jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/podman/containers/hermetic.dockerfile
Jeremie Fraeys 7880ea8d79
refactor: reorganize podman directory structure 
Organize podman/ directory into logical subdirectories:

New structure:
- docs/          - ML_TOOLS_GUIDE.md, jupyter_workflow.md
- configs/       - environment*.yml, security_policy.json
- containers/    - *.dockerfile, *.podfile
- scripts/       - *.sh, *.py (secure_runner, cli_integration, etc.)
- jupyter/       - jupyter_cookie_secret (flattened from jupyter_runtime/runtime/)
- workspace/     - Example projects (cleaned of temp files)

Cleaned workspace:
- Removed .DS_Store, mlflow.db, cache/
- Removed duplicate cli_integration.py

Removed unnecessary nesting:
- Flattened jupyter_runtime/runtime/ to just jupyter/

Improves maintainability by grouping files by purpose and eliminating root directory clutter.
2026-02-18 16:40:46 -05:00

40 lines
1.5 KiB
Docker
Raw Blame History

# Hermetic Dockerfile - Reproducible builds with pinned dependencies
# Tag image with: deps-<first-8-of-sha256>
# Example: docker build -t mylab/pytorch:deps-abc123 .
FROM pytorch/pytorch:2.0.1-cuda11.8-cudnn8-runtime
# Pin system dependencies to specific versions for reproducibility
# These versions are frozen - update only after testing
RUN apt-get update && apt-get install -y --no-install-recommends \
libblas3=3.9.0-1build1 \
liblapack3=3.9.0-1build1 \
libcudnn8=8.6.0.163-1+cuda11.8 \
&& rm -rf /var/lib/apt/lists/*
# Install conda environment with pinned packages
COPY deps_manifest.json /tmp/deps_manifest.json
# If using conda environment file
RUN if [ -f /tmp/deps_manifest.json ]; then \
conda env update -n base -f /tmp/deps_manifest.json; \
fi
# If using requirements.txt with hashes
COPY requirements.txt /tmp/requirements.txt
RUN pip install --require-hashes --no-deps -r /tmp/requirements.txt \
|| echo "Warning: Some packages may not have hashes"
# Verify installation
RUN python -c "import torch; print(f'PyTorch: {torch.__version__}')" \
&& python -c "import numpy; print(f'NumPy: {numpy.__version__}')"
# Labels for provenance
LABEL org.opencontainers.image.title="Hermetic ML Environment" \
org.opencontainers.image.description="Reproducible ML training environment" \
org.fetchml.deps_manifest="/tmp/deps_manifest.json" \
org.fetchml.build_date="${BUILD_DATE}" \
org.fetchml.git_commit="${GIT_COMMIT}"
WORKDIR /workspace
CMD ["python", "--version"]
Reference in a new issue View git blame Copy permalink