Skip to content

fix: disable build isolation for rocm280 dependency install#934

Merged
openshift-merge-bot[bot] merged 1 commit into
mainfrom
fix-rocm280-flash-attn-odh-main
Jun 29, 2026
Merged

fix: disable build isolation for rocm280 dependency install#934
openshift-merge-bot[bot] merged 1 commit into
mainfrom
fix-rocm280-flash-attn-odh-main

Conversation

@kapil27

@kapil27 kapil27 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Flash-attn's build hooks import torch, which fails under pip build isolation during micropipenv installation in the py312-rocm64-torch280 image. Set PIP_NO_BUILD_ISOLATION=1 for the install step so torch is visible and the image build no longer fails at flash-attn resolution.

Description

How Has This Been Tested?

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

  • Bug Fixes
    • Improved the reliability of environment setup during training image builds, reducing install failures in some cases.

Flash-attn's build hooks import torch, which fails under pip build isolation during micropipenv installation in the py312-rocm64-torch280 image. Set PIP_NO_BUILD_ISOLATION=1 for the install step so torch is visible and the image build no longer fails at flash-attn resolution.

Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

In images/runtime/training/py312-rocm64-torch280/Dockerfile, the micropipenv install invocation on line 59 is now prefixed with PIP_NO_BUILD_ISOLATION=1. No other logic in the file changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes


Security note — CWE-829 (Inclusion of Functionality from Untrusted Control Sphere):

PIP_NO_BUILD_ISOLATION=1 tells pip to skip creating an isolated build environment and instead use the already-installed packages in the image as build dependencies. This means any build-time dependency (e.g., setuptools, wheel) resolved during micropipenv install is sourced from the image's ambient environment rather than a locked, isolated set. If the base image's pre-installed packages are tampered with or unexpectedly upgraded upstream, build-time code executes without isolation guardrails. Verify that the base image's setuptools/wheel versions are pinned and trusted, and confirm this flag is intentional (e.g., required to avoid a double-installation conflict with a ROCm-specific package that fails under isolation).

🚥 Pre-merge checks | ✅ 9 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
No Privileged Containers ⚠️ Warning FAIL: the Dockerfile runs micropipenv install under USER 0, and PIP_NO_BUILD_ISOLATION=1 lets package build hooks execute as root (CWE-250). Move dependency installation to a non-root user, then switch back to root only for permission fixes; or avoid disabling build isolation.
✅ Passed checks (9 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: disabling build isolation for the rocm280 dependency install.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection ✅ Passed PASS: narrow Dockerfile fix with concrete flash-attn build-failure rationale; not enough independent spam signals or CWE-250 theater evidence.
No Hardcoded Secrets ✅ Passed No hardcoded secrets, embedded credentials, or long base64 blobs found; the only change is PIP_NO_BUILD_ISOLATION=1 in the Dockerfile.
No Weak Cryptography ✅ Passed PASS: Touched Dockerfile only adds PIP_NO_BUILD_ISOLATION=1; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, roll-your-own crypto, or non-constant-time secret compares (CWE-327).
No Injection Vectors ✅ Passed No CWE-89/78/94/502/79 pattern: the PR only adds a hardcoded PIP_NO_BUILD_ISOLATION=1 to a Dockerfile RUN step, with no untrusted interpolation.
No Sensitive Data In Logs ✅ Passed No logging or sensitive-field output was added; the Dockerfile change only sets PIP_NO_BUILD_ISOLATION=1, so CWE-532 is not implicated.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@images/runtime/training/py312-rocm64-torch280/Dockerfile`:
- Line 59: Move the dependency installation in the Dockerfile away from root:
the `micropipenv install` step with `PIP_NO_BUILD_ISOLATION=1` is currently
executed as `USER 0`, so change the build flow to install packages under a
non-root user and keep any filesystem permission adjustment in a separate
privileged step. Use the existing Dockerfile build stages around the `RUN
PIP_NO_BUILD_ISOLATION=1 micropipenv install ...` instruction to locate and
split the install and permission-fix logic.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d8c2eae1-f04d-469c-aabc-366fb7229812

📥 Commits

Reviewing files that changed from the base of the PR and between b9fa0ea and 6ccfdc7.

📒 Files selected for processing (1)
  • images/runtime/training/py312-rocm64-torch280/Dockerfile

COPY Pipfile.lock ./

RUN micropipenv install -- --no-cache-dir && \
RUN PIP_NO_BUILD_ISOLATION=1 micropipenv install -- --no-cache-dir && \

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Major: Line 59 runs unisolated package build hooks as root (CWE-250).

PIP_NO_BUILD_ISOLATION=1 makes micropipenv install execute any sdist/PEP 517 build hook against the ambient site-packages, and this step still runs under USER 0. A compromised package in Pipfile.lock can therefore execute arbitrary code as root during the image build and mutate the system Python environment. Move the dependency install to a non-root user and keep the permission fix in a separate privileged step.

Remediation
-COPY Pipfile.lock ./
-
-RUN PIP_NO_BUILD_ISOLATION=1 micropipenv install -- --no-cache-dir && \
-    rm -f ./Pipfile.lock && \
-    # Fix permissions to support pip in OpenShift environments \
-    chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \
-    fix-permissions /opt/app-root -P
+COPY --chown=1001:0 Pipfile.lock ./
+
+USER 1001
+RUN PIP_NO_BUILD_ISOLATION=1 micropipenv install -- --no-cache-dir && \
+    rm -f ./Pipfile.lock
+
+USER 0
+RUN chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \
+    fix-permissions /opt/app-root -P

As per path instructions, **/Dockerfile*: Run as non-root user.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN PIP_NO_BUILD_ISOLATION=1 micropipenv install -- --no-cache-dir && \
COPY --chown=1001:0 Pipfile.lock ./
USER 1001
RUN PIP_NO_BUILD_ISOLATION=1 micropipenv install -- --no-cache-dir && \
rm -f ./Pipfile.lock
USER 0
RUN chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \
fix-permissions /opt/app-root -P
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@images/runtime/training/py312-rocm64-torch280/Dockerfile` at line 59, Move
the dependency installation in the Dockerfile away from root: the `micropipenv
install` step with `PIP_NO_BUILD_ISOLATION=1` is currently executed as `USER 0`,
so change the build flow to install packages under a non-root user and keep any
filesystem permission adjustment in a separate privileged step. Use the existing
Dockerfile build stages around the `RUN PIP_NO_BUILD_ISOLATION=1 micropipenv
install ...` instruction to locate and split the install and permission-fix
logic.

Source: Path instructions

@openshift-ci

openshift-ci Bot commented Jun 29, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sutaakar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot Bot merged commit 067f0b8 into main Jun 29, 2026
7 checks passed
@rhods-ci-bot

Copy link
Copy Markdown

@kapil27: The following test has Failed:

OCI Artifact Browser URL

View in Artifact Browser

Inspecting Test Artifacts Manually

To inspect your test artifacts manually, follow these steps:

  1. Install ORAS (see the ORAS installation guide).
  2. Download artifacts with the following commands:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/opendatahub/odh-ci-artifacts:odh-pr-test-distributed-workloads-t2kgs

@kapil27 kapil27 deleted the fix-rocm280-flash-attn-odh-main branch July 2, 2026 10:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants