fix(onboard): suppress docker manifest/build noise during gateway setup#3311
Merged
Conversation
Closes #3248 Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
cv
approved these changes
May 11, 2026
12 tasks
cv
pushed a commit
that referenced
this pull request
May 15, 2026
## Summary At step [6/8], when the published sandbox-base image is incompatible (glibc < 2.39) and NemoClaw rebuilds locally, the full Docker build log (~200 lines: apt-get output, debconf warnings, dpkg messages, layer hashes) is forwarded to the user terminal. #3311 already fixed the [2/8] gateway setup leak the same way; the [6/8] sandbox-base rebuild path was not covered. ## Related Issue Fixes #3584 ## Changes - Add a `quiet?: boolean` option to `dockerBuild` that prepends `--quiet` to the build argv. - Switch the sandbox-base local rebuild to `quiet: true` + `suppressOutput: true` + `ignoreError: true`, and surface the captured stderr (plus a one-line failure summary) when the build does not succeed. - Add a "This is a one-time step and can take several minutes" notice so users do not mistake the silent build window for a hang. - Add docker-helper tests covering `--quiet` argv injection on `dockerBuild` and the default-omit behaviour. ## Type of Change - [x] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Verification - [x] \`npx prek run --all-files\` passes - [x] \`npm test\` passes - [x] Tests added or updated for new or changed behavior - [x] No secrets, API keys, or credentials committed - [ ] Docs updated for user-facing behavior changes - [ ] \`make docs\` builds without warnings (doc changes only) - [ ] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- Signed-off-by: Tinson Lai <tinsonl@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Docker build accepts an optional quiet flag to suppress build output. * **Bug Fixes** * Improved handling of build failures: capture and present combined diagnostics, suppress streaming output on failure, and return a clear failure result. * Diagnostics now redact sensitive information before display. * **Tests** * Added tests for quiet-flag behavior and comprehensive build-failure diagnostics (including binary stream handling). <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/3586) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
During
nemoclaw onboardstep [2/8], thedocker manifest inspectJSON output and the BuildKit build log (apt-get output, layer hashes, debconf warnings) are forwarded to the user's terminal alongside the curated progress lines we already log ("Pulling upstream cluster image…", "Building patched cluster image…"). This PR keeps the curated lines as the user-facing signal and routes the raw command output to internal-only handling.Related Issue
Closes #3248
Changes
suppressOutput?: booleanto theRunOptsinterface in src/lib/cluster-image-patch.ts and plumb it throughdefaultRunso callers can opt into dropping captured stdio instead of forwarding it to the user.suppressOutput: trueon thedocker manifest inspectreachability probe.--quietandsuppressOutput: trueon thedocker buildinvocation so BuildKit no longer streams its full log to the user.suppressOutput: trueand that build now includes--quiet.Type of Change
Verification
npx prek run --all-filespassesnpm testpassesmake docsbuilds without warnings (doc changes only)Signed-off-by: Tinson Lai tinsonl@nvidia.com
Summary by CodeRabbit
Improvements
Tests