[CI] Ensure container cleanup after job to avoid resource leakage#7315
Merged
EmmonsCurse merged 2 commits intoPaddlePaddle:developfrom Apr 10, 2026
Merged
[CI] Ensure container cleanup after job to avoid resource leakage#7315EmmonsCurse merged 2 commits intoPaddlePaddle:developfrom
EmmonsCurse merged 2 commits intoPaddlePaddle:developfrom
Conversation
Collaborator
Author
|
/skip-ci ci_iluvatar |
|
Thanks for your contribution! |
fastdeploy-bot
suggested changes
Apr 10, 2026
fastdeploy-bot
left a comment
fastdeploy-bot
left a comment
There was a problem hiding this comment.
🤖 AI Code Review |
2026-04-10 18:34 CST
📋 Review 摘要
PR 概述:为 CI workflow 添加容器清理步骤并移除不必要的 --privileged 参数
变更范围:12 个 GitHub workflow 配置文件、1 个 shell 脚本
影响面 Tag:[CI]
问题
| 级别 | 文件 | 概述 |
|---|---|---|
| 🔴 Bug | .github/workflows/_build_linux.yml:161 |
--rm 参数与清理步骤冲突,导致清理逻辑无法正常执行 |
总体评价
PR 意图合理,但存在关键 bug:docker run --rm 会自动删除容器,导致后续清理步骤无法执行,工作空间清理将失效。建议移除 --rm 参数。
| docker run --rm --net=host \ | ||
| --cap-add=SYS_PTRACE --privileged --shm-size=64G \ | ||
| --cap-add=SYS_PTRACE --shm-size=64G \ | ||
| --name ${runner_name} \ |
There was a problem hiding this comment.
🔴 Bug docker run 使用了 --rm 参数,导致容器在退出时自动删除。后续清理步骤中的 docker rm -f ${{ runner.name }} 会因容器已不存在而失败,且 docker exec 在容器退出后无法执行工作空间清理。
建议:移除 --rm 参数,因为已经有显式的清理步骤。修改第 159-161 行为:
docker run --net=host \
--cap-add=SYS_PTRACE --shm-size=64G \
--name ${runner_name} \
ZhangYulongg
approved these changes
Apr 10, 2026
EmmonsCurse
added a commit
to EmmonsCurse/FastDeploy
that referenced
this pull request
Apr 11, 2026
This was referenced Apr 11, 2026
EmmonsCurse
added a commit
that referenced
this pull request
Apr 12, 2026
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
The CI pipeline may leave behind running containers or uncleaned workspaces when jobs are canceled or fail unexpectedly. This can cause resource leakage, workspace conflicts, and instability in subsequent jobs.
Additionally, the use of
--privilegedin the build task is unnecessary for the current workflow and introduces avoidable security risks.Modifications
--privilegedfrom the build task to reduce unnecessary privilege usage and enhance security.xgrammar==0.1.19andtorch==2.6.0specifically for the CI environmentUsage or Command
N/A
Accuracy Tests
N/A
Checklist
[FDConfig],[APIServer],[Engine],[Scheduler],[PD Disaggregation],[Executor],[Graph Optimization],[Speculative Decoding],[RL],[Models],[Quantization],[Loader],[OP],[KVCache],[DataProcessor],[BugFix],[Docs],[CI],[Optimization],[Feature],[Benchmark],[Others],[XPU],[HPU],[GCU],[DCU],[Iluvatar],[Metax]]pre-commitbefore commit.releasebranch, make sure the PR has been submitted to thedevelopbranch, then cherry-pick it to thereleasebranch with the[Cherry-Pick]PR tag.