feat: add LLVM setup script for modular installation

[cmagina]

Summary

This PR is part 2 of 11 in the rework modernization effort. It adds the LLVM setup script as part of the modular framework installation architecture.

Changes:

• ✅ Add scripts/setup_llvm.sh for LLVM installation and configuration

Features:

• Downloads LLVM source from GitHub when not mounted as a volume
• Installs build dependencies for LLVM compilation
• Supports INSTALL_LLVM environment variable with source or skip options
• Provides clean interface for LLVM integration in containers

Why this change?

LLVM is a foundational component for Triton and other frameworks. This dedicated setup script:

• Separates LLVM installation logic from other concerns
• Makes LLVM setup reusable across different container configurations
• Provides flexibility to either mount LLVM source or download it automatically
• Follows the modular architecture established in PR refactor: modularize setup scripts for better maintainability #115

Testing:

• Script follows the same patterns as the modular architecture
• Integrates with the setup orchestrator from PR refactor: modularize setup scripts for better maintainability #115
• Will be utilized by Dockerfile changes in PR chore: fix workspace permissions #7

Dependencies:

• Depends on PR refactor: modularize setup scripts for better maintainability #115 (Script Modularization)

Related PRs:

• PR refactor: modularize setup scripts for better maintainability #115: Script Modularization (foundation)
• Follows same pattern as PRs 3-6 (other framework scripts)

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Optional LLVM installer integrated into container setup with a configurable INSTALL_LLVM option
  • New developer installer script to prepare a local LLVM source tree and deps
  • Support for mounting a local LLVM source tree into containers for development

• Chores

  • CI workflows now also trigger when LLVM installer or related setup scripts change

• Refactor

  • Container images and setup scripts reorganized to stage LLVM artifacts and expose a unified dev installer
  • Shell config now uses per-snippet files for environment exports and user setup routines improved

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new devinstall script and integrates it into Makefile, Dockerfiles, and setup scripts; updates several scripts to use ~/.bashrc.d snippets; updates container runtime env/mounts; and expands GitHub Actions workflow path filters to trigger on changes to the new script.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Triggers .github/workflows/amd-image.yml, .github/workflows/cpu-image.yml, .github/workflows/llvm-image.yml, .github/workflows/nvidia-image.yml	Added scripts/devinstall_llvm.sh to push and pull_request paths filters so workflows run when the new script changes.
Makefile Configuration Makefile	Added llvm_path ?= and INSTALL_LLVM ?= skip. run_container conditionally mounts $(llvm_path) to /workspace/llvm-project when set and injects -e INSTALL_LLVM=$(INSTALL_LLVM) into the container env.
Dockerfiles — LLVM & Triton images dockerfiles/Dockerfile.llvm, dockerfiles/Dockerfile.triton, dockerfiles/Dockerfile.triton-amd, dockerfiles/Dockerfile.triton-cpu	Copy scripts/devinstall_llvm.sh into images (to /workspace/bin/devinstall_llvm in triton images); change LLVM staging/install paths to use /llvm-install for CUSTOM_LLVM/local stages; Dockerfile.llvm invokes devinstall_llvm source for CUSTOM_LLVM path and switches pip invocation to pip. Removed an informational "Skipping rebuild." output.
New LLVM Installation Script scripts/devinstall_llvm.sh	Adds new executable script that prepares a local llvm-project under WORKSPACE (default $HOME), optionally checks out LLVM_GITREF, installs Python build deps via uv pip install fallback to pip, writes LLVM_BUILD_PATH to ~/.bashrc.d/00-llvm_project.sh, and exposes a source subcommand.
Setup / Integration Scripts scripts/devsetup.sh, scripts/devinstall_triton.sh, scripts/devinstall_software.sh, scripts/devcreate_user.sh	devsetup.sh: always runs devcreate_user, preserves INSTALL_LLVM in saved env and runs devinstall_llvm "$INSTALL_LLVM" when not skip. devinstall_triton.sh: write LLVM_GITREF and ccache snippet files into ~/.bashrc.d/*; switch CUSTOM_LLVM detection to /llvm-install and error if missing; update LLVM path variables to /llvm-install roots. devinstall_software.sh: write CCACHE and CUDA exports to ~/.bashrc.d/00-*.sh instead of appending to ~/.bashrc. devcreate_user.sh: add get_user_home() and create_bashrc(), harden WORKSPACE handling, and reorder operations (create bashrc, install sudo, then fix permissions).

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant GH as GitHub Actions
  participant CB as Container Build
  participant Script as devinstall_llvm.sh
  participant Git as LLVM Git Server

  Dev->>GH: push or PR touching `scripts/devinstall_llvm.sh`
  GH->>CB: trigger image build job
  CB->>CB: COPY `devinstall_llvm.sh` into image
  CB->>Script: RUN `devinstall_llvm source` (CUSTOM_LLVM path)
  Script->>Git: git clone / fetch `llvm-project`
  Script->>CB: install Python deps and configure build path (writes ~/.bashrc.d snippet)
  CB-->>GH: image build completes

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add LLVM setup script for modular installation' directly and accurately describes the main change: addition of a new LLVM setup script to support modular installation patterns, which aligns with the primary additions in scripts/devinstall_llvm.sh and related integration changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 10

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

dockerfiles/Dockerfile.triton (1)

52-65: ⚠️ Potential issue | 🟠 Major

Split the ENV that derives PYTHONPATH.

Line 60 references PYTHON_VERSION, but Docker ENV expansion uses the value of variables at the start of the instruction. Variables defined earlier in the same ENV block are not available for substitution, so PYTHONPATH will expand incorrectly. Split into separate ENV instructions:

ENV PYTHON_VERSION=3.12
ENV PYTHONPATH=/workspace/lib/python$PYTHON_VERSION/site-packages

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@dockerfiles/Dockerfile.triton` around lines 52 - 65, The ENV block sets
PYTHON_VERSION and then defines PYTHONPATH using that variable, but Docker
expands ENV variables only from prior ENV instructions, so PYTHONPATH will not
get the intended value; split the combined ENV into at least two instructions so
PYTHON_VERSION is set first and then PYTHONPATH is set using it (e.g., separate
ENV PYTHON_VERSION=3.12 and ENV
PYTHONPATH=/workspace/lib/python$PYTHON_VERSION/site-packages), keeping other
vars either in earlier or subsequent ENV lines as needed and preserving PATH,
TRITON_* and other variables.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@dockerfiles/Dockerfile.llvm`:
- Around line 20-21: The Dockerfile currently hard-codes the LLVM checkout path
to "${HOME}/llvm-project" which bypasses workspace semantics; change the
commands that source devinstall_llvm and cd into the checkout to use the
repository/workspace directory variable (e.g., replace "${HOME}/llvm-project"
with "${WORKSPACE}/llvm-project" or an existing workspace env like
"${GITHUB_WORKSPACE}"/llvm-project) and ensure the devinstall_llvm script itself
does not assume $HOME for its checkout; update any calls to devinstall_llvm and
the cd that reference "${HOME}/llvm-project" to use the workspace variable
instead.
- Around line 18-19: The Dockerfile runs "python3 -m pip install --upgrade uv"
then invokes "uv pip install --upgrade cmake ninja sccache pybind11" without a
virtualenv; change the second invocation to pass the --system flag so it becomes
"uv pip install --system --upgrade ..." (i.e., add --system to the "uv pip
install" command) to ensure installation works outside a virtual environment.

In `@Makefile`:
- Around line 52-54: The MAX_JOBS assignment in the Makefile currently uses
`$(nproc --all)`, which mistakenly treats the command as a Make variable; change
the assignment for MAX_JOBS to use the Make shell function so the command is
executed (i.e., replace the current expansion with `$(shell nproc --all)`) so
MAX_JOBS correctly captures the CPU count; update the line that defines MAX_JOBS
in the Makefile (symbol: MAX_JOBS) accordingly.

In `@scripts/devcreate_user.sh`:
- Around line 110-117: The fix_permissions() function is chowning the current
root HOME and using the wrong UID/GID variables; change it to look up the new
user's home and IDs and use those consistently: inside fix_permissions() obtain
the new user's home with something like getent passwd "$USERNAME" to set
HOME_DIR (use the passwd home instead of $HOME), and use USER_ID and GROUP_ID
(not USER_UID/USER_GID) when calling chown and creating /run/user (e.g., mkdir
-p "/run/user/$USER_ID" and chown "$USER_ID:$GROUP_ID" "/run/user/$USER_ID");
also keep the WORKSPACE existence test quoted and conditional ( [[ -n
"$WORKSPACE" && -d "$WORKSPACE" ]] ) to avoid set -u failures.

In `@scripts/devinstall_llvm.sh`:
- Around line 66-71: The helper install_build_deps() currently only installs
Python deps and must also provision LLVM's system build prerequisites when
INSTALL_LLVM=source is used; update install_build_deps() (and reference
INSTALL_LLVM or LLVM_DIR) to detect the host package manager (apt/yum/pacman),
require/root-check, and install a curated list of system packages needed to
build LLVM (or read them from a new file such as mlir/build-deps.system or
scripts/llvm-system-deps) before attempting Python installs; ensure the new
logic is idempotent and logs failures clearly so the source build flow no longer
relies on upstream Dockerfiles.

In `@scripts/devinstall_triton.sh`:
- Around line 205-214: The source case currently runs setup_src,
install_build_deps, and install_deps but never builds or installs Triton, so add
the source-install step: after install_deps in the source) branch call the
function that builds/installs Triton from source (e.g., build_triton,
install_triton_from_source, or install_triton if that helper exists) so the
container ends up with Triton installed (mirror how release) and ensure the
function is invoked in the source) block.

In `@scripts/devsetup.sh`:
- Around line 22-29: The script is incorrectly preserving the original HOME
across runuser via the SAVE_VARS whitelist, causing subsequent installs to
append into root's home; remove "HOME" from the SAVE_VARS array and any other
places that copy or export HOME (the array SAVE_VARS and the code that
exports/propagates those variables), and instead ensure when switching users
with runuser you either unset HOME from preserved vars or explicitly set HOME to
the target user's home (e.g., obtain the passwd entry for USERNAME and export
that HOME) so post-switch install steps operate in the correct user home.
- Around line 66-71: The devsetup ordering causes devinstall_llvm to clone the
wrong LLVM ref because LLVM_GITREF is only written by
scripts/devinstall_triton.sh after Triton is cloned; change the setup so
LLVM_GITREF is determined before calling devinstall_llvm — either call
run_as_user devinstall_triton (or a new lightweight helper that reads Triton's
LLVM hash) prior to run_as_user devinstall_llvm, or extract LLVM_GITREF from the
Triton repo/config and export it early; update scripts/devsetup.sh to ensure
LLVM_GITREF is exported/set before invoking the devinstall_llvm function.
- Around line 45-52: The run_as_user helper currently always invokes runuser
when USERNAME is set, which breaks the "already-unprivileged" container path;
change run_as_user to first detect if the script is already running as a
non-root UID (use id -u and id -g) and, if so, execute commands directly
(without runuser) and skip any actions that attempt to mutate /etc; in practice
update the run_as_user function to: check if id -u != 0 then run "$@" directly,
otherwise keep the existing SAVED_VARS -> ENV_LIST logic and call runuser -u
"$USERNAME" -- "$@"; also ensure other setup blocks that mutate /etc are gated
behind a root check so they are no-ops when the container is started with host
UID/GID.

In `@scripts/ldpretend.sh`:
- Line 32: The test [ -d "${PYTHONPATH}/nvidia" ] can fail under set -u because
PYTHONPATH may be unset; update the conditional around the
"${PYTHONPATH}/nvidia" check (the if that currently tests that path) to first
ensure PYTHONPATH is defined/non-empty (e.g. check -n "${PYTHONPATH:-}" or use
parameter expansion with a safe default) before testing for the directory, so
the script doesn’t abort under set -u.

---

Outside diff comments:
In `@dockerfiles/Dockerfile.triton`:
- Around line 52-65: The ENV block sets PYTHON_VERSION and then defines
PYTHONPATH using that variable, but Docker expands ENV variables only from prior
ENV instructions, so PYTHONPATH will not get the intended value; split the
combined ENV into at least two instructions so PYTHON_VERSION is set first and
then PYTHONPATH is set using it (e.g., separate ENV PYTHON_VERSION=3.12 and ENV
PYTHONPATH=/workspace/lib/python$PYTHON_VERSION/site-packages), keeping other
vars either in earlier or subsequent ENV lines as needed and preserving PATH,
TRITON_* and other variables.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d90aee17-52b6-47e5-a461-828eaf542c64

📥 Commits

Reviewing files that changed from the base of the PR and between 0e26c4b and cd3ff34.

📒 Files selected for processing (18)

• .github/workflows/amd-image.yml
• .github/workflows/cpu-image.yml
• .github/workflows/llvm-image.yml
• .github/workflows/nvidia-image.yml
• Makefile
• dockerfiles/Dockerfile.llvm
• dockerfiles/Dockerfile.triton
• dockerfiles/Dockerfile.triton-amd
• dockerfiles/Dockerfile.triton-cpu
• dockerfiles/entrypoint.sh
• dockerfiles/user.sh
• scripts/devcreate_user.sh
• scripts/devinstall_llvm.sh
• scripts/devinstall_software.sh
• scripts/devinstall_triton.sh
• scripts/devsetup.sh
• scripts/entrypoint.sh
• scripts/ldpretend.sh

💤 Files with no reviewable changes (2)

• dockerfiles/user.sh
• dockerfiles/entrypoint.sh

[coderabbitai]

🧹 Nitpick comments (1)

Makefile (1)

159-161: Initialize install_llvm before the conditional to avoid environment bleed-through.

At lines 159-161, install_llvm is only set when CUSTOM_LLVM=false. If the caller environment already has install_llvm exported, it will persist when CUSTOM_LLVM=true, causing stale values to be passed to the container at lines 164 and 167. Initialize install_llvm="" before the conditional to match the defensive pattern already used for port_arg (lines 155-158).

Proposed fix

+	install_llvm=""; \
 	if [ "$(CUSTOM_LLVM)" = "false" ]; then \
 		install_llvm="-e INSTALL_LLVM=$(INSTALL_LLVM)"; \
 	fi; \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 159 - 161, The variable install_llvm is only set
inside the CUSTOM_LLVM conditional, which lets an exported install_llvm from the
caller leak through when CUSTOM_LLVM=true; to fix, initialize install_llvm=""
before the conditional that checks CUSTOM_LLVM (same defensive pattern used for
port_arg) so install_llvm is always defined and won't pass stale values into the
container commands that reference install_llvm.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Makefile`:
- Around line 159-161: The variable install_llvm is only set inside the
CUSTOM_LLVM conditional, which lets an exported install_llvm from the caller
leak through when CUSTOM_LLVM=true; to fix, initialize install_llvm="" before
the conditional that checks CUSTOM_LLVM (same defensive pattern used for
port_arg) so install_llvm is always defined and won't pass stale values into the
container commands that reference install_llvm.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: db9a8342-7340-41d6-93a4-366a93cab6b3

📥 Commits

Reviewing files that changed from the base of the PR and between cd3ff34 and ad371a0.

📒 Files selected for processing (11)

• .github/workflows/amd-image.yml
• .github/workflows/cpu-image.yml
• .github/workflows/llvm-image.yml
• .github/workflows/nvidia-image.yml
• Makefile
• dockerfiles/Dockerfile.llvm
• dockerfiles/Dockerfile.triton
• dockerfiles/Dockerfile.triton-amd
• dockerfiles/Dockerfile.triton-cpu
• scripts/devinstall_llvm.sh
• scripts/devsetup.sh

✅ Files skipped from review due to trivial changes (5)

• .github/workflows/nvidia-image.yml
• .github/workflows/cpu-image.yml
• .github/workflows/amd-image.yml
• .github/workflows/llvm-image.yml
• scripts/devinstall_llvm.sh

🚧 Files skipped from review as they are similar to previous changes (4)

• dockerfiles/Dockerfile.triton
• dockerfiles/Dockerfile.triton-cpu
• dockerfiles/Dockerfile.triton-amd
• scripts/devsetup.sh

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/devinstall_triton.sh`:
- Around line 108-118: The script currently only sets env vars when CUSTOM_LLVM
is true and /llvm-install exists, silently doing nothing if the directory is
missing; update the logic in scripts/devinstall_triton.sh so that when
${CUSTOM_LLVM:-false} is "true" and /llvm-install is NOT present you print a
clear error (mentioning /llvm-install and CUSTOM_LLVM) and exit non‑zero (e.g.,
exit 1), otherwise proceed to append the environment exports as before; modify
the existing if that references CUSTOM_LLVM and [ -d "/llvm-install" ] to add
the explicit failure branch to fail fast.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: befb505d-971c-489d-9058-0eead7fc68ba

📥 Commits

Reviewing files that changed from the base of the PR and between ad371a0 and c446c05.

📒 Files selected for processing (2)

• Makefile
• scripts/devinstall_triton.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• Makefile

[hinriksnaer]

Review of PR #116: feat: add LLVM setup script for modular installation. See inline comments for specific issues found.

[hinriksnaer]

Left a couple of comments

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

scripts/devcreate_user.sh (1)

113-113: ⚠️ Potential issue | 🟠 Major

Quote WORKSPACE in the directory test to fix SC2086 and path-splitting risk.

Line 113 currently uses unquoted $WORKSPACE, which is also failing pre-commit shellcheck.

Proposed fix

-	[[ -n "${WORKSPACE:-}" && -d $WORKSPACE ]] && chown "$USERNAME:$GROUP_ID" -R "$WORKSPACE"
+	[[ -n "${WORKSPACE:-}" && -d "$WORKSPACE" ]] && chown "$USERNAME:$GROUP_ID" -R "$WORKSPACE"

As per coding guidelines, "-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/devcreate_user.sh` at line 113, The directory test uses an unquoted
WORKSPACE variable which can cause word splitting/SC2086; update the conditional
and chown invocation to quote "$WORKSPACE" everywhere (the expression [[ -n
"${WORKSPACE:-}" && -d "$WORKSPACE" ]] && chown "$USERNAME:$GROUP_ID" -R
"$WORKSPACE") so the directory existence check and recursive chown use the
quoted WORKSPACE variable to avoid path-splitting issues.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/devcreate_user.sh`:
- Around line 119-121: get_user_home() currently uses grep "$USERNAME" which can
match partial usernames and return the wrong home; change it to perform an exact
passwd lookup (e.g. use getent passwd "$USERNAME" or match the username field
exactly with awk/grep anchored to "^$USERNAME:") in the get_user_home function,
return the sixth field (home) only when a match exists, and ensure the returned
value is validated before it's exported/used later for permission fixes
(references: get_user_home function and the subsequent export/permission-fix
usage).
- Around line 123-133: The create_bashrc function only creates ${HOME}/.bashrc.d
when ${HOME}/.bashrc is missing; move or add an unconditional mkdir -p
${HOME}/.bashrc.d so .bashrc.d always exists even if .bashrc already exists,
keeping the existing install -m ... block for copying skel files and preserving
the use of ${HOME} and $USERNAME for logging.

---

Duplicate comments:
In `@scripts/devcreate_user.sh`:
- Line 113: The directory test uses an unquoted WORKSPACE variable which can
cause word splitting/SC2086; update the conditional and chown invocation to
quote "$WORKSPACE" everywhere (the expression [[ -n "${WORKSPACE:-}" && -d
"$WORKSPACE" ]] && chown "$USERNAME:$GROUP_ID" -R "$WORKSPACE") so the directory
existence check and recursive chown use the quoted WORKSPACE variable to avoid
path-splitting issues.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fc6811ae-eff4-4635-ac6a-bb3820ae11eb

📥 Commits

Reviewing files that changed from the base of the PR and between c446c05 and 5831d1e.

📒 Files selected for processing (7)

• Makefile
• dockerfiles/Dockerfile.llvm
• scripts/devcreate_user.sh
• scripts/devinstall_llvm.sh
• scripts/devinstall_software.sh
• scripts/devinstall_triton.sh
• scripts/devsetup.sh

✅ Files skipped from review due to trivial changes (1)

• scripts/devinstall_llvm.sh

🚧 Files skipped from review as they are similar to previous changes (2)

• Makefile
• scripts/devsetup.sh