chore: point openspiel base image to ghcr.io/huggingface namespace#888
Conversation
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
|
Creation of image running in: https://github.com/huggingface/OpenEnv/actions/runs/28428789353 |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit b35b83f. Configure here.
There was a problem hiding this comment.
Alignment Review Report
Automated Checks
- Lint: N/A for this diff —
lint.shcould not run in the review sandbox (uvnot installed), but the PR only changes 2 Markdown files + 1 Dockerfile (no Python undersrc//tests/), so the lint scope is unaffected. - Debug code: CLEAN —
check-debug.shonly reported pre-existingprint/TODOlines insrc/; none are in the files this PR touches.
Open RFCs Context
RFCs 000–003 and 005 are In Review, 010 is Draft — covering abstractions, env spec, MCP, agentic harnesses, and world-modeling. None touch container base-image namespaces or registry references, so this chore PR does not intersect any open RFC.
Tier 1: Fixes Required
-
envs/openspiel_env/server/Dockerfile:26— The new defaultARG OPENSPIEL_BASE_IMAGE=ghcr.io/huggingface/openenv-openspiel-base:latestpoints at a tag that does not exist. Thehuggingface/openenv-openspiel-basepackage currently has onlysha-7a9bb94(verified against GHCR — nolatesttag), sodocker build -f server/Dockerfile .will fail withmanifest unknown. Unlikeopenenv-base(rebuilt and re-taggedlateston every push tomainviadocker-build.yml), the OpenSpiel base is built byopenspiel_base_build.yml, which isworkflow_dispatch-only — so:latestis not auto-maintained. Fix: pin to the tag that exists →ghcr.io/huggingface/openenv-openspiel-base:sha-7a9bb94, or run Build OpenSpiel Base Image onmainto publishlatestbefore merging. -
envs/openspiel_env/server/prepare_hf.sh:24— Still hardcodes the old namespace + tagghcr.io/meta-pytorch/openenv-openspiel-base:sha-e622c7e. This is the scriptscripts/prepare_hf_deployment.shinvokes to rewrite the Dockerfile for HF Spaces deployments, so the PR's stated goal ("point openspiel base image to ghcr.io/huggingface namespace") is not achieved for deployments until this line is updated. (This file is not in the diff, so flagging it here rather than inline.) Fix:ghcr.io/huggingface/openenv-openspiel-base:sha-7a9bb94.
Both fixes converge cleanly: using
ghcr.io/huggingface/openenv-openspiel-base:sha-7a9bb94in both files completes the namespace migration, keeps the build working (that tag exists today), and preserves the reproducible pin the env had before.
Tier 2: Alignment Discussion
Principle Conflicts
ALIGNMENT FLAG: Base image moves from a pinned SHA to a floating :latest tag
- Principle at stake: "Container isolation for reproducibility" / "Docker overhead is acceptable for reproducibility" (PRINCIPLES.md)
- The concern: The env previously pinned
:sha-e622c7e; switching the default to:latesttrades build reproducibility for a mutable tag. There is a consistency argument (other envs useopenenv-base:latest), but that base is auto-rebuilt onmain, whereas the OpenSpiel base is manual-only, so:latestis prone to drift or absence (it is missing right now). Pinning tosha-7a9bb94keeps the prior reproducibility posture and fixes the broken build at the same time — worth a deliberate call on which convention to adopt for the OpenSpiel base. - Suggested reviewer: @Darktex (authored the reproducibility trade-off line in PRINCIPLES.md); @burtenshaw (authored
prepare_hf.sh:24and owns the base-image / HF deploy workflows)
RFC Conflicts
None identified.
Summary
- 2 mechanical issues to fix (non-existent
:latestbase tag → broken build; stalemeta-pytorchreference in the HF deploy script) - 1 alignment point for human review (floating
:latestvs pinned SHA → reproducibility) - 0 RFC conflicts
Sent by Cursor Automation: Untitled
|
|
||
| # Default: use pre-built image from GHCR (skips C++ compilation) | ||
| ARG OPENSPIEL_BASE_IMAGE=ghcr.io/meta-pytorch/openenv-openspiel-base:sha-e622c7e | ||
| ARG OPENSPIEL_BASE_IMAGE=ghcr.io/huggingface/openenv-openspiel-base:latest |
There was a problem hiding this comment.
Tier 1 — this tag does not exist yet. ghcr.io/huggingface/openenv-openspiel-base currently publishes only sha-7a9bb94 (no latest), so building this Dockerfile fails with manifest unknown. The OpenSpiel base is produced by openspiel_base_build.yml, which is manual (workflow_dispatch) only — so :latest is not auto-maintained the way openenv-base:latest is (that one is rebuilt on every push to main).
Suggested fix (also preserves the env's previous reproducible pin):
ARG OPENSPIEL_BASE_IMAGE=ghcr.io/huggingface/openenv-openspiel-base:sha-7a9bb94…or run Build OpenSpiel Base Image on main first to publish latest.
Related: envs/openspiel_env/server/prepare_hf.sh:24 still hardcodes ghcr.io/meta-pytorch/openenv-openspiel-base:sha-e622c7e and needs the same namespace update so HF Spaces deploys also move off meta-pytorch.



Summary
Point the OpenSpiel environment at the canonical
ghcr.io/huggingface/openenv-openspiel-basebase image instead of the legacyghcr.io/meta-pytorchnamespace. The base image is now built and published to thehuggingfacenamespace byopenspiel_base_build.yml, so the env Dockerfile default and the docs should reference it there. The Dockerfile now tracks:latestrather than a pinned (and stale)sha-tag.Type of Change
Alignment Checklist
Before submitting, verify:
.claude/docs/PRINCIPLES.mdand this PR aligns with our principles.claude/docs/INVARIANTS.mdand no invariants are violated/pre-submit-pr(orbash .claude/hooks/lint.shand tests) and addressed all issuesRFC Status
Test Plan
python scripts/sync_env_docs.py --checkpasses (theopenspiel.mdstub was regenerated from the README with--fix).ghcr.io/huggingface/openenv-openspiel-baseis public and pullable (verified anonymously).Claude Code Review
N/A
Note
Low Risk
Docs and Docker defaults only; no application logic changes. Using
:latestinstead of a pinned digest is a minor reproducibility tradeoff for builds.Overview
Switches the OpenSpiel env’s default pre-built Docker base from
ghcr.io/meta-pytorch/openenv-openspiel-base:sha-e622c7etoghcr.io/huggingface/openenv-openspiel-base:latest, matching whereopenspiel_base_build.ymlnow publishes the image.The same registry path is updated in
server/Dockerfile,server/prepare_hf.sh(HF Space Dockerfile rewrite), and the build docs inenvs/openspiel_env/README.md/docs/source/environments/openspiel.md.Reviewed by Cursor Bugbot for commit 4da704e. Bugbot is set up for automated code reviews on this repo. Configure here.