diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 8c247ae0..a7d2a8e3 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -78,8 +78,8 @@ jobs: git fetch origin main git merge origin/main --no-edit || { # If conflicts occur, take our (release branch) version for Chart.yaml and values.yaml - git checkout --ours deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml - git add deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml + git checkout --ours deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml deploy/helm/rag/Chart.lock + git add deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml deploy/helm/rag/Chart.lock git commit --no-edit } diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml index dd94f9d0..3b942df1 100644 --- a/.github/workflows/e2e-tests.yaml +++ b/.github/workflows/e2e-tests.yaml @@ -16,8 +16,8 @@ on: # MaaS configuration - can be overridden with repository secrets for different environments env: - MAAS_ENDPOINT: "https://llama-3-2-3b-maas-apicast-production.apps.prod.rhoai.rh-aiservices-bu.com:443/v1" - MAAS_MODEL_ID: "llama-3-2-3b" + MAAS_ENDPOINT: ${{ secrets.MAAS_ENDPOINT }} + MAAS_MODEL_ID: ${{ secrets.MAAS_MODEL_ID }} # MAAS_API_KEY is passed as a secret in the helm install step jobs: @@ -87,6 +87,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 needs: unit-tests + # Skip this job for fork PRs since secrets are not available + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) steps: - name: Checkout repository @@ -291,12 +293,20 @@ jobs: echo "" echo "❌ ERROR: MAAS_API_KEY secret is not configured!" echo "" + # Check if this is a fork PR + if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then + echo "⚠️ This appears to be a pull request from a fork." + echo "GitHub Actions does not provide access to secrets for security reasons" + echo "when running workflows triggered by pull requests from forks." + fi + echo "" echo "To fix this, add the MAAS_API_KEY secret to your repository:" echo "1. Go to: Settings > Secrets and variables > Actions" echo "2. Click 'New repository secret'" echo "3. Name: MAAS_API_KEY" echo "4. Value: Your Red Hat MaaS API key" echo "" + echo "Note: For fork PRs, these tests will be skipped automatically." echo "For more information, see:" echo "https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions" echo "" @@ -480,11 +490,40 @@ jobs: # Optional: Uncomment to delete cluster # kind delete cluster --name rag-e2e + fork-pr-notice: + name: Fork PR Notice + runs-on: ubuntu-latest + # Only run this job for fork PRs + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository + steps: + - name: Notice about skipped tests + run: | + echo "## ⚠️ Fork Pull Request Detected" + echo "" + echo "This pull request is from a fork. For security reasons, GitHub Actions does not" + echo "provide access to repository secrets (like \`MAAS_API_KEY\`) for workflows triggered" + echo "by pull requests from forks." + echo "" + echo "**The following tests have been skipped:**" + echo "- LlamaStack Integration Tests (requires MAAS_API_KEY)" + echo "- UI E2E Tests (requires MAAS_API_KEY)" + echo "" + echo "**Tests that still run:**" + echo "- ✅ Unit Tests" + echo "- ✅ Integration Tests (Streamlit App)" + echo "" + echo "The MaaS-dependent tests will run automatically when this PR is merged to \`main\`." + echo "" + echo "For more information, see:" + echo "https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions" + ui-e2e-tests: name: UI E2E Tests (Playwright) runs-on: ubuntu-latest timeout-minutes: 60 needs: [unit-tests, integration-tests] + # Skip this job for fork PRs since secrets are not available + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) steps: - name: Checkout repository diff --git a/deploy/helm/rag/Chart.lock b/deploy/helm/rag/Chart.lock index b0921dbc..45c5ac1b 100644 --- a/deploy/helm/rag/Chart.lock +++ b/deploy/helm/rag/Chart.lock @@ -18,4 +18,4 @@ dependencies: repository: https://rh-ai-quickstart.github.io/ai-architecture-charts version: 0.5.7 digest: sha256:d7abd4b5f5c4080a241c567f0bde351f927a5ac0d95fea4bbdf8f364f7a92866 -generated: "2025-11-26T13:12:40.513755-05:00" +generated: "2025-12-05T10:53:08.788253807-05:00" diff --git a/deploy/helm/rag/Chart.yaml b/deploy/helm/rag/Chart.yaml index 0f948d56..918d77a1 100644 --- a/deploy/helm/rag/Chart.yaml +++ b/deploy/helm/rag/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rag description: A Helm chart for Kubernetes type: application -version: 0.2.28 -appVersion: "0.2.28" +version: 0.2.29 +appVersion: "0.2.29" dependencies: - name: pgvector diff --git a/deploy/helm/rag/values.yaml b/deploy/helm/rag/values.yaml index 1a79f9ff..8d0daedd 100644 --- a/deploy/helm/rag/values.yaml +++ b/deploy/helm/rag/values.yaml @@ -3,7 +3,7 @@ replicaCount: 1 image: repository: quay.io/rh-ai-quickstart/llamastack-dist-ui pullPolicy: Always - tag: 0.2.28 + tag: 0.2.29 service: type: ClusterIP diff --git a/docs/AppleSiliconReadMe.md b/docs/AppleSiliconReadMe.md new file mode 100644 index 00000000..c962dad5 --- /dev/null +++ b/docs/AppleSiliconReadMe.md @@ -0,0 +1,104 @@ +# Apple Sillicon Podman Setup + +This tutorial walks you through installing Lima, creating an x86_64 Podman VM, configuring the Podman CLI to use it, and verifying that everything is working correctly. +This is especially useful on Apple Silicon when you need x86_64 container builds (for example, if ARM builds break under QEMU). + +## The Problem +Sometimes Mac cannot translate the commands in one chip architecture so we need a layer to do this for us. +Qemu is usual the software for the job, but in some cases when the process for building images is computationally +complex the M series mac will Sig fault. + +### Symptoms + +You might see a failure to build the UI + +``` +RUN pnpm run build:vite +Failed to run +``` + +You might see a failue building the API + +``` +STEP 9/19: COPY packages/db/ ./packages/db/ +--> af95bf5b5140 +STEP 10/19: RUN if [ "$TORCH_VARIANT" = "cpu" ]; then echo "Installing PyTorch CPU version (lightweight, ~176MB)..." && uv pip install --python $(which python3) --system --no-cache --index-url https://download.pytorch.org/whl/cpu torch; else echo "Installing PyTorch CUDA version (GPU-enabled, ~800MB)..." && uv pip install --python $(which python3) --system --no-cache torch; fi +Installing PyTorch CPU version (lightweight, ~176MB)... +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Error: building at STEP "RUN if [ "$TORCH_VARIANT" = "cpu" ]; then echo "Installing PyTorch CPU version (lightweight, ~176MB)..." && uv pip install --python $(which python3) --system --no-cache --index-url https://download.pytorch.org/whl/cpu torch; else echo "Installing PyTorch CUDA version (GPU-enabled, ~800MB)..." && uv pip install --python $(which python3) --system --no-cache torch; fi": while running runtime: exit status 139 +make: *** [build-api] Error 139 +``` + +## The Solution + +### 1. Install Lima + +```bash +brew install lima +``` + +### 2. Create an x86_64 Podman VM + +Use Lima’s built-in Podman template: + +```bash +limactl create --name podman --arch x86_64 --vm-type qemu template:podman +``` + +You’ll should be prompted: +Proceed with the current configuration? +Choose Yes and wait. +This part downloads the image and boots the VM — it may take a little while. + +### 3. Verify Your Lima Instances + +Before you continue, check which Lima VMs exist: + +```bash +limactl ls +``` + +Example output: + +NAME STATUS SSH VMTYPE ARCH CPUS MEMORY DISK DIR +podman Running 127.0.0.1:49576 qemu x86_64 4 4GiB 100GiB ~/.lima/podman +podman-aarch64 Stopped 127.0.0.1:0 vz aarch64 4 4GiB 100GiB ~/.lima/podman-arm64 + + +### 4. Configure Podman CLI to Use the Lima Podman VM + +Replace with your macOS username: + +```bash +podman system connection add lima-podman \ + "unix:///Users//.lima/podman/sock/podman.sock" +``` + +### 5. Set Lima Podman as the Default Connection + +```bash +podman system connection default lima-podman +``` + +You can confirm: + +```bash +podman system connection ls +``` + +### 6. Test Podman with a Basic Container + +```bash +podman run quay.io/podman/hello +``` + +If you see a greeting message, everything is working 🎉 + +### 7. Verify You're Running x86_64 Containers + +Because the VM is x86_64, images should report x86_64 inside: +```bash +podman run fedora:latest uname -a +``` + +### 8. You finished! diff --git a/docs/local_setup_guide.md b/docs/local_setup_guide.md index 3cac6587..b58f4add 100644 --- a/docs/local_setup_guide.md +++ b/docs/local_setup_guide.md @@ -38,6 +38,8 @@ This guide walks you through running a Llama Stack server locally using **Ollama You can install Ollama manually or use the automated setup: +** Note: If running on Apple Silicon please read [Apple Silicon Guide](./AppleSiliconReadMe.md) + ```bash # Automated setup (recommended - from deploy/local directory) cd deploy/local