refactor(ci): workflows improvements (#1535)

* refactor(ci): consolidate documentation workflows * refactor(ci): improve quality workflow * refactor(ci): edit security workflow * refactor(ci): improve testing workflows * fix(ci): several fixes * chore(ci): renaming + permissions * chore(ci): remove now unused dockerfiles * chore(docs): add license headers to dockerfiles * chore(ci): add cache-binary false to setup-buildx actions * fix(ci): several fixes * dgb(ci): explicit env in the workflow * fix(ci): more explicit env vars for writing * fix(ci): nightly gpu tag
2025-07-19 20:09:12 +02:00
parent e6e1f085d4
commit 89f59b0703
19 changed files with 654 additions and 733 deletions
--- a/docker/Dockerfile.internal
+++ b/docker/Dockerfile.internal
@@ -1,12 +1,26 @@
-# Dockerfile.internal
+# Copyright 2025 The HuggingFace Inc. team. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # This Dockerfile is designed for HuggingFace internal CI environments
 # that require GPU access. It starts from an NVIDIA CUDA base image.

 # docker build -f docker/Dockerfile.internal -t lerobot-ci .

 # Configure the base image for CI with GPU access
-ARG CUDA_VERSION=12.9.1
-ARG OS_VERSION=24.04
+# TODO(Steven): Bump these versions
+ARG CUDA_VERSION=12.4.1
+ARG OS_VERSION=22.04
 FROM nvidia/cuda:${CUDA_VERSION}-base-ubuntu${OS_VERSION}

 # Define Python version argument
@@ -14,16 +28,17 @@ ARG PYTHON_VERSION=3.10

 # Configure environment variables
 ENV DEBIAN_FRONTEND=noninteractive \
-    MUJOCO_GL="egl" \
-    PATH="/lerobot/.venv/bin:$PATH"
+    MUJOCO_GL=egl \
+    PATH=/lerobot/.venv/bin:$PATH \
+    CUDA_VISIBLE_DEVICES=0 \
+    TEST_TYPE=single_gpu \
+    DEVICE=cuda

 # Install Python, system dependencies, and uv (as root)
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    software-properties-common \
-    build-essential git curl \
+    software-properties-common build-essential git curl \
    libglib2.0-0 libgl1-mesa-glx libegl1-mesa ffmpeg \
-    libusb-1.0-0-dev \
-    speech-dispatcher libgeos-dev \
+    libusb-1.0-0-dev speech-dispatcher libgeos-dev portaudio19-dev \
    && add-apt-repository -y ppa:deadsnakes/ppa \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
@@ -33,6 +48,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    && curl -LsSf https://astral.sh/uv/install.sh | sh \
    && mv /root/.local/bin/uv /usr/local/bin/uv \
    && useradd --create-home --shell /bin/bash user_lerobot \
+    && usermod -aG sudo user_lerobot \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

 # Create application directory and set permissions
@@ -42,6 +58,13 @@ RUN chown -R user_lerobot:user_lerobot /lerobot
 # Switch to the non-root user
 USER user_lerobot

+# Environment variables for the testing
+ENV HOME=/home/user_lerobot \
+    HF_HOME=/home/user_lerobot/.cache/huggingface \
+    HF_LEROBOT_HOME=/home/user_lerobot/.cache/huggingface/lerobot \
+    TORCH_HOME=/home/user_lerobot/.cache/torch \
+    TRITON_CACHE_DIR=/home/user_lerobot/.cache/triton
+
 # Create the virtual environment
 # We use a virtual environment inside the container—even though the container itself \
 # provides isolation—to ensure compatibility with the cluster and to prevent \
@@ -49,11 +72,12 @@ USER user_lerobot
 RUN uv venv --python python${PYTHON_VERSION}

 # Install Python dependencies for caching
-COPY --chown=user_lerobot:user_lerobot pyproject.toml README.md ./
+COPY --chown=user_lerobot:user_lerobot pyproject.toml README.md MANIFEST.in ./
 COPY --chown=user_lerobot:user_lerobot src/ src/
 RUN uv pip install --no-cache ".[all]"

 # Copy the rest of the application source code
+# Make sure to have the git-LFS files for testing
 COPY --chown=user_lerobot:user_lerobot . .

 # Set the default command
--- a/docker/Dockerfile.user
+++ b/docker/Dockerfile.user
@@ -1,4 +1,17 @@
-# Dockerfile.user
+# Copyright 2025 The HuggingFace Inc. team. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # This Dockerfile is designed for a lerobot user who wants to
 # experiment with the project. It starts from an Python Slim base image.

@@ -11,18 +24,17 @@ FROM python:${PYTHON_VERSION}-slim

 # Configure environment variables
 ENV DEBIAN_FRONTEND=noninteractive \
-    MUJOCO_GL="egl" \
-    PATH="/lerobot/.venv/bin:$PATH"
+    MUJOCO_GL=egl \
+    PATH=/lerobot/.venv/bin:$PATH

 # Install system dependencies and uv (as root)
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential git curl \
-    libglib2.0-0 libgl1-mesa-glx libegl1-mesa ffmpeg \
-    libusb-1.0-0-dev \
-    speech-dispatcher libgeos-dev \
+    build-essential git curl libglib2.0-0 libegl1-mesa ffmpeg \
+    libusb-1.0-0-dev speech-dispatcher libgeos-dev portaudio19-dev \
    && curl -LsSf https://astral.sh/uv/install.sh | sh \
    && mv /root/.local/bin/uv /usr/local/bin/uv \
    && useradd --create-home --shell /bin/bash user_lerobot \
+    && usermod -aG sudo user_lerobot \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

 # Create application directory and set permissions
@@ -32,6 +44,13 @@ RUN chown -R user_lerobot:user_lerobot /lerobot
 # Switch to the non-root user
 USER user_lerobot

+# Environment variables for the testing
+ENV HOME=/home/user_lerobot \
+    HF_HOME=/home/user_lerobot/.cache/huggingface \
+    HF_LEROBOT_HOME=/home/user_lerobot/.cache/huggingface/lerobot \
+    TORCH_HOME=/home/user_lerobot/.cache/torch \
+    TRITON_CACHE_DIR=/home/user_lerobot/.cache/triton
+
 # Create the virtual environment
 # We use a virtual environment inside the container—even though the container itself \
 # provides isolation—to closely resemble local development and allow users to \
@@ -39,11 +58,12 @@ USER user_lerobot
 RUN uv venv

 # Install Python dependencies for caching
-COPY --chown=user_lerobot:user_lerobot pyproject.toml README.md ./
+COPY --chown=user_lerobot:user_lerobot pyproject.toml README.md MANIFEST.in ./
 COPY --chown=user_lerobot:user_lerobot src/ src/
 RUN uv pip install --no-cache ".[all]"

 # Copy the rest of the application code
+# Make sure to have the git-LFS files for testing
 COPY --chown=user_lerobot:user_lerobot . .

 # Set the default command
--- a/docker/lerobot-cpu/Dockerfile
+++ b/docker/lerobot-cpu/Dockerfile
@@ -1,29 +0,0 @@
-# Configure image
-ARG PYTHON_VERSION=3.10
-FROM python:${PYTHON_VERSION}-slim
-
-# Configure environment variables
-ARG PYTHON_VERSION
-ENV DEBIAN_FRONTEND=noninteractive
-ENV MUJOCO_GL="egl"
-ENV PATH="/opt/venv/bin:$PATH"
-
-# Install dependencies and set up Python in a single layer
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential cmake git \
-    libglib2.0-0 libgl1-mesa-glx libegl1-mesa ffmpeg \
-    speech-dispatcher libgeos-dev \
-    && ln -s /usr/bin/python${PYTHON_VERSION} /usr/bin/python \
-    && python -m venv /opt/venv \
-    && apt-get clean && rm -rf /var/lib/apt/lists/* \
-    && echo "source /opt/venv/bin/activate" >> /root/.bashrc
-
-# Clone repository and install LeRobot in a single layer
-COPY . /lerobot
-WORKDIR /lerobot
-RUN /opt/venv/bin/pip install --upgrade --no-cache-dir pip \
-    && /opt/venv/bin/pip install --no-cache-dir ".[test, aloha, xarm, pusht, smolvla]" \
-        --extra-index-url https://download.pytorch.org/whl/cpu
-
-# Execute in bash shell rather than python
-CMD ["/bin/bash"]
--- a/docker/lerobot-gpu-dev/Dockerfile
+++ b/docker/lerobot-gpu-dev/Dockerfile
@@ -1,68 +0,0 @@
-FROM nvidia/cuda:12.2.2-devel-ubuntu22.04
-
-# Configure image
-ARG PYTHON_VERSION=3.10
-ARG DEBIAN_FRONTEND=noninteractive
-
-# Install apt dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential cmake \
-    git git-lfs openssh-client \
-    nano vim less util-linux tree \
-    htop atop nvtop \
-    sed gawk grep curl wget zip unzip \
-    tcpdump sysstat screen tmux \
-    libglib2.0-0 libgl1-mesa-glx libegl1-mesa \
-    speech-dispatcher portaudio19-dev libgeos-dev \
-    python${PYTHON_VERSION} python${PYTHON_VERSION}-venv python${PYTHON_VERSION}-dev \
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-# Install ffmpeg build dependencies. See:
-# https://trac.ffmpeg.org/wiki/CompilationGuide/Ubuntu
-# TODO(aliberts): create image to build dependencies from source instead
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    autoconf automake yasm \
-    libass-dev \
-    libfreetype6-dev \
-    libgnutls28-dev \
-    libunistring-dev \
-    libmp3lame-dev \
-    libtool \
-    libvorbis-dev \
-    meson \
-    ninja-build \
-    pkg-config \
-    texinfo \
-    yasm \
-    zlib1g-dev \
-    nasm \
-    libx264-dev \
-    libx265-dev libnuma-dev \
-    libvpx-dev \
-    libfdk-aac-dev \
-    libopus-dev \
-    libsvtav1-dev libsvtav1enc-dev libsvtav1dec-dev \
-    libdav1d-dev
-
-# Install gh cli tool
-RUN (type -p wget >/dev/null || (apt update && apt-get install wget -y)) \
-    && mkdir -p -m 755 /etc/apt/keyrings \
-    && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
-    && chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
-    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
-    && apt update \
-    && apt install gh -y \
-    && apt clean && rm -rf /var/lib/apt/lists/*
-
-# Setup `python`
-RUN ln -s /usr/bin/python3 /usr/bin/python
-
-# Install poetry
-RUN curl -sSL https://install.python-poetry.org | python -
-ENV PATH="/root/.local/bin:$PATH"
-RUN echo 'if [ "$HOME" != "/root" ]; then ln -sf /root/.local/bin/poetry $HOME/.local/bin/poetry; fi' >> /root/.bashrc
-RUN poetry config virtualenvs.create false
-RUN poetry config virtualenvs.in-project true
-
-# Set EGL as the rendering backend for MuJoCo
-ENV MUJOCO_GL="egl"
--- a/docker/lerobot-gpu/Dockerfile
+++ b/docker/lerobot-gpu/Dockerfile
@@ -1,24 +0,0 @@
-FROM nvidia/cuda:12.4.1-base-ubuntu22.04
-
-# Configure environment variables
-ARG PYTHON_VERSION=3.10
-ENV DEBIAN_FRONTEND=noninteractive
-ENV MUJOCO_GL="egl"
-ENV PATH="/opt/venv/bin:$PATH"
-
-# Install dependencies and set up Python in a single layer
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential cmake git \
-    libglib2.0-0 libgl1-mesa-glx libegl1-mesa ffmpeg \
-    speech-dispatcher libgeos-dev \
-    python${PYTHON_VERSION}-dev python${PYTHON_VERSION}-venv \
-    && ln -s /usr/bin/python${PYTHON_VERSION} /usr/bin/python \
-    && python -m venv /opt/venv \
-    && apt-get clean && rm -rf /var/lib/apt/lists/* \
-    && echo "source /opt/venv/bin/activate" >> /root/.bashrc
-
-# Clone repository and install LeRobot in a single layer
-COPY . /lerobot
-WORKDIR /lerobot
-RUN /opt/venv/bin/pip install --upgrade --no-cache-dir pip \
-    && /opt/venv/bin/pip install --no-cache-dir ".[test, aloha, xarm, pusht, dynamixel, smolvla]"