-end.
If you're using a GitHub action to assume AWS roles in CI, or are comfortable distributing and managing S3 credentials, you can define the SCCACHE_BUCKET
, AWS_ACCESS_KEY_ID
, and AWS_SECRET_ACCESS_KEY
variables in the container environment.
The devcontainer-utils
feature includes a devcontainer-utils-vault-s3-init
script that uses GitHub OAuth and Hashicorp Vault to issue temporary S3 credentials to authorized users.
NOTE: This script runs in the devcontainer's
postAttachCommand
, but it does nothing unlessSCCACHE_BUCKET
andVAULT_HOST
are in the container environment.
The devcontainer-utils-vault-s3-init
script performs the following actions, exiting early if any step is unsuccessful:
- Log in via the GitHub CLI
- Authenticate via Vault's GitHub auth method
- Use Vault to generate temporary AWS credentials
- Store results in
~/.aws
and install crontab to re-authenticate
The above steps can be customized via the following environment variables:
# The hostname of the Vault instance to use
VAULT_HOST="https://vault.ops.k8s.rapids.ai"
# List of GitHub organizations for which Vault can generate credentials.
# The scripts assumes the Vault instance exposes an authentication endpoint
# for each org at `$VAULT_HOST/v1/auth/github-$org/login`.
# https://developer.hashicorp.com/vault/docs/auth/github#authentication
VAULT_GITHUB_ORGS="nvidia nv-morpheus nv-legate rapids"
# The TTL for the generated AWS credentials
VAULT_S3_TTL=43200
# The URI to the Vault API that generates AWS credentials
# The full URL expands to `$VAULT_HOST/$VAULT_S3_URI?ttl=$VAULT_S3_TTL`
# https://developer.hashicorp.com/vault/api-docs/secret/aws#generate-credentials
VAULT_S3_URI="v1/aws/creds/devs"