+ARG CI_BASE_IMAGE=rocm/vllm-dev:ci_base

Docker requires any ARG used in a FROM instruction to be declared before the first FROM in the file. CI_BASE_IMAGE controls which image the test stage inherits from. The default rocm/vllm-dev:ci_base points to the stable weekly-built Tier-1 image on Docker Hub. When building --target ci_base (the weekly scheduled build), this ARG is irrelevant because the ci_base stage inherits from base, not CI_BASE_IMAGE.

+FROM base AS ci_base

A new intermediate Docker build stage inserted between the existing export_vllm_wheel_release and test stages. Everything in this stage is stable — it changes only when pinned dependency branches (e.g. RIXL_BRANCH, DEEPEP_BRANCH) or the upstream base image change. Building this stage takes ~10–18 minutes; by caching it as rocm/vllm-dev:ci_base, every per-PR test build avoids repeating that work.

What goes into ci_base and why:

-FROM base AS test
+FROM ${CI_BASE_IMAGE} AS test

The test stage now starts from rocm/vllm-dev:ci_base (pulled from registry) instead of base. Docker pulls the pre-built Tier-1 image and adds only the PR-specific layers on top:

• vLLM requirements (rocm.txt, rocm-test.txt) + the PR wheel
• vLLM wheel copied to /opt/vllm-wheels/ for python_only_compile_rocm.sh
• Workspace copy (/vllm-workspace) + vllm_test_utils install
• vllm/v1 package + src/vllm layout

All of these vary every PR, so they can't be pre-baked. The net result is that the per-PR build touches only ~2–3 minutes of work instead of 15+.

When CI_BASE_IMAGE is set to the local build-stage name ci_base (e.g. in a docker buildx bake ci-base-rocm-ci run), Docker resolves it as the locally-built stage rather than pulling from the registry, so the weekly Tier-1 build itself is not broken by this change.

+    - docker pull rocm/vllm-dev:ci_base
     - bash .buildkite/scripts/ci-bake.sh test-rocm-ci
  env:
+    CI_BASE_IMAGE: "rocm/vllm-dev:ci_base"
+    REMOTE_VLLM: "1"
+    VLLM_BRANCH: "${BUILDKITE_COMMIT}"

Applied to all four build steps (all-archs, gfx90a, gfx942, gfx950).

docker pull rocm/vllm-dev:ci_base
Pre-fetches the Tier-1 image before docker buildx bake runs. Without this, BuildKit would pull it lazily during the build and the pull would not appear in plain-progress output, making timing harder to diagnose. Also ensures the pull fails fast and visibly if the weekly image is missing.

CI_BASE_IMAGE: "rocm/vllm-dev:ci_base"
Passed to docker buildx bake as a Docker --build-arg (via the _ci-rocm target in ci-rocm.hcl in ci-infra). Tells Dockerfile.rocm which image to use as the base of the test stage. Without this, docker buildx bake would use the HCL variable default, which may not match the registry tag.

REMOTE_VLLM: "1"
Dockerfile.rocm has two code paths for getting the vLLM source:

• REMOTE_VLLM=0 (default, local dev): COPY from the local build context.
• REMOTE_VLLM=1 (CI path): git clone $VLLM_REPO --branch $VLLM_BRANCH inside the build.

In CI the build agent runs docker buildx bake from the vllm repo checkout, but the vLLM source to be tested is the PR commit. Setting REMOTE_VLLM=1 tells the Dockerfile to clone from GitHub at build time using VLLM_BRANCH below.

VLLM_BRANCH: "${BUILDKITE_COMMIT}"
The git ref that Docker clones when REMOTE_VLLM=1. Set to the exact commit SHA being tested (Buildkite expands ${BUILDKITE_COMMIT} at pipeline-step evaluation time). Without this, the build would check out main regardless of which PR commit triggered the build — producing a test image that does not match the PR.

New pipeline file that runs weekly (or on-demand when dependency branches change) to build and push rocm/vllm-dev:ci_base.

commands:
  - export DATED_TAG="rocm/vllm-dev:ci_base-$(date +%Y%m%d)"
  - export IMAGE_TAG="$DATED_TAG"
  - export CI_BASE_IMAGE_TAG_DATED="$DATED_TAG"
  - bash .buildkite/scripts/ci-bake.sh ci-base-rocm-ci
env:
  CI_BASE_IMAGE_TAG: "rocm/vllm-dev:ci_base"
  DOCKERHUB_CACHE_TO: "rocm/vllm-ci-cache:rocm-latest"

DATED_TAG / CI_BASE_IMAGE_TAG_DATED
The dated snapshot tag (e.g. rocm/vllm-dev:ci_base-20250330). Computed at runtime so it always reflects today's date. Used for rollback: if the weekly build introduces a regression, you can pin CI_BASE_IMAGE to a specific dated tag in amd.yaml without rebuilding.

IMAGE_TAG (set to the dated tag)
ci-bake.sh checks whether $IMAGE_TAG already exists in the registry before building. Setting it to the dated tag means the weekly build always runs on a new day (the dated tag does not exist yet), and re-running on the same day is idempotent (skipped).

CI_BASE_IMAGE_TAG
The stable rocm/vllm-dev:ci_base tag that per-PR builds pull. Always pushed by this pipeline, so it always points to the most recent weekly build.

DOCKERHUB_CACHE_TO: "rocm/vllm-ci-cache:rocm-latest"
Tells BuildKit to write the layer cache to Docker Hub after the weekly build. This seeds the :rocm-latest cache tag so that per-PR builds (which read from this cache) get warm layers from a recent main-branch state.