Release v0.2.29

.github/workflows/create-release-pr.yml

@@ -78,8 +78,8 @@ jobs:
           git fetch origin main
           git merge origin/main --no-edit || {
             # If conflicts occur, take our (release branch) version for Chart.yaml and values.yaml
-            git checkout --ours deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml
-            git add deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml
+            git checkout --ours deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml deploy/helm/rag/Chart.lock
+            git add deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml deploy/helm/rag/Chart.lock
             git commit --no-edit
           }
 

.github/workflows/e2e-tests.yaml

@@ -16,8 +16,8 @@ on:
 
 # MaaS configuration - can be overridden with repository secrets for different environments
 env:
-  MAAS_ENDPOINT: "https://llama-3-2-3b-maas-apicast-production.apps.prod.rhoai.rh-aiservices-bu.com:443/v1"
-  MAAS_MODEL_ID: "llama-3-2-3b"
+  MAAS_ENDPOINT: ${{ secrets.MAAS_ENDPOINT }}
+  MAAS_MODEL_ID: ${{ secrets.MAAS_MODEL_ID }}
   # MAAS_API_KEY is passed as a secret in the helm install step
 
 jobs:
@@ -87,6 +87,8 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     needs: unit-tests
+    # Skip this job for fork PRs since secrets are not available
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
 
     steps:
       - name: Checkout repository
@@ -291,12 +293,20 @@ jobs:
             echo ""
             echo "❌ ERROR: MAAS_API_KEY secret is not configured!"
             echo ""
+            # Check if this is a fork PR
+            if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then
+              echo "⚠️  This appears to be a pull request from a fork."
+              echo "GitHub Actions does not provide access to secrets for security reasons"
+              echo "when running workflows triggered by pull requests from forks."
+            fi
+            echo ""
             echo "To fix this, add the MAAS_API_KEY secret to your repository:"
             echo "1. Go to: Settings > Secrets and variables > Actions"
             echo "2. Click 'New repository secret'"
             echo "3. Name: MAAS_API_KEY"
             echo "4. Value: Your Red Hat MaaS API key"
             echo ""
+            echo "Note: For fork PRs, these tests will be skipped automatically."
             echo "For more information, see:"
             echo "https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions"
             echo ""
@@ -480,11 +490,40 @@ jobs:
           # Optional: Uncomment to delete cluster
           # kind delete cluster --name rag-e2e
 
+  fork-pr-notice:
+    name: Fork PR Notice
+    runs-on: ubuntu-latest
+    # Only run this job for fork PRs
+    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - name: Notice about skipped tests
+        run: |
+          echo "## ⚠️ Fork Pull Request Detected"
+          echo ""
+          echo "This pull request is from a fork. For security reasons, GitHub Actions does not"
+          echo "provide access to repository secrets (like \`MAAS_API_KEY\`) for workflows triggered"
+          echo "by pull requests from forks."
+          echo ""
+          echo "**The following tests have been skipped:**"
+          echo "- LlamaStack Integration Tests (requires MAAS_API_KEY)"
+          echo "- UI E2E Tests (requires MAAS_API_KEY)"
+          echo ""
+          echo "**Tests that still run:**"
+          echo "- ✅ Unit Tests"
+          echo "- ✅ Integration Tests (Streamlit App)"
+          echo ""
+          echo "The MaaS-dependent tests will run automatically when this PR is merged to \`main\`."
+          echo ""
+          echo "For more information, see:"
+          echo "https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions"
+
   ui-e2e-tests:
     name: UI E2E Tests (Playwright)
     runs-on: ubuntu-latest
     timeout-minutes: 60
     needs: [unit-tests, integration-tests]
+    # Skip this job for fork PRs since secrets are not available
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
 
     steps:
       - name: Checkout repository

deploy/helm/rag/Chart.lock

@@ -7,7 +7,7 @@ dependencies:
   version: 0.5.2
 - name: configure-pipeline
   repository: https://rh-ai-quickstart.github.io/ai-architecture-charts
-  version: 0.5.4
+  version: 0.5.2
 - name: ingestion-pipeline
   repository: https://rh-ai-quickstart.github.io/ai-architecture-charts
   version: 0.5.1
@@ -17,5 +17,5 @@ dependencies:
 - name: mcp-servers
   repository: https://rh-ai-quickstart.github.io/ai-architecture-charts
   version: 0.5.7
-digest: sha256:d7abd4b5f5c4080a241c567f0bde351f927a5ac0d95fea4bbdf8f364f7a92866
-generated: "2025-11-26T13:12:40.513755-05:00"
+digest: sha256:176de24d5f9b93e930cde71aa91e94060fe78d0fc20950b974fae8849c1b4e05
+generated: "2025-12-02T16:13:55.610572-05:00"

deploy/helm/rag/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: rag
 description: A Helm chart for Kubernetes
 type: application
-version: 0.2.28
-appVersion: "0.2.28"
+version: 0.2.29
+appVersion: "0.2.29"
 
 dependencies:
   - name: pgvector

deploy/helm/rag/values.yaml

@@ -3,7 +3,7 @@ replicaCount: 1
 image:
   repository: quay.io/rh-ai-quickstart/llamastack-dist-ui
   pullPolicy: Always
-  tag: 0.2.28
+  tag: 0.2.29
 
 service:
   type: ClusterIP

docs/AppleSiliconReadMe.md

@@ -0,0 +1,104 @@
+# Apple Sillicon Podman Setup
+
+This tutorial walks you through installing Lima, creating an x86_64 Podman VM, configuring the Podman CLI to use it, and verifying that everything is working correctly.
+This is especially useful on Apple Silicon when you need x86_64 container builds (for example, if ARM builds break under QEMU).
+
+## The Problem
+Sometimes Mac cannot translate the commands in one chip architecture so we need a layer to do this for us.
+Qemu is usual the software for the job, but in some cases when the process for building images is computationally 
+complex the M series mac will Sig fault.
+
+### Symptoms
+
+You might see a failure to build the UI
+
+```
+RUN pnpm run build:vite
+Failed to run 
+```
+
+You might see a failue building the API
+
+```
+STEP 9/19: COPY packages/db/ ./packages/db/
+--> af95bf5b5140
+STEP 10/19: RUN if [ "$TORCH_VARIANT" = "cpu" ]; then         echo "Installing PyTorch CPU version (lightweight, ~176MB)..." &&         uv pip install --python $(which python3) --system --no-cache --index-url https://download.pytorch.org/whl/cpu torch;     else         echo "Installing PyTorch CUDA version (GPU-enabled, ~800MB)..." &&         uv pip install --python $(which python3) --system --no-cache torch;     fi
+Installing PyTorch CPU version (lightweight, ~176MB)...
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Error: building at STEP "RUN if [ "$TORCH_VARIANT" = "cpu" ]; then         echo "Installing PyTorch CPU version (lightweight, ~176MB)..." &&         uv pip install --python $(which python3) --system --no-cache --index-url https://download.pytorch.org/whl/cpu torch;     else         echo "Installing PyTorch CUDA version (GPU-enabled, ~800MB)..." &&         uv pip install --python $(which python3) --system --no-cache torch;     fi": while running runtime: exit status 139
+make: *** [build-api] Error 139
+```
+
+## The Solution
+
+### 1. Install Lima
+
+```bash
+brew install lima
+```
+
+### 2. Create an x86_64 Podman VM
+
+Use Lima’s built-in Podman template:
+
+```bash
+limactl create --name podman --arch x86_64 --vm-type qemu template:podman
+```
+
+You’ll should be prompted:
+Proceed with the current configuration?
+Choose Yes and wait.
+This part downloads the image and boots the VM — it may take a little while.
+
+### 3. Verify Your Lima Instances
+
+Before you continue, check which Lima VMs exist:
+
+```bash
+limactl ls
+```
+
+Example output:
+
+NAME            STATUS     SSH                VMTYPE    ARCH       CPUS    MEMORY    DISK      DIR
+podman          Running    127.0.0.1:49576    qemu      x86_64     4       4GiB      100GiB    ~/.lima/podman
+podman-aarch64    Stopped    127.0.0.1:0        vz        aarch64    4       4GiB      100GiB    ~/.lima/podman-arm64
+
+
+### 4. Configure Podman CLI to Use the Lima Podman VM
+
+Replace <your username> with your macOS username:
+
+```bash
+podman system connection add lima-podman \
+  "unix:///Users/<your username>/.lima/podman/sock/podman.sock"
+```
+
+### 5. Set Lima Podman as the Default Connection
+
+```bash
+podman system connection default lima-podman
+```
+
+You can confirm:
+
+```bash
+podman system connection ls
+```
+
+### 6. Test Podman with a Basic Container
+
+```bash
+podman run quay.io/podman/hello
+```
+
+If you see a greeting message, everything is working 🎉
+
+### 7. Verify You're Running x86_64 Containers
+
+Because the VM is x86_64, images should report x86_64 inside:
+```bash
+podman run fedora:latest uname -a
+```
+
+### 8. You finished!

docs/local_setup_guide.md

@@ -38,6 +38,8 @@ This guide walks you through running a Llama Stack server locally using **Ollama
 
 You can install Ollama manually or use the automated setup:
 
+** Note: If running on Apple Silicon please read [Apple Silicon Guide](./AppleSiliconReadMe.md)
+
 ```bash
 # Automated setup (recommended - from deploy/local directory)
 cd deploy/local