[syft] syft client + jupyter image

.github/workflows/cd-syft-dev.yml

@@ -83,6 +83,17 @@ jobs:
         run: |
           echo "GRID_VERSION=$(python packages/grid/VERSION)" >> $GITHUB_OUTPUT
 
+      - name: Build and push `syft` image to registry
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages
+          file: ./packages/grid/syft-image/syft.Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.ACR_SERVER }}/openmined/syft:dev
+            ${{ secrets.ACR_SERVER }}/openmined/syft:dev-${{ github.sha }}
+            ${{ secrets.ACR_SERVER }}/openmined/syft:${{ steps.grid.outputs.GRID_VERSION }}
+
       - name: Build and push `grid-backend` image to registry
         uses: docker/build-push-action@v5
         with:

.github/workflows/cd-syft.yml

@@ -195,18 +195,6 @@ jobs:
           cache-from: type=registry,ref=openmined/grid-backend:cache-${{ steps.release_metadata.outputs.short_release_platform }}
           cache-to: type=registry,ref=openmined/grid-backend:cache-${{ steps.release_metadata.outputs.short_release_platform }},mode=max
 
-      # - name: Build and push `syft-base-cpu` image to DockerHub
-      #   id: syft-base-cpu-build
-      #   uses: docker/build-push-action@v5
-      #   with:
-      #     context: ./packages
-      #     file: ./packages/grid/backend/worker_cpu.dockerfile
-      #     platforms: ${{ steps.release_metadata.outputs.release_platform }}
-      #     target: backend
-      #     outputs: type=image,name=openmined/syft-base-cpu,push-by-digest=true,name-canonical=true,push=true
-      #     cache-from: type=registry,ref=openmined/syft-base-cpu:cache-${{ steps.release_metadata.outputs.short_release_platform }}
-      #     cache-to: type=registry,ref=openmined/syft-base-cpu:cache-${{ steps.release_metadata.outputs.short_release_platform }},mode=max
-
       - name: Export digest for grid-backend
         run: |
           mkdir -p /tmp/digests/grid-backend
@@ -248,7 +236,24 @@ jobs:
           digest="${{ steps.grid-seaweedfs-build.outputs.digest }}"
           touch "/tmp/digests/grid-seaweedfs/${digest#sha256:}"
 
-      - name: Upload digest for grid-backend, grid-frontend and grid-seaweedfs
+      - name: Build and push `syft` image to registry
+        id: syft-build
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/
+          file: ./packages/grid/syft-image/syft.Dockerfile
+          outputs: type=image,name=openmined/syft,push-by-digest=true,name-canonical=true,push=true
+          platforms: ${{ steps.release_metadata.outputs.release_platform }}
+          cache-from: type=registry,ref=openmined/syft:cache-${{ steps.release_metadata.outputs.short_release_platform }}
+          cache-to: type=registry,ref=openmined/syft:cache-${{ steps.release_metadata.outputs.short_release_platform }},mode=max
+
+      - name: Export digest for `syft` image
+        run: |
+          mkdir -p /tmp/digests/syft
+          digest="${{ steps.syft-build.outputs.digest }}"
+          touch "/tmp/digests/syft/${digest#sha256:}"
+
+      - name: Upload digests
         uses: actions/upload-artifact@v4
         with:
           name: digests-${{ steps.release_metadata.outputs.grid_version }}-${{ steps.release_metadata.outputs.short_release_platform }}
@@ -307,6 +312,14 @@ jobs:
             -t openmined/grid-seaweedfs:${{ needs.build-and-push-docker-images.outputs.release_tag }} \
             $(printf 'openmined/grid-seaweedfs@sha256:%s ' *)
 
+      - name: Create manifest list and push for syft
+        working-directory: /tmp/digests/syft
+        run: |
+          docker buildx imagetools create  \
+            -t openmined/syft:${{ needs.build-and-push-docker-images.outputs.grid_version }} \
+            -t openmined/syft:${{ needs.build-and-push-docker-images.outputs.release_tag }} \
+            $(printf 'openmined/syft@sha256:%s ' *)
+
   deploy-syft:
     needs: [merge-docker-images]
     if: always() &&  needs.merge-docker-images.result == 'success'

packages/grid/syft-image/syft.Dockerfile

@@ -0,0 +1,35 @@
+ARG PYTHON_VERSION="3.12"
+
+# ==================== [BUILD STEP] Build Syft ==================== #
+
+FROM cgr.dev/chainguard/wolfi-base as syft_deps
+
+ARG PYTHON_VERSION
+
+ENV PATH="/root/.local/bin:$PATH"
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache build-base gcc python-$PYTHON_VERSION-dev-default py$PYTHON_VERSION-pip
+
+COPY ./syft /tmp/syft
+
+RUN --mount=type=cache,target=/root/.cache,sharing=locked \
+    pip install --user jupyterlab==4.1.6 pip-autoremove==0.10.0 /tmp/syft && \
+    pip-autoremove ansible ansible-core -y
+
+# ==================== [Final] Setup Syft Client ==================== #
+
+FROM cgr.dev/chainguard/wolfi-base as client
+
+ARG PYTHON_VERSION
+
+ENV PATH="/root/.local/bin:$PATH"
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache git python-$PYTHON_VERSION-dev-default py$PYTHON_VERSION-pip
+
+COPY --from=syft_deps /root/.local /root/.local
+
+WORKDIR /root/notebooks/
+
+CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root"]

packages/grid/syft-image/syft.Dockerfile.dockerignore

@@ -0,0 +1,67 @@
+# Syft
+tests/
+*.md
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# macOS
+.DS_Store