Skip to content

Run tests in ci #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ilopezluna merged 2 commits into from
Jun 10, 2025
Merged

Run tests in ci #70

ilopezluna merged 2 commits into from
Jun 10, 2025

Conversation

@ilopezluna
Copy link
Contributor

@ilopezluna ilopezluna commented Jun 6, 2025

  • Fixed test
  • Added release workflow
  • Updated CI workflow to only build and test

@ilopezluna ilopezluna requested a review from a team June 6, 2025 11:29
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 6, 2025
View reviewed changes
.github/workflows/release.yml
Comment on lines +20 to +34
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.24.2
cache: true

- name: Run tests
run: go test ./...

build:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 months ago

To fix the issue, we will add a permissions block at the workflow level to define the minimal permissions required. Based on the workflow's operations:

  • The contents: read permission is needed to check out the repository code.
  • The packages: write permission is required for pushing Docker images to DockerHub.

The permissions block will be added at the top of the workflow, ensuring it applies to all jobs unless overridden.

Suggested changeset 1
.github/workflows/release.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,2 +3,6 @@
 
+permissions:
+  contents: read
+  packages: write
+
 on:
EOF
@@ -3,2 +3,6 @@

permissions:
contents: read
packages: write

on:
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/release.yml
Comment on lines +35 to +96
needs: test
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4

- name: Format tags
id: tags
shell: bash
run: |
echo "cpu<<EOF" >> "$GITHUB_OUTPUT"
echo "docker/model-runner:${{ inputs.releaseTag }}" >> "$GITHUB_OUTPUT"
if [ "${{ inputs.pushLatest }}" == "true" ]; then
echo "docker/model-runner:latest" >> "$GITHUB_OUTPUT"
fi
echo 'EOF' >> "$GITHUB_OUTPUT"
echo "cuda<<EOF" >> "$GITHUB_OUTPUT"
echo "docker/model-runner:${{ inputs.releaseTag }}-cuda" >> "$GITHUB_OUTPUT"
if [ "${{ inputs.pushLatest }}" == "true" ]; then
echo "docker/model-runner:latest-cuda" >> "$GITHUB_OUTPUT"
fi
echo 'EOF' >> "$GITHUB_OUTPUT"

- name: Log in to DockerHub
uses: docker/login-action@v3
with:
username: "docker"
password: ${{ secrets.ORG_ACCESS_TOKEN }}

- name: Set up Buildx
uses: docker/setup-buildx-action@v3
with:
version: "lab:latest"
driver: cloud
endpoint: "docker/make-product-smarter"
install: true

- name: Build CPU image
uses: docker/build-push-action@v5
with:
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
"LLAMA_SERVER_VERSION=latest"
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.tags.outputs.cpu }}

- name: Build CUDA image
uses: docker/build-push-action@v5
with:
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
"LLAMA_SERVER_VERSION=latest"
"LLAMA_SERVER_VARIANT=cuda"
"BASE_IMAGE=nvidia/cuda:12.9.0-cudnn-runtime-ubuntu24.04"
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.tags.outputs.cuda }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 months ago

To fix the issue, we will add a permissions block to the workflow to explicitly define the least privileges required for the jobs. Based on the operations performed:

  • The test job only needs to read the repository contents to run tests.
  • The build job requires additional permissions to push Docker images, so it will need contents: read and packages: write.

The permissions block will be added at the job level to ensure each job has only the permissions it needs.

Suggested changeset 1
.github/workflows/release.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,2 +19,4 @@
   test:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
@@ -34,2 +36,5 @@
   build:
+    permissions:
+      contents: read
+      packages: write
     needs: test
EOF
@@ -19,2 +19,4 @@
test:
permissions:
contents: read
runs-on: ubuntu-latest
@@ -34,2 +36,5 @@
build:
permissions:
contents: read
packages: write
needs: test
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/release.yml
echo 'EOF' >> "$GITHUB_OUTPUT"

- name: Log in to DockerHub
uses: docker/login-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/login-action' with ref 'v3', not a pinned commit hash
.github/workflows/release.yml
password: ${{ secrets.ORG_ACCESS_TOKEN }}

- name: Set up Buildx
uses: docker/setup-buildx-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/setup-buildx-action' with ref 'v3', not a pinned commit hash
.github/workflows/release.yml
install: true

- name: Build CPU image
uses: docker/build-push-action@v5

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/build-push-action' with ref 'v5', not a pinned commit hash
.github/workflows/release.yml
tags: ${{ steps.tags.outputs.cpu }}

- name: Build CUDA image
uses: docker/build-push-action@v5

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/build-push-action' with ref 'v5', not a pinned commit hash
xenoscopic
xenoscopic approved these changes Jun 6, 2025
View reviewed changes
Copy link
Contributor

@xenoscopic xenoscopic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@ilopezluna ilopezluna merged commit 1658aa6 into main Jun 10, 2025
4 checks passed
@ilopezluna ilopezluna deleted the run-tests-in-ci branch June 10, 2025 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xenoscopic xenoscopic xenoscopic approved these changes

+1 more reviewer

@p1-0tr p1-0tr p1-0tr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ilopezluna @xenoscopic @p1-0tr