Writing SDK Images

When you’re working on a project and want to build and test it, you use Docker images, which are like ready-made toolkits. For the NEST-Compiler project, it needs a specific toolkit called nest-compiler-sdk to make sure all the necessary parts are there. These toolkits help make sure that everyone working on the project is using the same tools and settings.

Project Structure

You can create a project to build the SDK image, and use it in your project. The typical project structure would look something like this:

|- .gitlab.ci.yml
|- Dockerfile
|- LICENSE
|- README.md

Dockerfile

We suppose you are going to make a project using the following Dockerfile.

FROM ubuntu:20.04

ARG WORKDIR=/root/dev

# Create working folder
RUN mkdir -p $WORKDIR
WORKDIR $WORKDIR

# Update and install tools
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
    apt-get install -y clang clang-8 cmake graphviz libpng-dev \
        libprotobuf-dev llvm-8 llvm-8-dev ninja-build protobuf-compiler wget \
        opencl-headers libgoogle-glog-dev libboost-all-dev \
        libdouble-conversion-dev libevent-dev libssl-dev libgflags-dev \
        libjemalloc-dev libpthread-stubs0-dev \
        ocl-icd-opencl-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu curl unzip\
        # Additional dependencies
        git python python-numpy python3-pip && \
    # Delete outdated llvm to avoid conflicts
    apt-get autoremove -y llvm-6.0 && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
    unzip awscliv2.zip && \
    ./aws/install

# Point clang to llvm-8 version
RUN update-alternatives --install /usr/bin/clang clang \
        /usr/lib/llvm-8/bin/clang 50 && \
    update-alternatives --install /usr/bin/clang++ clang++ \
        /usr/lib/llvm-8/bin/clang++ 50

RUN pip3 install numpy decorator attrs pytest onnx scipy onnxruntime==1.12.1 PyYAML==6.0

# Point default C/C++ compiler to clang
RUN update-alternatives --set cc /usr/bin/clang && \
    update-alternatives --set c++ /usr/bin/clang++

# Install fmt
RUN git clone https://github.com/fmtlib/fmt && \
    cd fmt && \
    git reset --hard efe3694f150a1f307d014e68cd88350067769b19 && \
    mkdir build && \
    cd build && \
    cmake .. && make -j32 && \
    make install

RUN rm -rf fmt

RUN apt-get update && apt-get install -y libomp-dev

.gitlab-ci.yml

Write a .gitlab-ci.yml like below.

stages:
  - build

build:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - echo "{\"auths\":{\"${DOCKER_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${DOCKER_USERNAME}" "${DOCKER_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
  script:
    - /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${DOCKER_IMAGE}:${CI_COMMIT_REF_NAME}"
      --destination "${DOCKER_IMAGE}:latest"

This GitLab CI/CD script defines a job named “build” within a single “build” stage. The job uses the Kaniko executor to build a Docker image from the source code located in the project directory. The resulting Docker image is tagged with the Git branch name (CI_COMMIT_REF_NAME) and also tagged as “latest.” Additionally, it sets up Docker registry authentication using the provided registry credentials (DOCKER_USERNAME and DOCKER_PASSWORD). The Docker image is built based on the specified Dockerfile (Dockerfile).

Kaniko Executor

The Kaniko executor in GitLab CI/CD is a tool that allows building container images inside containers without the need for Docker daemon privileges. It provides a secure and flexible solution for building Docker images within CI/CD pipelines without requiring elevated permissions. Utilizing the Kaniko executor allowed us to remove the dependency on Docker-in-Docker (DIND) for all jobs within NEST-Compiler pipelines.

Kaniko project is led by Google. For more information, you can visit Kaniko GitHub and GitLab Documentation.

Required Variables

Define the required CI/CD variables in your project or in your group. For ONES-AI, we predefined DOCKER_REGISTRY, DOCKER_USERNAME, and DOCKER_PASSWORD. Please note that CI_PROJECT_DIR is automatically generated by GitLab CI/CD.

All you need to do is set DOCKER_IMAGE variable in your project. For this project, we set DOCKER_IMAGE as onesai1/nest-compiler-sdk. Please make sure to include the namespace onesai1 in your image name.

It’s important to note that since DOCKER_USERNAME and DOCKER_PASSWORD contain Docker registry login credentials, access is restricted to protected branches or tags. Using these credentials in other scenarios will lead to login failures.

Group Variables

Docker Repository

The built images can be found at our docker repository.

Using the Images

You can use this SDK image in your main project like below.

To use a specific version,

build:
  stage: build
  image: onesai1/nest-compiler-sdk:1.0.0

To use the latest,

build:
  stage: build
  image: onesai1/nest-compiler-sdk:latest