Skip to content

Change mapping image to debian #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jakubsikorski wants to merge 23 commits into
base: main
Choose a base branch
from
Open

Change mapping image to debian #776

jakubsikorski wants to merge 23 commits into from

Conversation

@jakubsikorski
Copy link
Contributor

@jakubsikorski jakubsikorski commented Dec 18, 2025

πŸ“ Description

Changes base image of controller from ubuntu to Debian.

✨ Type of Change

Select the type of change your PR introduces:

  • 🐞 Bug fix – Non-breaking change which fixes an issue
  • πŸš€ New feature – Non-breaking change which adds functionality
  • πŸ”¨ Refactor – Non-breaking change which refactors the code base
  • πŸ’₯ Breaking change – Changes that break existing functionality
  • πŸ“š Documentation update
  • πŸ”’ Security update
  • πŸ§ͺ Tests
  • πŸš‚ CI

πŸ§ͺ Testing Scenarios

Describe how the changes were tested and how reviewers can test them too:

  • βœ… Tested manually
  • πŸ€– Ran automated end-to-end tests

βœ… Checklist

Before submitting the PR, ensure the following:

  • πŸ” PR title is clear and descriptive
  • πŸ“ For internal contributors: If applicable, include the JIRA ticket number (e.g., ITEP-123456) in the PR title. Do not include full URLs
  • πŸ’¬ I have commented my code, especially in hard-to-understand areas
  • πŸ“„ I have made corresponding changes to the documentation
  • βœ… I have added tests that prove my fix is effective or my feature works

@jakubsikorski jakubsikorski self-assigned this Dec 18, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 18, 2025
View reviewed changes
autocalibration/Dockerfile
# =========================
# Runtime stage
FROM ubuntu:22.04 AS autocalibration-runtime
FROM python:3.11-slim-bookworm AS autocalibration-runtime

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: containerImage not pinned by hash
Remediation tip: pin your Docker image by updating python:3.11-slim-bookworm to python:3.11-slim-bookworm@sha256:bcbbec29f7a3f9cbee891e3cd69d7fe4dec7e281daf36cbd415ddd8ee2ba0077
Click Remediation section below for further remediation help
manager/Dockerfile

# ---------- Manager Runtime Stage ------------------
FROM ubuntu:22.04 AS scenescape-manager-runtime
FROM python:3.11-slim-bookworm AS scenescape-manager-runtime

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: containerImage not pinned by hash
Remediation tip: pin your Docker image by updating python:3.11-slim-bookworm to python:3.11-slim-bookworm@sha256:bcbbec29f7a3f9cbee891e3cd69d7fe4dec7e281daf36cbd415ddd8ee2ba0077
Click Remediation section below for further remediation help
mapping/Dockerfile
# STAGE 2: RUNTIME STAGE
# =========================
FROM ubuntu:22.04 AS mapping-runtime
FROM python:3.11-slim-bookworm AS mapping-runtime

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: containerImage not pinned by hash
Remediation tip: pin your Docker image by updating python:3.11-slim-bookworm to python:3.11-slim-bookworm@sha256:6e27de8d5ec0c03bfe010b6a1dac20366e5b4e3edd123d4c6f60e1c32f60db3f
Click Remediation section below for further remediation help
scene_common/Dockerfile

# -------------- Common Base Stage --------------
FROM ubuntu:22.04 AS scenescape-common-base
FROM python:3.11-slim-bookworm AS scenescape-common-base

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: containerImage not pinned by hash
Remediation tip: pin your Docker image by updating python:3.11-slim-bookworm to python:3.11-slim-bookworm@sha256:bcbbec29f7a3f9cbee891e3cd69d7fe4dec7e281daf36cbd415ddd8ee2ba0077
Click Remediation section below for further remediation help
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 18, 2025
View reviewed changes
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +96 to +111
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r $SCENESCAPE_HOME/requirements_api.txt && \
if [ "$MODEL_TYPE" = "mapanything" ]; then \
cd /workspace/map-anything && \
pip install --no-cache-dir torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/vggt /workspace/mapping; \
pip install --no-cache-dir torch torchvision --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -e .; \
elif [ "$MODEL_TYPE" = "vggt" ]; then \
echo "Installing VGGT model..." && \
cd /workspace/vggt && \
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 torchaudio --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir -r requirements_demo.txt && \
pip install --no-cache-dir -e . && \
cd / && rm -rf /workspace/map-anything /workspace/mapping; \
fi

# Copy on-demand model loader and dependencies
COPY mapping/tools/*.py /usr/local/bin/

# Create directories and set permissions
RUN mkdir -p /workspace/model_weights $SCENESCAPE_HOME/outputs /workspace/.cache/torch /workspace/.cache/huggingface && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace && \
chmod -R 1777 /workspace

# Create startup script that ensures model directory permissions and downloads models
WORKDIR $SCENESCAPE_HOME
pip install --no-cache-dir torch==2.3.1 torchvision==0.18.1 --extra-index-url https://download.pytorch.org/whl/cpu && \
pip install --no-cache-dir -r requirements.txt -r requirements_demo.txt && \
pip install --no-cache-dir -e .; \
fi && \
rm -rf /usr/local/lib/python3.11/site-packages/torch/test \
/usr/local/lib/python3.11/site-packages/torch/share \
/usr/local/lib/python3.11/site-packages/torchvision/test 2>/dev/null || true && \
chown -R $WSUSER:$WSUSER $SCENESCAPE_HOME /workspace

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
mapping/Dockerfile
Comment on lines +149 to +150
RUN pip install --no-cache-dir -r /tmp/requirements-test.txt \
&& rm /tmp/requirements-test.txt

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
@jakubsikorski jakubsikorski marked this pull request as ready for review January 8, 2026 09:29
@jakubsikorski jakubsikorski requested a review from Copilot January 12, 2026 11:18
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR migrates the mapping controller's base image from Ubuntu 22.04 to Debian-based Python 3.11 slim (Bookworm). The change consolidates Python installation and optimizes the Dockerfile by reducing layers, removing redundant commands, and streamlining the build process for both MapAnything and VGGT models.

Changes:

  • Base image changed from ubuntu:22.04 to python:3.11-slim-bookworm
  • Dockerfile refactored to combine multiple RUN commands into fewer layers
  • Build process optimized to only clone the selected model type instead of cloning both

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
mapping/Makefile Updates RUNTIME_OS_IMAGE variable to use Python 3.11 Debian base image
mapping/Dockerfile Refactors multi-stage build to optimize layers, removes Ubuntu-specific Python installation, consolidates RUN commands, and adjusts paths for Python 3.11

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

saratpoluri
saratpoluri requested changes Jan 12, 2026
View reviewed changes
mapping/Dockerfile
#!/bin/bash
set -e

# Set cache environment variables to use user directory
Copy link
Contributor

@saratpoluri saratpoluri Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep these.

Copy link
Contributor Author

@jakubsikorski jakubsikorski Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted so these environment variables aren't set with ENV but in the shell script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@saratpoluri saratpoluri saratpoluri requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@jakubsikorski jakubsikorski

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jakubsikorski @saratpoluri