diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..84ab69a9 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,44 @@ +{ + "name": "Iris", + // Use the existing Dockerfile + "build": { + "dockerfile": "../docker/Dockerfile", + "context": ".." + }, + // Runs on the HOST before the container is created/started. + // Creates a stable agent socket at ~/.ssh/ssh-agent.sock and optionally loads ~/.ssh/id_rsa. + "initializeCommand": "bash -lc \"bash '${localWorkspaceFolder}/.devcontainer/ensure-ssh-agent.sh'\"", + "runArgs": [ + "--name=${localEnv:USER}-iris-dev", + "--network=host", + "--device=/dev/kfd", + "--device=/dev/dri", + "--cap-add=SYS_PTRACE", + "--group-add=video", + "--security-opt=seccomp=unconfined", + "--shm-size=16G", + "--ipc=host", + "--ulimit=memlock=-1", + "--ulimit=stack=67108864" + ], + "features": { + "ghcr.io/devcontainers/features/common-utils:2": { + "installZsh": true, + "installOhMyZsh": true, + "upgradePackages": false, + "username": "automatic", + "uid": "automatic", + "gid": "automatic", + "configureZshAsDefaultShell": false + } + }, + "mounts": [ + "source=${localEnv:HOME}/.ssh/ssh-agent.sock,target=/tmp/ssh-agent.sock,type=bind" + ], + "remoteEnv": { + "SSH_AUTH_SOCK": "/tmp/ssh-agent.sock" + }, + "remoteUser": "vscode", + "postStartCommand": "bash -lc 'set -e; if ! getent group video >/dev/null; then sudo groupadd -r video || true; fi; if ! getent group render >/dev/null; then sudo groupadd -r render || true; fi; sudo usermod -aG video,render vscode || true'", + "updateRemoteUserUID": true +} \ No newline at end of file diff --git a/.devcontainer/ensure-ssh-agent.sh b/.devcontainer/ensure-ssh-agent.sh new file mode 100644 index 00000000..434af46e --- /dev/null +++ b/.devcontainer/ensure-ssh-agent.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +# Copyright (c) 2026 Advanced Micro Devices, Inc. All rights reserved. + +set -euo pipefail + +# This script runs on the HOST (via devcontainer.json "initializeCommand"). +# It ensures there is an ssh-agent with a stable socket at: +# ~/.ssh/ssh-agent.sock +# +# It also tries to load ~/.ssh/id_rsa if present. +# If your key is passphrase-protected and you're non-interactive, it may fail silently. + +SOCK="${HOME}/.ssh/ssh-agent.sock" + +mkdir -p "${HOME}/.ssh" + +if [[ -S "${SOCK}" ]]; then + exit 0 +fi + +rm -f "${SOCK}" +ssh-agent -a "${SOCK}" -t 8h >/dev/null + +if [[ -f "${HOME}/.ssh/id_rsa" ]]; then + SSH_AUTH_SOCK="${SOCK}" ssh-add "${HOME}/.ssh/id_rsa" >/dev/null 2>&1 || true +fi + +SSH_AUTH_SOCK="${SOCK}" ssh-add -l >/dev/null 2>&1 || true diff --git a/.gitignore b/.gitignore index d45568ef..4b338865 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,5 @@ __pycache__/ *.pywz *.pyzw *.pyzwz + +!.devcontainer/devcontainer.json \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index 6524f82e..35bce5b4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,5 +1,5 @@ # SPDX-License-Identifier: MIT -# Copyright (c) 2025 Advanced Micro Devices, Inc. All rights reserved. +# Copyright (c) 2025-2026 Advanced Micro Devices, Inc. All rights reserved. FROM rocm/pytorch:rocm7.1_ubuntu24.04_py3.13_pytorch_release_2.9.1 @@ -24,6 +24,9 @@ RUN apt-get update && \ git wget ninja-build cmake python3-pip python3-dev build-essential && \ rm -rf /var/lib/apt/lists/* +RUN groupadd -r video 2>/dev/null || true && \ + groupadd -r render 2>/dev/null || true + # Install Python packages with pip RUN pip3 install --upgrade pip && \ pip3 install wheel jupyter