# Writing SDK Images When you're working on a project and want to build and test it, you use Docker images, which are like ready-made toolkits. For the [NEST-Compiler](https://gitlab.com/ones-ai/nest-compiler) project, it needs a specific toolkit called [nest-compiler-sdk](https://gitlab.com/ones-ai/nest-compiler-sdk) to make sure all the necessary parts are there. These toolkits help make sure that everyone working on the project is using the same tools and settings. ## Project Structure You can create a project to build the SDK image, and use it in your project. The typical project structure would look something like this: ``` |- .gitlab.ci.yml |- Dockerfile |- LICENSE |- README.md ``` ## Dockerfile We suppose you are going to make a project using the following `Dockerfile`. ```Dockerfile FROM ubuntu:20.04 ARG WORKDIR=/root/dev # Create working folder RUN mkdir -p $WORKDIR WORKDIR $WORKDIR # Update and install tools ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ apt-get install -y clang clang-8 cmake graphviz libpng-dev \ libprotobuf-dev llvm-8 llvm-8-dev ninja-build protobuf-compiler wget \ opencl-headers libgoogle-glog-dev libboost-all-dev \ libdouble-conversion-dev libevent-dev libssl-dev libgflags-dev \ libjemalloc-dev libpthread-stubs0-dev \ ocl-icd-opencl-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu curl unzip\ # Additional dependencies git python python-numpy python3-pip && \ # Delete outdated llvm to avoid conflicts apt-get autoremove -y llvm-6.0 && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ unzip awscliv2.zip && \ ./aws/install # Point clang to llvm-8 version RUN update-alternatives --install /usr/bin/clang clang \ /usr/lib/llvm-8/bin/clang 50 && \ update-alternatives --install /usr/bin/clang++ clang++ \ /usr/lib/llvm-8/bin/clang++ 50 RUN pip3 install numpy decorator attrs pytest onnx scipy onnxruntime==1.12.1 PyYAML==6.0 # Point default C/C++ compiler to clang RUN update-alternatives --set cc /usr/bin/clang && \ update-alternatives --set c++ /usr/bin/clang++ # Install fmt RUN git clone https://github.com/fmtlib/fmt && \ cd fmt && \ git reset --hard efe3694f150a1f307d014e68cd88350067769b19 && \ mkdir build && \ cd build && \ cmake .. && make -j32 && \ make install RUN rm -rf fmt RUN apt-get update && apt-get install -y libomp-dev ``` ## .gitlab-ci.yml Write a `.gitlab-ci.yml` like below. ```yaml stages: - build build: stage: build image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] before_script: - echo "{\"auths\":{\"${DOCKER_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${DOCKER_USERNAME}" "${DOCKER_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json script: - /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile" --destination "${DOCKER_IMAGE}:${CI_COMMIT_REF_NAME}" --destination "${DOCKER_IMAGE}:latest" ``` This GitLab CI/CD script defines a job named "build" within a single "build" stage. The job uses the Kaniko executor to build a Docker image from the source code located in the project directory. The resulting Docker image is tagged with the Git branch name (`CI_COMMIT_REF_NAME`) and also tagged as "latest." Additionally, it sets up Docker registry authentication using the provided registry credentials (`DOCKER_USERNAME` and `DOCKER_PASSWORD`). The Docker image is built based on the specified Dockerfile (`Dockerfile`). ### Kaniko Executor The Kaniko executor in GitLab CI/CD is a tool that allows building container images inside containers without the need for Docker daemon privileges. It provides a secure and flexible solution for building Docker images within CI/CD pipelines without requiring elevated permissions. Utilizing the Kaniko executor allowed us to remove the dependency on Docker-in-Docker (DIND) for all jobs within NEST-Compiler pipelines. Kaniko project is led by Google. For more information, you can visit [Kaniko GitHub](https://github.com/GoogleContainerTools/kaniko) and [GitLab Documentation](https://docs.gitlab.com/ee/ci/docker/using_kaniko.html). ### Required Variables Define the required CI/CD variables in your project or in your group. For ONES-AI, we predefined `DOCKER_REGISTRY`, `DOCKER_USERNAME`, and `DOCKER_PASSWORD`. Please note that `CI_PROJECT_DIR` is automatically generated by GitLab CI/CD. All you need to do is set `DOCKER_IMAGE` variable in your project. For this project, we set `DOCKER_IMAGE` as `onesai1/nest-compiler-sdk`. Please make sure to include the namespace `onesai1` in your image name. It's important to note that since DOCKER_USERNAME and DOCKER_PASSWORD contain Docker registry login credentials, access is restricted to protected branches or tags. Using these credentials in other scenarios will lead to login failures. ![Group Variables](/resources/images/variables.png) ### Docker Repository The built images can be found at [our docker repository](https://hub.docker.com/r/onesai1/nest-compiler-sdk/tags). ### Using the Images You can use this SDK image in your main project like below. To use a specific version, ```yaml build: stage: build image: onesai1/nest-compiler-sdk:1.0.0 ``` To use the latest, ```yaml build: stage: build image: onesai1/nest-compiler-sdk:latest ```