LCORE-2874: Migrate to RHOAI 3.4 + PyPI - main#218
Conversation
|
Warning Review limit reached
Next review available in: 19 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (25)
WalkthroughThis PR upgrades Konflux/Containerfile base images and tooling: splits ChangesKonflux/Containerfile hermetic build and dependency pipeline updates
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
46c3e5a to
c39375e
Compare
|
/retest |
6219a0d to
8f0cdbb
Compare
8f0cdbb to
9a3bf0e
Compare
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.konflux/pypi_wheel_only.txt:
- Around line 3-5: The wheel-only policy file now contains only comments, so
scripts/konflux_resolve.py will load no package entries and silently stop
forcing any packages down the PyPI-wheel path. Restore the removed package names
in .konflux/pypi_wheel_only.txt in a machine-readable form that the loader will
read, keeping the policy list non-empty so wheel_only classification still
works.
In @.konflux/requirements.hashes.source.cuda.txt:
- Around line 131-207: The hash entry updates for psycopg2-binary and pyopenssl
suggest these packages may now be built from source in the hermetic flow, so
confirm the builder image and base image dependencies are sufficient. Review the
requirements hash handling around psycopg2-binary==2.9.12 and pyopenssl==26.3.0,
and ensure the build environment provides pg_config/libpq-dev or
postgresql-devel plus compatible OpenSSL/LibreSSL libraries before keeping these
source hashes. If the source build is not intended or cannot be supported,
adjust the dependency choice or hash set accordingly.
In @.tekton/rag-content-cuda-12-9-0-6-push.yaml:
- Line 60: The CUDA bootstrap allowlist is missing the runtime package entries
needed for the uv pip install path. Update the package list in the allowlist
entry for the CUDA pipeline configuration to include both uv and pip alongside
uv-build, keeping the existing package list structure intact. Use the package
list field in the bootstrap config to locate and adjust the allowlisted names.
In @.tekton/rag-tool-pull-request.yaml:
- Line 66: The CPU prefetch input is missing the standalone uv wheel, even
though the builder runs pip3.12 install uv>=0.7.20 before uv pip install. Update
the packages list in the prefetch configuration to include uv (or add it to the
other relevant prefetch input), using the existing package list block as the
anchor so hermetic CPU builds can resolve uv without network access.
In `@Containerfile`:
- Line 53: The wheel-pruning logic in the Containerfile is using a regex that
only matches pywin32-style wheel names, so replace the ad hoc filename check
with a proper wheel filename parser in the cleanup command. Update the pruning
step to identify valid wheel distributions from actual wheel metadata using the
existing PIP_FIND_LINKS directory contents, and use that parsed result to decide
which non-wheel artifacts to remove. Keep the change localized to the wheel
cleanup shell command so the rest of the image build remains unchanged.
In `@Containerfile-cuda`:
- Line 60: The current uv pip check wrapper only exits on missing-package
messages, which lets other dependency-check failures slip through. Update the
Containerfile-cuda check block around the uv pip check command so it still
ignores hf-xet-related missing-package output if needed, but propagates any
other nonzero uv pip check result instead of always returning success. Keep the
logic localized to the existing pip check pipeline and shell condition so the
build fails for version conflicts and all other real dependency errors.
- Line 54: The wheel-pruning logic in the Containerfile-cuda one-liner only
recognizes build-tagged wheel names because the regex used in the rp set is too
narrow, so standard wheels are skipped and the cleanup does nothing. Update the
matching logic in that shell/Python snippet so it identifies normal wheel
filenames as well as build-tagged ones, and keep the pruning behavior tied to
the existing os.listdir/os.remove flow and the rp variable.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 9bd52531-82f7-49e3-b448-448e5214fc41
📒 Files selected for processing (25)
.konflux/build-args-konflux.conf.konflux/cuda/build-args-konflux.conf.konflux/profiles.toml.konflux/pypi_wheel_only.txt.konflux/requirements-build.cuda.txt.konflux/requirements-build.txt.konflux/requirements.hashes.source.cuda.txt.konflux/requirements.hashes.source.txt.konflux/requirements.hashes.wheel.cuda.txt.konflux/requirements.hashes.wheel.pypi.cuda.txt.konflux/requirements.hashes.wheel.txt.konflux/requirements.hermetic.txt.konflux/requirements.overrides.cuda.txt.konflux/requirements.overrides.txt.tekton/rag-content-cpu-0-6-pull-request.yaml.tekton/rag-content-cpu-0-6-push.yaml.tekton/rag-content-cuda-12-9-0-6-pull-request.yaml.tekton/rag-content-cuda-12-9-0-6-push.yaml.tekton/rag-tool-cuda-pull-request.yaml.tekton/rag-tool-cuda-push.yaml.tekton/rag-tool-pull-request.yaml.tekton/rag-tool-push.yamlContainerfileContainerfile-cudascripts/konflux_resolve.py
💤 Files with no reviewable changes (3)
- .konflux/requirements.hashes.wheel.pypi.cuda.txt
- .konflux/requirements.hashes.source.txt
- .konflux/requirements.hermetic.txt
9a3bf0e to
7bb9c0b
Compare
|
/test "Konflux kflux-prd-rh02 / rag-content-cuda-12-9-0-6-on-pull-request" |
|
/retest "Konflux kflux-prd-rh02 / rag-content-cuda-12-9-0-6-on-pull-request" |
Description
Migrate to RHOAI 3.4:
Type of change
Tools used to create PR
Identify any AI code assistants used in this PR (for transparency and review context)
Related Tickets & Documents
Checklist before requesting a review
Testing
Summary by CodeRabbit
Bug Fixes
Chores