Skip to content

build(docker): exclude dev dependency-group from runtime image#1012

Merged
saturley-hall merged 3 commits into
mainfrom
hsaturleyhal/exclude-dev-group-from-container
May 30, 2026
Merged

build(docker): exclude dev dependency-group from runtime image#1012
saturley-hall merged 3 commits into
mainfrom
hsaturleyhal/exclude-dev-group-from-container

Conversation

@saturley-hall

@saturley-hall saturley-hall commented May 29, 2026

Copy link
Copy Markdown
Member

Summary

Two related fixes to dependency installation in the Dockerfile.

1. Exclude the dev dependency-group from the runtime image

The env-builder stage ran:

RUN uv sync --active --no-install-project

By default uv sync installs the PEP 735 dev dependency-group declared in pyproject.toml's [dependency-groups] (hypothesis, pre-commit). That venv (/opt/aiperf/venv) is copied wholesale into the runtime image, so dev-only tooling was shipping in the production container. (Confirmed by the installed versions matching the [dependency-groups] pins, not the looser [project.optional-dependencies] extras.)

This adds --no-default-groups so only the core runtime dependencies are installed:

-RUN uv sync --active --no-install-project
+RUN uv sync --active --no-install-project --no-default-groups

2. Make the test stage actually able to run tests

With the dev group no longer installed, the test stage (FROM env-builder) had no test tooling — and it never had pytest even before, since pytest lives in the [test] extra, not the dev group. The stage now reinstalls aiperf with the [test] extra from the already-built wheel:

COPY --from=wheel-builder /dist /tmp/dist
RUN WHEEL=$(ls /tmp/dist/aiperf-*.whl) \
    && uv pip install "aiperf[test] @ file://${WHEEL}" \
    && rm -rf /tmp/dist

This pulls pytest, pytest-asyncio, pytest-cov, pytest-xdist, hypothesis, httpx, jsonschema, looptime, and trustme into the test image.

Why change #1 is safe

  • CI unit/integration tests are unaffected. They install on the GitHub runner via make ci-install / make first-time-setupmake installuv pip install -e ".[dev]" (the [dev] extra), an entirely separate path from the Dockerfile's uv sync dependency-group. The container is never used to run those tests.
  • The test Docker stage is not built in CI. The only targets built (in nightly.yml) are wheel-artifact, runtime, and licenses-artifact; there is no --target test anywhere in .github/, Makefile, or docs. Change Add the license file and pre commit hooks #2 nonetheless makes that stage correct for anyone who does build it locally.

Impact

  • runtime (production) image: drops hypothesis, pre-commit, and their unique transitive deps — pure bloat removal. [dependency-groups] defines only the dev group, so no other group is affected.
  • test image: now has a working test toolchain instead of a half-populated venv.
  • Core runtime deps (tqdm, pydantic, transformers, etc.) are unchanged — they live in [project.dependencies] and are always installed.

Testing

  • git grep-verified there is no --target test consumer in CI/Makefile/docs.
  • Changes are confined to the Dockerfile (env-builder sync flag + test stage); no application code touched. The aiperf[test] @ file://… form is standard PEP 508 direct-reference-with-extras syntax supported by uv.

🤖 Generated with Claude Code

The env-builder stage ran `uv sync --active --no-install-project`, which by
default installs the PEP 735 `dev` dependency-group from pyproject.toml
(`hypothesis`, `pre-commit`). That venv is copied wholesale into the runtime
image, so dev-only tooling shipped in production.

Add `--no-default-groups` so only the core runtime dependencies are installed.

This is safe:
- CI unit/integration tests install `.[dev]` on the runner via `make install`,
  independently of the container, so they are unaffected.
- The Dockerfile `test` stage is never built in CI (only `wheel-artifact`,
  `runtime`, and `licenses-artifact` targets are used), and it lacks pytest
  regardless, so nothing relied on the dev group being present.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Harrison King Saturley-Hall <hsaturleyhal@nvidia.com>
@github-actions

github-actions Bot commented May 29, 2026

Copy link
Copy Markdown

Try out this PR

Quick install:

pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@e8b3d590825b043dddfc12cc28116de077463410

Recommended with virtual environment (using uv):

uv venv --python 3.12 && source .venv/bin/activate
uv pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@e8b3d590825b043dddfc12cc28116de077463410

Last updated for commit: e8b3d59Browse code

@github-actions github-actions Bot added the build label May 29, 2026
@coderabbitai

coderabbitai Bot commented May 29, 2026

Copy link
Copy Markdown
Contributor

Walkthrough

Dockerfile: env-builder now runs uv sync with --no-default-groups to exclude PEP 735 dev groups; the test stage now copies the built wheel into /tmp/dist, installs aiperf[test] from that wheel via uv pip install, and removes the wheel artifact.

Changes

Dockerfile build & test stages

Layer / File(s) Summary
Exclude dev groups from runtime environment build
Dockerfile
env-builder's uv sync adds --no-default-groups; comments clarify dev/test extras are not included in the runtime image.
Test stage: reinstall wheel with [test] extra
Dockerfile
test stage copies /dist -> /tmp/dist, runs uv pip install to install aiperf[test] from the wheel, and cleans up the wheel artifact instead of relying on env-builder-provided test deps.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through Dockerfile lines today,
Flags trimmed the dev fluff away,
A wheel copied, tested, then gone—
Clean images sprint at dawn. 🥕

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'build(docker): exclude dev dependency-group from runtime image' directly and clearly describes the main change: excluding dev dependency-group from the runtime image via the --no-default-groups flag in the env-builder stage.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov

codecov Bot commented May 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

With env-builder no longer pulling the dev group, the test stage (FROM
env-builder) had no test tooling at all -- and it never had pytest even
before, since pytest lives in the [test] extra, not the dev group.

Reinstall aiperf with the [test] extra (pytest, pytest-asyncio, pytest-cov,
pytest-xdist, hypothesis, httpx, jsonschema, looptime, trustme) from the
already-built wheel so the stage can actually run the suite. Uses the wheel
from wheel-builder via a PEP 508 direct reference with extras.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Harrison King Saturley-Hall <hsaturleyhal@nvidia.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
Dockerfile (1)

244-247: ⚡ Quick win

aiperf[test] uses the test extra (not a dependency-group); tighten wheel glob

test is defined under the root pyproject.toml’s [project.optional-dependencies], so uv pip install "aiperf[test] @ file://${WHEEL}" should resolve correctly as an extra (not a PEP 735 dependency-group).

Minor robustness: WHEEL=$(ls /tmp/dist/aiperf-*.whl) can break if the glob matches more than one wheel (newline(s) -> malformed file:// URL). The Dockerfile assumes a single wheel; consider enforcing “exactly one match”.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 244 - 247, The Dockerfile should keep installing the
extra as an extra (use "aiperf[test] @ file://${WHEEL}") but make the WHEEL
selection robust: ensure the glob for /tmp/dist/aiperf-*.whl yields exactly one
wheel (or deterministically pick one) before constructing WHEEL and running the
uv pip install step; update the WHEEL assignment and add a short guard that
fails the build or chooses a single wheel if multiple matches are present so the
resulting file:// URL is always valid (referencing the WHEEL variable and the uv
pip install "aiperf[test] @ file://${WHEEL}" invocation).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Dockerfile`:
- Around line 244-247: The Dockerfile should keep installing the extra as an
extra (use "aiperf[test] @ file://${WHEEL}") but make the WHEEL selection
robust: ensure the glob for /tmp/dist/aiperf-*.whl yields exactly one wheel (or
deterministically pick one) before constructing WHEEL and running the uv pip
install step; update the WHEEL assignment and add a short guard that fails the
build or chooses a single wheel if multiple matches are present so the resulting
file:// URL is always valid (referencing the WHEEL variable and the uv pip
install "aiperf[test] @ file://${WHEEL}" invocation).

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 06977f54-3e9a-4600-bb1c-251c709be112

📥 Commits

Reviewing files that changed from the base of the PR and between 331a96f and e8b3d59.

📒 Files selected for processing (1)
  • Dockerfile
@saturley-hall saturley-hall merged commit 4f52b9d into main May 30, 2026
25 of 26 checks passed
@saturley-hall saturley-hall deleted the hsaturleyhal/exclude-dev-group-from-container branch May 30, 2026 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3 participants