Merge branch 'main' into 690-ui-enhancements

defenseunicorns · Oct 4, 2024 · 572ddac · 572ddac
2 parents ea75d79 + fd3cbc4
commit 572ddac
Show file tree

Hide file tree

Showing 75 changed files with 1,940 additions and 467 deletions.
diff --git a/.github/actions/release/action.yaml b/.github/actions/release/action.yaml
@@ -138,7 +138,7 @@ runs:
       run: |
         docker buildx build --build-arg LOCAL_VERSION=${{ inputs.releaseTag }} -t ghcr.io/defenseunicorns/leapfrogai/vllm:${{ inputs.releaseTag }} --push -f packages/vllm/Dockerfile .
 
-        zarf package create packages/vllm --set=IMAGE_VERSION=${{ inputs.releaseTag }} --flavor upstream --confirm
+        ZARF_CONFIG=packages/vllm/zarf-config.yaml zarf package create packages/vllm --set=IMAGE_VERSION=${{ inputs.releaseTag }} --flavor upstream --confirm
 
         zarf package publish zarf-package-vllm-amd64-${{ inputs.releaseTag }}.tar.zst oci://ghcr.io/defenseunicorns/packages${{ inputs.subRepository }}leapfrogai
 

diff --git a/.github/release-please-config.json b/.github/release-please-config.json
@@ -11,7 +11,6 @@
       "versioning": "default",
       "extra-files": [
         "pyproject.toml",
-        ".github/workflows/nightly-snapshot-release.yaml",
         {
           "type": "generic",
           "path": "**/Chart.yaml",
@@ -27,6 +26,11 @@
           "path": "**/zarf.yaml",
           "glob": true
         },
+        {
+          "type": "generic",
+          "path": "**/zarf-config.yaml",
+          "glob": true
+        },
         {
           "type": "generic",
           "path": "**/uds-bundle.yaml",

diff --git a/.github/scripts/uds_verification_report.py b/.github/scripts/uds_verification_report.py
@@ -0,0 +1,180 @@
+#!/usr/bin/env python3
+
+import os
+import re
+
+
+def remove_ansi_escape_sequences(text):
+    ansi_escape = re.compile(r"\x1B\[[0-?]*[ -/]*[@-~]")
+    return ansi_escape.sub("", text)
+
+
+# Capabilities that affect the entire capability, not just a single package
+def uds_capability_wide_errors(text: str) -> bool:
+    if "Not all pods have the istio sidecar" in text:
+        return True
+    return False
+
+
+# CI environment variable enables GitHub annotations
+def print_package_info(
+    package_name,
+    failures_count,
+    errors_count,
+    warnings_count,
+    failure_descriptions,
+    error_descriptions,
+    warning_descriptions,
+    uds_capability_wide_errors_count,
+):
+    if uds_capability_wide_errors_count >= 1:
+        errors_count -= uds_capability_wide_errors_count
+    if package_name:
+        print("-----------------------------")
+        if os.getenv("CI") == "true":
+            print(f"::group::{package_name}")
+        print(f"Package: {package_name}\n")
+        if failures_count > 0:
+            if os.getenv("CI") == "true":
+                print("::error::", end="")
+            print(f"⛔ Failures: {failures_count}")
+        else:
+            if errors_count > 0:
+                if os.getenv("CI") == "true":
+                    print("::error::", end="")
+                print(f"❌ Errors: {errors_count}")
+            if warnings_count > 0:
+                if os.getenv("CI") == "true":
+                    print("::warning::", end="")
+                print(f"⚠️  Warnings: {warnings_count}")
+        if failures_count > 0:
+            print("\n⛔ Failure Descriptions:")
+            for desc in failure_descriptions:
+                print(f"  - {desc}")
+        else:
+            if errors_count > 0:
+                print("\n❌ Error Descriptions:")
+                for desc in error_descriptions:
+                    print(f"  - {desc}")
+            if warnings_count > 0:
+                print("\n⚠️  Warning Descriptions:")
+                for desc in warning_descriptions:
+                    print(f"  - {desc}")
+        if os.getenv("CI") == "true":
+            print("::endgroup::")
+
+
+def main():
+    # Read data from the specified file instead of stdin
+    file_path = os.path.join(
+        os.getenv("GITHUB_WORKSPACE", ""), "reports/intermediate-report.txt"
+    )
+    with open(file_path, mode="r", encoding="utf-8", errors="ignore") as file:
+        data = file.read()
+    # Remove ANSI escape sequences
+    clean_data = remove_ansi_escape_sequences(data)
+    # Initialize variables
+    package_name = ""
+    failures_count = 0
+    errors_count = 0
+    warnings_count = 0
+    uds_capability_wide_errors_count = 0
+    failure_descriptions = []
+    error_descriptions = []
+    warning_descriptions = []
+    uds_capability_wide_error_descriptions = []
+    previous_package_name = None
+
+    # Process each line
+    for line in clean_data.splitlines():
+        # Remove leading and trailing whitespace
+        line = line.strip()
+
+        # Match and extract the package name
+        match = re.match(r"^ℹ️\s+Package\s+Name:\s+(.*)$", line)
+        if match:
+            # Print the previous package's info before starting a new one
+            if previous_package_name is not None:
+                print_package_info(
+                    previous_package_name,
+                    failures_count,
+                    errors_count,
+                    warnings_count,
+                    failure_descriptions,
+                    error_descriptions,
+                    warning_descriptions,
+                    uds_capability_wide_errors_count,
+                )
+            # Reset variables for the new package
+            package_name = match.group(1)
+            failures_count = 0
+            errors_count = 0
+            warnings_count = 0
+            failure_descriptions = []
+            error_descriptions = []
+            warning_descriptions = []
+            previous_package_name = package_name
+            continue
+
+        if uds_capability_wide_errors(line):
+            uds_capability_wide_errors_count = 1
+            uds_capability_wide_error_descriptions = [
+                "Not all pods have the istio sidecar"
+            ]
+            continue
+        else:
+            # Match and extract counts for failures, errors, and warnings
+            match = re.match(r"^(❌|⚠️|⛔)\s+(\d+)\s+([a-z]+)\s+found$", line)
+            if match:
+                count = int(match.group(2))
+                type_ = match.group(3)
+                if type_ == "errors":
+                    errors_count = count
+                elif type_ == "warnings":
+                    warnings_count = count
+                elif type_ == "failures":
+                    failures_count = count
+                continue
+
+            # Match and collect issue descriptions
+            match = re.match(r"^(❌|⚠️|⛔)\s+(.*)$", line)
+            if match:
+                emoji = match.group(1)
+                description = match.group(2)
+                if emoji == "❌":
+                    error_descriptions.append(description)
+                elif emoji == "⚠️":
+                    warning_descriptions.append(description)
+                elif emoji == "⛔":
+                    failure_descriptions.append(description)
+                continue
+
+    # Print the last package's information
+    if previous_package_name is not None:
+        print_package_info(
+            previous_package_name,
+            failures_count,
+            errors_count,
+            warnings_count,
+            failure_descriptions,
+            error_descriptions,
+            warning_descriptions,
+            uds_capability_wide_errors_count,
+        )
+        if uds_capability_wide_errors_count >= 1:
+            print("-----------------------------")
+            if os.getenv("CI") == "true":
+                print("::group::UDS Capability-Wide Issues")
+                print("::error::", end="")
+            print("UDS Capability Issues")
+            print("\n❌ Error Descriptions:")
+            for desc in uds_capability_wide_error_descriptions:
+                print(f"  - {desc}")
+            if os.getenv("CI") == "true":
+                print("::endgroup::")
+
+
+if __name__ == "__main__":
+    main()
+    # Print the final ending separator
+    print("-----------------------------")
diff --git a/.github/workflows/e2e-llama-cpp-python.yaml b/.github/workflows/e2e-llama-cpp-python.yaml
@@ -32,6 +32,7 @@ on:
 
       # Ignore local development files
       - "!.pre-commit-config.yaml"
+      - "!tasks.yaml"
 
       # Ignore non e2e tests changes
       - "!tests/pytest/**"
@@ -56,6 +57,11 @@ jobs:
     runs-on: ai-ubuntu-big-boy-8-core
     if: ${{ !github.event.pull_request.draft }}
 
+    permissions:
+      contents: read
+      packages: read
+      id-token: write # This is needed for OIDC federation.
+
     steps:
       - name: Checkout Repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -69,6 +75,7 @@ jobs:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           ghToken: ${{ secrets.GITHUB_TOKEN }}
+          chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
 
       - name: Setup API and Supabase
         uses: ./.github/actions/lfai-core

diff --git a/.github/workflows/e2e-playwright.yaml b/.github/workflows/e2e-playwright.yaml
@@ -34,6 +34,7 @@ on:
 
       # Ignore local development files
       - "!.pre-commit-config.yaml"
+      - "!tasks.yaml"
 
       # Ignore non e2e tests changes
       - "!tests/pytest/**"
@@ -57,6 +58,11 @@ jobs:
     runs-on: ai-ubuntu-big-boy-8-core
     if: ${{ !github.event.pull_request.draft }}
 
+    permissions:
+      contents: read
+      packages: read
+      id-token: write # This is needed for OIDC federation.
+
     steps:
         - name: Checkout Repo
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -82,6 +88,7 @@ jobs:
             registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
             registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
             ghToken: ${{ secrets.GITHUB_TOKEN }}
+            chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
 
         - name: Create Test User
           run: |
@@ -120,7 +127,7 @@ jobs:
         - name: UI/API/Supabase E2E Playwright Tests
           run: |
             cp src/leapfrogai_ui/.env.example src/leapfrogai_ui/.env
-            rm src/leapfrogai_ui/tests/global.teardown.ts 
+            rm src/leapfrogai_ui/tests/global.teardown.ts
             mkdir -p src/leapfrogai_ui/playwright/.auth
             SERVICE_ROLE_KEY=$(uds zarf tools kubectl get secret -n leapfrogai supabase-bootstrap-jwt -o jsonpath={.data.service-key} | base64 -d)
             echo "::add-mask::$SERVICE_ROLE_KEY"

diff --git a/.github/workflows/e2e-text-backend-full-cpu.yaml b/.github/workflows/e2e-text-backend-full-cpu.yaml
@@ -32,6 +32,7 @@ on:
 
       # Ignore local development files
       - "!.pre-commit-config.yaml"
+      - "!tasks.yaml"
 
       # Ignore non e2e tests changes
       - "!tests/pytest/**"
@@ -57,6 +58,11 @@ jobs:
     runs-on: ai-ubuntu-big-boy-8-core
     if: ${{ !github.event.pull_request.draft }}
 
+    permissions:
+      contents: read
+      packages: read
+      id-token: write # This is needed for OIDC federation.
+
     steps:
         - name: Checkout Repo
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -69,6 +75,8 @@ jobs:
           with:
             registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
             registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+            ghToken: ${{ secrets.GITHUB_TOKEN }}
+            chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
 
         - name: Setup LFAI-API and Supabase
           uses: ./.github/actions/lfai-core
@@ -97,5 +105,7 @@ jobs:
         # Test
         ##########
         - name: Test Text Backend
+          env:
+              LEAPFROGAI_MODEL: llama-cpp-python
           run: |
             python -m pytest ./tests/e2e/test_text_backend_full.py -v
diff --git a/.github/workflows/e2e-text-embeddings.yaml b/.github/workflows/e2e-text-embeddings.yaml
@@ -32,6 +32,7 @@ on:
 
       # Ignore local development files
       - "!.pre-commit-config.yaml"
+      - "!tasks.yaml"
 
       # Ignore non e2e tests changes
       - "!tests/pytest/**"
@@ -58,6 +59,11 @@ jobs:
     runs-on: ai-ubuntu-big-boy-8-core
     if: ${{ !github.event.pull_request.draft }}
 
+    permissions:
+      contents: read
+      packages: read
+      id-token: write # This is needed for OIDC federation.
+
     steps:
         - name: Checkout Repo
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -71,6 +77,7 @@ jobs:
             registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
             registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
             ghToken: ${{ secrets.GITHUB_TOKEN }}
+            chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
 
         - name: Setup LFAI-API and Supabase
           uses: ./.github/actions/lfai-core

diff --git a/.github/workflows/e2e-vllm.yaml b/.github/workflows/e2e-vllm.yaml
@@ -32,6 +32,7 @@ on:
 
       # Ignore local development files
       - "!.pre-commit-config.yaml"
+      - "!tasks.yaml"
 
       # Ignore non e2e tests changes
       - "!tests/pytest/**"
@@ -58,6 +59,11 @@ jobs:
     runs-on: ai-ubuntu-big-boy-8-core
     if: ${{ !github.event.pull_request.draft }}
 
+    permissions:
+      contents: read
+      packages: read
+      id-token: write # This is needed for OIDC federation.
+
     steps:
         - name: Checkout Repo
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -73,7 +79,7 @@ jobs:
             registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
             registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
             ghToken: ${{ secrets.GITHUB_TOKEN }}
-            udsCliVersion: 0.14.0
+            chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
 
         ##########
         # vLLM
@@ -82,4 +88,4 @@ jobs:
         ##########
         - name: Build vLLM
           run: |
-            make build-vllm LOCAL_VERSION=e2e-test
+            make build-vllm LOCAL_VERSION=e2e-test ZARF_CONFIG=packages/vllm/zarf-config.yaml