From c802a20fb758ae4f3da6d59be3ea33ef3bc6f6fb Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Tue, 11 Mar 2025 23:15:32 -0400
Subject: [PATCH 1/9] Don't try using pip if custom server.

---
 truss/templates/base.Dockerfile.jinja | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/truss/templates/base.Dockerfile.jinja b/truss/templates/base.Dockerfile.jinja
index 627396673..d730da5a4 100644
--- a/truss/templates/base.Dockerfile.jinja
+++ b/truss/templates/base.Dockerfile.jinja
@@ -9,8 +9,10 @@ RUN $PYTHON_EXECUTABLE -c "import sys; sys.exit(0) if sys.version_info.major ==
     || { echo "ERROR: Supplied base image does not have {{min_supported_python_version_in_custom_base_image}} <= python <= {{max_supported_python_version_in_custom_base_image}}"; exit 1; }
 {% endblock %}
 
+{% if not config.docker_server %}
 RUN pip install --upgrade pip --no-cache-dir \
     && rm -rf /root/.cache/pip
+{% endif %}
 
 {% block base_image_patch %}
 {% endblock %}

From c343f5b02b6df19961098515100a5cdbb7ac3c0e Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Tue, 11 Mar 2025 23:16:17 -0400
Subject: [PATCH 2/9] rc 005.

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 8f6cd9013..247530a39 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc003"
+version = "0.9.68rc005"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"

From ffc64b38a383d2fd1970b77dbf2192e28cae9fb9 Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Tue, 11 Mar 2025 23:17:05 -0400
Subject: [PATCH 3/9] Add dash.

---
 truss/templates/base.Dockerfile.jinja | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/truss/templates/base.Dockerfile.jinja b/truss/templates/base.Dockerfile.jinja
index d730da5a4..bff27f65c 100644
--- a/truss/templates/base.Dockerfile.jinja
+++ b/truss/templates/base.Dockerfile.jinja
@@ -9,10 +9,10 @@ RUN $PYTHON_EXECUTABLE -c "import sys; sys.exit(0) if sys.version_info.major ==
     || { echo "ERROR: Supplied base image does not have {{min_supported_python_version_in_custom_base_image}} <= python <= {{max_supported_python_version_in_custom_base_image}}"; exit 1; }
 {% endblock %}
 
-{% if not config.docker_server %}
+{%- if not config.docker_server %}
 RUN pip install --upgrade pip --no-cache-dir \
     && rm -rf /root/.cache/pip
-{% endif %}
+{%- endif %}
 
 {% block base_image_patch %}
 {% endblock %}

From ca8fbef400cbc339c443a6024db0ecbb6ae37c4a Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Tue, 11 Mar 2025 23:29:01 -0400
Subject: [PATCH 4/9] Nim stuff.

---
 pyproject.toml                          | 2 +-
 truss/templates/server.Dockerfile.jinja | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 247530a39..dd1f4f636 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc005"
+version = "0.9.68rc006"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"
diff --git a/truss/templates/server.Dockerfile.jinja b/truss/templates/server.Dockerfile.jinja
index 5fa87e868..59a4236f2 100644
--- a/truss/templates/server.Dockerfile.jinja
+++ b/truss/templates/server.Dockerfile.jinja
@@ -100,11 +100,13 @@ COPY ./{{ config.model_module_dir }} /app/model
 
 {% block run %}
     {%- if config.docker_server %}
+USER root
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         curl nginx python3-pip && \
         rm -rf /var/lib/apt/lists/*
 COPY ./docker_server_requirements.txt /app/docker_server_requirements.txt
 RUN pip install -r /app/docker_server_requirements.txt --no-cache-dir && rm -rf /root/.cache/pip
+USER nim
 {% set proxy_config_path = "/etc/nginx/conf.d/proxy.conf" %}
 {% set supervisor_config_path = "/etc/supervisor/supervisord.conf" %}
 {% set supervisor_log_dir = "/var/log/supervisor" %}

From 257790a4367024652a6690c4475f0bb8cd0558d1 Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Tue, 11 Mar 2025 23:47:16 -0400
Subject: [PATCH 5/9] More nimfixes.

---
 pyproject.toml                          | 2 +-
 truss/templates/server.Dockerfile.jinja | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index dd1f4f636..0918df8e6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc006"
+version = "0.9.68rc007"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"
diff --git a/truss/templates/server.Dockerfile.jinja b/truss/templates/server.Dockerfile.jinja
index 59a4236f2..b408b2674 100644
--- a/truss/templates/server.Dockerfile.jinja
+++ b/truss/templates/server.Dockerfile.jinja
@@ -106,7 +106,6 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-ins
         rm -rf /var/lib/apt/lists/*
 COPY ./docker_server_requirements.txt /app/docker_server_requirements.txt
 RUN pip install -r /app/docker_server_requirements.txt --no-cache-dir && rm -rf /root/.cache/pip
-USER nim
 {% set proxy_config_path = "/etc/nginx/conf.d/proxy.conf" %}
 {% set supervisor_config_path = "/etc/supervisor/supervisord.conf" %}
 {% set supervisor_log_dir = "/var/log/supervisor" %}
@@ -116,6 +115,7 @@ RUN mkdir -p {{ supervisor_log_dir }}
 COPY supervisord.conf {{ supervisor_config_path }}
 ENV SUPERVISOR_SERVER_URL="{{ supervisor_server_url }}"
 ENV SERVER_START_CMD="supervisord -c {{ supervisor_config_path }}"
+USER nim
 ENTRYPOINT ["supervisord", "-c", "{{ supervisor_config_path }}"]
     {%- elif config.live_reload %}
 ENV HASH_TRUSS="{{truss_hash}}"

From 815cfe17d15619935f515ac5fbf8251662e60579 Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Tue, 11 Mar 2025 23:59:10 -0400
Subject: [PATCH 6/9] Run as root.

---
 pyproject.toml                          | 2 +-
 truss/templates/server.Dockerfile.jinja | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 0918df8e6..87dbd7eab 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc007"
+version = "0.9.68rc008"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"
diff --git a/truss/templates/server.Dockerfile.jinja b/truss/templates/server.Dockerfile.jinja
index b408b2674..cb4e6188f 100644
--- a/truss/templates/server.Dockerfile.jinja
+++ b/truss/templates/server.Dockerfile.jinja
@@ -115,7 +115,7 @@ RUN mkdir -p {{ supervisor_log_dir }}
 COPY supervisord.conf {{ supervisor_config_path }}
 ENV SUPERVISOR_SERVER_URL="{{ supervisor_server_url }}"
 ENV SERVER_START_CMD="supervisord -c {{ supervisor_config_path }}"
-USER nim
+
 ENTRYPOINT ["supervisord", "-c", "{{ supervisor_config_path }}"]
     {%- elif config.live_reload %}
 ENV HASH_TRUSS="{{truss_hash}}"

From 1c9a94dd67cf50511d0170ffa74231da4cd27156 Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Wed, 12 Mar 2025 00:35:42 -0400
Subject: [PATCH 7/9] Next version.

---
 pyproject.toml                          | 2 +-
 truss/templates/server.Dockerfile.jinja | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 87dbd7eab..bb86eb38b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc008"
+version = "0.9.68rc009"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"
diff --git a/truss/templates/server.Dockerfile.jinja b/truss/templates/server.Dockerfile.jinja
index cb4e6188f..e07f1ba8c 100644
--- a/truss/templates/server.Dockerfile.jinja
+++ b/truss/templates/server.Dockerfile.jinja
@@ -65,6 +65,7 @@ RUN mkdir -p {{ dst.parent }}; curl -L "{{ url }}" -o {{ dst }}
 {%- endif  %}
 
 
+USER root
 {%- if build_commands %}
 {% for command in build_commands %}
 RUN {% for secret,path in config.build.secret_to_path_mapping.items() %} --mount=type=secret,id={{secret}},target={{path}}{% endfor %} {{ command }}
@@ -100,7 +101,6 @@ COPY ./{{ config.model_module_dir }} /app/model
 
 {% block run %}
     {%- if config.docker_server %}
-USER root
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         curl nginx python3-pip && \
         rm -rf /var/lib/apt/lists/*

From 3ece10d36be0e839c60daba0225147eef28a958b Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Wed, 12 Mar 2025 01:09:48 -0400
Subject: [PATCH 8/9] Nim-specific-stuff.

---
 pyproject.toml                          | 2 +-
 truss/templates/server.Dockerfile.jinja | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index bb86eb38b..e41956766 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc009"
+version = "0.9.68rc010"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"
diff --git a/truss/templates/server.Dockerfile.jinja b/truss/templates/server.Dockerfile.jinja
index e07f1ba8c..9b8e6d05a 100644
--- a/truss/templates/server.Dockerfile.jinja
+++ b/truss/templates/server.Dockerfile.jinja
@@ -72,6 +72,8 @@ RUN {% for secret,path in config.build.secret_to_path_mapping.items() %} --mount
 {% endfor %}
 {%- endif  %}
 
+ENV NGC_API_KEY=$NGC_API_KEY
+
 # Copy data before code for better caching
 {%- if data_dir_exists %}
 COPY ./{{config.data_dir}} /app/data

From 80e5483205c00ac0a7f37bbd6bc3db6d12486cb3 Mon Sep 17 00:00:00 2001
From: Sid Shanker <sid.shanker@baseten.co>
Date: Wed, 12 Mar 2025 11:23:37 -0400
Subject: [PATCH 9/9] Remove build command stuff.

---
 pyproject.toml                          | 2 +-
 truss/templates/server.Dockerfile.jinja | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index e41956766..e7a398176 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "truss"
-version = "0.9.68rc010"
+version = "0.9.68rc011"
 description = "A seamless bridge from model development to model delivery"
 license = "MIT"
 readme = "README.md"
diff --git a/truss/templates/server.Dockerfile.jinja b/truss/templates/server.Dockerfile.jinja
index 9b8e6d05a..e07f1ba8c 100644
--- a/truss/templates/server.Dockerfile.jinja
+++ b/truss/templates/server.Dockerfile.jinja
@@ -72,8 +72,6 @@ RUN {% for secret,path in config.build.secret_to_path_mapping.items() %} --mount
 {% endfor %}
 {%- endif  %}
 
-ENV NGC_API_KEY=$NGC_API_KEY
-
 # Copy data before code for better caching
 {%- if data_dir_exists %}
 COPY ./{{config.data_dir}} /app/data