From 7a97a38538136732f3d690643b8289080880d8da Mon Sep 17 00:00:00 2001 From: Charlie Truong Date: Fri, 15 May 2026 17:39:12 -0500 Subject: [PATCH 1/4] ci: skip uv lock generation on forks Signed-off-by: Charlie Truong --- .github/workflows/uv-lock-generation.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/uv-lock-generation.yml b/.github/workflows/uv-lock-generation.yml index 4c6b9b36b7..94f73ec5ae 100644 --- a/.github/workflows/uv-lock-generation.yml +++ b/.github/workflows/uv-lock-generation.yml @@ -21,6 +21,7 @@ on: jobs: check_uv_lock_and_update: + if: github.repository == 'NVIDIA-NeMo/Automodel' && github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latest permissions: contents: write From c17e5d23204866fe928aac3b206601fff67b6d95 Mon Sep 17 00:00:00 2001 From: Charlie Truong Date: Fri, 15 May 2026 17:45:23 -0500 Subject: [PATCH 2/4] docs: fix contributing uv install anchor Signed-off-by: Charlie Truong --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e22d9dbd03..52931e04c5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,7 +5,7 @@ Common workflows used for setting up Automodel environment: 1. [Developing with Automodel container](#1-developing-with-automodel-container) -2. [Developing with UV sync/pip install]($2-developing-with-uv-syncpip-install) +2. [Developing with UV sync/pip install](#2-developing-with-uv-syncpip-install) 3. [Developing with custom docker build](#3-developing-with-custom-docker-build) ### 1. Developing with Automodel container From 3d5fc656b4004292f41befc0b7ea64a1ba4bb4c7 Mon Sep 17 00:00:00 2001 From: Charlie Truong Date: Fri, 15 May 2026 17:58:41 -0500 Subject: [PATCH 3/4] docs: explain uv lock updates for fork PRs Signed-off-by: Charlie Truong --- CONTRIBUTING.md | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 52931e04c5..24e5419b93 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -111,12 +111,39 @@ pip install grouped_gemm We use [uv](https://docs.astral.sh/uv/) for managing dependencies. -New required dependencies can be added by `uv add $DEPENDENCY`. +New required dependencies can be added by `uv add $DEPENDENCY`. If +`pyproject.toml` changes, update both lock files using the same flow as +[Generate Uv lock](./.github/workflows/uv-lock-generation.yml). This updates +the default `uv.lock`, then updates the PyTorch-container lock file with the +override dependencies from `docker/common/uv-pytorch.toml`. The PyTorch helper +rewrites `pyproject.toml` for locking, so the commands below save and restore +your intended `pyproject.toml` contents: + +The workflow can update lock files automatically for same-repository PRs, but +it is skipped for PRs opened from forks. If you open a PR from a fork, run this +lock update flow locally and include the generated lock files in your branch. -Adding a new dependency will update UV's lock-file. Please check this into your branch: +```bash +set -e + +uv lock --check || uv lock + +tmp_pyproject="$(mktemp)" +cp pyproject.toml "$tmp_pyproject" +mv uv.lock uv_main.lock +bash docker/common/update_pyproject_pytorch.sh "$PWD" +uv lock --check || uv lock +mv uv.lock docker/common/uv-pytorch.lock +mv uv_main.lock uv.lock +cp "$tmp_pyproject" pyproject.toml +rm "$tmp_pyproject" +``` + +Only commit your intended `pyproject.toml` changes plus the generated lock +files: ```bash -git add uv.lock pyproject.toml +git add pyproject.toml uv.lock docker/common/uv-pytorch.lock git commit -s -m "build: Adding dependencies" git push ``` From a8f672b783bc01dc1fb0b47a3918c6fcb437cf81 Mon Sep 17 00:00:00 2001 From: Charlie Truong Date: Fri, 15 May 2026 18:32:02 -0500 Subject: [PATCH 4/4] ci: check uv lock files on fork PRs Signed-off-by: Charlie Truong --- .github/workflows/uv-lock-generation.yml | 50 +++++++++++++----------- CONTRIBUTING.md | 7 ++-- 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/.github/workflows/uv-lock-generation.yml b/.github/workflows/uv-lock-generation.yml index 94f73ec5ae..5935c2f960 100644 --- a/.github/workflows/uv-lock-generation.yml +++ b/.github/workflows/uv-lock-generation.yml @@ -21,10 +21,12 @@ on: jobs: check_uv_lock_and_update: - if: github.repository == 'NVIDIA-NeMo/Automodel' && github.event.pull_request.head.repo.full_name == github.repository + if: github.repository == 'NVIDIA-NeMo/Automodel' runs-on: ubuntu-latest permissions: contents: write + env: + CAN_PUSH_LOCKS: ${{ github.event.pull_request.head.repo.full_name == github.repository }} steps: - name: Checkout uses: actions/checkout@v6 @@ -32,7 +34,8 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 - token: ${{ secrets.PAT }} + persist-credentials: ${{ env.CAN_PUSH_LOCKS }} + token: ${{ env.CAN_PUSH_LOCKS == 'true' && secrets.PAT || github.token }} - name: Setup Python uses: actions/setup-python@v6 @@ -43,35 +46,36 @@ jobs: with: version: 0.8.22 - - name: Check Uv lock + - name: Check or update uv lock files run: | - set +e - uv lock --check - EXIT_CODE=$? - if [ $EXIT_CODE -eq 0 ]; then - echo 'Uv lock file is update to date' - else - echo 'Updating uv lock file' - uv lock - fi + set -e + + check_or_update_lock() { + lock_name="$1" + + if uv lock --check; then + echo "$lock_name is up to date" + elif [ "$CAN_PUSH_LOCKS" = "true" ]; then + echo "Updating $lock_name" + uv lock + else + echo "::error::$lock_name is out of date. Run the lock update flow in CONTRIBUTING.md and commit the generated lock files." + exit 1 + fi + } + + check_or_update_lock "Uv lock file" - - name: Check Uv PyTorch lock - run: | - set +e mv uv.lock uv_main.lock bash docker/common/update_pyproject_pytorch.sh "$GITHUB_WORKSPACE" - uv lock --check - EXIT_CODE=$? - if [ $EXIT_CODE -eq 0 ]; then - echo 'Uv PyTorch lock file is update to date' - else - echo 'Updating uv PyTorch lock file' - uv lock + check_or_update_lock "Uv PyTorch lock file" + if [ "$CAN_PUSH_LOCKS" = "true" ]; then + mv uv.lock docker/common/uv-pytorch.lock fi - mv uv.lock docker/common/uv-pytorch.lock mv uv_main.lock uv.lock - name: Commit and push uv lock updates + if: env.CAN_PUSH_LOCKS == 'true' run: | git config --global user.email "nemo-bot@nvidia.com" git config --global user.name "NeMo Bot" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 24e5419b93..46a0b514dc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -119,9 +119,10 @@ override dependencies from `docker/common/uv-pytorch.toml`. The PyTorch helper rewrites `pyproject.toml` for locking, so the commands below save and restore your intended `pyproject.toml` contents: -The workflow can update lock files automatically for same-repository PRs, but -it is skipped for PRs opened from forks. If you open a PR from a fork, run this -lock update flow locally and include the generated lock files in your branch. +The workflow can update lock files automatically for same-repository PRs. For +PRs opened from forks, the workflow runs in check-only mode because it cannot +push fixes back to the fork. If the fork check fails, run this lock update flow +locally and include the generated lock files in your branch. ```bash set -e