Replies: 3 comments 4 replies
-
|
I'm planning to proceed with the following phases. Phase 1: Foundation
Phase 2: Ansible Role Modifications
No changes needed for already-pinned roles: Phase 3: Docker Implementation
Phase 4: CI/CD
Lock File Lifecycle
Security Update Process
|
Beta Was this translation helpful? Give feedback.
-
|
Great proposal overall! One concern I wanted to flag regarding the ROS APT package pinning. The ROS build farm only retains the latest version of each package in its repo. Unlike NVIDIA's CUDA repo which keeps multiple versions available, # ROS: only one version available
$ apt-cache policy ros-jazzy-rviz2
ros-jazzy-rviz2:
Installed: 14.1.19-1noble.20260126.201007
Candidate: 14.1.19-1noble.20260126.201007
Version table:
*** 14.1.19-1noble.20260126.201007 500
500 http://packages.ros.org/ros2/ubuntu noble/main amd64 Packages
# CUDA: multiple versions retained
$ apt-cache policy cuda
cuda:
Installed: (none)
Candidate: 13.1.1-1
Version table:
13.1.1-1 600
13.1.0-1 600
...This means a rosdep lock file like This affects the rosdep lock files, You may already be aware of this, but wanted to make sure it's accounted for. |
Beta Was this translation helpful? Give feedback.
-
|
FYI: https://github.com/orgs/autowarefoundation/discussions/7050 seems very promising, installing Autoware on top of a (now officially supported) Pixi workspace. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Motivation
Autoware's build reproducibility is currently not guaranteed. While some dependencies are already pinned (CUDA/TensorRT via
.env, source repos viaautoware.repostags/SHAs, pre-commit hooks viarev:), many critical dependencies are resolved dynamically at build time:.envautoware.repostags/SHAsrev:in configrosdepstate: latest:latesttagyamale)This means that two builds from the same commit on different days can produce different results, making release management unreliable and debugging regressions difficult.
Goals
Non-Goals
Approach: Lock File Method
I evaluated three approaches for each setup type (Docker and native):
Docker Setup
Native Setup
Selected approach: Lock file method for both Docker and native setups. It provides the best balance of reproducibility, implementation simplicity, and compatibility with the existing Ansible + Docker infrastructure.
Design Overview
Architecture
Both native and Docker setups share the same dependency installation flow:
Therefore, Ansible lock files and rosdep lock files are shared between native and Docker. Docker only adds image digest pinning and Dockerfile-specific pip pinning.
flowchart TB subgraph shared["Shared Lock Files"] ansible_lock["ansible/vars/<br/>locked-versions-{distro}-{arch}.yaml"] rosdep_lock["lockfiles/{arch}/<br/>rosdep-resolved-{distro}.lock"] end subgraph native["Native Setup"] native_cmd["setup-dev-env.sh<br/>--locked"] end subgraph docker["Docker Setup"] docker_cmd["setup-dev-env.sh<br/>--locked"] docker_extra["+ Base image digest<br/>+ pip version pins"] end shared --> native shared --> docker style shared fill:#ffffcc,stroke:#999 style native fill:#e6f3ff,stroke:#999 style docker fill:#e6ffe6,stroke:#999Lock File Types
ansible/vars/locked-versions-{distro}-{arch}.yamllockfiles/{arch}/rosdep-*-{distro}.lock.envHow It Works
Native Setup
When
--lockedis specified,setup-dev-env.sh:ansible/vars/locked-versions-{distro}-{arch}.yaml--extra-vars @lockfile(highest precedence)use_locked_versions: true, which triggers version-pinned installation in each Ansible roleDocker Setup
When
USE_LOCKFILE=true:setup-dev-env.sh --lockedis called inside the containerrosdep resolve.env)Ansible Role Modification Pattern
Each role that installs packages with
state: latestgets a conditional branch:Lock File Format
Ansible lock file (
ansible/vars/locked-versions-humble-amd64.yaml):rosdep lock file (
lockfiles/amd64/rosdep-core-common-depend-humble.lock):New File Structure
Risks and Mitigations
package.xml)x86_64vsamd64)dpkg --print-architectureconsistentlyset_factoverrides--extra-varsBeta Was this translation helpful? Give feedback.
All reactions