Updated Dockerfile.cpu for Datascience jupyter to support on power (ppc64le) #2406

coderabbitai · 2025-09-11T06:29:32Z

🛠️ Refactor suggestion

Prefer TARGETARCH over uname -m for build-time conditionals

Using ${TARGETARCH} is more robust in cross-builds and aligns with our multi-arch patterns. Replace $(uname -m) checks with $TARGETARCH in all conditional RUNs for Power-only steps.

@@ -FROM cpu-base AS common-builder +FROM cpu-base AS common-builder +ARG TARGETARCH @@ -RUN if [ "$(uname -m)" = "ppc64le" ]; then \ +RUN if [ "$TARGETARCH" = "ppc64le" ]; then \ @@ -FROM common-builder AS onnx-builder +FROM common-builder AS onnx-builder +ARG TARGETARCH @@ -RUN if [ "$(uname -m)" = "ppc64le" ]; then \ +RUN if [ "$TARGETARCH" = "ppc64le" ]; then \ @@ -FROM common-builder AS openblas-builder +FROM common-builder AS openblas-builder +ARG TARGETARCH @@ -RUN if [ "$(uname -m)" = "ppc64le" ]; then \ +RUN if [ "$TARGETARCH" = "ppc64le" ]; then \ @@ -FROM jupyter-minimal AS jupyter-datascience +FROM jupyter-minimal AS jupyter-datascience +ARG TARGETARCH @@ -RUN if [ "$(uname -m)" = "ppc64le" ]; then \ +RUN if [ "$TARGETARCH" = "ppc64le" ]; then \

Also applies to: 71-86, 90-101, 165-172

🤖 Prompt for AI Agents

In jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu around lines 56-67, the RUN step uses `$(uname -m)` to gate Power-only installs; replace this build-time runtime check with the build-arg/ARG-based TARGETARCH variable (use `${TARGETARCH}`) in the conditional so cross-builds work correctly. Update the RUN conditionals at the other locations noted (lines ~71-86, 90-101, 165-172) the same way: ensure there is an ARG TARGETARCH earlier in the Dockerfile or rely on Docker buildkit provided TARGETARCH, and change `if [ "$(uname -m)" = "ppc64le" ]; then` to `if [ "${TARGETARCH}" = "ppc64le" ]; then` (or equivalent POSIX test) so the Power-only package installs run based on TARGETARCH during build.

coderabbitai · 2025-09-11T06:29:32Z

💡 Verification agent

🧩 Analysis chain

Confirm ONNX presence in pylock.toml to avoid double-install

If onnx is present in pylock.toml for non-Power arches, the separate wheel install on Power is fine. Ensure onnx is excluded from the lock for ppc64le to prevent conflicting versions.

🏁 Script executed:

#!/bin/bash # Confirm ONNX markers in pylock.toml for ppc64le rg -nP '(?i)^\s*name\s*=\s*"onnx"|platform_machine.*ppc64le' jupyter/datascience/ubi9-python-3.12/pylock.toml -C3

Length of output: 22231

Exclude onnx from pylock.toml for ppc64le to avoid double-install

pylock.toml contains onnx (1.19.0) with no ppc64le exclusion while Dockerfile.cpu installs /onnxwheels/*.whl on ppc64le — this will produce duplicate/conflicting installs.
Action: add marker = "platform_machine != 'ppc64le'" to the onnx [[packages]] entry in jupyter/datascience/ubi9-python-3.12/pylock.toml (approx. lines 2107–2111), or remove onnx from the lock and let jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu (lines 162–169) handle the ppc64le wheel install.

🤖 Prompt for AI Agents

In jupyter/datascience/ubi9-python-3.12/pylock.toml (around lines 2107–2111) and jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu (lines 162–169): pylock.toml currently includes onnx (1.19.0) without excluding ppc64le while the Dockerfile installs the ppc64le wheel, causing duplicate/conflicting installs; fix by editing the onnx [[packages]] entry in pylock.toml to add marker = "platform_machine != 'ppc64le'" so the lockfile skips onnx on ppc64le, or alternatively remove the onnx entry from the lockfile entirely and rely on the Dockerfile.cpu wheel install for ppc64le, then regenerate/commit the lockfile if changed.

this is difficult; I want to compile some wheels in a separate builder stage of a multistage docker build; is there a way to give uv the result and let it install that (and error out if my builder stage built wrong version, for example, different from what's in pylock.toml?)

.

Given your multi-architecture build requirements, I'd recommend Option 1 with --find-links as it provides the validation you want while working within uv's intended workflow patterns.

🐰 curious ears perked up, learning about advanced build orchestration

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:218-218 Timestamp: 2025-09-05T12:29:07.819Z Learning: jiridanek requested GitHub issue creation for uv multi-stage Docker build architectural investigation during PR #2227 review. The current implementation uses a three-stage build with whl-cache stage for wheel building/caching, base stage for OS setup, and final codeserver stage for offline installation using --offline flag and cache mounts. The pattern separates build phase (internet access, build tools) from install phase (offline, faster) while supporting multi-architecture builds (x86_64, ppc64le) with sentinel file coordination using /tmp/control files.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu:134-140 Timestamp: 2025-08-27T15:05:31.656Z Learning: jiridanek requested GitHub issue creation for CUDA wheel optimization in TrustyAI CPU image during PR #2145 review. The CPU Dockerfile currently uses pylock.toml with CUDA-enabled PyTorch wheels (torch==2.6.0+cu126) which was previously discussed with harshad16 and grdryn but deferred. Issue created with comprehensive problem analysis covering unnecessary CUDA wheels in CPU-only image, multiple solution options including lock regeneration and separate CPU/CUDA files, clear acceptance criteria for wheel optimization verification, and proper context linking to PR #2145 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: Makefile:451-457 Timestamp: 2025-08-27T16:04:49.874Z Learning: jiridanek requested GitHub issue creation for uv command optimization during PR #2145 review, specifically to explore using `uv export -o pylock.toml` instead of `uv pip compile pyproject.toml` for lockfile generation. Issue addresses the technical question of which uv command is more appropriate given the current workflow that uses both `uv lock` and pylock.toml generation. The investigation will cover technical differences, workflow integration, performance comparison, and alignment with uv best practices to determine the optimal approach for the project's lockfile generation pipeline.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: Makefile:451-457 Timestamp: 2025-08-27T16:04:49.874Z Learning: jiridanek requested GitHub issue creation for uv command optimization during PR #2145 review, specifically to explore using `uv export -o pylock.toml` instead of `uv pip compile pyproject.toml` for lockfile generation. Issue #2163 was created addressing the technical question of which uv command is more appropriate given the current workflow that uses both `uv lock` and pylock.toml generation. The investigation covers technical differences, workflow integration, performance comparison, and alignment with uv best practices to determine the optimal approach for the project's lockfile generation pipeline across 18+ notebook/runtime environments.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-07-01T10:41:56.419Z Learning: jiridanek's team uses containerized dependency locking for cross-platform compatibility in opendatahub-io/notebooks. They run `pipenv lock` inside UBI9 containers with specific platform arguments (`--platform=linux/amd64 --python-version 3.12`) to avoid host OS dependency conflicts when generating Pipfile.lock files.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1396 File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:124-127 Timestamp: 2025-07-20T20:47:36.509Z Learning: jiridanek identified that ARM64 wheels for h5py 3.14.0 are available on PyPI but being ignored due to AMD64-only dependency locking with --platform=linux/amd64. This causes unnecessary hdf5-devel package installation in ARM64 TensorFlow images when the ARM64 wheel h5py-3.14.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl could be used instead. The Pipfile.lock only contains 2 hashes for h5py, confirming limited platform consideration during lock generation.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda:152-159 Timestamp: 2025-08-27T14:49:24.112Z Learning: jiridanek requested GitHub issue creation for CUDA version alignment in pytorch+llmcompressor runtime during PR #2145 review. Issue #2148 was created addressing the mismatch between Dockerfile CUDA 12.6 and pylock.toml cu124 PyTorch wheels. The issue includes comprehensive problem description covering affected files (runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda and pylock.toml), detailed solution with PyTorch index URL update from cu124 to cu126, lock regeneration steps using uv, clear acceptance criteria for wheel alignment verification, and proper context linking to PR #2145 review comment, assigned to jiridanek.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1972 File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Pipfile:11-14 Timestamp: 2025-08-18T12:32:34.595Z Learning: In opendatahub-io/notebooks, jiridanek's team uses a sophisticated dependency management workaround where conflicting packages like vllm are placed in [dev-packages] sections of Pipfiles. This allows `pipenv lock` to generate complete dependency resolution during lock file creation, while runtime builds use `micropipenv install` (without --dev) to avoid installing the conflicting dev dependencies. This strategy enables successful Pipfile.lock generation despite package incompatibilities like vllm conflicting with compressed-tensors.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:122-123 Timestamp: 2025-09-05T12:25:09.719Z Learning: jiridanek requested GitHub issue creation for Docker multi-stage synchronization improvement in codeserver/ubi9-python-3.12/Dockerfile.cpu during PR #2227 review. The issue addresses sentinel file pattern using /tmp/control copied to /dev/null for stage coordination between rpm-base, whl-cache, and codeserver stages, proposing semantic improvements with descriptive file names, inline documentation, and elimination of /dev/null hack while maintaining multi-architecture build functionality for ppc64le support.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1998 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:159-161 Timestamp: 2025-08-19T11:45:12.501Z Learning: jiridanek requested GitHub issue creation for duplicated micropipenv installation cleanup in pytorch+llmcompressor images during PR #1998 review. Analysis confirmed duplication exists in both pytorch+llmcompressor Dockerfiles with micropipenv installed twice: unpinned early install (lines 23/36) for Pipfile.lock deployment and pinned later install (lines 160/248) in requirements.txt block. Issue #1999 created with comprehensive problem analysis covering exact line numbers and affected files, three solution options (remove early install, consolidate installations, conditional logic), detailed acceptance criteria covering build testing and functionality verification, implementation notes for coordination with version pinning efforts, and proper context linking to PR #1998 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-30T07:57:33.466Z Learning: uv's official documentation recommends against using both uv.lock and requirements.txt (or exported formats like pylock.toml) simultaneously. The recommended approach is to use either uv.lock for uv-native workflows OR exported formats for compatibility, but not both. If both are needed, uv suggests opening an issue to discuss the specific use case.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T11:27:31.040Z Learning: jiridanek requested GitHub issue creation for build toolchain optimization in datascience runtime during PR #2215 review. Issue #2308 was created addressing unnecessary build dependencies (gcc-toolset-13, cmake, ninja-build, rust, cargo) in final runtime image for ppc64le architecture, covering comprehensive problem analysis with specific line numbers, multiple solution options for builder-only toolchains, clear acceptance criteria for size reduction and security improvement, detailed implementation guidance for package segregation, and proper context linking to PR #2215 review comment, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue addresses build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue #2311 was created addressing build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, assigned to jiridanek, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2317 File: codeserver/ubi9-python-3.12/get_code_server_rpm.sh:31-37 Timestamp: 2025-09-05T13:16:48.754Z Learning: jiridanek requested GitHub issue creation for build tools installation unification across builder images during PR #2317 review. Issue #2322 was created addressing inconsistent build dependency management patterns across different builder images, proposing multiple solution approaches including Development Tools group installation, centralized configuration, and layered approaches, with comprehensive acceptance criteria covering auditing, standardization, regression prevention, and multi-architecture support (x86_64, ppc64le, aarch64, s390x), continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: atheo89 PR: opendatahub-io/notebooks#1258 File: codeserver/ubi9-python-3.11/Dockerfile.cpu:32-32 Timestamp: 2025-07-07T11:08:48.524Z Learning: atheo89 requested GitHub issue creation for multi-architecture Dockerfile improvements during PR #1258 review, specifically for enhancing structural consistency across Docker stages, replacing $(uname -m) with ${TARGETARCH} for cross-architecture builds, and adding OCI-compliant metadata labels. Issue #1332 was created with comprehensive problem description, phased implementation approach, detailed acceptance criteria, implementation guidance with code examples, and proper context linking, continuing the established pattern of systematic code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1179 File: jupyter/utils/install_pandoc.sh:1-1 Timestamp: 2025-09-05T07:46:50.781Z Learning: jiridanek requested GitHub issue creation during PR #1179 review to explore installing Pandoc from EPEL repository for ppc64le architecture as an alternative to building from source, noting that EPEL packages are acceptable unlike CentOS Stream in red-hat-data-services/notebooks. Issue #2281 was successfully created with comprehensive problem description covering build complexity concerns, multiple solution options, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:65-66 Timestamp: 2025-07-09T12:31:02.033Z Learning: jiridanek requested GitHub issue creation for MSSQL repo file hardcoding problem during PR #1320 review. Issue #1363 was created and updated with comprehensive problem description covering hardcoded x86_64 MSSQL repo files breaking multi-architecture builds across 10 affected Dockerfiles (including datascience, CUDA, ROCm, and TrustyAI variants), detailed root cause analysis, three solution options with code examples, clear acceptance criteria for all image types, implementation guidance following established multi-architecture patterns, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking. Issue #2158 was created with comprehensive analysis covering current limitations, investigation areas, multiple solution options, and clear acceptance criteria.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1333 File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:50-50 Timestamp: 2025-07-08T19:30:01.738Z Learning: jiridanek requested GitHub issue creation for multi-architecture support in ROCm TensorFlow image during PR #1333 review. Issue #1346 was created with comprehensive problem description covering hardcoded x86_64 architecture breaking multi-arch support, detailed impact analysis, three solution options (runtime detection, BuildKit TARGETARCH integration, hybrid approach) with pros/cons analysis, comprehensive acceptance criteria covering core requirements and testing, phased implementation guidance, related files identification, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

@coderabbitai previous answer is truncated, please analyze this again and print all your advice and options

@jiridanek Here's a comprehensive analysis of options for using pre-built wheels from multi-stage Docker builds with uv validation:

Option 1: --find-links with lockfile validation (Recommended)

RUN uv pip install --find-links /onnxwheels --find-links /openblas \ --requirements=./pylock.toml --verify-hashes

Pros:

uv validates wheel versions against pylock.toml

Errors if builder stage produced wrong version

Works with existing lockfile structure

uv prefers local wheels over remote when versions match

Cons:

Requires keeping onnx in pylock.toml (with platform_machine != 'ppc64le' marker)

May still try to download if local wheel doesn't match exactly

Option 2: --offline + --find-links (Strictest)

RUN uv pip install --offline --find-links /onnxwheels --find-links /openblas \ --requirements=./pylock.toml

Pros:

Forces use of local wheels only

No network access prevents fallback downloads

Still validates against lockfile requirements

Cons:

Requires ALL dependencies as local wheels

More complex build orchestration needed

Option 3: Hybrid approach - Exclude + separate install

# Install custom wheels first RUN pip install /onnxwheels/*.whl # Then install remaining from lockfile (with onnx excluded for ppc64le) RUN uv pip install --requirements=./pylock.toml

Pros:

Clean separation of custom vs standard packages

Simple to understand and debug

Cons:

Less validation between custom wheels and lockfile versions

Two separate install commands

Option 4: Custom wheel index

RUN python -m http.server 8000 --directory /wheels & RUN uv pip install --index-url http://localhost:8000/simple \ --extra-index-url https://pypi.org/simple --requirements=./pylock.toml

Pros:

Full index protocol compliance

Works with all uv features

Cons:

Requires HTTP server in container

More complex setup

Option 5: Pre-validation approach

# Validate wheel matches lockfile expectation RUN python -c " import re, sys wheel_name = '$(ls /onnxwheels/*.whl | head -1)' if not re.search(r'onnx-1\.19\.0-', wheel_name): sys.exit('Wheel version mismatch') " RUN pip install /onnxwheels/*.whl && \ uv pip install --requirements=./pylock.toml

Pros:

Explicit version validation

Fails fast on version mismatches

Clear error messages

Cons:

Manual validation logic

Not DRY with lockfile versions

Recommendation for your use case:

Option 1 with proper pylock.toml markers is ideal because:

You get uv's built-in validation

It errors on version mismatches automatically

Works with your existing multi-stage pattern

Requires minimal changes to current approach

Update pylock.toml to exclude onnx on ppc64le:

[[packages]] name = "onnx" version = "1.19.0" marker = "platform_machine != 'ppc64le'" # ... rest of entry

Then use --find-links in your Dockerfile:

RUN uv pip install --find-links /onnxwheels \ --requirements=./pylock.toml --verify-hashes

This gives you the validation you want while leveraging uv's intended workflow patterns.

🐰 thoughtful whiskers twitching, excited about sophisticated build orchestration solutions

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu:134-140 Timestamp: 2025-08-27T15:05:31.656Z Learning: jiridanek requested GitHub issue creation for CUDA wheel optimization in TrustyAI CPU image during PR #2145 review. The CPU Dockerfile currently uses pylock.toml with CUDA-enabled PyTorch wheels (torch==2.6.0+cu126) which was previously discussed with harshad16 and grdryn but deferred. Issue created with comprehensive problem analysis covering unnecessary CUDA wheels in CPU-only image, multiple solution options including lock regeneration and separate CPU/CUDA files, clear acceptance criteria for wheel optimization verification, and proper context linking to PR #2145 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:126-128 Timestamp: 2025-09-05T12:25:58.344Z Learning: jiridanek expressed concern about code-server installation complexity in codeserver/ubi9-python-3.12/Dockerfile.cpu during PR #2227 review, describing the multi-stage cache mount approach as a "hack" that worries them. GitHub issue #2315 was created addressing the architectural complexity with comprehensive problem description, four solution options, clear acceptance criteria, and implementation considerations, assigned to jiridanek, continuing the established pattern of systematic technical improvement tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:65-66 Timestamp: 2025-07-09T12:31:02.033Z Learning: jiridanek requested GitHub issue creation for MSSQL repo file hardcoding problem during PR #1320 review. Issue #1363 was created and updated with comprehensive problem description covering hardcoded x86_64 MSSQL repo files breaking multi-architecture builds across 10 affected Dockerfiles (including datascience, CUDA, ROCm, and TrustyAI variants), detailed root cause analysis, three solution options with code examples, clear acceptance criteria for all image types, implementation guidance following established multi-architecture patterns, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue #2311 was created addressing build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, assigned to jiridanek, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue addresses build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:218-218 Timestamp: 2025-09-05T12:29:07.819Z Learning: jiridanek requested GitHub issue creation for uv multi-stage Docker build architectural investigation during PR #2227 review. The current implementation uses a three-stage build with whl-cache stage for wheel building/caching, base stage for OS setup, and final codeserver stage for offline installation using --offline flag and cache mounts. The pattern separates build phase (internet access, build tools) from install phase (offline, faster) while supporting multi-architecture builds (x86_64, ppc64le) with sentinel file coordination using /tmp/control files.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Issue covers duplicate yum/dnf upgrade commands in cuda-base stages that execute after base stages already performed comprehensive upgrades, causing unnecessary CI latency and build inefficiency across multiple CUDA Dockerfiles. The solution requires investigating NVIDIA upstream documentation requirements before removing redundant upgrades, with systematic testing of all CUDA variants and performance measurement. Issue follows established pattern of comprehensive problem analysis, multiple solution options, detailed acceptance criteria, and proper context linking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T11:27:31.040Z Learning: jiridanek requested GitHub issue creation for build toolchain optimization in datascience runtime during PR #2215 review. Issue #2308 was created addressing unnecessary build dependencies (gcc-toolset-13, cmake, ninja-build, rust, cargo) in final runtime image for ppc64le architecture, covering comprehensive problem analysis with specific line numbers, multiple solution options for builder-only toolchains, clear acceptance criteria for size reduction and security improvement, detailed implementation guidance for package segregation, and proper context linking to PR #2215 review comment, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:122-123 Timestamp: 2025-09-05T12:25:09.719Z Learning: jiridanek requested GitHub issue creation for Docker multi-stage synchronization improvement in codeserver/ubi9-python-3.12/Dockerfile.cpu during PR #2227 review. The issue addresses sentinel file pattern using /tmp/control copied to /dev/null for stage coordination between rpm-base, whl-cache, and codeserver stages, proposing semantic improvements with descriptive file names, inline documentation, and elimination of /dev/null hack while maintaining multi-architecture build functionality for ppc64le support.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2317 File: codeserver/ubi9-python-3.12/get_code_server_rpm.sh:31-37 Timestamp: 2025-09-05T13:16:48.754Z Learning: jiridanek requested GitHub issue creation for build tools installation unification across builder images during PR #2317 review. Issue #2322 was created addressing inconsistent build dependency management patterns across different builder images, proposing multiple solution approaches including Development Tools group installation, centralized configuration, and layered approaches, with comprehensive acceptance criteria covering auditing, standardization, regression prevention, and multi-architecture support (x86_64, ppc64le, aarch64, s390x), continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: atheo89 PR: opendatahub-io/notebooks#1258 File: codeserver/ubi9-python-3.11/Dockerfile.cpu:32-32 Timestamp: 2025-07-07T11:08:48.524Z Learning: atheo89 requested GitHub issue creation for multi-architecture Dockerfile improvements during PR #1258 review, specifically for enhancing structural consistency across Docker stages, replacing $(uname -m) with ${TARGETARCH} for cross-architecture builds, and adding OCI-compliant metadata labels. Issue #1332 was created with comprehensive problem description, phased implementation approach, detailed acceptance criteria, implementation guidance with code examples, and proper context linking, continuing the established pattern of systematic code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1179 File: jupyter/utils/install_pandoc.sh:1-1 Timestamp: 2025-09-05T07:46:50.781Z Learning: jiridanek requested GitHub issue creation during PR #1179 review to explore installing Pandoc from EPEL repository for ppc64le architecture as an alternative to building from source, noting that EPEL packages are acceptable unlike CentOS Stream in red-hat-data-services/notebooks. Issue #2281 was successfully created with comprehensive problem description covering build complexity concerns, multiple solution options, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking. Issue #2158 was created with comprehensive analysis covering current limitations, investigation areas, multiple solution options, and clear acceptance criteria.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1333 File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:50-50 Timestamp: 2025-07-08T19:30:01.738Z Learning: jiridanek requested GitHub issue creation for multi-architecture support in ROCm TensorFlow image during PR #1333 review. Issue #1346 was created with comprehensive problem description covering hardcoded x86_64 architecture breaking multi-arch support, detailed impact analysis, three solution options (runtime detection, BuildKit TARGETARCH integration, hybrid approach) with pros/cons analysis, comprehensive acceptance criteria covering core requirements and testing, phased implementation guidance, related files identification, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

this makes no sense,

marker = "platform_machine != 'ppc64le'"

means uv won't try to install onnx ppc64le, but I do want it to install onnx, from wheel provided in /onnxwheels/*.whl

@jiridanek You're absolutely right - my previous suggestion was incorrect. Excluding onnx from pylock.toml would prevent installation entirely on ppc64le.

Here's the correct approach to get uv validation with your custom wheel:

Keep onnx in pylock.toml (no platform exclusion):

[[packages]] name = "onnx" version = "1.19.0" # No marker needed - let uv find and validate the local wheel

Use --find-links to provide the custom wheel:

RUN uv pip install --find-links /onnxwheels \ --requirements=./pylock.toml --verify-hashes

This way:

pylock.toml declares onnx==1.19.0 as required on all platforms

--find-links /onnxwheels makes uv discover your custom wheel

uv validates the wheel version matches the lockfile requirement

uv will error if your builder stage produced wrong version (e.g., 1.18.0 instead of 1.19.0)

On non-ppc64le, uv falls back to PyPI since no local wheel exists

The current pip install /onnxwheels/*.whl approach bypasses uv's validation entirely, which is why switching to --find-links gives you the validation you want while still installing your custom wheel.

🐰 ears perked up, realizing the validation flow should work seamlessly

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu:134-140 Timestamp: 2025-08-27T15:05:31.656Z Learning: jiridanek requested GitHub issue creation for CUDA wheel optimization in TrustyAI CPU image during PR #2145 review. The CPU Dockerfile currently uses pylock.toml with CUDA-enabled PyTorch wheels (torch==2.6.0+cu126) which was previously discussed with harshad16 and grdryn but deferred. Issue created with comprehensive problem analysis covering unnecessary CUDA wheels in CPU-only image, multiple solution options including lock regeneration and separate CPU/CUDA files, clear acceptance criteria for wheel optimization verification, and proper context linking to PR #2145 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:218-218 Timestamp: 2025-09-05T12:29:07.819Z Learning: jiridanek requested GitHub issue creation for uv multi-stage Docker build architectural investigation during PR #2227 review. The current implementation uses a three-stage build with whl-cache stage for wheel building/caching, base stage for OS setup, and final codeserver stage for offline installation using --offline flag and cache mounts. The pattern separates build phase (internet access, build tools) from install phase (offline, faster) while supporting multi-architecture builds (x86_64, ppc64le) with sentinel file coordination using /tmp/control files.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: Makefile:451-457 Timestamp: 2025-08-27T16:04:49.874Z Learning: jiridanek requested GitHub issue creation for uv command optimization during PR #2145 review, specifically to explore using `uv export -o pylock.toml` instead of `uv pip compile pyproject.toml` for lockfile generation. Issue #2163 was created addressing the technical question of which uv command is more appropriate given the current workflow that uses both `uv lock` and pylock.toml generation. The investigation covers technical differences, workflow integration, performance comparison, and alignment with uv best practices to determine the optimal approach for the project's lockfile generation pipeline across 18+ notebook/runtime environments.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: Makefile:451-457 Timestamp: 2025-08-27T16:04:49.874Z Learning: jiridanek requested GitHub issue creation for uv command optimization during PR #2145 review, specifically to explore using `uv export -o pylock.toml` instead of `uv pip compile pyproject.toml` for lockfile generation. Issue addresses the technical question of which uv command is more appropriate given the current workflow that uses both `uv lock` and pylock.toml generation. The investigation will cover technical differences, workflow integration, performance comparison, and alignment with uv best practices to determine the optimal approach for the project's lockfile generation pipeline.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-30T07:57:33.466Z Learning: uv's official documentation recommends against using both uv.lock and requirements.txt (or exported formats like pylock.toml) simultaneously. The recommended approach is to use either uv.lock for uv-native workflows OR exported formats for compatibility, but not both. If both are needed, uv suggests opening an issue to discuss the specific use case.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1396 File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:124-127 Timestamp: 2025-07-20T20:47:36.509Z Learning: jiridanek identified that ARM64 wheels for h5py 3.14.0 are available on PyPI but being ignored due to AMD64-only dependency locking with --platform=linux/amd64. This causes unnecessary hdf5-devel package installation in ARM64 TensorFlow images when the ARM64 wheel h5py-3.14.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl could be used instead. The Pipfile.lock only contains 2 hashes for h5py, confirming limited platform consideration during lock generation.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/pylock.toml:110-110 Timestamp: 2025-08-29T15:18:43.229Z Learning: When uv compiles dependencies with platform restrictions (like `platform_machine != 'ppc64le'`), it automatically propagates these markers to transitive dependencies in the generated lock files. This is expected behavior and doesn't require manual intervention in source files.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:122-123 Timestamp: 2025-09-05T12:25:09.719Z Learning: jiridanek requested GitHub issue creation for Docker multi-stage synchronization improvement in codeserver/ubi9-python-3.12/Dockerfile.cpu during PR #2227 review. The issue addresses sentinel file pattern using /tmp/control copied to /dev/null for stage coordination between rpm-base, whl-cache, and codeserver stages, proposing semantic improvements with descriptive file names, inline documentation, and elimination of /dev/null hack while maintaining multi-architecture build functionality for ppc64le support.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda:152-159 Timestamp: 2025-08-27T14:49:24.112Z Learning: jiridanek requested GitHub issue creation for CUDA version alignment in pytorch+llmcompressor runtime during PR #2145 review. Issue #2148 was created addressing the mismatch between Dockerfile CUDA 12.6 and pylock.toml cu124 PyTorch wheels. The issue includes comprehensive problem description covering affected files (runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda and pylock.toml), detailed solution with PyTorch index URL update from cu124 to cu126, lock regeneration steps using uv, clear acceptance criteria for wheel alignment verification, and proper context linking to PR #2145 review comment, assigned to jiridanek.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-27T15:12:21.684Z Learning: jiridanek requested GitHub issue creation for ROCm TensorFlow wheel optimization during PR #2145 review, specifically to move tensorflow-rocm URL from dependencies to tool.uv.sources pattern and add required-environments for x86_64 architecture validation. This follows uv-native patterns for cleaner dependency management and better lock-time guarantees.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T11:27:31.040Z Learning: jiridanek requested GitHub issue creation for build toolchain optimization in datascience runtime during PR #2215 review. Issue #2308 was created addressing unnecessary build dependencies (gcc-toolset-13, cmake, ninja-build, rust, cargo) in final runtime image for ppc64le architecture, covering comprehensive problem analysis with specific line numbers, multiple solution options for builder-only toolchains, clear acceptance criteria for size reduction and security improvement, detailed implementation guidance for package segregation, and proper context linking to PR #2215 review comment, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue addresses build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue #2311 was created addressing build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, assigned to jiridanek, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2317 File: codeserver/ubi9-python-3.12/get_code_server_rpm.sh:31-37 Timestamp: 2025-09-05T13:16:48.754Z Learning: jiridanek requested GitHub issue creation for build tools installation unification across builder images during PR #2317 review. Issue #2322 was created addressing inconsistent build dependency management patterns across different builder images, proposing multiple solution approaches including Development Tools group installation, centralized configuration, and layered approaches, with comprehensive acceptance criteria covering auditing, standardization, regression prevention, and multi-architecture support (x86_64, ppc64le, aarch64, s390x), continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: atheo89 PR: opendatahub-io/notebooks#1258 File: codeserver/ubi9-python-3.11/Dockerfile.cpu:32-32 Timestamp: 2025-07-07T11:08:48.524Z Learning: atheo89 requested GitHub issue creation for multi-architecture Dockerfile improvements during PR #1258 review, specifically for enhancing structural consistency across Docker stages, replacing $(uname -m) with ${TARGETARCH} for cross-architecture builds, and adding OCI-compliant metadata labels. Issue #1332 was created with comprehensive problem description, phased implementation approach, detailed acceptance criteria, implementation guidance with code examples, and proper context linking, continuing the established pattern of systematic code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1179 File: jupyter/utils/install_pandoc.sh:1-1 Timestamp: 2025-09-05T07:46:50.781Z Learning: jiridanek requested GitHub issue creation during PR #1179 review to explore installing Pandoc from EPEL repository for ppc64le architecture as an alternative to building from source, noting that EPEL packages are acceptable unlike CentOS Stream in red-hat-data-services/notebooks. Issue #2281 was successfully created with comprehensive problem description covering build complexity concerns, multiple solution options, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:65-66 Timestamp: 2025-07-09T12:31:02.033Z Learning: jiridanek requested GitHub issue creation for MSSQL repo file hardcoding problem during PR #1320 review. Issue #1363 was created and updated with comprehensive problem description covering hardcoded x86_64 MSSQL repo files breaking multi-architecture builds across 10 affected Dockerfiles (including datascience, CUDA, ROCm, and TrustyAI variants), detailed root cause analysis, three solution options with code examples, clear acceptance criteria for all image types, implementation guidance following established multi-architecture patterns, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking. Issue #2158 was created with comprehensive analysis covering current limitations, investigation areas, multiple solution options, and clear acceptance criteria.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1333 File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:50-50 Timestamp: 2025-07-08T19:30:01.738Z Learning: jiridanek requested GitHub issue creation for multi-architecture support in ROCm TensorFlow image during PR #1333 review. Issue #1346 was created with comprehensive problem description covering hardcoded x86_64 architecture breaking multi-arch support, detailed impact analysis, three solution options (runtime detection, BuildKit TARGETARCH integration, hybrid approach) with pros/cons analysis, comprehensive acceptance criteria covering core requirements and testing, phased implementation guidance, related files identification, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

how may I provide --verify-hashes when I'm building the onnx wheel as part of the dockerfile build and i don't know what hash it will have when creating pylock.toml

@jiridanek You're hitting a fundamental challenge with hash verification for build-time generated wheels. Here are the practical approaches:

Option 1: Split installation (Recommended)

# Install custom wheels without hash verification RUN uv pip install --find-links /onnxwheels --no-deps onnx # Then install remaining packages with hash verification RUN uv pip install --verify-hashes --requirements=./pylock.toml

This maintains hash verification for PyPI packages while allowing your custom wheel.

Option 2: Selective hash verification

# Create a lockfile subset without onnx for hash verification RUN grep -v "name.*onnx" pylock.toml > pylock_no_onnx.toml RUN uv pip install /onnxwheels/*.whl # Custom wheel RUN uv pip install --verify-hashes --requirements=pylock_no_onnx.toml

Option 3: Generate hash during build

# Build wheel and capture hash RUN cd /onnxwheels && python -c " import hashlib import glob wheel = glob.glob('*.whl')[0] with open(wheel, 'rb') as f: hash_val = 'sha256:' + hashlib.sha256(f.read()).hexdigest() print(f'{wheel} has hash {hash_val}') " > wheel_hash.txt # Then use the hash in installation (more complex)

Option 4: Use --no-deps for find-links

RUN uv pip install --find-links /onnxwheels --no-deps \ --verify-hashes --requirements=./pylock.toml

I'd recommend Option 1 as it's clean, maintains security for PyPI packages, and works reliably with your multi-stage build pattern. You get hash verification for 99% of packages while allowing the few custom-built ones to install without it.

✏️ Learnings added

Learnt from: jiridanek PR: opendatahub-io/notebooks#2406 File: jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu:162-169 Timestamp: 2025-09-11T07:45:16.965Z Learning: jiridanek asked about using --verify-hashes with custom-built wheels in Docker multi-stage builds where the wheel hash is unknown until build completion. The solution involves splitting installation into two phases: first install custom wheels without hash verification, then install remaining packages from lockfile with --verify-hashes to maintain security for PyPI packages while allowing custom wheels.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu:134-140 Timestamp: 2025-08-27T15:05:31.656Z Learning: jiridanek requested GitHub issue creation for CUDA wheel optimization in TrustyAI CPU image during PR #2145 review. The CPU Dockerfile currently uses pylock.toml with CUDA-enabled PyTorch wheels (torch==2.6.0+cu126) which was previously discussed with harshad16 and grdryn but deferred. Issue created with comprehensive problem analysis covering unnecessary CUDA wheels in CPU-only image, multiple solution options including lock regeneration and separate CPU/CUDA files, clear acceptance criteria for wheel optimization verification, and proper context linking to PR #2145 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:218-218 Timestamp: 2025-09-05T12:29:07.819Z Learning: jiridanek requested GitHub issue creation for uv multi-stage Docker build architectural investigation during PR #2227 review. The current implementation uses a three-stage build with whl-cache stage for wheel building/caching, base stage for OS setup, and final codeserver stage for offline installation using --offline flag and cache mounts. The pattern separates build phase (internet access, build tools) from install phase (offline, faster) while supporting multi-architecture builds (x86_64, ppc64le) with sentinel file coordination using /tmp/control files.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: Makefile:451-457 Timestamp: 2025-08-27T16:04:49.874Z Learning: jiridanek requested GitHub issue creation for uv command optimization during PR #2145 review, specifically to explore using `uv export -o pylock.toml` instead of `uv pip compile pyproject.toml` for lockfile generation. Issue #2163 was created addressing the technical question of which uv command is more appropriate given the current workflow that uses both `uv lock` and pylock.toml generation. The investigation covers technical differences, workflow integration, performance comparison, and alignment with uv best practices to determine the optimal approach for the project's lockfile generation pipeline across 18+ notebook/runtime environments.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: Makefile:451-457 Timestamp: 2025-08-27T16:04:49.874Z Learning: jiridanek requested GitHub issue creation for uv command optimization during PR #2145 review, specifically to explore using `uv export -o pylock.toml` instead of `uv pip compile pyproject.toml` for lockfile generation. Issue addresses the technical question of which uv command is more appropriate given the current workflow that uses both `uv lock` and pylock.toml generation. The investigation will cover technical differences, workflow integration, performance comparison, and alignment with uv best practices to determine the optimal approach for the project's lockfile generation pipeline.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-30T07:57:33.466Z Learning: uv's official documentation recommends against using both uv.lock and requirements.txt (or exported formats like pylock.toml) simultaneously. The recommended approach is to use either uv.lock for uv-native workflows OR exported formats for compatibility, but not both. If both are needed, uv suggests opening an issue to discuss the specific use case.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1396 File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:124-127 Timestamp: 2025-07-20T20:47:36.509Z Learning: jiridanek identified that ARM64 wheels for h5py 3.14.0 are available on PyPI but being ignored due to AMD64-only dependency locking with --platform=linux/amd64. This causes unnecessary hdf5-devel package installation in ARM64 TensorFlow images when the ARM64 wheel h5py-3.14.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl could be used instead. The Pipfile.lock only contains 2 hashes for h5py, confirming limited platform consideration during lock generation.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda:152-159 Timestamp: 2025-08-27T14:49:24.112Z Learning: jiridanek requested GitHub issue creation for CUDA version alignment in pytorch+llmcompressor runtime during PR #2145 review. Issue #2148 was created addressing the mismatch between Dockerfile CUDA 12.6 and pylock.toml cu124 PyTorch wheels. The issue includes comprehensive problem description covering affected files (runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda and pylock.toml), detailed solution with PyTorch index URL update from cu124 to cu126, lock regeneration steps using uv, clear acceptance criteria for wheel alignment verification, and proper context linking to PR #2145 review comment, assigned to jiridanek.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue #2311 was created addressing build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, assigned to jiridanek, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T12:10:50.856Z Learning: jiridanek requested GitHub issue creation for Dockerfile environment variable refactoring during PR #2215 review. Issue addresses build-only variables (OPENBLAS_VERSION, ONNX_VERSION, GRPC_PYTHON_BUILD_SYSTEM_OPENSSL) being unnecessarily written to /etc/profile.d/ppc64le.sh in runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu, causing variable duplication across stages, unreliable sourcing in non-login build contexts, and violation of DRY principles. The issue includes comprehensive problem description covering affected lines 30-37, detailed impact analysis of build reliability and maintenance overhead, three solution options with centralized ARG/ENV approach as recommended, clear acceptance criteria for version centralization and build-only variable cleanup, and specific implementation guidance with code examples, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda:152-159 Timestamp: 2025-08-27T14:49:24.112Z Learning: jiridanek requested GitHub issue creation for CUDA version alignment in pytorch+llmcompressor runtime during PR #2145 review. Issue addresses mismatch between Dockerfile CUDA 12.6 and pylock.toml cu124 PyTorch wheels. Comprehensive issue created with detailed problem description covering affected files, current state analysis, step-by-step solution including PyTorch index URL update and lock regeneration, clear acceptance criteria for cu126 wheel verification, and proper context linking to PR #2145 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1998 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:159-161 Timestamp: 2025-08-19T11:45:12.501Z Learning: jiridanek requested GitHub issue creation for duplicated micropipenv installation cleanup in pytorch+llmcompressor images during PR #1998 review. Analysis confirmed duplication exists in both pytorch+llmcompressor Dockerfiles with micropipenv installed twice: unpinned early install (lines 23/36) for Pipfile.lock deployment and pinned later install (lines 160/248) in requirements.txt block. Issue #1999 created with comprehensive problem analysis covering exact line numbers and affected files, three solution options (remove early install, consolidate installations, conditional logic), detailed acceptance criteria covering build testing and functionality verification, implementation notes for coordination with version pinning efforts, and proper context linking to PR #1998 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue was created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:65-66 Timestamp: 2025-07-09T12:31:02.033Z Learning: jiridanek requested GitHub issue creation for MSSQL repo file hardcoding problem during PR #1320 review. Issue #1363 was created and updated with comprehensive problem description covering hardcoded x86_64 MSSQL repo files breaking multi-architecture builds across 10 affected Dockerfiles (including datascience, CUDA, ROCm, and TrustyAI variants), detailed root cause analysis, three solution options with code examples, clear acceptance criteria for all image types, implementation guidance following established multi-architecture patterns, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue #2104 was successfully created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, authentication handling for quay.io registry, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2227 File: codeserver/ubi9-python-3.12/Dockerfile.cpu:122-123 Timestamp: 2025-09-05T12:25:09.719Z Learning: jiridanek requested GitHub issue creation for Docker multi-stage synchronization improvement in codeserver/ubi9-python-3.12/Dockerfile.cpu during PR #2227 review. The issue addresses sentinel file pattern using /tmp/control copied to /dev/null for stage coordination between rpm-base, whl-cache, and codeserver stages, proposing semantic improvements with descriptive file names, inline documentation, and elimination of /dev/null hack while maintaining multi-architecture build functionality for ppc64le support.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-09-10T21:02:52.909Z Learning: jiridanek requested GitHub issue creation for external tool version pinning in codeserver/ubi9-python-3.12/get_code_server_rpm.sh during PR #2356 review. The issue addresses floating "latest" versions for NFPM and NVM tools causing build flakiness and SBOM drift, proposing pinned versions with environment variable overrides and optional checksum validation, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2215 File: runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu:0-0 Timestamp: 2025-09-05T11:27:31.040Z Learning: jiridanek requested GitHub issue creation for build toolchain optimization in datascience runtime during PR #2215 review. Issue #2308 was created addressing unnecessary build dependencies (gcc-toolset-13, cmake, ninja-build, rust, cargo) in final runtime image for ppc64le architecture, covering comprehensive problem analysis with specific line numbers, multiple solution options for builder-only toolchains, clear acceptance criteria for size reduction and security improvement, detailed implementation guidance for package segregation, and proper context linking to PR #2215 review comment, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2317 File: codeserver/ubi9-python-3.12/get_code_server_rpm.sh:31-37 Timestamp: 2025-09-05T13:16:48.754Z Learning: jiridanek requested GitHub issue creation for build tools installation unification across builder images during PR #2317 review. Issue #2322 was created addressing inconsistent build dependency management patterns across different builder images, proposing multiple solution approaches including Development Tools group installation, centralized configuration, and layered approaches, with comprehensive acceptance criteria covering auditing, standardization, regression prevention, and multi-architecture support (x86_64, ppc64le, aarch64, s390x), continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: atheo89 PR: opendatahub-io/notebooks#1258 File: codeserver/ubi9-python-3.11/Dockerfile.cpu:32-32 Timestamp: 2025-07-07T11:08:48.524Z Learning: atheo89 requested GitHub issue creation for multi-architecture Dockerfile improvements during PR #1258 review, specifically for enhancing structural consistency across Docker stages, replacing $(uname -m) with ${TARGETARCH} for cross-architecture builds, and adding OCI-compliant metadata labels. Issue #1332 was created with comprehensive problem description, phased implementation approach, detailed acceptance criteria, implementation guidance with code examples, and proper context linking, continuing the established pattern of systematic code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1179 File: jupyter/utils/install_pandoc.sh:1-1 Timestamp: 2025-09-05T07:46:50.781Z Learning: jiridanek requested GitHub issue creation during PR #1179 review to explore installing Pandoc from EPEL repository for ppc64le architecture as an alternative to building from source, noting that EPEL packages are acceptable unlike CentOS Stream in red-hat-data-services/notebooks. Issue #2281 was successfully created with comprehensive problem description covering build complexity concerns, multiple solution options, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic infrastructure improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking. Issue #2158 was created with comprehensive analysis covering current limitations, investigation areas, multiple solution options, and clear acceptance criteria.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2145 File: runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml:75-77 Timestamp: 2025-08-27T15:33:28.871Z Learning: jiridanek requested GitHub issue creation for multi-architecture environment exploration during PR #2145 review, specifically to investigate architecture-specific environments for ROCm TensorFlow wheel optimization across x86_64, aarch64, ppc64le, and s390x architectures, noting uncertainty about implementation benefits but wanting systematic exploration through issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1333 File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:50-50 Timestamp: 2025-07-08T19:30:01.738Z Learning: jiridanek requested GitHub issue creation for multi-architecture support in ROCm TensorFlow image during PR #1333 review. Issue #1346 was created with comprehensive problem description covering hardcoded x86_64 architecture breaking multi-arch support, detailed impact analysis, three solution options (runtime detection, BuildKit TARGETARCH integration, hybrid approach) with pros/cons analysis, comprehensive acceptance criteria covering core requirements and testing, phased implementation guidance, related files identification, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

coderabbitai · 2025-09-11T06:29:32Z

🛠️ Refactor suggestion

⚠️ Potential issue

Fix: OpenBLAS “make install” runs in final image without make installed

The final stage calls make -C /openblas install, but make isn’t installed in the runtime image. Install artifacts in the builder and copy them into the final image instead to avoid toolchain bleed and build failures.

Apply this diff in the openblas-builder stage and final stage:

@@ FROM common-builder AS openblas-builder -ARG OPENBLAS_VERSION=0.3.30 +ARG OPENBLAS_VERSION=0.3.30 WORKDIR /root RUN if [ "$(uname -m)" = "ppc64le" ]; then \ wget https://github.com/OpenMathLib/OpenBLAS/releases/download/v${OPENBLAS_VERSION}/OpenBLAS-${OPENBLAS_VERSION}.zip && \ unzip OpenBLAS-${OPENBLAS_VERSION}.zip && \ cd OpenBLAS-${OPENBLAS_VERSION} && \ - make -j$(nproc) TARGET=POWER9 BINARY=64 USE_OPENMP=1 USE_THREAD=1 NUM_THREADS=120 DYNAMIC_ARCH=1 INTERFACE64=0; \ + make -j$(nproc) TARGET=POWER9 BINARY=64 USE_OPENMP=1 USE_THREAD=1 NUM_THREADS=120 DYNAMIC_ARCH=1 INTERFACE64=0 && \ + make install PREFIX=/usr/local DESTDIR=/root/openblas-stage; \ else \ - mkdir -p OpenBLAS-${OPENBLAS_VERSION}; \ + mkdir -p openblas-stage; \ echo "Skipping OpenBLAS build on non-Power"; \ fi @@ -# Copy OpenBLAS,ONNX wheels for Power -COPY --from=openblas-builder /root/OpenBLAS-${OPENBLAS_VERSION} /openblas +# Copy OpenBLAS,ONNX wheels for Power +COPY --from=openblas-builder /root/openblas-stage/usr/local/ /usr/local/ COPY --from=onnx-builder /root/onnx_wheel/ /onnxwheels/ @@ -# Power-specific ONNX/OpenBLAS installation -RUN if [ "$(uname -m)" = "ppc64le" ]; then \ - pip install /onnxwheels/*.whl && \ - PREFIX=/usr/local make -C /openblas install && \ - rm -rf /onnxwheels /openblas; \ - else \ - echo "Skipping ONNX/OpenBLAS install on non-Power"; \ - fi +# Power-specific ONNX installation +RUN if [ "$(uname -m)" = "ppc64le" ]; then \ + pip install /onnxwheels/*.whl && \ + rm -rf /onnxwheels; \ + else \ + echo "Skipping ONNX install on non-Power"; \ + fi

Committable suggestion skipped: line range outside the PR's diff.

-Original file line number
+Diff line change
@@ Expand Up @@
         rm -f /tmp/openshift-client-linux.tar.gz
     # Install the oc client end
+    #######################################################
+    # common-builder (for Power-only)
+    #######################################################
+    FROM cpu-base AS common-builder
+    USER root
+    RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+        dnf install -y gcc-toolset-13 cmake ninja-build git wget unzip && \
+        dnf clean all; \
+        else \
+         echo "Skipping common-builder package install on non-Power"; \
+        fi
+    #######################################################
+    # onnx-builder (Power-only)
+    #######################################################
+    FROM common-builder AS onnx-builder
+    ARG ONNX_VERSION=v1.19.0
+    WORKDIR /root
+    RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+        source /opt/rh/gcc-toolset-13/enable && \
+        git clone --recursive https://github.com/onnx/onnx.git && \
+        cd onnx && git checkout ${ONNX_VERSION} && \
+        git submodule update --init --recursive && \
+        pip install -r requirements.txt && \
+        export CMAKE_ARGS="-DPython3_EXECUTABLE=$(which python3.12)" && \
+        pip wheel . -w /root/onnx_wheel; \
+        else \
+        echo "Skipping ONNX build on non-Power"; \
+        mkdir -p /root/onnx_wheel; \
+        fi
+    #######################################################
+    # openblas-builder (Power-only)
+    #######################################################
+    FROM common-builder AS openblas-builder
+    ARG OPENBLAS_VERSION=0.3.30
+    WORKDIR /root
+    RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+        wget https://github.com/OpenMathLib/OpenBLAS/releases/download/v${OPENBLAS_VERSION}/OpenBLAS-${OPENBLAS_VERSION}.zip && \
+        unzip OpenBLAS-${OPENBLAS_VERSION}.zip && \
+        cd OpenBLAS-${OPENBLAS_VERSION} && \
+        make -j$(nproc) TARGET=POWER9 BINARY=64 USE_OPENMP=1 USE_THREAD=1 NUM_THREADS=120 DYNAMIC_ARCH=1 INTERFACE64=0; \
+        else \
+        mkdir -p OpenBLAS-${OPENBLAS_VERSION}; \
+        echo "Skipping OpenBLAS build on non-Power"; \
+        fi
     ####################
     # jupyter-minimal #
     ####################
@@ Expand Down Expand Up / @@ -85,6 +131,7 @@ ENTRYPOINT ["start-notebook.sh"] @@
     FROM jupyter-minimal AS jupyter-datascience
     ARG DATASCIENCE_SOURCE_CODE=jupyter/datascience/ubi9-python-3.12
+    ARG OPENBLAS_VERSION=0.3.30
     LABEL name="odh-notebook-jupyter-datascience-ubi9-python-3.12" \
         summary="Jupyter data science notebook image for ODH notebooks" \
@@ Expand All / @@ -102,15 +149,32 @@ WORKDIR /opt/app-root/bin @@
     USER root
     # Install useful OS packages
-    RUN dnf install -y jq unixODBC postgresql git-lfs libsndfile libxcrypt-compat && dnf clean all && rm -rf /var/cache/yum
+    RUN dnf install -y jq unixODBC unixODBC-devel postgresql git-lfs libsndfile libxcrypt-compat && \
+        dnf clean all && rm -rf /var/cache/yum
     # Copy dynamically-linked mongocli built in earlier build stage
     COPY --from=mongocli-builder /tmp/mongocli /opt/app-root/bin/
+    ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
+    # Copy OpenBLAS,ONNX wheels for Power
+    COPY --from=openblas-builder /root/OpenBLAS-${OPENBLAS_VERSION} /openblas
+    COPY --from=onnx-builder /root/onnx_wheel/ /onnxwheels/
+    # Power-specific ONNX/OpenBLAS installation
+    RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+        pip install /onnxwheels/*.whl && \
+        PREFIX=/usr/local make -C /openblas install && \
+        rm -rf /onnxwheels /openblas; \
+        else \
+        echo "Skipping ONNX/OpenBLAS install on non-Power"; \
+        fi
     # Other apps and tools installed as default user
     USER 1001
-    # Install Python packages and Jupyterlab extensions from requirements.txt
+    # Install Python packages and Jupyterlab extensions from pylock.toml
     COPY ${DATASCIENCE_SOURCE_CODE}/pylock.toml ./
     # Copy Elyra setup to utils so that it's sourced at startup
     COPY ${DATASCIENCE_SOURCE_CODE}/setup-elyra.sh ${DATASCIENCE_SOURCE_CODE}/utils ./utils/
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Updated Dockerfile.cpu for Datascience jupyter to support on power (ppc64le) #2406

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai bot Sep 11, 2025

Uh oh!

coderabbitai bot Sep 11, 2025 •

edited

Loading

Uh oh!

jiridanek Sep 11, 2025

Uh oh!

coderabbitai bot Sep 11, 2025

Uh oh!

jiridanek Sep 11, 2025

Uh oh!

coderabbitai bot Sep 11, 2025

Uh oh!

jiridanek Sep 11, 2025

Uh oh!

coderabbitai bot Sep 11, 2025

Uh oh!

jiridanek Sep 11, 2025 •

edited

Loading

Uh oh!

coderabbitai bot Sep 11, 2025

Uh oh!

coderabbitai bot Sep 11, 2025

Uh oh!

Uh oh!

Uh oh!

Updated Dockerfile.cpu for Datascience jupyter to support on power (ppc64le) #2406

Uh oh!

Updated Dockerfile.cpu for Datascience jupyter to support on power (ppc64le) #2406

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

jiridanek Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

jiridanek Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

Option 1: --find-links with lockfile validation (Recommended)

Option 2: --offline + --find-links (Strictest)

Option 3: Hybrid approach - Exclude + separate install

Option 4: Custom wheel index

Option 5: Pre-validation approach

Recommendation for your use case:

Uh oh!

jiridanek Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

jiridanek Sep 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

Option 1: Split installation (Recommended)

Option 2: Selective hash verification

Option 3: Generate hash during build

Option 4: Use --no-deps for find-links

Uh oh!

coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot Sep 11, 2025 •

edited

Loading

Option 1: `--find-links` with lockfile validation (Recommended)

Option 2: `--offline` + `--find-links` (Strictest)

jiridanek Sep 11, 2025 •

edited

Loading