Skip to content

Run tests in ci #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ilopezluna merged 2 commits into from
Jun 10, 2025
Merged

Run tests in ci #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
85cd8aa
Run tests in CI
ilopezluna Jun 6, 2025
af76bc4
Split ci and release workflows
ilopezluna Jun 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 15 additions & 69 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,80 +1,26 @@
name: Release model-runner images for CE
run-name: Release model-runner images for CE, version ${{ inputs.releaseTag }}
name: CI

on:
workflow_dispatch:
inputs:
pushLatest:
description: 'Tag images produced by this job as latest'
required: false
type: boolean
default: false
releaseTag:
description: 'Release tag'
required: false
type: string
default: "test"
pull_request:
branches: [ main ]
push:
branches: [ main ]

jobs:
build:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
- name: Checkout code
uses: actions/checkout@v4

- name: Format tags
id: tags
shell: bash
run: |
echo "cpu<<EOF" >> "$GITHUB_OUTPUT"
echo "docker/model-runner:${{ inputs.releaseTag }}" >> "$GITHUB_OUTPUT"
if [ "${{ inputs.pushLatest }}" == "true" ]; then
echo "docker/model-runner:latest" >> "$GITHUB_OUTPUT"
fi
echo 'EOF' >> "$GITHUB_OUTPUT"
echo "cuda<<EOF" >> "$GITHUB_OUTPUT"
echo "docker/model-runner:${{ inputs.releaseTag }}-cuda" >> "$GITHUB_OUTPUT"
if [ "${{ inputs.pushLatest }}" == "true" ]; then
echo "docker/model-runner:latest-cuda" >> "$GITHUB_OUTPUT"
fi
echo 'EOF' >> "$GITHUB_OUTPUT"

- name: Log in to DockerHub
uses: docker/login-action@v3
- name: Set up Go
uses: actions/setup-go@v5
with:
username: "docker"
password: ${{ secrets.ORG_ACCESS_TOKEN }}
go-version: 1.24.2
cache: true

- name: Set up Buildx
uses: docker/setup-buildx-action@v3
with:
version: "lab:latest"
driver: cloud
endpoint: "docker/make-product-smarter"
install: true
- name: Run tests
run: go test -v ./...

- name: Build CPU image
uses: docker/build-push-action@v5
with:
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
"LLAMA_SERVER_VERSION=latest"
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.tags.outputs.cpu }}

- name: Build CUDA image
uses: docker/build-push-action@v5
with:
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
"LLAMA_SERVER_VERSION=latest"
"LLAMA_SERVER_VARIANT=cuda"
"BASE_IMAGE=nvidia/cuda:12.9.0-cudnn-runtime-ubuntu24.04"
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.tags.outputs.cuda }}
- name: Run tests with race detection
run: go test -race ./...
96 changes: 96 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: Release model-runner images for CE
run-name: Release model-runner images for CE, version ${{ inputs.releaseTag }}

on:
workflow_dispatch:
inputs:
pushLatest:
description: 'Tag images produced by this job as latest'
required: false
type: boolean
default: false
releaseTag:
description: 'Release tag'
required: false
type: string
default: "test"

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.24.2
cache: true

- name: Run tests
run: go test ./...

build:
Comment on lines +20 to +34

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 months ago

To fix the issue, we will add a permissions block at the workflow level to define the minimal permissions required. Based on the workflow's operations:

  • The contents: read permission is needed to check out the repository code.
  • The packages: write permission is required for pushing Docker images to DockerHub.

The permissions block will be added at the top of the workflow, ensuring it applies to all jobs unless overridden.

Suggested changeset 1
.github/workflows/release.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,2 +3,6 @@
 
+permissions:
+  contents: read
+  packages: write
+
 on:
EOF
@@ -3,2 +3,6 @@

permissions:
contents: read
packages: write

on:
Copilot is powered by AI and may make mistakes. Always verify output.
needs: test
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4

- name: Format tags
id: tags
shell: bash
run: |
echo "cpu<<EOF" >> "$GITHUB_OUTPUT"
echo "docker/model-runner:${{ inputs.releaseTag }}" >> "$GITHUB_OUTPUT"
if [ "${{ inputs.pushLatest }}" == "true" ]; then
echo "docker/model-runner:latest" >> "$GITHUB_OUTPUT"
fi
echo 'EOF' >> "$GITHUB_OUTPUT"
echo "cuda<<EOF" >> "$GITHUB_OUTPUT"
echo "docker/model-runner:${{ inputs.releaseTag }}-cuda" >> "$GITHUB_OUTPUT"
if [ "${{ inputs.pushLatest }}" == "true" ]; then
echo "docker/model-runner:latest-cuda" >> "$GITHUB_OUTPUT"
fi
echo 'EOF' >> "$GITHUB_OUTPUT"

- name: Log in to DockerHub
uses: docker/login-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/login-action' with ref 'v3', not a pinned commit hash
with:
username: "docker"
password: ${{ secrets.ORG_ACCESS_TOKEN }}

- name: Set up Buildx
uses: docker/setup-buildx-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/setup-buildx-action' with ref 'v3', not a pinned commit hash
with:
version: "lab:latest"
driver: cloud
endpoint: "docker/make-product-smarter"
install: true

- name: Build CPU image
uses: docker/build-push-action@v5

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/build-push-action' with ref 'v5', not a pinned commit hash
with:
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
"LLAMA_SERVER_VERSION=latest"
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.tags.outputs.cpu }}

- name: Build CUDA image
uses: docker/build-push-action@v5

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release model-runner images for CE' step
Uses Step
Loading
uses 'docker/build-push-action' with ref 'v5', not a pinned commit hash
with:
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
"LLAMA_SERVER_VERSION=latest"
"LLAMA_SERVER_VARIANT=cuda"
"BASE_IMAGE=nvidia/cuda:12.9.0-cudnn-runtime-ubuntu24.04"
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.tags.outputs.cuda }}
Comment on lines +35 to +96

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 months ago

To fix the issue, we will add a permissions block to the workflow to explicitly define the least privileges required for the jobs. Based on the operations performed:

  • The test job only needs to read the repository contents to run tests.
  • The build job requires additional permissions to push Docker images, so it will need contents: read and packages: write.

The permissions block will be added at the job level to ensure each job has only the permissions it needs.

Suggested changeset 1
.github/workflows/release.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,2 +19,4 @@
   test:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
@@ -34,2 +36,5 @@
   build:
+    permissions:
+      contents: read
+      packages: write
     needs: test
EOF
@@ -19,2 +19,4 @@
test:
permissions:
contents: read
runs-on: ubuntu-latest
@@ -34,2 +36,5 @@
build:
permissions:
contents: read
packages: write
needs: test
Copilot is powered by AI and may make mistakes. Always verify output.
5 changes: 3 additions & 2 deletions pkg/inference/models/manager_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@ package models

import (
"context"
"github.com/google/go-containerregistry/pkg/registry"
"net/http/httptest"
"net/url"
"os"
"path/filepath"
"strings"
"testing"

"github.com/google/go-containerregistry/pkg/registry"

"github.com/docker/model-distribution/builder"
reg "github.com/docker/model-distribution/registry"

Expand Down Expand Up @@ -108,7 +109,7 @@ func TestPullModel(t *testing.T) {
m := NewManager(log, ClientConfig{
StoreRootPath: tempDir,
Logger: log.WithFields(logrus.Fields{"component": "model-manager"}),
})
}, nil)

r := httptest.NewRequest("POST", "/models/create", strings.NewReader(`{"from": "`+tag+`"}`))
if tt.acceptHeader != "" {
Expand Down