-
Notifications
You must be signed in to change notification settings - Fork 547
Expand file tree
/
Copy pathDockerfile.python-wheels-macos
More file actions
107 lines (87 loc) · 4.85 KB
/
Dockerfile.python-wheels-macos
File metadata and controls
107 lines (87 loc) · 4.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# syntax=docker/dockerfile:1.6
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
ARG OSXCROSS_IMAGE=crazymax/osxcross:latest
ARG PYTHON_VERSION=3.12
FROM ${OSXCROSS_IMAGE} AS osxcross
FROM python:${PYTHON_VERSION}-slim AS builder
ARG TARGETARCH
ARG CARGO_TARGET_CACHE_SCOPE=default
ENV PATH="/root/.cargo/bin:/usr/local/bin:/osxcross/bin:${PATH}"
ENV LD_LIBRARY_PATH="/osxcross/lib"
COPY --from=osxcross /osxcross /osxcross
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
clang \
curl \
libssl-dev \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# aws-lc-sys probes with --target=arm64-apple-macosx and clang then looks for
# arm64-apple-macosx-ld. Provide a linker alias to osxcross ld64.
RUN ln -sf /osxcross/bin/arm64-apple-darwin25.1-ld /usr/local/bin/arm64-apple-macosx-ld
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
RUN rustup target add aarch64-apple-darwin
RUN pip install --no-cache-dir maturin
WORKDIR /build
ENV CC_aarch64_apple_darwin=oa64-clang
ENV CXX_aarch64_apple_darwin=oa64-clang++
ENV AR_aarch64_apple_darwin=aarch64-apple-darwin25.1-ar
ENV CARGO_TARGET_AARCH64_APPLE_DARWIN_LINKER=oa64-clang
ENV CARGO_TARGET_AARCH64_APPLE_DARWIN_AR=aarch64-apple-darwin25.1-ar
# Copy dependency manifests first for better caching.
COPY Cargo.toml Cargo.lock ./
COPY crates/openshell-cli/Cargo.toml crates/openshell-cli/Cargo.toml
COPY crates/openshell-core/Cargo.toml crates/openshell-core/Cargo.toml
COPY crates/openshell-providers/Cargo.toml crates/openshell-providers/Cargo.toml
COPY crates/openshell-router/Cargo.toml crates/openshell-router/Cargo.toml
COPY crates/openshell-sandbox/Cargo.toml crates/openshell-sandbox/Cargo.toml
COPY crates/openshell-server/Cargo.toml crates/openshell-server/Cargo.toml
COPY crates/openshell-bootstrap/Cargo.toml crates/openshell-bootstrap/Cargo.toml
COPY crates/openshell-core/build.rs crates/openshell-core/build.rs
COPY proto/ proto/
# Create dummy source files to build dependencies.
RUN mkdir -p crates/openshell-cli/src crates/openshell-core/src crates/openshell-providers/src crates/openshell-router/src crates/openshell-sandbox/src crates/openshell-server/src crates/openshell-bootstrap/src && \
echo "fn main() {}" > crates/openshell-cli/src/main.rs && \
echo "fn main() {}" > crates/openshell-sandbox/src/main.rs && \
echo "fn main() {}" > crates/openshell-server/src/main.rs && \
touch crates/openshell-core/src/lib.rs && \
touch crates/openshell-providers/src/lib.rs && \
touch crates/openshell-router/src/lib.rs && \
touch crates/openshell-bootstrap/src/lib.rs
# Build dependencies only (cached unless Cargo.toml/lock changes).
RUN --mount=type=cache,id=cargo-registry-python-wheels-macos-${TARGETARCH},sharing=locked,target=/root/.cargo/registry \
--mount=type=cache,id=cargo-git-python-wheels-macos-${TARGETARCH},sharing=locked,target=/root/.cargo/git \
--mount=type=cache,id=cargo-target-python-wheels-macos-${TARGETARCH}-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \
cargo build --release --target aarch64-apple-darwin -p openshell-cli 2>/dev/null || true
# Copy actual source code and Python packaging files.
COPY crates/ crates/
COPY pyproject.toml README.md ./
COPY python/ python/
# Touch source files to ensure they're rebuilt (not the cached dummy).
# Touch build.rs and proto files to force proto code regeneration when the
# cargo target cache mount retains stale OUT_DIR artifacts from prior builds.
RUN touch crates/openshell-cli/src/main.rs \
crates/openshell-cli/src/lib.rs \
crates/openshell-bootstrap/src/lib.rs \
crates/openshell-core/src/lib.rs \
crates/openshell-providers/src/lib.rs \
crates/openshell-router/src/lib.rs \
crates/openshell-sandbox/src/main.rs \
crates/openshell-server/src/main.rs \
crates/openshell-core/build.rs \
proto/*.proto
# Declare version ARGs here (not earlier) so the git-hash-bearing values do not
# invalidate the expensive dependency-build layers above on every commit.
ARG OPENSHELL_CARGO_VERSION
ARG OPENSHELL_IMAGE_TAG
RUN --mount=type=cache,id=cargo-registry-python-wheels-macos-${TARGETARCH},sharing=locked,target=/root/.cargo/registry \
--mount=type=cache,id=cargo-git-python-wheels-macos-${TARGETARCH},sharing=locked,target=/root/.cargo/git \
--mount=type=cache,id=cargo-target-python-wheels-macos-${TARGETARCH}-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \
if [ -n "${OPENSHELL_CARGO_VERSION:-}" ]; then \
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${OPENSHELL_CARGO_VERSION}"'"/}' Cargo.toml; \
fi && \
maturin build --release --target aarch64-apple-darwin --out /wheels
FROM scratch AS wheels
COPY --from=builder /wheels/*.whl /