[CI] Automate AITER prebuilt upload flow with GitHub actions by VeeraRajasekhar · Pull Request #412 · ROCm/TransformerEngine

VeeraRajasekhar · 2026-01-14T06:47:45Z

Description

Add a manual AITER prebuilt upload workflow (aiter-prebuilt-upload.yml) that lets you pick a docker image and GPU arch list, builds the aiter libs inside the container, and packages/uploads via the shared shell script.
Move build/package/upload logic into ci/aiter_upload.sh (uses GPU_ARCHS, defaults to gfx942;gfx950, supports upload when env vars are set; otherwise packages and prints the artifact path).
Strip upload logic from aiter_prebuilt.cmake so normal builds only download/use existing prebuilts.

Fixes # (issue)

Type of change

Documentation change (change only to the documentation, either a fix or a new content)
Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Infra/Build change
Code refactoring

Changes

Add a workflow_dispatch GHA to build/upload AITER prebuilts using a chosen image and GPU arch list, reusing ci/aiter_upload.sh.
Update ci/aiter_upload.sh to handle build + package + optional upload (env-driven), default GPU_ARCHS to gfx942;gfx950, and honor GPU_ARCHS input.
Remove upload/packaging logic from aiter_prebuilt.cmake; it now only downloads/uses prebuilts in the normal build.

Checklist:

I have read and followed the contributing guidelines
The functionality is complete
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
My changes generate no new warnings
I have added tests that prove my fix is effective or that my feature works
New and existing unit tests pass locally with my changes

ipanfilo · 2026-01-14T14:41:02Z

This approach does not work.

Anyone can create PR against protected branches whereas the code is expected to work only for org members
When building aiter on CI machine, it is built with one specific GPU arch but we need it to be built against all supported architectures
It is desired to build new aiter not only for single ROCm version used for CI
So there should be separate build procedure with specific usage by limited group of people and hence it is no practical to fit it to CI action. If you want to utilize GHA infrastructure for that, I suggest to create separate action that can be run manually. But let's first justify why GHA action is preferred over dedicated manually running script

VeeraRajasekhar · 2026-01-14T17:15:12Z

I like your idea of creating a separate GHA workflow for this. I feel creating this workflow which accepts a docker image is a better option. I don't see lot of our group is pushing to the aiter artifactory. Creating this workflow will be a good option to increase the cache hit.

As per the permissions, we can explore this option
workflow_dispatch (Manual Trigger) Event: Workflows with the workflow_dispatch trigger can only be triggered by users who are collaborators with at least write access to the repository. External contributors (those without write access) cannot manually trigger these workflows from the UI or API.

VeeraRajasekhar · 2026-01-16T18:34:39Z

@ipanfilo @wangye805 PR is ready for review.

Summary: Offloaded all upload related functionality from cmake file. Added a new bash script to upload and this is used in the github action file.

ipanfilo · 2026-01-17T03:31:01Z

ci/aiter_upload.sh

+ROCM_VER="$(head -n1 "${ROCM_PATH}/.info/version" | sed -n 's/^\([0-9]\+\.[0-9]\+\).*/\1/p')"
+
+AITER_DIR="${ROOT_DIR}/3rdparty/aiter"
+git -C "${AITER_DIR}" config --global --add safe.directory "${AITER_DIR}" >/dev/null


Use code from

TransformerEngine/transformer_engine/common/CMakeLists.txt

Line 277 in b5e3c71

COMMAND sh -c "export GIT_CONFIG_GLOBAL=$(mktemp /tmp/gitconfig.XXXXXX);

not to modify repository

ipanfilo · 2026-01-17T03:32:41Z

.github/scripts/aiter_upload.sh

+  echo "[AITER-PREBUILT] Building aiter libs for ${ARCHS} ..."
+  rm -rf "${AITER_DIR}/aiter/jit/build"
+  AITER_LOG_MORE=1 \
+  GPU_ARCHS="${ARCHS}" \


CK_TILE_FLOAT_TO_BFLOAT16_DEFAULT is missed

ipanfilo · 2026-01-17T03:34:52Z

.github/scripts/aiter_prebuild_upload.sh

+    -T "${OUTPUT_TGZ}" \
+    "${REMOTE_URL}" \
+    -o /dev/null
+  echo "[AITER-PREBUILT] Uploaded tgz to ${REMOTE_URL}"


What about .sha256?

Jfrog is automatically creating a sha256 if we upload a file, so to leverage thatI didn't upload. But in future if we change the storage loc, we might need, so I will upload it.

If JFrog creates sha256 then it may make more sense to download it and compare with local sha256 to make sure the package uploaded correctly. And if there is no sha256 on server and you want support non-Jfrog servers then upload local sha256 file

Updated, added functionality to check the sha256 with local

ipanfilo · 2026-01-17T03:36:29Z