From e5e909227028a6b54d6d1de2cfa1b25466f27562 Mon Sep 17 00:00:00 2001 From: Ryan Johnson Date: Mon, 1 Dec 2025 15:26:33 -0500 Subject: [PATCH 1/8] fix(docs): create docs outlining Apple M series issue. --- docs/AppleSiliconReadMe.md | 104 +++++++++++++++++++++++++++++++++++++ docs/local_setup_guide.md | 2 + 2 files changed, 106 insertions(+) create mode 100644 docs/AppleSiliconReadMe.md diff --git a/docs/AppleSiliconReadMe.md b/docs/AppleSiliconReadMe.md new file mode 100644 index 00000000..c962dad5 --- /dev/null +++ b/docs/AppleSiliconReadMe.md @@ -0,0 +1,104 @@ +# Apple Sillicon Podman Setup + +This tutorial walks you through installing Lima, creating an x86_64 Podman VM, configuring the Podman CLI to use it, and verifying that everything is working correctly. +This is especially useful on Apple Silicon when you need x86_64 container builds (for example, if ARM builds break under QEMU). + +## The Problem +Sometimes Mac cannot translate the commands in one chip architecture so we need a layer to do this for us. +Qemu is usual the software for the job, but in some cases when the process for building images is computationally +complex the M series mac will Sig fault. + +### Symptoms + +You might see a failure to build the UI + +``` +RUN pnpm run build:vite +Failed to run +``` + +You might see a failue building the API + +``` +STEP 9/19: COPY packages/db/ ./packages/db/ +--> af95bf5b5140 +STEP 10/19: RUN if [ "$TORCH_VARIANT" = "cpu" ]; then echo "Installing PyTorch CPU version (lightweight, ~176MB)..." && uv pip install --python $(which python3) --system --no-cache --index-url https://download.pytorch.org/whl/cpu torch; else echo "Installing PyTorch CUDA version (GPU-enabled, ~800MB)..." && uv pip install --python $(which python3) --system --no-cache torch; fi +Installing PyTorch CPU version (lightweight, ~176MB)... +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Error: building at STEP "RUN if [ "$TORCH_VARIANT" = "cpu" ]; then echo "Installing PyTorch CPU version (lightweight, ~176MB)..." && uv pip install --python $(which python3) --system --no-cache --index-url https://download.pytorch.org/whl/cpu torch; else echo "Installing PyTorch CUDA version (GPU-enabled, ~800MB)..." && uv pip install --python $(which python3) --system --no-cache torch; fi": while running runtime: exit status 139 +make: *** [build-api] Error 139 +``` + +## The Solution + +### 1. Install Lima + +```bash +brew install lima +``` + +### 2. Create an x86_64 Podman VM + +Use Lima’s built-in Podman template: + +```bash +limactl create --name podman --arch x86_64 --vm-type qemu template:podman +``` + +You’ll should be prompted: +Proceed with the current configuration? +Choose Yes and wait. +This part downloads the image and boots the VM — it may take a little while. + +### 3. Verify Your Lima Instances + +Before you continue, check which Lima VMs exist: + +```bash +limactl ls +``` + +Example output: + +NAME STATUS SSH VMTYPE ARCH CPUS MEMORY DISK DIR +podman Running 127.0.0.1:49576 qemu x86_64 4 4GiB 100GiB ~/.lima/podman +podman-aarch64 Stopped 127.0.0.1:0 vz aarch64 4 4GiB 100GiB ~/.lima/podman-arm64 + + +### 4. Configure Podman CLI to Use the Lima Podman VM + +Replace with your macOS username: + +```bash +podman system connection add lima-podman \ + "unix:///Users//.lima/podman/sock/podman.sock" +``` + +### 5. Set Lima Podman as the Default Connection + +```bash +podman system connection default lima-podman +``` + +You can confirm: + +```bash +podman system connection ls +``` + +### 6. Test Podman with a Basic Container + +```bash +podman run quay.io/podman/hello +``` + +If you see a greeting message, everything is working 🎉 + +### 7. Verify You're Running x86_64 Containers + +Because the VM is x86_64, images should report x86_64 inside: +```bash +podman run fedora:latest uname -a +``` + +### 8. You finished! diff --git a/docs/local_setup_guide.md b/docs/local_setup_guide.md index 3cac6587..b58f4add 100644 --- a/docs/local_setup_guide.md +++ b/docs/local_setup_guide.md @@ -38,6 +38,8 @@ This guide walks you through running a Llama Stack server locally using **Ollama You can install Ollama manually or use the automated setup: +** Note: If running on Apple Silicon please read [Apple Silicon Guide](./AppleSiliconReadMe.md) + ```bash # Automated setup (recommended - from deploy/local directory) cd deploy/local From 184fe7f27cd0827ca11e2f26e1de0cced857a285 Mon Sep 17 00:00:00 2001 From: Ryan Johnson Date: Tue, 2 Dec 2025 12:53:09 -0500 Subject: [PATCH 2/8] chore(variable access): fix issue with variable being absent in ci/cd --- .github/workflows/e2e-tests.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml index dd94f9d0..78117896 100644 --- a/.github/workflows/e2e-tests.yaml +++ b/.github/workflows/e2e-tests.yaml @@ -16,9 +16,9 @@ on: # MaaS configuration - can be overridden with repository secrets for different environments env: - MAAS_ENDPOINT: "https://llama-3-2-3b-maas-apicast-production.apps.prod.rhoai.rh-aiservices-bu.com:443/v1" - MAAS_MODEL_ID: "llama-3-2-3b" - # MAAS_API_KEY is passed as a secret in the helm install step + MAAS_ENDPOINT: ${{ secrets.MAAS_ENDPOINT }} + MAAS_MODEL_ID: ${{ secrets.MAAS_MODEL_ID }} + # MAAS_API_KEY is passed as a secret in the helm install step jobs: unit-tests: From c009d3d28c7e6f79daddcf90ba02afcfa748db11 Mon Sep 17 00:00:00 2001 From: Sid Kattoju Date: Tue, 2 Dec 2025 16:14:00 -0500 Subject: [PATCH 3/8] Update Chart.lock to sync with Chart.yaml dependencies --- deploy/helm/rag/Chart.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/helm/rag/Chart.lock b/deploy/helm/rag/Chart.lock index 44c5ac72..530fe479 100644 --- a/deploy/helm/rag/Chart.lock +++ b/deploy/helm/rag/Chart.lock @@ -18,4 +18,4 @@ dependencies: repository: https://rh-ai-quickstart.github.io/ai-architecture-charts version: 0.5.7 digest: sha256:176de24d5f9b93e930cde71aa91e94060fe78d0fc20950b974fae8849c1b4e05 -generated: "2025-11-18T13:49:29.900286-05:00" +generated: "2025-12-02T16:13:55.610572-05:00" From 4b4f3fc0defbb46c8235b152568d7ed6dea38724 Mon Sep 17 00:00:00 2001 From: Sid Kattoju Date: Tue, 2 Dec 2025 16:28:44 -0500 Subject: [PATCH 4/8] Skip MaaS-dependent tests for fork PRs - Add conditional logic to skip llamastack-integration-tests and ui-e2e-tests jobs for fork PRs - Improve validation error message to detect and explain fork PR limitations - Add fork-pr-notice job to inform contributors why tests are skipped - Maintains security by not exposing secrets to fork PRs - Full test suite still runs for same-repo PRs and on merge to main --- .github/workflows/e2e-tests.yaml | 41 +++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml index 78117896..3b942df1 100644 --- a/.github/workflows/e2e-tests.yaml +++ b/.github/workflows/e2e-tests.yaml @@ -18,7 +18,7 @@ on: env: MAAS_ENDPOINT: ${{ secrets.MAAS_ENDPOINT }} MAAS_MODEL_ID: ${{ secrets.MAAS_MODEL_ID }} - # MAAS_API_KEY is passed as a secret in the helm install step + # MAAS_API_KEY is passed as a secret in the helm install step jobs: unit-tests: @@ -87,6 +87,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 needs: unit-tests + # Skip this job for fork PRs since secrets are not available + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) steps: - name: Checkout repository @@ -291,12 +293,20 @@ jobs: echo "" echo "❌ ERROR: MAAS_API_KEY secret is not configured!" echo "" + # Check if this is a fork PR + if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then + echo "⚠️ This appears to be a pull request from a fork." + echo "GitHub Actions does not provide access to secrets for security reasons" + echo "when running workflows triggered by pull requests from forks." + fi + echo "" echo "To fix this, add the MAAS_API_KEY secret to your repository:" echo "1. Go to: Settings > Secrets and variables > Actions" echo "2. Click 'New repository secret'" echo "3. Name: MAAS_API_KEY" echo "4. Value: Your Red Hat MaaS API key" echo "" + echo "Note: For fork PRs, these tests will be skipped automatically." echo "For more information, see:" echo "https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions" echo "" @@ -480,11 +490,40 @@ jobs: # Optional: Uncomment to delete cluster # kind delete cluster --name rag-e2e + fork-pr-notice: + name: Fork PR Notice + runs-on: ubuntu-latest + # Only run this job for fork PRs + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository + steps: + - name: Notice about skipped tests + run: | + echo "## ⚠️ Fork Pull Request Detected" + echo "" + echo "This pull request is from a fork. For security reasons, GitHub Actions does not" + echo "provide access to repository secrets (like \`MAAS_API_KEY\`) for workflows triggered" + echo "by pull requests from forks." + echo "" + echo "**The following tests have been skipped:**" + echo "- LlamaStack Integration Tests (requires MAAS_API_KEY)" + echo "- UI E2E Tests (requires MAAS_API_KEY)" + echo "" + echo "**Tests that still run:**" + echo "- ✅ Unit Tests" + echo "- ✅ Integration Tests (Streamlit App)" + echo "" + echo "The MaaS-dependent tests will run automatically when this PR is merged to \`main\`." + echo "" + echo "For more information, see:" + echo "https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions" + ui-e2e-tests: name: UI E2E Tests (Playwright) runs-on: ubuntu-latest timeout-minutes: 60 needs: [unit-tests, integration-tests] + # Skip this job for fork PRs since secrets are not available + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) steps: - name: Checkout repository From 426e9c6f0aebdf059be9ea6d46cb6d1683019dc1 Mon Sep 17 00:00:00 2001 From: Yuval Turgeman Date: Thu, 4 Dec 2025 11:57:53 -0500 Subject: [PATCH 5/8] Auto merge Chart.lock in workflow Signed-off-by: Yuval Turgeman --- .github/workflows/create-release-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 8c247ae0..a7d2a8e3 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -78,8 +78,8 @@ jobs: git fetch origin main git merge origin/main --no-edit || { # If conflicts occur, take our (release branch) version for Chart.yaml and values.yaml - git checkout --ours deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml - git add deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml + git checkout --ours deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml deploy/helm/rag/Chart.lock + git add deploy/helm/rag/Chart.yaml deploy/helm/rag/values.yaml deploy/helm/rag/Chart.lock git commit --no-edit } From 7f74f6ea0df5f3e27ce9852f3e93b8249db31bca Mon Sep 17 00:00:00 2001 From: Yuval Turgeman Date: Fri, 5 Dec 2025 10:45:00 -0500 Subject: [PATCH 6/8] fix: set image tag back to latest-dev for dev branch --- deploy/helm/rag/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/helm/rag/values.yaml b/deploy/helm/rag/values.yaml index 1a79f9ff..225695b6 100644 --- a/deploy/helm/rag/values.yaml +++ b/deploy/helm/rag/values.yaml @@ -3,7 +3,7 @@ replicaCount: 1 image: repository: quay.io/rh-ai-quickstart/llamastack-dist-ui pullPolicy: Always - tag: 0.2.28 + tag: latest-dev service: type: ClusterIP From 1faa30d8d9fe7a69aeb7b59783a67287fb69f988 Mon Sep 17 00:00:00 2001 From: Yuval Turgeman Date: Fri, 5 Dec 2025 10:53:31 -0500 Subject: [PATCH 7/8] Update helm dependencies Signed-off-by: Yuval Turgeman --- deploy/helm/rag/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/helm/rag/Chart.lock b/deploy/helm/rag/Chart.lock index 530fe479..45c5ac1b 100644 --- a/deploy/helm/rag/Chart.lock +++ b/deploy/helm/rag/Chart.lock @@ -7,7 +7,7 @@ dependencies: version: 0.5.2 - name: configure-pipeline repository: https://rh-ai-quickstart.github.io/ai-architecture-charts - version: 0.5.2 + version: 0.5.4 - name: ingestion-pipeline repository: https://rh-ai-quickstart.github.io/ai-architecture-charts version: 0.5.1 @@ -17,5 +17,5 @@ dependencies: - name: mcp-servers repository: https://rh-ai-quickstart.github.io/ai-architecture-charts version: 0.5.7 -digest: sha256:176de24d5f9b93e930cde71aa91e94060fe78d0fc20950b974fae8849c1b4e05 -generated: "2025-12-02T16:13:55.610572-05:00" +digest: sha256:d7abd4b5f5c4080a241c567f0bde351f927a5ac0d95fea4bbdf8f364f7a92866 +generated: "2025-12-05T10:53:08.788253807-05:00" From 804c7f3ffe7d1744e43120c1d74b346447c0adbd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 5 Dec 2025 15:56:25 +0000 Subject: [PATCH 8/8] chore: bump version to 0.2.29 --- deploy/helm/rag/Chart.yaml | 4 ++-- deploy/helm/rag/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/helm/rag/Chart.yaml b/deploy/helm/rag/Chart.yaml index 0f948d56..918d77a1 100644 --- a/deploy/helm/rag/Chart.yaml +++ b/deploy/helm/rag/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rag description: A Helm chart for Kubernetes type: application -version: 0.2.28 -appVersion: "0.2.28" +version: 0.2.29 +appVersion: "0.2.29" dependencies: - name: pgvector diff --git a/deploy/helm/rag/values.yaml b/deploy/helm/rag/values.yaml index 225695b6..8d0daedd 100644 --- a/deploy/helm/rag/values.yaml +++ b/deploy/helm/rag/values.yaml @@ -3,7 +3,7 @@ replicaCount: 1 image: repository: quay.io/rh-ai-quickstart/llamastack-dist-ui pullPolicy: Always - tag: latest-dev + tag: 0.2.29 service: type: ClusterIP