From 97b4d164eda355174b860f4e9051351d5ae33d4e Mon Sep 17 00:00:00 2001
From: clsferguson <48876201+clsferguson@users.noreply.github.com>
Date: Sun, 21 Sep 2025 22:54:12 -0600
Subject: [PATCH] build(docker): compile SageAttention 2.2 on slim trixie using
 Debian CUDA toolkit; install wheel into runtime and enable flag
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Switch to a two-stage Dockerfile that builds SageAttention 2.2 from source on python:3.12-slim-trixie by explicitly enabling contrib/non-free/non-free-firmware in APT and installing Debian’s nvidia-cuda-toolkit (nvcc) for compilation, then installs the produced cp312 wheel into the slim runtime so --use-sage-attention works at startup. The builder installs Torch cu129 to match the runtime for ABI compatibility and uses pip’s --break-system-packages to avoid a venv while respecting PEP 668 in a controlled way, keeping layers lean and avoiding the prior sources.list and space issues seen on GitHub runners. The final image remains minimal while bundling an up-to-date SageAttention build aligned with the Torch/CUDA stack in use.
---
 Dockerfile | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2b4d4bd2b..8b2761345 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,19 +7,18 @@ ENV DEBIAN_FRONTEND=noninteractive \
     PIP_DISABLE_PIP_VERSION_CHECK=1 \
     PIP_NO_CACHE_DIR=1
 
-# Enable contrib/non-free/non-free-firmware, install CUDA toolkit + build deps
+# Write explicit Debian sources with contrib/non-free/non-free-firmware, then install CUDA toolkit + build deps
 RUN set -eux; \
-  sed -i 's/ main$/ main contrib non-free non-free-firmware/g' /etc/apt/sources.list; \
+  printf 'deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware\n' > /etc/apt/sources.list; \
+  printf 'deb http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware\n' >> /etc/apt/sources.list; \
+  printf 'deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware\n' >> /etc/apt/sources.list; \
   apt-get update; \
-  apt-get install -y --no-install-recommends \
-    ca-certificates curl git build-essential cmake \
-    nvidia-cuda-toolkit \
-  ; \
+  apt-get install -y --no-install-recommends ca-certificates curl git build-essential cmake nvidia-cuda-toolkit; \
   rm -rf /var/lib/apt/lists/*
 
 WORKDIR /tmp/sage
 
-# Install Torch cu129 in system site (PEP 668: allow system installs)
+# Install Torch cu129 in builder (matches runtime) and build wheel (PEP 668: allow system installs here)
 RUN python -m pip install --upgrade pip setuptools wheel --break-system-packages && \
     python -m pip install torch torchvision torchaudio \
       --extra-index-url https://download.pytorch.org/whl/cu129 \