Skip to content

LCORE-2874: Migrate to RHOAI 3.4 + PyPI - main#218

Open
syedriko wants to merge 1 commit into
lightspeed-core:mainfrom
syedriko:syedriko-rhoai-3.4-main
Open

LCORE-2874: Migrate to RHOAI 3.4 + PyPI - main#218
syedriko wants to merge 1 commit into
lightspeed-core:mainfrom
syedriko:syedriko-rhoai-3.4-main

Conversation

@syedriko

@syedriko syedriko commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Description

Migrate to RHOAI 3.4:

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change
  • Unit tests improvement
  • Integration tests improvement
  • End to end tests improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

  • Assisted-by: (e.g., Claude, CodeRabbit, Ollama, etc., N/A if not used)
  • Generated by: (e.g., tool name and version; N/A if not used)

Related Tickets & Documents

Checklist before requesting a review

  • I have performed a self-review of my code.
  • PR has passed all pre-merge test jobs.
  • If it is a core feature, I have added thorough tests.

Testing

  • Please provide detailed steps to perform tests related to this code change.
  • How were the fix/results from this change verified? Please provide relevant screenshots or results.

Summary by CodeRabbit

  • Bug Fixes

    • Improved build reliability by updating base images and build/runtime dependency versions.
    • Refined package selection for container builds and pipeline prefetching to better match current requirements.
    • Updated dependency constraints to avoid incompatible package versions.
  • Chores

    • Removed outdated autogenerated header text from dependency lock files.
    • Streamlined build configuration for more consistent CPU and CUDA builds.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@syedriko, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 19 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8e0db096-2d57-456c-a377-3f0c00ad67bd

📥 Commits

Reviewing files that changed from the base of the PR and between 9a3bf0e and 7bb9c0b.

📒 Files selected for processing (25)
  • .konflux/build-args-konflux.conf
  • .konflux/cuda/build-args-konflux.conf
  • .konflux/profiles.toml
  • .konflux/pypi_wheel_only.txt
  • .konflux/requirements-build.cuda.txt
  • .konflux/requirements-build.txt
  • .konflux/requirements.hashes.source.cuda.txt
  • .konflux/requirements.hashes.source.txt
  • .konflux/requirements.hashes.wheel.cuda.txt
  • .konflux/requirements.hashes.wheel.pypi.cuda.txt
  • .konflux/requirements.hashes.wheel.txt
  • .konflux/requirements.hermetic.txt
  • .konflux/requirements.overrides.cuda.txt
  • .konflux/requirements.overrides.txt
  • .tekton/rag-content-cpu-0-6-pull-request.yaml
  • .tekton/rag-content-cpu-0-6-push.yaml
  • .tekton/rag-content-cuda-12-9-0-6-pull-request.yaml
  • .tekton/rag-content-cuda-12-9-0-6-push.yaml
  • .tekton/rag-tool-cuda-pull-request.yaml
  • .tekton/rag-tool-cuda-push.yaml
  • .tekton/rag-tool-pull-request.yaml
  • .tekton/rag-tool-push.yaml
  • Containerfile
  • Containerfile-cuda
  • scripts/konflux_resolve.py

Walkthrough

This PR upgrades Konflux/Containerfile base images and tooling: splits DNF_COMMAND into builder/runtime variants, expands hermetic toolchain packages (cargo/rust), reworks dependency installation to prune incompatible wheels and use uv pip install, bumps pinned requirement/hash versions, adjusts overrides, refreshes Tekton prefetch package lists and task bundle digests, and updates a fallback requirements-filtering routine.

Changes

Konflux/Containerfile hermetic build and dependency pipeline updates

Layer / File(s) Summary
Build-args base image and DNF command split
.konflux/build-args-konflux.conf, .konflux/cuda/build-args-konflux.conf
Splits DNF_COMMAND into BUILDER_DNF_COMMAND/RUNTIME_DNF_COMMAND and updates builder/runtime base image tags for CPU and CUDA.
Containerfile DNF wiring and hermetic dependency install
Containerfile, Containerfile-cuda
Uses renamed DNF args, adds cargo/rust to the hermetic toolchain, prunes incompatible wheels, creates a venv via uv, strips --index-url lines, and installs via uv pip install/uv pip check.
Pinned requirements, hashes, overrides, and bootstrap packages
.konflux/profiles.toml, .konflux/pypi_wheel_only.txt, .konflux/requirements-build*.txt, .konflux/requirements.hashes.*, .konflux/requirements.hermetic.txt, .konflux/requirements.overrides*.txt
Updates bootstrap package set (adds pdm-backend), build/runtime dependency pins (setuptools-rust, setuptools-scm, uv-build, vcs-versioning, cryptography, packaging, oci), adds/removes psycopg2-binary/pyopenssl pins, and adds packaging<26 overrides.
Tekton prefetch package lists and bundle digests
.tekton/rag-content-*.yaml, .tekton/rag-tool-*.yaml
Replaces prefetch-input binary.packages allowlists and updates prefetch-dependencies-oci-ta taskRef bundle sha256 digests across CPU/CUDA, pull-request/push pipeline variants.
konflux_resolve.py fallback filtering
scripts/konflux_resolve.py
Extends fallback requirements-line construction to also strip comment headers and blank lines.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • tisnik
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: migrating to RHOAI 3.4 with PyPI-related Konflux updates.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@syedriko syedriko force-pushed the syedriko-rhoai-3.4-main branch 2 times, most recently from 46c3e5a to c39375e Compare June 29, 2026 17:31
@syedriko

Copy link
Copy Markdown
Collaborator Author

/retest

@syedriko syedriko force-pushed the syedriko-rhoai-3.4-main branch 6 times, most recently from 6219a0d to 8f0cdbb Compare June 30, 2026 18:50
@syedriko syedriko marked this pull request as ready for review June 30, 2026 19:55
@syedriko syedriko changed the title Migrate to RHOAI 3.4 + PyPI - main LCORE-2874: Migrate to RHOAI 3.4 + PyPI - main Jun 30, 2026
@syedriko syedriko force-pushed the syedriko-rhoai-3.4-main branch from 8f0cdbb to 9a3bf0e Compare June 30, 2026 23:31

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.konflux/pypi_wheel_only.txt:
- Around line 3-5: The wheel-only policy file now contains only comments, so
scripts/konflux_resolve.py will load no package entries and silently stop
forcing any packages down the PyPI-wheel path. Restore the removed package names
in .konflux/pypi_wheel_only.txt in a machine-readable form that the loader will
read, keeping the policy list non-empty so wheel_only classification still
works.

In @.konflux/requirements.hashes.source.cuda.txt:
- Around line 131-207: The hash entry updates for psycopg2-binary and pyopenssl
suggest these packages may now be built from source in the hermetic flow, so
confirm the builder image and base image dependencies are sufficient. Review the
requirements hash handling around psycopg2-binary==2.9.12 and pyopenssl==26.3.0,
and ensure the build environment provides pg_config/libpq-dev or
postgresql-devel plus compatible OpenSSL/LibreSSL libraries before keeping these
source hashes. If the source build is not intended or cannot be supported,
adjust the dependency choice or hash set accordingly.

In @.tekton/rag-content-cuda-12-9-0-6-push.yaml:
- Line 60: The CUDA bootstrap allowlist is missing the runtime package entries
needed for the uv pip install path. Update the package list in the allowlist
entry for the CUDA pipeline configuration to include both uv and pip alongside
uv-build, keeping the existing package list structure intact. Use the package
list field in the bootstrap config to locate and adjust the allowlisted names.

In @.tekton/rag-tool-pull-request.yaml:
- Line 66: The CPU prefetch input is missing the standalone uv wheel, even
though the builder runs pip3.12 install uv>=0.7.20 before uv pip install. Update
the packages list in the prefetch configuration to include uv (or add it to the
other relevant prefetch input), using the existing package list block as the
anchor so hermetic CPU builds can resolve uv without network access.

In `@Containerfile`:
- Line 53: The wheel-pruning logic in the Containerfile is using a regex that
only matches pywin32-style wheel names, so replace the ad hoc filename check
with a proper wheel filename parser in the cleanup command. Update the pruning
step to identify valid wheel distributions from actual wheel metadata using the
existing PIP_FIND_LINKS directory contents, and use that parsed result to decide
which non-wheel artifacts to remove. Keep the change localized to the wheel
cleanup shell command so the rest of the image build remains unchanged.

In `@Containerfile-cuda`:
- Line 60: The current uv pip check wrapper only exits on missing-package
messages, which lets other dependency-check failures slip through. Update the
Containerfile-cuda check block around the uv pip check command so it still
ignores hf-xet-related missing-package output if needed, but propagates any
other nonzero uv pip check result instead of always returning success. Keep the
logic localized to the existing pip check pipeline and shell condition so the
build fails for version conflicts and all other real dependency errors.
- Line 54: The wheel-pruning logic in the Containerfile-cuda one-liner only
recognizes build-tagged wheel names because the regex used in the rp set is too
narrow, so standard wheels are skipped and the cleanup does nothing. Update the
matching logic in that shell/Python snippet so it identifies normal wheel
filenames as well as build-tagged ones, and keep the pruning behavior tied to
the existing os.listdir/os.remove flow and the rp variable.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9bd52531-82f7-49e3-b448-448e5214fc41

📥 Commits

Reviewing files that changed from the base of the PR and between ecbe0ca and 9a3bf0e.

📒 Files selected for processing (25)
  • .konflux/build-args-konflux.conf
  • .konflux/cuda/build-args-konflux.conf
  • .konflux/profiles.toml
  • .konflux/pypi_wheel_only.txt
  • .konflux/requirements-build.cuda.txt
  • .konflux/requirements-build.txt
  • .konflux/requirements.hashes.source.cuda.txt
  • .konflux/requirements.hashes.source.txt
  • .konflux/requirements.hashes.wheel.cuda.txt
  • .konflux/requirements.hashes.wheel.pypi.cuda.txt
  • .konflux/requirements.hashes.wheel.txt
  • .konflux/requirements.hermetic.txt
  • .konflux/requirements.overrides.cuda.txt
  • .konflux/requirements.overrides.txt
  • .tekton/rag-content-cpu-0-6-pull-request.yaml
  • .tekton/rag-content-cpu-0-6-push.yaml
  • .tekton/rag-content-cuda-12-9-0-6-pull-request.yaml
  • .tekton/rag-content-cuda-12-9-0-6-push.yaml
  • .tekton/rag-tool-cuda-pull-request.yaml
  • .tekton/rag-tool-cuda-push.yaml
  • .tekton/rag-tool-pull-request.yaml
  • .tekton/rag-tool-push.yaml
  • Containerfile
  • Containerfile-cuda
  • scripts/konflux_resolve.py
💤 Files with no reviewable changes (3)
  • .konflux/requirements.hashes.wheel.pypi.cuda.txt
  • .konflux/requirements.hashes.source.txt
  • .konflux/requirements.hermetic.txt

Comment thread .konflux/pypi_wheel_only.txt
Comment thread .konflux/requirements.hashes.source.cuda.txt
Comment thread .tekton/rag-content-cuda-12-9-0-6-push.yaml
Comment thread .tekton/rag-tool-pull-request.yaml
Comment thread Containerfile
Comment thread Containerfile-cuda
Comment thread Containerfile-cuda Outdated
@syedriko syedriko force-pushed the syedriko-rhoai-3.4-main branch from 9a3bf0e to 7bb9c0b Compare July 1, 2026 00:11
@syedriko

syedriko commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator Author

/test "Konflux kflux-prd-rh02 / rag-content-cuda-12-9-0-6-on-pull-request"

@syedriko

syedriko commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator Author

/retest "Konflux kflux-prd-rh02 / rag-content-cuda-12-9-0-6-on-pull-request"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant