nvflare.tool.package.package_commands module

nvflare package command handler.

class FixedProdWorkspaceBuilder(target_prod_dir: str, participant_name: str, force: bool = False, exclude_names=None, template_files=None)[source]

Bases: WorkspaceBuilder

Workspace builder variant that finalizes signed-zip kits into a fixed provision directory.

Manages the folder structure for provisioned projects.

Sets the template_file containing scripts and configs to put into startup folders, creates directories for the participants, and moves the provisioned project to the final location at the end ($WORKSPACE/$PROJECT_NAME/prod_XX). WorkspaceBuilder manages and sets the number in prod_XX by incrementing from the last time provision was run for this project in this workspace, starting with 00 to a max of 99.

Each time the provisioning tool runs, it requires a workspace folder in the local file system. The workspace will have the following folder structure:

$WORKSPACE/    <--- this is assigned by -w option of provision command (default is workspace)
  $PROJECT_NAME/  <--- this is the name value in the project.yml file
    prod_00/   <--- a new prod_NN folder is created if provision does not have any errors.
    prod_01/
    ...
    resources/ <--- this folder stores resources for other builders to load
    state/     <--- this folder stores persistent information (such as certificates) so subsequent runs of the provision command can load the state back.
    wip/  <--- this is only used during runtime, and will be removed when the provision command exits
Parameters:

template_file – one or more template file names

finalize(project: Project, ctx)[source]

Finalize the build process and perform any cleanup.

Parameters:

  • project (Project) – The project to be provisioned.

  • ctx (ProvisionContext) – Context shared across builders.

initialize(project: Project, ctx)[source]

Prepare the builder with any necessary pre-processing.

Parameters:

  • project (Project) – The project to be provisioned.

  • ctx (ProvisionContext) – Context shared across builders.

class PrebuiltCertBuilder(cert_path: str | None = None, key_path: str | None = None, rootca_path: str | None = None, target_name: str | None = None, cert_map: dict | None = None)[source]

Bases: Builder

Builder that installs pre-made cert/key/rootCA into each participant’s kit directory.

Replaces CertBuilder for the nvflare package workflow where certs are already signed externally. The caller supplies the cert/key/rootCA paths; this builder simply copies them into the correct locations that StaticFileBuilder and the runtime expect.

Two modes: - Single-participant: pass cert_path/key_path/rootca_path + optional target_name. - Multi-participant: pass cert_map={name: (cert_path, key_path)} + rootca_path.

Only participants present in cert_map receive certs; others (e.g. dummy server) are skipped.

build(project: Project, ctx)[source]

Execute the main build logic for this builder.

Parameters:

  • project (Project) – The project to be provisioned.

  • ctx (ProvisionContext) – Context shared across builders.

handle_package(args)[source]

Assemble a startup kit from locally generated key + Project Admin cert + rootCA.pem.