aqlaboratory · jandom · Dec 18, 2025 · Dec 15, 2025 · Dec 15, 2025 · Dec 15, 2025
diff --git a/docker/DOCKER.md b/docker/DOCKER.md
@@ -1,3 +1,19 @@
+## Updating the Lock File
+
+When you modify `environments/production.yml`, you need to regenerate the lock file to pin exact versions. This ensures reproducible builds.
+
+```bash
+# Build the lock file generator image
+docker build -f docker/Dockerfile.update-reqs -t openfold3-update-reqs .
+
+# Generate the lock file (linux-64 only for now)
+docker run --rm openfold3-update-reqs > environments/production.lock
+
+# Commit the updated lock file
+git add environments/production.lock
+git commit -m "Update production.lock"
+```
+
 ## Production images
 
 TODO
@@ -8,7 +24,7 @@ For Blackwell image build, see [Build_instructions_blackwell.md](Build_instructi
 
 These images are the biggest but come with all the build tooling, needed to compile things at runtime (Deepspeed)
 
-```
+```bash
 docker build \
     -f docker/Dockerfile \
     --target devel \
@@ -17,16 +33,18 @@ docker build \
 
 ## Test images
 
-Build the test image
-```
+Build the test image, with additional test-only dependencies
+
+```bash
 docker build \
-    -f docker/development/Dockerfile \
+    -f docker/Dockerfile \
     --target test \
     -t openfold-docker:test .
 ```
 
 Run the unit tests
-```
+
+```bash
 docker run \
     --rm \
     -v $(pwd -P):/opt/openfold3 \

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # Full performance multi-stage build with complete CUDA toolchain
-ARG CUDA_BASE_IMAGE_TAG=12.2.2-cudnn8-devel-ubuntu22.04
+ARG CUDA_BASE_IMAGE_TAG=12.1.1-cudnn8-devel-ubuntu22.04
 FROM nvidia/cuda:${CUDA_BASE_IMAGE_TAG} AS builder
 
 # Install complete build dependencies including CUDA compiler tools
@@ -23,9 +23,10 @@ RUN wget -P /tmp \
 ENV PATH=/opt/conda/bin:$PATH
 ENV CONDA_PREFIX=/opt/conda
 
-# Copy and install dependencies with aggressive cleanup
-COPY environments/production.yml /opt/openfold3/environment.yml
-RUN mamba env update -n base --file /opt/openfold3/environment.yml \
+# Copy and install dependencies from lock file for reproducible builds
+# To regenerate the lock file, see docker/DOCKER.md
+COPY environments/production.lock /opt/openfold3/production.lock
+RUN mamba install -n base --file /opt/openfold3/production.lock \
     && mamba clean --all --yes \
     && conda clean --all --yes
 
@@ -52,7 +53,7 @@ ENV TORCH_CUDA_ARCH_LIST="8.0;8.6;9.0"
 #     python3 -c "import deepspeed; print('DeepSpeed ops loaded successfully')"
 
 # Devel stage - use devel image for full CUDA support
-ARG CUDA_BASE_IMAGE_TAG=12.2.2-cudnn8-devel-ubuntu22.04
+ARG CUDA_BASE_IMAGE_TAG=12.1.1-cudnn8-devel-ubuntu22.04
 FROM nvidia/cuda:${CUDA_BASE_IMAGE_TAG} AS devel
 
 # Install devel dependencies

diff --git a/docker/Dockerfile.update-reqs b/docker/Dockerfile.update-reqs
@@ -0,0 +1,30 @@
+# Dockerfile for generating conda environment lock files
+# This produces a fully-pinned lock file for reproducible builds
+#
+# Usage:
+#   docker build -f docker/Dockerfile.update-reqs -t openfold3-update-reqs .
+#   docker run --rm openfold3-update-reqs > environments/production.lock
+
+FROM mambaorg/micromamba:1.5.10
+
+USER root
+
+# Install conda-lock
+RUN micromamba install -y -n base -c conda-forge conda-lock \
+    && micromamba clean --all --yes
+
+USER $MAMBA_USER
+
+COPY --chown=$MAMBA_USER:$MAMBA_USER environments/production.yml /tmp/environment.yml
+
+# Generate explicit lock file for linux-64
+# The explicit format is directly consumable by mamba/conda
+RUN micromamba run -n base conda-lock lock \
+    --mamba \
+    --platform linux-64 \
+    --file /tmp/environment.yml \
+    --kind explicit \
+    --filename-template '/tmp/production-{platform}.lock'
+
+# Output the lock file to stdout when container runs
+CMD ["cat", "/tmp/production-linux-64.lock"]