Skip to content

[CI] Add pinned OVPhysX wheelhouse path for develop#6267

Draft
marcodiiga wants to merge 1 commit into
isaac-sim:developfrom
marcodiiga:dev/malesiani/ovphysx_wheelhouse_ci
Draft

[CI] Add pinned OVPhysX wheelhouse path for develop#6267
marcodiiga wants to merge 1 commit into
isaac-sim:developfrom
marcodiiga:dev/malesiani/ovphysx_wheelhouse_ci

Conversation

@marcodiiga

@marcodiiga marcodiiga commented Jun 25, 2026

Copy link
Copy Markdown

Summary

  • add a pinned OVPhysX wheelhouse image to the shared CI config
  • install ovphysx from that wheelhouse in the existing isaaclab_ov Docker test job for develop-targeted runs
  • keep main/release-targeted runs on the normal public package install path
  • validate the copied wheelhouse manifest and wheel hashes before installing with pip --no-index

Why

This lets IsaacLab develop test against a specific OVPhysX development wheel before the corresponding public PyPI release is available, while preserving the public-package path for release branches.

Validation

  • Parsed changed workflow/action YAML files with PyYAML
  • Ran a static CI-contract check for the pinned image, develop switch, PyPI fallback, manifest validation, and offline install path
  • Ran git diff --check origin/develop...HEAD
  • Scanned the diff and PR text for unintended local provenance strings

actionlint is not installed in my local environment, so I could not run it before opening this draft PR.

@marcodiiga marcodiiga force-pushed the dev/malesiani/ovphysx_wheelhouse_ci branch from 19b4c15 to a09ac33 Compare June 26, 2026 15:42

@AntoineRichard AntoineRichard left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if the test could be made a bit shorter.

Comment on lines +157 to +267
run: |
set -euo pipefail

if [ -z "${NGC_API_KEY:-}" ]; then
echo "::error::wheelhouse-resource is set but NGC_API_KEY is unavailable; cannot download configured wheelhouse resource"
exit 1
fi

NGC_CLI_VERSION="4.20.0"
NGC_CLI_SHA256="5cf084c88998c58ad8abf7849d2d1b41d578423886eb03018df10194e341d35b"
NGC_CLI_URL="https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/${NGC_CLI_VERSION}/files/ngccli_linux.zip"

wheelhouse_root="$(mktemp -d "${RUNNER_TEMP:-/tmp}/ovphysx-wheelhouse.XXXXXX")"
download_root="$(mktemp -d "${RUNNER_TEMP:-/tmp}/ovphysx-wheelhouse-download.XXXXXX")"
ngc_home="$(mktemp -d "${RUNNER_TEMP:-/tmp}/ovphysx-ngc-home.XXXXXX")"
ngc_unpack_dir=""
preserve_wheelhouse_root=false
cleanup() {
if [ "$preserve_wheelhouse_root" != "true" ]; then
rm -rf "$wheelhouse_root"
fi
rm -rf "$download_root" "$ngc_home"
if [ -n "$ngc_unpack_dir" ]; then
rm -rf "$ngc_unpack_dir"
fi
}
trap cleanup EXIT

if ! command -v ngc >/dev/null 2>&1; then
cache_dir="${RUNNER_TEMP:-/tmp}/ngc-cli-cache"
ngc_zip="${cache_dir}/ngccli_linux.zip"
mkdir -p "$cache_dir"
if [ ! -f "$ngc_zip" ]; then
echo "Downloading NGC CLI ${NGC_CLI_VERSION}"
curl -fsSL -o "$ngc_zip" "$NGC_CLI_URL"
fi
echo "${NGC_CLI_SHA256} ${ngc_zip}" | sha256sum -c -
ngc_unpack_dir="$(mktemp -d "${RUNNER_TEMP:-/tmp}/ngc-cli.XXXXXX")"
unzip -q "$ngc_zip" -d "$ngc_unpack_dir"
export PATH="${ngc_unpack_dir}/ngc-cli:${PATH}"
fi

export NGC_CLI_API_KEY="$NGC_API_KEY"
export NGC_CLI_ORG=nvidian
export NGC_CLI_TEAM=omniverse
export NGC_CLI_HOME="$ngc_home"

ngc --version
echo "Downloading wheelhouse resource: $WHEELHOUSE_RESOURCE"
ngc registry resource download-version "$WHEELHOUSE_RESOURCE" --dest "$download_root"

mapfile -t manifests < <(find "$download_root" -type f -name manifest.json)
if [ "${#manifests[@]}" -ne 1 ]; then
echo "::error::expected exactly one manifest.json in downloaded wheelhouse resource, found ${#manifests[@]}"
printf '%s\n' "${manifests[@]}"
exit 1
fi

payload_dir="$(dirname "${manifests[0]}")"
if [ ! -d "${payload_dir}/wheelhouse" ]; then
echo "::error::downloaded wheelhouse resource is missing wheelhouse/ next to manifest.json"
exit 1
fi

mkdir -p "$wheelhouse_root/wheelhouse"
cp "${payload_dir}/manifest.json" "$wheelhouse_root/manifest.json"
cp "${payload_dir}/wheelhouse/"*.whl "$wheelhouse_root/wheelhouse/"

python3 - <<'PY' "$wheelhouse_root/manifest.json" "$wheelhouse_root/wheelhouse"
import hashlib
import json
import pathlib
import sys

manifest_path = pathlib.Path(sys.argv[1])
wheelhouse_dir = pathlib.Path(sys.argv[2])
manifest = json.loads(manifest_path.read_text(encoding="utf-8"))

expected = {
"artifact": "ovphysx-wheelhouse",
"platform": "manylinux_2_35_x86_64",
}
for key, value in expected.items():
actual = manifest.get(key)
if actual != value:
raise SystemExit(f"manifest {key!r} mismatch: expected {value!r}, got {actual!r}")

wheels = manifest.get("wheels")
if not isinstance(wheels, list) or not wheels:
raise SystemExit("manifest has no wheels list")

for wheel in wheels:
filename = wheel.get("file")
expected_sha = wheel.get("sha256")
if not filename or not expected_sha:
raise SystemExit(f"invalid wheel manifest entry: {wheel!r}")
wheel_path = wheelhouse_dir / filename
if not wheel_path.is_file():
raise SystemExit(f"manifest wheel is missing from wheelhouse: {filename}")
actual_sha = hashlib.sha256(wheel_path.read_bytes()).hexdigest()
if actual_sha != expected_sha:
raise SystemExit(f"sha256 mismatch for {filename}: expected {expected_sha}, got {actual_sha}")

print(f"Validated {len(wheels)} wheelhouse wheels from {manifest_path}")
PY

echo "Wheelhouse contents:"
ls -l "$wheelhouse_root/wheelhouse"
preserve_wheelhouse_root=true
echo "wheelhouse_host_dir=$wheelhouse_root" >> "$GITHUB_OUTPUT"

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is all of this required?

@AntoineRichard

AntoineRichard commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

@marcodiiga I mirrored the reviewed commit a09ac33 to the official same-repository branch antoiner/test_ovphysx_wheelhouse_ci for trusted CI validation. The draft probe PR is #6314; please use that official branch name when updating the existing branch, subject to repository rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants