Address nv-tusharma's review comments

- Clarify that critical dependencies are explicitly maintained in config - Add framework versions (TensorRT-LLM, vLLM, SGLang) to critical list - Add comment explaining latest.csv workflow to avoid confusion - Document that optional dependencies are already extracted from pyproject.toml Addresses review feedback from PR #3547 Signed-off-by: Dan Gil <[email protected]>
ai-dynamo · dagil-nvidia · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025
commit e4619f1fa4cf9e493400f4aab66b9024f4f11bb4
@@ -72,9 +72,12 @@ Critical dependencies are flagged in the CSV to highlight components that requir
 - Production stability
 - Compliance requirements
 
-The list of critical dependencies is maintained in `../workflows/extract_dependency_versions_config.yaml` under the `critical_dependencies` section. Examples include:
+The list of critical dependencies is **explicitly maintained** in `../workflows/extract_dependency_versions_config.yaml` under the `critical_dependencies` section. Only dependencies listed in this configuration file are marked as critical. Examples include:
 - CUDA (compute platform)
 - PyTorch (ML framework)
+- TensorRT-LLM (inference framework)
+- vLLM (inference framework)
+- SGLang (inference framework)
 - Python (runtime)
 - Kubernetes (orchestration)
 - NATS (message broker)

@@ -1031,6 +1031,10 @@ def extract_pyproject_toml(self, pyproject_path: Path, component: str) -> None:
                     in_dependencies = True
                     continue
                 elif stripped.startswith("[project.optional-dependencies]"):
+                    # Extract optional dependencies (e.g., trtllm, vllm, sglang)
+                    # These are component-specific dependency groups in pyproject.toml
+                    # Future enhancement: Consider using pyproject.toml as the single
+                    # source of truth for all dependencies instead of multiple files
                     in_optional = True
                     continue
                 elif stripped.startswith("[") and in_dependencies:
@@ -2031,6 +2035,11 @@ def main():
     latest_csv = args.latest_csv
     if latest_csv is None:
         # Look for dependency_versions_latest.csv in .github/reports/
+        # Note: The nightly workflow always overwrites this same file in the repo.
+        # There's no version conflict because:
+        # 1. This file is committed to the repo (one canonical "latest" version)
+        # 2. Timestamped artifacts are uploaded separately with unique names
+        # 3. Each run reads the committed latest.csv, generates new data, then overwrites it
         reports_dir = repo_root / ".github/reports"
         latest_candidate = reports_dir / "dependency_versions_latest.csv"
         if latest_candidate.exists():

diff --git a/.github/workflows/extract_dependency_versions_config.yaml b/.github/workflows/extract_dependency_versions_config.yaml
@@ -43,6 +43,18 @@ critical_dependencies:
     reason: "TensorRT-LLM base container"
   - name: "CUDA-dl-base"
     reason: "vLLM/SGLang base container"
+  - name: "TensorRT-LLM"
+    reason: "NVIDIA TensorRT-LLM inference framework"
+  - name: "tensorrt-llm"
+    reason: "TensorRT-LLM Python package"
+  - name: "vLLM"
+    reason: "vLLM inference framework"
+  - name: "vllm"
+    reason: "vLLM Python package"
+  - name: "SGLang"
+    reason: "SGLang inference framework"
+  - name: "sglang"
+    reason: "SGLang Python package"
 
   # Network & Communication (ARG names are formatted: NIXL_REF -> Nixl Ref)
   - name: "Nixl"