CI: Add ROCm nightly docker workflow

.ci/docker/pytorch-nightly-docker.Dockerfile

@@ -0,0 +1,30 @@
+ARG BASE_IMAGE=rocm/pytorch-autobuild:base-latest
+FROM ${BASE_IMAGE}
+WORKDIR /tmp
+USER root
+
+ENV CI=1
+ENV PYTORCH_TEST_WITH_ROCM=1
+ENV PYTORCH_TESTING_DEVICE_ONLY_FOR="cuda"
+ENV USE_NVSHMEM=0
+
+RUN git clone https://github.com/pytorch/pytorch --recursive \
+    && cd pytorch \
+    # Bypass sccache on torch_rocshmem: its -fgpu-rdc + mixed xnack± offload-arch flags break sccache's argv parser.
+    && sed -i 's|set_target_properties(torch_rocshmem PROPERTIES LINKER_LANGUAGE HIP)|set_target_properties(torch_rocshmem PROPERTIES LINKER_LANGUAGE HIP CXX_COMPILER_LAUNCHER "" HIP_COMPILER_LAUNCHER "")|' caffe2/CMakeLists.txt \
+    && pip install -r requirements.txt \
+    && git config --local user.name "AMD AMD" \
+    && git config --local user.email "amd@amd.com" \
+    && git remote add rocm https://github.com/ROCm/pytorch.git \
+    && git fetch rocm \
+    && git cherry-pick 519160d466782f5a62365be051fcb3ef90fa0b00 \
+    && (.ci/pytorch/build.sh > /tmp/build.log 2>&1 || (tail -300 /tmp/build.log; exit 1)) \
+    && rm -rf /tmp/pytorch/.git
+RUN git clone https://github.com/pytorch/vision \
+    && cd vision \
+    && FORCE_CUDA=1 python setup.py install \
+    && rm -rf /tmp/vision/.git
+RUN git clone https://github.com/pytorch/audio \
+    && cd audio \
+    && python setup.py install \
+    && rm -rf /tmp/audio/.git

.github/workflows/pytorch-nightly-docker.yml

@@ -0,0 +1,170 @@
+name: ROCm Nightly Build and Test
+
+on:
+  schedule:
+    # Run nightly at 2 AM UTC
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+    inputs:
+      rocm_version:
+        description: ROCm version to build
+        required: false
+        type: string
+  workflow_call:
+    inputs:
+      rocm_version:
+        required: false
+        type: string
+  push:
+    branches:
+      - rocm-nightly-gha
+
+env:
+  ROCM_VERSION: '7.2.2'
+  PYTHON_VERSION: '3.10'
+  PYTORCH_ROCM_ARCH: 'gfx906;gfx908;gfx90a;gfx942;gfx950;gfx1030;gfx1100;gfx1101;gfx1102;gfx1150;gfx1151;gfx1200;gfx1201'
+  DOCKER_REGISTRY: rocm/pytorch-nightly
+
+jobs:
+  build:
+    name: Build ROCm Nightly Image
+    runs-on: linux-pytorch-mi325-1
+    timeout-minutes: 720
+    outputs:
+      full-image: ${{ steps.meta.outputs.full-image }}
+    steps:
+      - name: Resolve ROCm version
+        if: ${{ inputs.rocm_version != '' }}
+        run: echo "ROCM_VERSION=${{ inputs.rocm_version }}" >> "$GITHUB_ENV"
+
+      - name: Checkout pytorch
+        uses: actions/checkout@v6
+        with:
+          repository: pytorch/pytorch
+          ref: main
+
+      - name: Checkout nightly workflow files
+        uses: actions/checkout@v6
+        with:
+          path: rocm-nightly-workflow
+
+      - name: Patch rocm-n build.sh version
+        run: |
+          sed -i '/pytorch-linux-jammy-rocm-n-py3 | pytorch-linux-jammy-rocm-n-py3-benchmarks | pytorch-linux-noble-rocm-n-py3)/,/;;/ s/ROCM_VERSION=7\.2/ROCM_VERSION=${{ env.ROCM_VERSION }}/' .ci/docker/build.sh
+          sed -n '/pytorch-linux-jammy-rocm-n-py3 | pytorch-linux-jammy-rocm-n-py3-benchmarks | pytorch-linux-noble-rocm-n-py3)/,/;;/p' .ci/docker/build.sh
+
+      - name: Generate image tag
+        id: meta
+        run: |
+          tag="$(date +%Y%m%d%H%M%S)-rocm${{ env.ROCM_VERSION }}"
+          echo "full-image=${{ env.DOCKER_REGISTRY }}:${tag}" >> "$GITHUB_OUTPUT"
+
+      - name: Build base image
+        working-directory: .ci/docker
+        run: |
+          export SKIP_SCCACHE_INSTALL=1
+          export PYTORCH_ROCM_ARCH="${{ env.PYTORCH_ROCM_ARCH }}"
+          ./build.sh pytorch-linux-jammy-rocm-n-py3 \
+            -t rocm/pytorch-autobuild:base-latest
+
+      - name: Build ROCm Nightly Image
+        env:
+          FULL_IMAGE: ${{ steps.meta.outputs.full-image }}
+        run: |
+          docker build \
+            --build-arg BASE_IMAGE=rocm/pytorch-autobuild:base-latest \
+            -t "$FULL_IMAGE" \
+            - < rocm-nightly-workflow/.ci/docker/pytorch-nightly-docker.Dockerfile
+
+      - name: Save nightly image artifact
+        env:
+          FULL_IMAGE: ${{ steps.meta.outputs.full-image }}
+        run: |
+          docker save -o nightly-image.tar "$FULL_IMAGE"
+
+      - name: Upload nightly image artifact
+        uses: actions/upload-artifact@v7
+        with:
+          name: rocm-nightly-image
+          path: nightly-image.tar
+          retention-days: 1
+          compression-level: 0
+
+  test-push:
+    name: ${{ matrix.target.name }}
+    needs: build
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - name: Test and Push ROCm Nightly Image on MI325
+            runner: linux-pytorch-mi325-1
+            push_image: true
+          - name: Test ROCm Nightly Image on MI250
+            runner: linux-pytorch-mi250-1
+            push_image: false
+    runs-on: ${{ matrix.target.runner }}
+    timeout-minutes: 720
+    env:
+      NIGHTLY_IMAGE: ${{ needs.build.outputs.full-image }}
+    steps:
+      - name: Resolve ROCm version
+        if: ${{ inputs.rocm_version != '' }}
+        run: echo "ROCM_VERSION=${{ inputs.rocm_version }}" >> "$GITHUB_ENV"
+
+      - name: Docker cleanup
+        run: |
+          docker container prune -f
+          docker image prune -f
+
+      - name: Download nightly image artifact
+        uses: actions/download-artifact@v8
+        with:
+          name: rocm-nightly-image
+          path: nightly-image-artifact
+
+      - name: Load nightly image
+        run: docker load -i nightly-image-artifact/nightly-image.tar
+
+      - name: Run unit tests
+        run: |
+          docker run --rm \
+            --device=/dev/kfd \
+            --device=/dev/dri \
+            --group-add video \
+            --network host \
+            --cap-add=SYS_PTRACE \
+            --security-opt seccomp=unconfined \
+            "$NIGHTLY_IMAGE" \
+            bash -c "
+              git clone https://github.com/ROCm/pytorch-micro-benchmarking.git /tmp/pytorch-micro-benchmarking
+              cd /tmp/pytorch-micro-benchmarking
+              python3 micro_benchmarking_pytorch.py --network resnet50
+            "
+
+      - name: Scan image for vulnerabilities
+        if: ${{ matrix.target.push_image }}
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: ${{ env.NIGHTLY_IMAGE }}
+          format: table
+          severity: CRITICAL
+          ignore-unfixed: true
+          exit-code: '1'
+
+      - name: Log in to Docker Hub
+        if: ${{ matrix.target.push_image }}
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Push validated image
+        if: ${{ matrix.target.push_image }}
+        env:
+          FINAL_IMAGE: ${{ needs.build.outputs.full-image }}
+          LATEST_IMAGE: ${{ env.DOCKER_REGISTRY }}:latest
+        run: |
+          docker tag "$FINAL_IMAGE" "$LATEST_IMAGE"
+          docker push "$FINAL_IMAGE"
+          docker push "$LATEST_IMAGE"