| 1 | # sway-gate — pre-built image for the sway-gate-docker pre-commit hook. |
| 2 | # |
| 3 | # Contains: |
| 4 | # - Python 3.11 + dlm-sway[hf,semsim] from PyPI (torch wheels baked in) |
| 5 | # - Pre-cached MiniLM weights at /opt/sentence-transformers/ so |
| 6 | # adapter_revert / cluster_kl don't cold-download on first gate run. |
| 7 | # |
| 8 | # The hook runs ``sway gate <spec>`` against a mounted working-tree. |
| 9 | # Image is built + pushed by .github/workflows/docker.yml on ``v*`` tags. |
| 10 | |
| 11 | FROM python:3.11-slim AS base |
| 12 | |
| 13 | # HF / transformers cache env — we pre-warm the MiniLM during build; |
| 14 | # point runtime at the same location so cache hits work. |
| 15 | ENV HF_HOME=/opt/hf-cache \ |
| 16 | SENTENCE_TRANSFORMERS_HOME=/opt/sentence-transformers \ |
| 17 | PIP_NO_CACHE_DIR=1 \ |
| 18 | PIP_DISABLE_PIP_VERSION_CHECK=1 \ |
| 19 | PYTHONDONTWRITEBYTECODE=1 \ |
| 20 | PYTHONUNBUFFERED=1 |
| 21 | |
| 22 | # Minimal system deps — git for pip VCS installs (unused on prod wheels |
| 23 | # but keeps dev-image debugging practical); curl for healthchecks. |
| 24 | RUN apt-get update \ |
| 25 | && apt-get install -y --no-install-recommends git curl ca-certificates \ |
| 26 | && rm -rf /var/lib/apt/lists/* |
| 27 | |
| 28 | # SWAY_VERSION is baked in at build time so the image layer reflects |
| 29 | # the exact wheel installed. docker.yml passes this from the git tag. |
| 30 | ARG SWAY_VERSION=0.1.0 |
| 31 | |
| 32 | # Install sway with hf (torch + transformers + peft + safetensors) and |
| 33 | # semsim (sentence-transformers + scikit-learn) extras. The semsim |
| 34 | # extra is ~80 MB MiniLM + sklearn; pre-installing here vs lazy- |
| 35 | # installing at gate time is the whole point of the docker image. |
| 36 | RUN pip install "dlm-sway[hf,semsim]==${SWAY_VERSION}" |
| 37 | |
| 38 | # Pre-fetch the MiniLM weights used by adapter_revert (A2) and |
| 39 | # cluster_kl (S16). Without this, the first gate on an adapter touching |
| 40 | # either probe pays ~80 MB of download latency. Cache path mirrors the |
| 41 | # SENTENCE_TRANSFORMERS_HOME env set above. |
| 42 | RUN python -c "from sentence_transformers import SentenceTransformer; \ |
| 43 | SentenceTransformer('sentence-transformers/all-MiniLM-L6-v2')" |
| 44 | |
| 45 | # A working directory pre-commit will bind-mount over at runtime. |
| 46 | WORKDIR /workspace |
| 47 | |
| 48 | # Sanity: sway --version should match SWAY_VERSION. Build fails |
| 49 | # loudly otherwise. |
| 50 | RUN sway --version |
| 51 | |
| 52 | # ENTRYPOINT keeps the image composable: ``docker run sway-gate <args>`` |
| 53 | # runs ``sway <args>``. The pre-commit hook's entry: line passes |
| 54 | # ``sway gate`` explicitly — ENTRYPOINT defers that choice to the caller. |
| 55 | ENTRYPOINT ["sway"] |
| 56 | CMD ["--help"] |
| 57 |