forked from NVIDIA-AI-Blueprints/vulnerability-analysis
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDockerfile
executable file
·100 lines (79 loc) · 3.61 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# SPDX-FileCopyrightText: Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ARG BASE_IMG=nvcr.io/nvidia/cuda
ARG BASE_IMG_TAG=12.5.1-base-ubuntu22.04
FROM ${BASE_IMG}:${BASE_IMG_TAG} as base
# Install necessary dependencies using apt-get
RUN apt-get update && apt-get install -y \
git \
git-lfs \
wget \
&& apt-get clean
# Install miniconda
RUN wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O /tmp/miniconda.sh \
&& bash /tmp/miniconda.sh -b -p /opt/conda \
&& rm /tmp/miniconda.sh
# Add conda to the PATH
ENV PATH=/opt/conda/bin:$PATH
# Install Mamba, a faster alternative to conda, within the base environment
RUN --mount=type=cache,id=conda_pkgs,target=/opt/conda/pkgs,sharing=locked \
conda install -y mamba -n base -c conda-forge
# Create base environment
RUN --mount=type=cache,id=conda_pkgs,target=/opt/conda/pkgs,sharing=locked \
conda create -y --name morpheus-vuln-analysis
# Activate the environment (make it default for subsequent commands)
RUN echo "source activate morpheus-vuln-analysis" >> ~/.bashrc
# Set default shell to bash
SHELL ["/bin/bash", "-c"]
# Add conda channels required for the Morpheus dependencies
RUN source activate morpheus-vuln-analysis \
&& conda config --env --add channels conda-forge \
&& conda config --env --add channels nvidia \
&& conda config --env --add channels rapidsai \
&& conda config --env --add channels pytorch
RUN --mount=type=cache,id=conda_pkgs,target=/opt/conda/pkgs,sharing=locked \
source activate morpheus-vuln-analysis &&\
mamba install -y -c conda-forge tini=0.19
WORKDIR /workspace/
# Copy custom entrypoint script
# Copy just the conda env first to minimize cache busting
COPY requirements.yaml /workspace/requirements.yaml
SHELL ["/bin/bash", "-c"]
# Install dependencies
RUN --mount=type=cache,id=pip_cache,target=/root/.cache/pip,sharing=locked \
--mount=type=cache,id=conda_pkgs,target=/opt/conda/pkgs,sharing=locked \
source activate morpheus-vuln-analysis &&\
mamba env update -f ./requirements.yaml
# If any changes have been made from the base image, recopy the sources
COPY . /workspace/
# Mark all git repos as safe to avoid git errors
RUN echo $'\
[safe]\n\
directory = *\n\
'> /root/.gitconfig
ENTRYPOINT [ "/opt/conda/envs/morpheus-vuln-analysis/bin/tini", "--", "/workspace/docker/scripts/entrypoint.sh"]
# ===== Setup for development =====
FROM base as runtime
RUN --mount=type=cache,id=pip_cache,target=/root/.cache/pip,sharing=locked \
--mount=type=cache,id=conda_pkgs,target=/opt/conda/pkgs,sharing=locked \
source activate morpheus-vuln-analysis &&\
mamba install -y -c conda-forge \
ipywidgets \
jupyter_contrib_nbextensions \
# notebook v7 is incompatible with jupyter_contrib_nbextensions
notebook=6 &&\
jupyter contrib nbextension install --user &&\
pip install jupyterlab_nvdashboard==0.9
CMD ["jupyter-lab", "--no-browser", "--allow-root", "--ip='*'", "--port=8000", "--NotebookApp.token=''", "--NotebookApp.password=''"]