feat: bring dockerfile into OSRB compliance

[saturley-hall]

This changes to an NVIDIA-approved base container which is a distroless python 3.12 to speed compliance approval.

Relates to OPS-1285

Summary by CodeRabbit

• Refactor

  • Converted container build to a multi-stage flow that separates environment creation (env-builder) from the final runtime.
  • Moved dependency sync and project install into the build stage, producing a prepared virtual environment for runtime.

• Chores

  • Switched final runtime to a minimal distroless Python image and copied the prebuilt virtual environment into it.
  • Set VIRTUAL_ENV and updated PATH in the final image; preserved the existing runtime entrypoint.

[coderabbitai]

Walkthrough

Introduces an env-builder build stage that creates a Python virtualenv, installs dependencies and the project into it, then switches to a distroless final stage that copies the virtualenv and app, sets VIRTUAL_ENV and PATH, and retains the ENTRYPOINT aiperf.

Changes

Cohort / File(s)

Summary

Docker build and runtime image Dockerfile

Renames prior final stage to env-builder; creates virtualenv at /opt/$APP_NAME/venv, sets VIRTUAL_ENV and updates PATH in builder; runs dependency sync and installs the project into the venv (uv pip install --no-deps); adds a distroless final stage (nvcr.io/nvidia/distroless/python:3.12-v3.4.17-dev) and copies the venv and application from env-builder; sets VIRTUAL_ENV and PATH in final image; keeps ENTRYPOINT aiperf.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant SRC as Source
  participant ENV as env-builder (builder stage)
  participant FINAL as distroless final

  SRC->>ENV: COPY source files\ncreate venv at /opt/$APP_NAME/venv
  note right of ENV #D3E4CD: Sync deps\nuv pip install --no-deps\ninstall project into venv
  ENV-->>FINAL: COPY venv and app artifacts
  FINAL->>FINAL: Set VIRTUAL_ENV and PATH
  FINAL->>Container: ENTRYPOINT aiperf

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

I hopped through stages, stitched a nest,
A venv tucked beneath my vest.
Distroless box, small and spry,
PATH aligned — now off I fly. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title clearly states the main change of updating the Dockerfile to meet OSRB compliance, matching the primary objective of the pull request without unnecessary detail.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch harrison/container-for-osrb

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec66e6d and ec67a06.

📒 Files selected for processing (1)

• Dockerfile (2 hunks)

🧰 Additional context used

🪛 Hadolint (2.14.0)

Dockerfile

[error] 89-89: COPY with more than 2 arguments requires the last argument to end with /

(DL3021)

[ajcasagrande]

I get a permission denied when it tries to create the artifacts/logs directories, but likely just needs some volume mounting

│ /opt/aiperf/venv/lib/python3.12/site-packages/aiperf/common/logging.py:161 in create_file_handler                                                          │
│                                                                                                                                                            │
│   158 ) -> logging.FileHandler:                                                                                                                            │
│   159 │   """Configure a file handler for logging."""                                                                                                      │
│   160 │                                                                                                                                                    │
│ ❱ 161 │   log_folder.mkdir(parents=True, exist_ok=True)                                                                                                    │
│   162 │   log_file_path = log_folder / OutputDefaults.LOG_FILE                                                                                             │
│   163 │                                                                                                                                                    │
│   164 │   file_handler = logging.FileHandler(log_file_path, encoding="utf-8")                                                                              │
│                                                                                                                                                            │
│ ╭────────────────────────────────────── locals ──────────────────────────────────────╮                                                                     │
│ │      level = 'INFO'                                                                │                                                                     │
│ │ log_folder = PosixPath('artifacts/Qwen_Qwen3-0.6B-openai-chat-concurrency10/logs') │  
│ /usr/local/lib/python3.12/pathlib.py:1311 in mkdir                                                                                                         │
│                                                                                                                                                            │
│   1308 │   │   Create a new directory at this given path.                                                                                                  │
│   1309 │   │   """                                                                                                                                         │
│   1310 │   │   try:                                                                                                                                        │
│ ❱ 1311 │   │   │   os.mkdir(self, mode)                                                                                                                    │
│   1312 │   │   except FileNotFoundError:                                                                                                                   │
│   1313 │   │   │   if not parents or self.parent == self:                                                                                                  │
│   1314 │   │   │   │   raise                                                                                                                               │
│                                                                                                                                                            │
│ ╭────────────────────────────────── locals ───────────────────────────────────╮                                                                            │
│ │ exist_ok = True                                                             │                                                                            │
│ │     mode = 511                                                              │                                                                            │
│ │  parents = True                                                             │                                                                            │
│ │     self = PosixPath('artifacts/Qwen_Qwen3-0.6B-openai-chat-concurrency10') │                                                                            │
│ ╰─────────────────────────────────────────────────────────────────────────────╯                                                                            │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
PermissionError: [Errno 13] Permission denied: 'artifacts/Qwen_Qwen3-0.6B-openai-chat-concurrency10'