Skip to content

CC provision with docker image workload #3639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Sep 19, 2025
Merged

CC provision with docker image workload #3639

merged 19 commits into from
Sep 19, 2025

Conversation

@YuanTingHsieh
Copy link
Collaborator

CC provision with docker image workload for a generic way to accommodate different applications in the future

Description

CC provision with docker image workload for a generic way to accommodate different applications in the future

Types of changes

  • Non-breaking change (fix or new feature that would not break existing functionality).
  • Breaking change (fix or new feature that would cause existing functionality to change).
  • New tests added to cover the changes.
  • Quick tests passed locally by running ./runtest.sh.
  • In-line docstrings updated.
  • Documentation updated.

@Copilot Copilot AI review requested due to automatic review settings August 26, 2025 21:52
Copilot
Copilot AI reviewed Aug 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces Docker image workload support for CC (Confidential Computing) provision to provide a generic way to accommodate different applications. The changes enable building Docker images for each participant during the provision process instead of relying on pre-installed packages.

  • Adds a new DockerImageBuilder class to generate Dockerfiles and build scripts for each site
  • Modifies the OnPremPackager to build Docker images during packaging
  • Updates CC configuration to use workload images instead of pre-installed packages

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
nvflare/tool/code_pre_installer/install.py Makes install_requirements function private by adding underscore prefix
nvflare/lighter/impl/docker_image_builder.py New builder class that generates Dockerfiles and build scripts for each participant
nvflare/lighter/cc_provision/impl/onprem_packager.py Adds Docker image building step to the packaging process
examples/advanced/cc_provision/project.yml Updates configuration to use DockerImageBuilder and comments out cc_config
examples/advanced/cc_provision/cc_site-1.yml Removes nvflare package installation config, adds workload_image specification
examples/advanced/cc_provision/cc_server1.yml Removes nvflare package installation config, adds workload_image specification
examples/advanced/cc_provision/Dockerfile.base Base Dockerfile template for building participant images
Comments suppressed due to low confidence (1)

nvflare/lighter/cc_provision/impl/onprem_packager.py:1

  • The function no longer returns result.stdout after the changes, but there may be callers expecting a return value. This could break existing functionality that depends on the command output.
# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@YuanTingHsieh YuanTingHsieh force-pushed the cc_provision_docker_image_workload branch from 1c504df to 2a4f577 Compare August 26, 2025 21:55
@chesterxgchen
Copy link
Collaborator

@YuanTingHsieh any changes on this required with latest CC build scripts ( MR merged)

@YuanTingHsieh YuanTingHsieh force-pushed the cc_provision_docker_image_workload branch from f2261d2 to 493ebbd Compare September 6, 2025 18:08
@YuanTingHsieh YuanTingHsieh changed the title [Draft] CC provision with docker image workload CC provision with docker image workload Sep 6, 2025
@YuanTingHsieh YuanTingHsieh force-pushed the cc_provision_docker_image_workload branch from 493ebbd to b2b94bf Compare September 6, 2025 18:53
chesterxgchen
chesterxgchen reviewed Sep 7, 2025
View reviewed changes
chesterxgchen
chesterxgchen reviewed Sep 7, 2025
View reviewed changes
chesterxgchen
chesterxgchen reviewed Sep 7, 2025
View reviewed changes
chesterxgchen
chesterxgchen reviewed Sep 7, 2025
View reviewed changes
chesterxgchen
chesterxgchen reviewed Sep 7, 2025
View reviewed changes
chesterxgchen
chesterxgchen reviewed Sep 7, 2025
View reviewed changes
chesterxgchen
chesterxgchen requested changes Sep 7, 2025
View reviewed changes
Copy link
Collaborator

@chesterxgchen chesterxgchen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need discussion

@YuanTingHsieh YuanTingHsieh force-pushed the cc_provision_docker_image_workload branch 2 times, most recently from b35ab63 to f84fc66 Compare September 13, 2025 20:51
@YuanTingHsieh YuanTingHsieh force-pushed the cc_provision_docker_image_workload branch from ae45536 to 7887fa4 Compare September 17, 2025 21:45
@YuanTingHsieh
Copy link
Collaborator Author

/build

@YuanTingHsieh
Copy link
Collaborator Author

/build

@chesterxgchen
Copy link
Collaborator

/build

1 similar comment
@chesterxgchen
Copy link
Collaborator

/build

@chesterxgchen chesterxgchen merged commit ec66533 into NVIDIA:main Sep 19, 2025
20 of 21 checks passed
@YuanTingHsieh YuanTingHsieh deleted the cc_provision_docker_image_workload branch September 19, 2025 23:20
chesterxgchen added a commit to chesterxgchen/NVFlare that referenced this pull request Sep 30, 2025
@YuanTingHsieh @chesterxgchen
CC provision with docker image workload (NVIDIA#3639)
1137599 
CC provision with docker image workload for a generic way to accommodate
different applications in the future

### Description

CC provision with docker image workload for a generic way to accommodate
different applications in the future


### Types of changes
<!--- Put an `x` in all the boxes that apply, and remove the not
applicable items -->
- [x] Non-breaking change (fix or new feature that would not break
existing functionality).
- [ ] Breaking change (fix or new feature that would cause existing
functionality to change).
- [ ] New tests added to cover the changes.
- [ ] Quick tests passed locally by running `./runtest.sh`.
- [ ] In-line docstrings updated.
- [ ] Documentation updated.

---------

Co-authored-by: Chester Chen <[email protected]>
chesterxgchen added a commit to chesterxgchen/NVFlare that referenced this pull request Oct 11, 2025
@YuanTingHsieh @chesterxgchen
CC provision with docker image workload (NVIDIA#3639)
4daf14c 
CC provision with docker image workload for a generic way to accommodate
different applications in the future

### Description

CC provision with docker image workload for a generic way to accommodate
different applications in the future


### Types of changes
<!--- Put an `x` in all the boxes that apply, and remove the not
applicable items -->
- [x] Non-breaking change (fix or new feature that would not break
existing functionality).
- [ ] Breaking change (fix or new feature that would cause existing
functionality to change).
- [ ] New tests added to cover the changes.
- [ ] Quick tests passed locally by running `./runtest.sh`.
- [ ] In-line docstrings updated.
- [ ] Documentation updated.

---------

Co-authored-by: Chester Chen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chesterxgchen chesterxgchen chesterxgchen approved these changes

@nvidianz nvidianz Awaiting requested review from nvidianz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@YuanTingHsieh @chesterxgchen