fix(makefile): standardized image targets #1015

andyatmiami · 2025-04-11T20:44:38Z

Description

deleted logs/ directory and added it to .gitignore
removed RELEASE_PYTHON_VERSION and standardized on PYTHON_VERSION makefile variable
helper functions to parse makefile target and extract important metadata as makefile variables
add retries to podman push in build_image makefile function
dynamically build workbench directory / dockerfile filename based on target
standardized makefile image targets as ----
single deploy-% target for all images
single undeploy-% target for all images
singe test-% target for all images
new e2e-% target that runs $* + deploy-$* + test-$* + undeploy-$*
updated/simplified make_test.py in light of Makefile changes
pass kustomize output to kubectl via stdin to avoid accidental checkin of personal settings
refactored notebooks/ repo file hierarchy to consistently leverage subfolders for accelerator-specific resources
- renamed runtimes folder to runtime to match target name
- jupyter/cuda + jupyter/rocm
- runtime/cuda + runtime/rocm
updated kustomize resources for consistency
- image name used an manifest name prefix
- -workbench used as manifest name suffix
- using labels transformer as commonLabels deprecated
- containerPort named workbench-port
- removed spec.containers.command from codeserver/rstudio to let server start
- images.newTag aligned with makefile target
- added emptyDir volume mount to all workloads
- added startupProbe to our accelerator images
- using term "workbench" as opposed to "notebook" consistently throughout manifests
updated various Dockerfile to match new folder hierarchy where necessary
refactored test_jupyter_with_papermill to support testing needs of all workbenches + runtimes
- scripts/makefile_utils directory created
- numerous usability enhancements to the logic
  - reduce hardcoding of "magic" strings by parsing kustomize output to identify workload names and ports
  - scan for open port and use that when verifying container starts via kubectl port-forward
  - confirms container starts for all workbenches (not just jupyter)
  - confirms required libraries installed in container (now applied to jupyter notebooks as well)
  - moved all validate-xxx target logic into script for better consolidated maintenance
  - relies on makefile to pass metadata parsed from target name to avoid duplicating logic
TODO:
- fix any problems in GHA due to above changes
- add NAMING.md file to explain the "rules" around our makefile target names and all the places in our development flow that is impacted
- fix openshift/release due to above changes
- cleanup now-defunct/legacy makefile targets

Related-to: https://issues.redhat.com/browse/RHOAIENG-23291

How Has This Been Tested?

TODO

Merge criteria:

The commits are squashed in a cohesive manner and have meaningful messages.
Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

New Features
- Introduced new runtime and accelerator variants for CUDA and ROCm with PyTorch and TensorFlow, including Kubernetes manifests and label transformers.
- Added comprehensive Tekton pipeline configurations for building and testing multi-architecture container images.
- Added robust testing scripts for validating workbench containers and Jupyter images in Kubernetes environments.
Enhancements
- Standardized naming conventions from "notebook" to "workbench" across Kubernetes manifests.
- Improved label management using Kustomize transformers for consistent resource labeling.
- Updated Dockerfile build arguments and paths for accuracy and consistency.
- Refactored Makefile for more flexible build, deploy, and test workflows.
Bug Fixes
- Corrected file paths and build argument values in Dockerfiles and Kubernetes manifests.
- Fixed test file path references to align with updated directory structures.
Chores
- Updated .gitignore to exclude logs.
- Removed obsolete and redundant files, including legacy runtime and test configurations.
Documentation
- Improved and clarified configuration files and resource annotations for maintainability.

openshift-ci · 2025-04-11T20:44:43Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

openshift-ci · 2025-04-11T20:44:47Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign andyatmiami for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

- deleted logs/ directory and added it to .gitignore - removed RELEASE_PYTHON_VERSION and standardized on PYTHON_VERSION makefile variable - helper functions to parse makefile target and extract important metadata as makefile variables - add retries to podman push in build_image makefile function - dynamically build workbench directory / dockerfile filename based on target - standardized makefile image targets as <accelerator>-<feature>-<scope>-<os>-<python version> - single deploy-% target for all images - single undeploy-% target for all images - singe test-% target for all images - new e2e-% target that runs $* + deploy-$* + test-$* + undeploy-$* - updated/simplified make_test.py in light of Makefile changes - pass kustomize output to kubectl via stdin to avoid accidental checkin of personal settings - refactored notebooks/ repo file hierarchy to consistently leverage subfolders for accelerator-specific resources - renamed runtimes folder to runtime to match target name - jupyter/cuda + jupyter/rocm - runtime/cuda + runtime/rocm - updated kustomize resources for consistency - image name used an manifest name prefix - -workbench used as manifest name suffix - using labels transformer as commonLabels deprecated - containerPort named workbench-port - removed spec.containers.command from codeserver/rstudio to let server start - images.newTag aligned with makefile target - added emptyDir volume mount to all workloads - added startupProbe to our accelerator images - using term "workbench" as opposed to "notebook" consistently throughout manifests - updated various Dockerfile to match new folder hierarchy where necessary - refactored test_jupyter_with_papermill to support testing needs of all workbenches + runtimes - scripts/makefile_utils directory created - numerous usability enhancements to the logic - reduce hardcoding of "magic" strings by parsing kustomize output to identify workload names and ports - scan for open port and use that when verifying container starts via kubectl port-forward - confirms container starts for all workbenches (not just jupyter) - confirms required libraries installed in container (now applied to jupyter notebooks as well) - moved all validate-xxx target logic into script for better consolidated maintenance - relies on makefile to pass metadata parsed from target name to avoid duplicating logic - TODO: - fix any problems in GHA due to above changes - add NAMING.md file to explain the "rules" around our makefile target names and all the places in our development flow that is impacted - fix openshift/release due to above changes - cleanup now-defunct/legacy makefile targets Related-to: https://issues.redhat.com/browse/RHOAIENG-23291

This is a "piece" of a more comprehensive/interesting PR: - opendatahub-io#1015 Unfortunately, that PR has grown wildly unwieldy in its size - and immediate feedback received was to try to break it into smaller pieces - so consider this one piece! The ulitmate goal here on this targetted PR is two-fold: - standardization irrespective of image build "flavour" our kustomize labelling - get rid of following warning: ``` $ kubectl kustomize jupyter/minimal/ubi9-python-3.11/kustomize/base # Warning: 'commonLabels' is deprecated. Please use 'labels' instead. Run 'kustomize edit fix' to update your Kustomization automatically. ... ``` No actual changes are introduced in this PR - simply leveraging the `LabelTransformer` to accomplish what `commonLabels` was previously doing. Related-to: https://issues.redhat.com/browse/RHOAIENG-23291

This is a "piece" of a more comprehensive/interesting PR: - opendatahub-io#1015 Unfortunately, that PR has grown wildly unwieldy in its size - and immediate feedback received was to try to break it into smaller pieces - so consider this one piece! The ulitmate goal here on this targetted PR is two-fold: - standardization irrespective of image build "flavour" our kustomize labelling - get rid of following warning: ``` $ kubectl kustomize jupyter/minimal/ubi9-python-3.11/kustomize/base ... ``` No actual changes are introduced in this PR - simply leveraging the `LabelTransformer` to accomplish what `commonLabels` was previously doing. Related-to: https://issues.redhat.com/browse/RHOAIENG-23291

openshift-merge-robot · 2025-04-23T22:35:49Z

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

jiridanek · 2025-06-19T06:34:06Z

@coderabbitai review

coderabbitai · 2025-06-19T06:34:11Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai · 2025-06-19T06:34:14Z

Walkthrough

This update restructures directory and file naming conventions across runtime and workbench images, standardizing from plural to singular forms (e.g., runtimes/ to runtime/). It introduces new Kustomize label transformers, updates image tags, and revises resource names and labels in Kubernetes manifests. The Makefile and test scripts are refactored for generalized, pattern-based handling. Several new Tekton pipeline configurations and test utilities are added, while obsolete files are removed or paths corrected.

Changes

File(s) / Path(s)	Change Summary
.gitignore	Added `logs/` directory to ignored files.
.tekton/*.yaml	Updated pipeline triggers, Dockerfile paths, and added new pipeline configurations for CUDA/ROCm runtimes and workbenches.
Makefile	Refactored to generalize Python version/image build targets, added parsing helpers, pattern rules for deploy/test/e2e, and removed hardcoded paths.
ci/cached-builds/make_test.py	Simplified logic for deployment/testing commands, removed pod wait logic, updated tests.
codeserver/ubi9-python-3.11/kustomize/base/*	Changed resource names/labels, added label transformer, updated image/tag, increased resource limits, and added volume mount.
jupyter/cuda/pytorch/ubi9-python-3.11/, jupyter/cuda/tensorflow/ubi9-python-3.11/	Updated Dockerfile ARGs, changed resource/service/statefulset names/labels, added label transformers, volume mounts, and startup probes.
jupyter/datascience/ubi9-python-3.11/, jupyter/minimal/ubi9-python-3.11/, jupyter/trustyai/ubi9-python-3.11/*	Removed `commonLabels`, added label transformers, updated resource/service/statefulset names/labels, added volume mounts.
jupyter/rocm/pytorch/ubi9-python-3.11/, jupyter/rocm/tensorflow/ubi9-python-3.11/	Changed resource names, removed `commonLabels`, added label transformers, updated image tags, and labels.
manifests/base/kustomization.yaml, manifests/overlays/additional/kustomization.yaml	Renamed `commonLabels` to `labels`.
rstudio/c9s-python-3.11/, rstudio/rhel9-python-3.11/	Updated resource names, added label transformers, changed image references, increased resource limits, and added/removed volume mounts.
runtime/cuda/pytorch/ubi9-python-3.11/, runtime/cuda/tensorflow/ubi9-python-3.11/	Added new kustomizations, label transformers, updated Dockerfile ARGs, resource names, image tags, and volume mounts.
runtime/datascience/ubi9-python-3.11/, runtime/minimal/ubi9-python-3.11/	Updated Dockerfile ARGs, added label transformers, changed resource names, image tags, and volume mounts.
runtime/rocm/pytorch/ubi9-python-3.11/, runtime/rocm/tensorflow/ubi9-python-3.11/	Added new kustomizations, label transformers, pod manifests; updated Dockerfile ARGs and resource names.
runtimes/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml, runtimes/rocm-pytorch/ubi9-python-3.11/*,	Deleted obsolete kustomizations and pod manifests for pluralized runtime paths.
runtimes/rocm-tensorflow/ubi9-python-3.11/, runtimes/tensorflow/ubi9-python-3.11/	Deleted obsolete kustomizations and pod manifests for pluralized runtime paths.
scripts/makefile_utils/_jupyter_test_helper.sh, scripts/makefile_utils/test_workbench_container.sh	Added new test helper scripts for Jupyter and workbench containers, supporting test execution and validation inside pods.
tests/test_main.py	Fixed file path in test to reflect new directory structure.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Makefile
    participant TestScript
    participant Kubernetes
    participant Pod

    User->>Makefile: make e2e-{target}
    Makefile->>Kubernetes: Deploy workload (deploy-{target})
    Kubernetes->>Pod: Start workload pod
    Makefile->>TestScript: test_workbench_container.sh (test-{target})
    TestScript->>Kubernetes: Verify pod/service readiness
    TestScript->>Pod: Copy imagestream/test notebook
    TestScript->>Pod: Execute tests (e.g., papermill)
    Pod-->>TestScript: Test results/logs
    TestScript->>Kubernetes: Undeploy workload (undeploy-{target})

Suggested labels

tide/merge-method-squash

Poem

Oh, what a hop through the runtime woods,
Where "runtimes" became "runtime"—as only a rabbit could!
Labels now stick like a carrot to a stem,
Images and pods all renamed for them.
With Makefile magic and YAML delight,
This bunny’s code garden is tidy and bright!
🥕✨

✨ Finishing Touches

📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 21

🔭 Outside diff range comments (10)

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1)
1-16: Ensure container security context

By default, containers may run as root and allow privilege escalation. Add a securityContext to enforce non-root execution and disable privilege escalation. For example:
 spec:
   template:
     spec:
       containers:
         - name: workbench
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
           resources:
             limits:
               memory: 6Gi
             requests:
               memory: 6Gi
runtime/datascience/ubi9-python-3.11/Dockerfile.cpu (1)

39-41: Stale metadata: update source-location label
The io.openshift.build.source-location label on line 40 still references runtimes/datascience/.... Please update it to runtime/datascience/ubi9-python-3.11 to stay consistent with the ARG.
runtime/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm (1)
73-74: Fix OpenShift source-location path

The io.openshift.build.source-location label maintains the old runtimes/rocm-tensorflow path. Update it to the singular runtime/rocm/tensorflow to stay consistent.
-    io.openshift.build.source-location="https://github.com/opendatahub-io/notebooks/tree/main/runtimes/rocm-tensorflow/ubi9-python-3.11" \
+    io.openshift.build.source-location="https://github.com/opendatahub-io/notebooks/tree/main/runtime/rocm/tensorflow/ubi9-python-3.11" \
jupyter/cuda/pytorch/ubi9-python-3.11/Dockerfile.cuda (1)
215-217: Update OpenShift source-location URL

The io.openshift.build.source-location label still points to jupyter/pytorch/.... It should reference jupyter/cuda/pytorch/... to align with the new source path.
-    io.openshift.build.source-location="https://github.com/opendatahub-io/notebooks/tree/main/jupyter/pytorch/ubi9-python-3.11" \
+    io.openshift.build.source-location="https://github.com/opendatahub-io/notebooks/tree/main/jupyter/cuda/pytorch/ubi9-python-3.11" \
runtime/datascience/ubi9-python-3.11/kustomize/base/pod.yaml (1)
1-28: Enforce non-root and drop privileges

By default, containers in this Pod run as root with privileges. To address security best practices (CKV_K8S_20, CKV_K8S_23), add a securityContext at the Pod or container level to drop privileges and run as non-root:
 spec:
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1001
+    allowPrivilegeEscalation: false
   containers:
     - name: runtime
       image: quay.io/opendatahub/workbench-images
       securityContext:
+        allowPrivilegeEscalation: false
       ...
runtime/rocm/pytorch/ubi9-python-3.11/Dockerfile.rocm (1)

75-75: Fix outdated io.openshift.build.source-location. The annotation still points to runtimes/rocm-pytorch/...; it should be updated to runtime/rocm/pytorch/ubi9-python-3.11 to reflect the new path.
jupyter/trustyai/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)
19-26: Enforce non-root execution in container.

Introduce a securityContext to run the container as non-root and disable privilege escalation:
 containers:
   - name: workbench
+    securityContext:
+      runAsNonRoot: true
+      allowPrivilegeEscalation: false
     image: quay.io/opendatahub/workbench-images:jupyter-trustyai-ubi9-python-3.11
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)

34-44: Legacy /notebook path remains in env and probes
You updated to workbench-port but have not changed the base_url and readinessProbe path from /notebook/opendatahub/jovyan/api. Update to /workbench/opendatahub/jovyan/api.
rstudio/c9s-python-3.11/kustomize/base/pod.yaml (1)
1-29: Address security configuration gaps.

The static analysis tools have identified important security concerns that should be addressed:

Privilege Escalation: Add allowPrivilegeEscalation: false to the security context

Root User: Configure the container to run as a non-root user

Apply this diff to improve security:
 spec:
   containers:
     - name: workbench
       image: quay.io/opendatahub/workbench-images:rstudio-c9s-python-3.11
       imagePullPolicy: Always
+      securityContext:
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        runAsUser: 1001
       ports:
         - name: workbench-port
           protocol: TCP
           containerPort: 8787
Makefile (1)
123-133: Validate DOCKERFILE_PATH exists before build

Before invoking build_image, verify that $(DOCKERFILE_PATH) exists and error out if not to avoid confusing build failures:
ifneq ($(wildcard $(DOCKERFILE_PATH)),)
  $(call build_image,$(1),$(DOCKERFILE_PATH))
else
  $(error Dockerfile not found at $(DOCKERFILE_PATH))
endif

🧹 Nitpick comments (36)

.gitignore (1)
15-15: Ensure logs directory is untracked
Adding logs/ to .gitignore prevents new log files from being tracked but does not remove any that are already committed. Run:
git rm -r --cached logs/
to purge existing entries.
jupyter/datascience/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-15: Validate LabelTransformer settings

Confirm apiVersion: builtin is supported by your Kustomize version (some require builtin/v1).

If spec/selector/matchLabels may be absent in base resources, consider create: true to enforce selector labeling.

To avoid naming collisions when multiple transformers load, make metadata.name unique per environment (e.g., add-labels-datascience).
runtime/minimal/ubi9-python-3.11/kustomize/base/pod.yaml (1)
8-12: Add securityContext to container
Without an explicit security context, the container runs as root and may allow privilege escalation. Consider adding:
       image: quay.io/opendatahub/workbench-images
+      securityContext:
+        runAsNonRoot: true
+        allowPrivilegeEscalation: false
       command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]
rstudio/rhel9-python-3.11/kustomize/base/labels.yaml (1)

5-6: Ensure transformer name uniqueness.
Using a generic metadata.name: add-labels can collide if multiple transformers are applied. Consider renaming to something like rstudio-add-labels.
runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (1)
7-17: Consider a non-root securityContext.
To adhere to Pod Security best practices, you may want to specify:
securityContext:
  runAsNonRoot: true
  allowPrivilegeEscalation: false
on the container.
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)
9-12: Optional: simplify the images override by removing the redundant newName.

Since newName is identical to name, it can be omitted. This reduces verbosity:
 images:
   - name: quay.io/opendatahub/workbench-images
-    newName: quay.io/opendatahub/workbench-images
     newTag: cuda-runtime-pytorch-ubi9-python-3.11
runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)
9-12: Optional: remove the redundant newName in the images block.

Since newName duplicates name, it can be dropped to streamline the override:
 images:
   - name: quay.io/opendatahub/workbench-images
-    newName: quay.io/opendatahub/workbench-images
     newTag: rocm-runtime-pytorch-ubi9-python-3.11
jupyter/trustyai/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)
37-43: Consider adding a startupProbe.

To mirror other overlays and improve deployment robustness, add a startupProbe before the liveness/readiness checks:
startupProbe:
  httpGet:
    path: /notebook/opendatahub/jovyan/api
    port: workbench-port
    scheme: HTTP
  failureThreshold: 90
  periodSeconds: 10
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)

34-39: Consider adding securityContext to restrict privileges
Best practice is to add a securityContext on the container with runAsNonRoot: true and allowPrivilegeEscalation: false to harden the pod.

runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (2)

1-5: Pod metadata is minimal but valid
The Pod is named "runtime" with no labels. Consider adding labels for selectors and tracking.

15-20: Resource requests equal limits
Setting requests equal to limits can lead to inefficient scheduling. Consider lowering requests or raising limits based on realistic workload needs.

jupyter/minimal/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)

20-23: Pin image tag and enforce securityContext
The image tag jupyter-minimal-ubi9-python-3.11 is correct, but plan to pin to an exact digest for immutability. Also add securityContext with runAsNonRoot: true and allowPrivilegeEscalation: false.

codeserver/ubi9-python-3.11/kustomize/base/pod.yaml (1)

16-21: Resource requests and limits increased.
Memory limits and requests have been bumped (limits to 2Gi, requests to 1Gi). Validate that the cluster capacity and actual workload demands justify these values.
jupyter/datascience/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)
20-66: Harden container security
No securityContext is defined. To follow best practices, add:
securityContext:
  runAsNonRoot: true
  allowPrivilegeEscalation: false
under the container spec.
jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)
20-73: Harden container security
Add:
securityContext:
  runAsNonRoot: true
  allowPrivilegeEscalation: false
to the container spec to align with security policies.
jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-15: Transformer name could be more descriptive
The metadata.name: add-labels is generic and may conflict with other transformers. Consider renaming to add-rocm-tf-labels or similar for clarity.
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)
20-75: Harden container security
Add to the container spec:
securityContext:
  runAsNonRoot: true
  allowPrivilegeEscalation: false
to comply with security best practices.
scripts/makefile_utils/test_workbench_container.sh (8)

44-50: Complete documentation TODOs

Several TODO markers for function descriptions remain. Please replace these placeholders with meaningful comments to clarify inputs, outputs, and behavior for future maintainability.

I can help by drafting the missing descriptions—would you like me to proceed?

78-84: Avoid reliance on global manifest_yaml

_get_workload_app_name references ${manifest_yaml} but does not guarantee it’s set in this scope. Ensure that _get_manifest_yaml is called prior and consider passing manifest_yaml as an argument to avoid hidden dependencies.

91-105: Optimize port scanning loop

Iterating over 2000 ports with lsof can be slow. You may cache open ports in a single command rather than shelling out for each port, or use ss/netstat for faster checks.

123-131: Deduplicate ide_server_port declaration

The variable ide_server_port is declared twice, shadowing the first assignment. Remove the redundant local ide_server_port= before the second assignment.

209-224: Check papermill installation

Installing papermill inside the container on every test run can be time-consuming and may mask image defects. Prefer baking papermill into the image or pre-checking rather than dynamic pip install.

245-255: Capture and report R package installation errors

The R package installation uses > /dev/null, suppressing error details. For troubleshooting, consider capturing stderr to a log file or printing errors on failure.

379-386: Fail early on missing dependencies

The script exits if kubectl or yq are missing. Consider adding checks for other referenced tools (curl, lsof) to fail fast when prerequisites are not met.

399-407: Validate workload_name retrieval

workload_name extraction uses get pods -l app=...; if multiple pods match, this may select the wrong one. Consider handling multiple items or verifying unique matches.

scripts/makefile_utils/_jupyter_test_helper.sh (5)

1-10: Clarify script purpose and inputs

The header comment describes the script but leaves ambiguity around expected arguments and environment setup. Add an explicit Usage: section with parameter definitions to improve clarity.

89-104: Avoid hardcoded dependency versions

nbdime_version and nbgitpuller_version are hardcoded. Extract these to configurable variables at the top of the script or derive them from a lock file to maintain consistency.

105-108: Quote exec parameters

The use of single quotes in the kubectl exec command prevents variable expansion in the outer shell but may confuse readers. Document the intent clearly or switch to double quotes with escaping.

134-138: Surface papermill errors for diagnostics

On failure, consider printing both stdout and stderr logs, not just the error file, to aid debugging in CI.

176-181: Use arrays or YAML instead of hard-coded lists

The datascience_derived_images list is hard-coded. Consider deriving supported IDs dynamically or centralizing definitions to avoid divergence with Makefile.

Makefile (5)

53-56: Document supported workbench options

The new SUPPORTED_WORKBENCH_ACCELERATORS, SUPPORTED_WORKBENCH_FEATURES, and SUPPORTED_WORKBENCH_SCOPES variables enumerate valid target components. Consider adding inline comments or referencing external documentation to clarify each category.

70-86: Simplify target parsing logic

The parse_workbench_target function uses complex wordlist and filter calls. To improve maintainability, consider splitting parsing into smaller helper functions or leveraging Makefile regex support for clarity.

113-115: Adjust push retry behavior

Adding --retry 5 for Podman pushes improves robustness. Consider also retrying on Docker (docker push) to handle transient network issues in that environment as well.

258-267: Parameterize overlay selection

The deploy-% rule uses a hardcoded $(KUSTOMIZE_OVERLAY) setting (default base). For testing different overlays, consider allowing a KUSTOMIZE_OVERLAY override per target or environment.

333-346: Streamline end-to-end workflow

The new e2e-% target chains build, deploy, test, and undeploy. To improve readability, you might group those into a reusable phony target list, reducing duplication.
jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml (1)
20-23: Recommend adding a securityContext to harden the container

No explicit securityContext is defined. Consider enforcing non-root execution and disabling privilege escalation:
        - name: workbench
          securityContext:
            runAsNonRoot: true
            allowPrivilegeEscalation: false
          image: quay.io/opendatahub/workbench-images:rocm-jupyter-tensorflow-ubi9-python-3.11
          imagePullPolicy: Always

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e17ba3 and 872be10.

⛔ Files ignored due to path filters (8)

jupyter/cuda/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
jupyter/cuda/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
runtime/cuda/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
runtime/cuda/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
runtime/datascience/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
runtime/minimal/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
runtime/rocm/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
runtime/rocm/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (102)

.gitignore (1 hunks)
.tekton/cuda-jupyter-pytorch-ubi9-python-3-11-pull-request.yaml (2 hunks)
.tekton/cuda-jupyter-pytorch-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/cuda-jupyter-tensorflow-ubi9-python-3-11-pull-request.yaml (2 hunks)
.tekton/cuda-jupyter-tensorflow-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/cuda-runtime-pytorch-ubi9-python-3-11-pull-request.yaml (1 hunks)
.tekton/cuda-runtime-pytorch-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/cuda-runtime-tensorflow-ubi9-python-3-11-pull-request.yaml (1 hunks)
.tekton/cuda-runtime-tensorflow-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/rocm-runtime-pytorch-ubi9-python-3-11-pull-request.yaml (2 hunks)
.tekton/rocm-runtime-pytorch-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/rocm-runtime-tensorflow-ubi9-python-3-11-pull-request.yaml (2 hunks)
.tekton/rocm-runtime-tensorflow-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/runtime-datascience-ubi9-python-3-11-pull-request.yaml (2 hunks)
.tekton/runtime-datascience-ubi9-python-3-11-push.yaml (1 hunks)
.tekton/runtime-minimal-ubi9-python-3-11-pull-request.yaml (2 hunks)
.tekton/runtime-minimal-ubi9-python-3-11-push.yaml (1 hunks)
Makefile (8 hunks)
ci/cached-builds/make_test.py (3 hunks)
codeserver/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
codeserver/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
codeserver/ubi9-python-3.11/kustomize/base/pod.yaml (1 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/Dockerfile.cuda (5 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (3 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1 hunks)
jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1 hunks)
jupyter/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda (5 hunks)
jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml (2 hunks)
jupyter/datascience/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/datascience/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/datascience/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/datascience/ubi9-python-3.11/kustomize/base/statefulset.yaml (3 hunks)
jupyter/minimal/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/minimal/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/minimal/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/minimal/ubi9-python-3.11/kustomize/base/statefulset.yaml (3 hunks)
jupyter/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (0 hunks)
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (3 hunks)
jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml (4 hunks)
jupyter/trustyai/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
jupyter/trustyai/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
jupyter/trustyai/ubi9-python-3.11/kustomize/base/service.yaml (1 hunks)
jupyter/trustyai/ubi9-python-3.11/kustomize/base/statefulset.yaml (3 hunks)
manifests/base/kustomization.yaml (1 hunks)
manifests/overlays/additional/kustomization.yaml (1 hunks)
rstudio/c9s-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
rstudio/c9s-python-3.11/kustomize/base/labels.yaml (1 hunks)
rstudio/c9s-python-3.11/kustomize/base/pod.yaml (1 hunks)
rstudio/c9s-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1 hunks)
rstudio/c9s-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1 hunks)
rstudio/rhel9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
rstudio/rhel9-python-3.11/kustomize/base/labels.yaml (1 hunks)
rstudio/rhel9-python-3.11/kustomize/base/pod.yaml (1 hunks)
rstudio/rhel9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1 hunks)
rstudio/rhel9-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1 hunks)
runtime/cuda/pytorch/ubi9-python-3.11/Dockerfile.cuda (2 hunks)
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml (2 hunks)
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1 hunks)
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1 hunks)
runtime/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda (2 hunks)
runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (2 hunks)
runtime/datascience/ubi9-python-3.11/Dockerfile.cpu (1 hunks)
runtime/datascience/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
runtime/datascience/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
runtime/datascience/ubi9-python-3.11/kustomize/base/pod.yaml (2 hunks)
runtime/minimal/ubi9-python-3.11/Dockerfile.cpu (1 hunks)
runtime/minimal/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
runtime/minimal/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
runtime/minimal/ubi9-python-3.11/kustomize/base/pod.yaml (2 hunks)
runtime/rocm/pytorch/ubi9-python-3.11/Dockerfile.rocm (2 hunks)
runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml (1 hunks)
runtime/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm (2 hunks)
runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (1 hunks)
runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1 hunks)
runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (1 hunks)
runtimes/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (0 hunks)
runtimes/rocm-pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (0 hunks)
runtimes/rocm-tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (0 hunks)
runtimes/rocm-tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (0 hunks)
runtimes/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (0 hunks)
runtimes/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (0 hunks)
scripts/makefile_utils/_jupyter_test_helper.sh (1 hunks)
scripts/makefile_utils/test_workbench_container.sh (1 hunks)
tests/test_main.py (1 hunks)

💤 Files with no reviewable changes (7)

runtimes/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml
jupyter/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml
runtimes/rocm-tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml
runtimes/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml
runtimes/rocm-tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml
runtimes/rocm-pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml
runtimes/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml

🧰 Additional context used

🪛 Checkov (3.2.334)

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml

[MEDIUM] 2-15: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-15: Minimize the admission of root containers

(CKV_K8S_23)

runtime/datascience/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-27: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-27: Minimize the admission of root containers

(CKV_K8S_23)

runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-27: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-27: Minimize the admission of root containers

(CKV_K8S_23)

runtime/minimal/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-27: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-27: Minimize the admission of root containers

(CKV_K8S_23)

runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-27: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-27: Minimize the admission of root containers

(CKV_K8S_23)

runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-27: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-27: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/trustyai/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-66: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-66: Minimize the admission of root containers

(CKV_K8S_23)

codeserver/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-21: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-21: Minimize the admission of root containers

(CKV_K8S_23)

runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-27: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-27: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-73: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-73: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/minimal/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-66: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-66: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-75: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-75: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-66: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-66: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-68: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-68: Minimize the admission of root containers

(CKV_K8S_23)

jupyter/datascience/ubi9-python-3.11/kustomize/base/statefulset.yaml

[MEDIUM] 2-66: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-66: Minimize the admission of root containers

(CKV_K8S_23)

rstudio/c9s-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-28: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-28: Minimize the admission of root containers

(CKV_K8S_23)

rstudio/rhel9-python-3.11/kustomize/base/pod.yaml

[MEDIUM] 2-28: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[MEDIUM] 2-28: Minimize the admission of root containers

(CKV_K8S_23)

🔇 Additional comments (146)

manifests/base/kustomization.yaml (1)

24-27: Verify root-level labels field support
Kustomize’s kustomization.yaml spec typically uses commonLabels. Please confirm that your CI’s Kustomize version supports a top-level labels: field, or revert to commonLabels to maintain compatibility.

manifests/overlays/additional/kustomization.yaml (1)

8-11: Confirm overlay-level labels field compatibility
Overlay kustomizations generally expect commonLabels rather than labels:. Verify that the selected Kustomize CLI supports labels: at this level or adjust back to commonLabels for consistency.

jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/service.yaml (1)

5-15: Ensure service port name matches container port
The service references targetPort: workbench-port and labels app: workbench. Confirm that the Pod spec names its container port workbench-port and that the kustomization’s namePrefix generates a unique service name for each environment.

codeserver/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-12: Consistent label injection via LabelTransformer.

The new LabelTransformer cleanly replaces commonLabels and centralizes the app: codeserver-ubi9-python-3-11 label for both resource metadata and pod templates. This aligns with the repo-wide standard—no further changes needed here.

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1)

12-12: Container name standardized to workbench.

The override renames the container from its previous identifier to workbench, matching the new naming convention across notebook images.

rstudio/c9s-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1)

8-8: Container renamed to workbench.

Updating the container name from the legacy value to workbench aligns with other environments. No additional adjustments required here.
runtime/cuda/pytorch/ubi9-python-3.11/Dockerfile.cuda (2)

138-138: Skip: trivial whitespace cleanup.

The removal of trailing whitespace after the yum clean all step has no effect on the build logic.

151-151: Verify updated ARG path consistency.

The PYTORCH_SOURCE_CODE ARG now points to runtime/cuda/pytorch/ubi9-python-3.11 (singular runtime), replacing the old runtimes path. Ensure all COPY directives and Tekton pipeline configs reference this new directory.

Run:
#!/bin/bash
# Search for any remaining references to the old path
rg -n 'runtimes/pytorch/ubi9-python-3.11'
runtime/cuda/pytorch/ubi9-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1)

5-5: Metadata name updated to runtime.

Changing the Pod’s metadata name from pod to runtime aligns with the new naming scheme for runtime images. This matches the corresponding base manifests.

runtime/minimal/ubi9-python-3.11/Dockerfile.cpu (1)

29-31: Consistent Docker build ARG and alias update
The FROM base AS runtime-minimal alias and ARG MINIMAL_SOURCE_CODE have been updated to use the singular runtime path, aligning with the renamed directory structure.

jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (2)

4-4: Updated namePrefix to include cuda- accelerator prefix
Aligns resource naming with the standardized <accelerator>-<feature>-<scope>-<os>-<python version> convention.

8-9: Switch to label transformers over static commonLabels
Moving commonLabels into a transformers block with labels.yaml improves flexibility and reusability of label management across resources.

rstudio/c9s-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1)

5-10: Standardize Pod and container names to workbench
Renaming both metadata.name and the container name to workbench ensures consistent naming conventions for RStudio CUDA accelerator overlays.

runtime/cuda/pytorch/ubi9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1)

5-9: Standardize Pod and container names to runtime
Aligns the Pod metadata.name and container name with the new naming conventions for CUDA PyTorch runtime overlays.

rstudio/rhel9-python-3.11/kustomize/overlays/accelerator/cuda/pod-patch.yaml (1)

5-10: Standardize Pod and container names to workbench
Consistent renaming to workbench matches the established pattern for RStudio CUDA accelerator overlays.
jupyter/minimal/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

8-9: Let’s explicitly verify that labels.yaml exists in the kustomize base directory and that the old commonLabels stanza has been removed:
#!/bin/bash
# 1. Check for labels.yaml in the base folder
echo "Finding labels.yaml:"
find jupyter/minimal/ubi9-python-3.11/kustomize/base -maxdepth 1 -type f -name 'labels.yaml' || echo "labels.yaml not found"

# 2. Ensure commonLabels stanza is no longer present
echo -e "\nSearching for commonLabels in kustomization.yaml:"
grep -R 'commonLabels:' -n jupyter/minimal/ubi9-python-3.11/kustomize/base/kustomization.yaml \
  && echo "⚠️ commonLabels still present" \
  || echo "commonLabels stanza removed"
jupyter/trustyai/ubi9-python-3.11/kustomize/base/kustomization.yaml (2)

8-9: Adopt LabelTransformer for centralized labeling
Replacing static commonLabels with a labels.yaml transformer is the right approach for consistency. Ensure labels.yaml defines the correct app: jupyter-trustyai-ubi9-python-3-11 label.

13-13: Update image tag to follow naming convention
The newTag jupyter-trustyai-ubi9-python-3.11 matches the standardized pattern. Verify this tag exists in your registry before merging.

You can check with:
curl -s https://quay.io/api/v1/repository/opendatahub/workbench-images/tag/?specificTag=jupyter-trustyai-ubi9-python-3.11
runtime/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda (2)

138-138: Skip: trailing-whitespace removal is cosmetic
This change is purely formatting cleanup.

151-151: Correct build context path for TensorFlow source
Updating TENSORFLOW_SOURCE_CODE to runtime/cuda/tensorflow/ubi9-python-3.11 aligns with the reorganized directory. Ensure all other Dockerfiles and build scripts reference this path.

Run:
rg -n 'TENSORFLOW_SOURCE_CODE=' -C2 .
to catch any stale references.
rstudio/rhel9-python-3.11/kustomize/components/accelerator/pod-patch.yaml (1)

5-9: ```shell
#!/bin/bash

Search for any lingering references to 'rstudio' in YAML files under the rstudio/rhel9-python-3.11 directory

rg -n 'rstudio' -C2 rstudio/rhel9-python-3.11
</details>
<details>
<summary>jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/service.yaml (1)</summary>

`5-7`: **Rename service and selectors from `notebook` to `workbench`**  
Changing the Service name, labels, selector, and targetPort ensures alignment with the new “workbench” terminology. Confirm that the corresponding StatefulSet and Pod specs use `workbench-port` and `app: workbench`.  
   
To verify consistency, you can run:
```shell
rg -n 'workbench-port' -C2 jupyter/cuda/pytorch/ubi9-python-3.11/kustomize
Also applies to: 13-15
tests/test_main.py (1)

36-38: ```shell
#!/bin/bash

Search all files for any lingering references to the old path

rg -n "runtimes/rocm-pytorch"
</details>
<details>
<summary>rstudio/rhel9-python-3.11/kustomize/base/kustomization.yaml (1)</summary>

`4-4`: **Adopt Kustomize transformer-based labeling**

The new `namePrefix` and `transformers` entries replace `commonLabels` as intended and match the project-wide standard. Ensure the corresponding `labels.yaml` defines the `app: rstudio-rhel9-python-3-11` label as expected.



Also applies to: 7-8

</details>
<details>
<summary>jupyter/datascience/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)</summary>

`8-9`: **Switch from commonLabels to transformer**

The added `transformers` section correctly replaces the removed `commonLabels`. Verify that `labels.yaml` exists and applies `app: jupyter-datascience-ubi9-python-3-11` consistently across resources.

</details>
<details>
<summary>jupyter/trustyai/ubi9-python-3.11/kustomize/base/service.yaml (1)</summary>

`5-7`: ```shell
#!/bin/bash
# Search for any references to the named port across manifests
rg -n -C2 "workbench-port"
.tekton/cuda-jupyter-tensorflow-ubi9-python-3-11-push.yaml (1)

39-39: Verify updated Dockerfile path
Ensure the jupyter/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda path matches the relocated file in the repository.
#!/bin/bash
# Confirm the Dockerfile exists at the new path
test -f jupyter/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/service.yaml (1)

5-7: Verify service renaming and port alignment
The Service name, labels, and targetPort have been updated to workbench and workbench-port. Ensure the corresponding StatefulSet or Pod specs reference the same port name to avoid routing failures.
#!/bin/bash
grep -R "workbench-port" -n jupyter/rocm/pytorch/ubi9-python-3.11
Also applies to: 13-15
jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (2)

4-4: Approve namePrefix update
The namePrefix now correctly follows the <accelerator>-<feature>-<scope>-<os>-<python version>- convention.

8-9: ```shell
#!/bin/bash
grep -E "app:\s*rocm-jupyter-pytorch-ubi9-python-3-11" -n jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml || echo "Label app: rocm-jupyter-pytorch-ubi9-python-3-11 not found"
</details>
<details>
<summary>jupyter/datascience/ubi9-python-3.11/kustomize/base/service.yaml (1)</summary>

`5-7`: **Verify service renaming consistency**  
Service metadata has been renamed from `notebook` to `workbench`. Ensure any Deployment/Pod manifests reference `workbench-port` as the targetPort to maintain connectivity.  


```shell
#!/bin/bash
grep -R "workbench-port" -n jupyter/datascience/ubi9-python-3.11
Also applies to: 13-15
jupyter/minimal/ubi9-python-3.11/kustomize/base/service.yaml (1)

5-7: To verify that your workloads expose a port named workbench-port, let’s check both for named ports and any containerPort entries:
#!/bin/bash
grep -R "name: workbench-port" -n jupyter/minimal/ubi9-python-3.11
grep -R "containerPort" -n jupyter/minimal/ubi9-python-3.11
runtime/minimal/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

4-12: Approve standardized kustomization configuration
The namePrefix, transformers, and image override align with the new naming and labeling conventions.

runtime/datascience/ubi9-python-3.11/Dockerfile.cpu (2)

29-29: Approve build stage alias update
Renaming the stage to runtime-datascience improves clarity and matches directory conventions.

31-31: Approve corrected source code ARG path
Updating DATASCIENCE_SOURCE_CODE to runtime/datascience/ubi9-python-3.11 fixes the plural-to-singular directory mismatch.

runtime/datascience/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

4-12: Approve kustomization updates for datascience runtime
The namePrefix, transformers, and image tag changes follow the standardized pattern and will apply consistent labels.

jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/service.yaml (2)

5-8: Approve service renaming and app label change
Switching from notebook to workbench for service name and app: selector aligns with the new terminology and kustomize transformers.

13-16: Approve targetPort and selector update
Updating targetPort to workbench-port and the selector to app: workbench ensures traffic is routed correctly to the renamed container port.

runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml (3)

5-6: Approve pod name change
Renaming the Pod metadata to runtime is consistent with the other runtime manifests and the namePrefix.

9-10: Approve image reference update
Changing the container image to quay.io/opendatahub/workbench-images aligns with the consolidated image repository.

21-27: Approve addition of memory-backed emptyDir volume
Mounting /opt/app-root/src as a tmp-volume with medium: Memory provides a faster, ephemeral workspace for runtime operations.

rstudio/c9s-python-3.11/kustomize/base/kustomization.yaml (2)

4-8: Consistent use of namePrefix and transformers

The new namePrefix and transformers sections correctly replace the previous commonLabels approach. Ensure that labels.yaml defines the appropriate LabelTransformer and is included in this directory.

9-12: Verify image override matches manifests

The images override specifies the same name and newName; confirm that this matches the image references in your Kubernetes manifests (e.g., ensure they use quay.io/opendatahub/workbench-images). Otherwise, Kustomize may not apply the override.

runtime/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm (1)

65-65: Align build argument path with refactored structure

The ARG TENSORFLOW_SOURCE_CODE now correctly points to runtime/rocm/tensorflow/ubi9-python-3.11. This matches the updated directory layout.

jupyter/cuda/pytorch/ubi9-python-3.11/Dockerfile.cuda (1)

205-206: Align build argument path for PyTorch source

The ARG PYTORCH_SOURCE_CODE has been updated to include the cuda directory, matching the refactored layout.

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (2)

4-9: Standardize naming and apply label transformer

The namePrefix and transformers sections correctly replace commonLabels. Make sure labels.yaml exists and defines the app: cuda-jupyter-pytorch-ubi9-python-3-11 label.

11-13: Verify image tag override alignment

The newTag: cuda-jupyter-pytorch-ubi9-python-3.11 should match the image used in your statefulset and service manifests. Confirm consistency to ensure Kustomize overrides apply correctly.

runtime/datascience/ubi9-python-3.11/kustomize/base/pod.yaml (3)

4-9: Standardize pod and container names

Renaming the pod and container to runtime aligns with conventions used across other runtime kustomizations.

9-13: Override image for workbench runtime

The image override to quay.io/opendatahub/workbench-images is correct; ensure your overlay kustomizations adjust tag via images section if necessary.

21-27: Confirm emptyDir volume usage

The in-memory emptyDir volume at /opt/app-root/src is appropriate for ephemeral storage, but verify that application logic tolerates its ephemeral nature.

runtime/minimal/ubi9-python-3.11/kustomize/base/pod.yaml (1)

5-6: Ensure unique pod name across overlays
The static name runtime may collide when multiple variants are deployed; verify the overlay’s namePrefix adds sufficient uniqueness.

.tekton/rocm-runtime-pytorch-ubi9-python-3-11-push.yaml (1)

38-40: Confirm path-context alignment with new Dockerfile path
The dockerfile parameter is updated but path-context remains default (.). Verify that the build supports specifying a Dockerfile outside the context or adjust path-context to runtime/rocm/pytorch/ubi9-python-3.11.

.tekton/cuda-jupyter-pytorch-ubi9-python-3-11-push.yaml (1)

38-40: Confirm path-context for updated Dockerfile
Similar to the ROCm pipeline, the new dockerfile path may require updating path-context or verifying that the default context accommodates this relative path.

jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (2)

4-4: NamePrefix update aligns with new convention
The namePrefix is correctly reordered to rocm-jupyter-..., matching the repository-wide standard.

8-9: Switch to transformer-based labeling
Replacing commonLabels with a labels.yaml transformer is a solid improvement for maintainability.

rstudio/c9s-python-3.11/kustomize/base/labels.yaml (1)

1-13: Validate LabelTransformer configuration
The transformer is structured correctly, but ensure your Kustomize version supports builtin.LabelTransformer and that the app: rstudio-c9s-python-3-11 label matches the overlay’s namePrefix.

rstudio/rhel9-python-3.11/kustomize/base/labels.yaml (3)

2-3: API version & kind are correct.
The apiVersion: builtin and kind: LabelTransformer align with Kustomize’s built-in transformers.

7-8: Label key/value is consistent.
The app: rstudio-rhel9-python-3-11 label follows the naming convention used across environments.

9-12: FieldSpecs configuration is valid.
The create flags correctly handle adding labels to both metadata/labels and pod templates.

.tekton/runtime-minimal-ubi9-python-3-11-push.yaml (1)

38-39: Correct Dockerfile path prefix.
The dockerfile parameter now references runtime/minimal/ubi9-python-3.11/Dockerfile.cpu, matching the new directory layout.

runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (2)

5-5: Standardized pod name and image placeholder.
Renaming the Pod to runtime and using the quay.io/opendatahub/workbench-images image placeholder aligns with the new naming and kustomize override patterns.

Also applies to: 9-9

21-27: Add in-memory emptyDir for ephemeral storage.
Mounting tmp-volume at /opt/app-root/src with medium: Memory is correctly configured for tmpfs usage.

.tekton/runtime-datascience-ubi9-python-3-11-pull-request.yaml (2)

13-17: Update trigger paths to new structure.
The on-cel-expression conditions now reference runtime/datascience/... instead of runtimes/.... Please verify these paths match the actual repo layout.

42-43: Align Dockerfile path with refactoring.
The dockerfile parameter correctly points to runtime/datascience/ubi9-python-3.11/Dockerfile.cpu.

.tekton/runtime-datascience-ubi9-python-3-11-push.yaml (1)

39-39: Correct Dockerfile path for push pipeline.
Updated dockerfile parameter to runtime/datascience/ubi9-python-3.11/Dockerfile.cpu, consistent with the directory rename.
.tekton/rocm-runtime-tensorflow-ubi9-python-3-11-push.yaml (1)

38-39: Verify updated Dockerfile path exists. Ensure the dockerfile parameter now correctly points to the new runtime/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm location and that the file exists.
#!/bin/bash
# Verify the Dockerfile path in the repository
rg --files | grep 'runtime/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm'
jupyter/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda (4)

138-138: Approve addition of XLA_FLAGS. The new ENV XLA_FLAGS=--xla_gpu_cuda_data_dir=/usr/local/cuda is correct for enabling GPU library discovery at runtime.

149-159: Approve new cuda-jupyter-minimal stage. Introducing the cuda-jupyter-minimal multi-stage build target improves modularity by separating the minimal Jupyter setup from the full data science image.

205-206: Approve corrected ARG TENSORFLOW_SOURCE_CODE path. Updating the build argument to jupyter/cuda/tensorflow/ubi9-python-3.11 aligns with the reorganized directory structure.

230-232: Validate sed JSON patch and extension disable. The sed command replaces the kernel launcher string and the jupyter labextension disable step removes unwanted announcements. Please verify that the JSON path and quoting match your kernel.json format.

codeserver/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

4-13: Approve Kustomization updates. The namePrefix, transformers, and images entries have been updated to use the new codeserver-ubi9-python-3-11 tag and reference labels.yaml, which standardizes labeling and image overrides across the codeserver environment.

runtime/rocm/pytorch/ubi9-python-3.11/Dockerfile.rocm (2)

41-41: Approve ROCm meta-packages comment. The clarified comment about installing only ROCm meta-packages enhances readability and maintenance.

65-65: Approve corrected ARG PYTORCH_SOURCE_CODE path. The update to runtime/rocm/pytorch/ubi9-python-3.11 matches the new directory layout for the PyTorch runtime.

jupyter/minimal/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-14: Approve new LabelTransformer. Adding this transformer to apply app: jupyter-minimal-ubi9-python-3-11 replaces hardcoded commonLabels and centralizes label management across manifests.

runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (2)

1-4: Kustomization header and namePrefix are correctly defined.

The apiVersion, kind, and namePrefix follow the expected Kustomize conventions and naming pattern for CUDA PyTorch runtimes.

5-8: Resources and transformers section is properly configured.

Including pod.yaml under resources and adding labels.yaml as a transformer aligns with the new labeling approach.

runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-13: LabelTransformer correctly applies the standardized app label.

The builtin LabelTransformer with app: cuda-runtime-tensorflow-ubi9-python-3-11 and appropriate fieldSpecs ensures consistent labeling of metadata and pod templates.

.tekton/cuda-jupyter-tensorflow-ubi9-python-3-11-pull-request.yaml (2)

13-22: Updated on-cel-expression to include the new CUDA TensorFlow paths.

The added "jupyter/cuda/tensorflow/ubi9-python-3.11/Pipfile.lock".pathChanged() and related entries ensure the pipeline triggers correctly for changes in the reorganized directories.

47-48: Corrected the dockerfile parameter to the new directory layout.

Using jupyter/cuda/tensorflow/ubi9-python-3.11/Dockerfile.cuda aligns the pipeline spec with the updated source tree.

runtime/datascience/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-13: LabelTransformer adds the consistent app: runtime-datascience-ubi9-python-3-11 label.

This follows the standardized labeling approach across all runtime environments.

runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

1-8: Kustomization header, resources, and transformers are correctly defined.

The namePrefix, pod inclusion, and reference to labels.yaml match the established pattern for ROCm PyTorch runtimes.

jupyter/trustyai/ubi9-python-3.11/kustomize/base/statefulset.yaml (4)

5-14: Standardized naming: metadata and serviceName updated.

The StatefulSet metadata.name, selector, and serviceName now use "workbench" to match the new naming guidelines.

20-22: Container renaming and image tag.

Container name and image fields correctly reference the Trustyai workbench image.

34-39: Port name updates in probes.

Probes now refer to workbench-port, aligning port names across container and health checks.

Also applies to: 47-48

60-66: Memory-backed emptyDir volume addition.

The in-memory tmp-volume mounted at /opt/app-root/src is correctly defined and mounted for ephemeral data.

jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (4)

5-5: Rename resource to "workbench" is correctly applied
Resource naming has been updated consistently. Ensure dependent services and scripts reference the new name.

20-21: Update container name and image tag
The container name has been updated to "workbench" and the image tag now follows the new convention. Confirm image registry credentials are valid for quay.io/opendatahub/workbench-images:rocm-jupyter-pytorch-ubi9-python-3.11.

47-47: Inconsistent URL base path vs. resource name
The server base URL still uses /notebook/opendatahub/jovyan even though the resource is renamed "workbench". If this change should be global, update the --ServerApp.base_url to /workbench/opendatahub/jovyan.

Likely an incorrect or invalid review comment.

60-66: Memory-backed tmp-volume mount is appropriate
Mounting a memory-backed emptyDir at /opt/app-root/src will improve I/O performance. Ensure no state is lost on pod restart.

jupyter/trustyai/ubi9-python-3.11/kustomize/base/labels.yaml (3)

3-7: LabelTransformer configuration looks correct
The LabelTransformer is properly defined to add the app: jupyter-trustyai-ubi9-python-3-11 label. Confirm this matches the naming convention used elsewhere.

9-11: Ensure fieldSpec for root labels is correct
Using create: true on metadata/labels will initialize the field if missing; this is appropriate.

11-14: Verify targeted fieldSpecs
create: false for spec/template/metadata/labels and spec/selector/matchLabels assumes these paths already exist. Ensure associated Kustomizations include those sections or add fallback labels to avoid no-op.

.tekton/runtime-minimal-ubi9-python-3-11-pull-request.yaml (2)

14-16: Update PipelineRun trigger paths are correct
The on-cel-expression now listens for changes in runtime/minimal/ubi9-python-3.11 instead of runtimes/..., matching the directory rename. Ensure all related paths (e.g., Pipfile.lock, utils) reflect the new structure.

42-42: Correct Dockerfile path parameter
The dockerfile param now points to runtime/minimal/ubi9-python-3.11/Dockerfile.cpu as expected. Confirm that pipelines consuming this file use the correct path-context if it's set differently.

runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml (2)

12-13: Expose container port
Port 8080 is configured correctly. If multiple services share the Pod, ensure unique naming or network policies.

21-27: Memory-backed tmp-volume is appropriate
Using emptyDir with medium: Memory for /opt/app-root/src matches other runtime manifests. Ensure no persistent data is required.

jupyter/minimal/ubi9-python-3.11/kustomize/base/statefulset.yaml (4)

5-5: Resource renamed to "workbench" correctly
The StatefulSet name update aligns with naming conventions.

34-39: Port naming and liveness probe are consistent
The probe targets workbench-port as expected. Confirm probe thresholds suit startup time for minimal images.

47-47: Inconsistent URL base path vs. resource name
The readiness probe path still uses /notebook/opendatahub/jovyan. Consider updating to /workbench/opendatahub/jovyan if intention is to fully replace "notebook" in URLs.

Likely an incorrect or invalid review comment.

60-66: Memory-backed tmp-volume mount is consistent
Mounting a memory emptyDir for the working directory matches other manifests.

jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-14: Approve LabelTransformer for ROCm Jupyter PyTorch environment

The LabelTransformer is correctly configured to apply the app: rocm-jupyter-pytorch-ubi9-python-3-11 label to both top-level and pod template metadata (and selector) as intended.

runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-13: Approve LabelTransformer for CUDA runtime PyTorch environment

The transformer cleanly injects app: cuda-runtime-pytorch-ubi9-python-3-11 into resource labels and pod templates, matching the naming convention and directory restructure.

.tekton/rocm-runtime-tensorflow-ubi9-python-3-11-pull-request.yaml (1)

14-16: Approve updated Tekton trigger paths

The on-cel-expression now correctly references runtime/rocm/tensorflow/ubi9-python-3.11/... and the pull-request YAML itself, aligning pipeline triggers with the new directory layout.

jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-14: Approve LabelTransformer for CUDA Jupyter TensorFlow environment

The transformer adds app: cuda-jupyter-tensorflow-ubi9-python-3-11 to resources and pod templates, replacing commonLabels consistently with other environments.

runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-13: Approve LabelTransformer for ROCm runtime PyTorch environment

Correctly configures label injection of app: rocm-runtime-pytorch-ubi9-python-3-11 into resource metadata and pod templates per the standard naming scheme.

.tekton/rocm-runtime-pytorch-ubi9-python-3-11-pull-request.yaml (2)

14-18: Standardized pull-request trigger paths.
Path checks correctly updated to use runtime/... directory structure. However, the glob pattern utils/*** may be invalid since typical recursive patterns use **. Confirm this matches the intended files.

43-43: Updated dockerfile parameter path.
The dockerfile parameter now points to the new runtime/rocm/pytorch/ubi9-python-3.11/Dockerfile.rocm. Ensure all related Makefile targets and other pipelines reference this updated path.

runtime/rocm/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml (1)

21-27: Validate memory-backed emptyDir usage.
Using an emptyDir with medium: Memory allocates RAM for storage, which can be significant under load. Confirm this meets performance and cost requirements, or consider a disk-backed volume if appropriate.

runtime/minimal/ubi9-python-3.11/kustomize/base/labels.yaml (1)

2-12: Kustomize LabelTransformer configuration is correct.
The transformer properly applies app: runtime-minimal-ubi9-python-3-11 to both resource metadata and pod templates. Field specs and apiVersion are accurate.

codeserver/ubi9-python-3.11/kustomize/base/pod.yaml (2)

5-9: Renamed Pod and container to workbench for consistency.
The metadata name and container name changes align with naming conventions. Ensure any overlays or services referencing the old names are updated accordingly.

12-14: Updated named container port.
A named port (workbench-port) improves clarity, but verify that any Service or probe configurations have been updated to use this port name.

runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/labels.yaml (1)

2-12: Kustomize LabelTransformer configuration is correct.
The transformer properly applies app: rocm-runtime-tensorflow-ubi9-python-3-11 to both resource metadata and pod templates, consistent with other runtime environments.

jupyter/datascience/ubi9-python-3.11/kustomize/base/statefulset.yaml (2)

5-14: Ensure selector and template labels are populated by Kustomize transformer
You added an explicit empty matchLabels: {} and empty template.metadata.labels. Confirm that your base kustomization.yaml includes a LabelTransformer to inject the app: workbench label here. Without it, the StatefulSet selector won’t match any pods.

20-22: Validate new image tag accessibility
The container image was updated to quay.io/opendatahub/workbench-images:jupyter-datascience-ubi9-python-3.11. Please verify this image exists and is publicly accessible.

jupyter/cuda/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml (3)

5-14: Ensure selector and template labels are populated by Kustomize transformer
As above, you’ve set matchLabels: {} and empty pod labels. Confirm the kustomization.yaml references a LabelTransformer to inject app: workbench. Otherwise the StatefulSet selector will not match pods.

20-22: Validate new CUDA-TF image tag
The image quay.io/opendatahub/workbench-images:cuda-jupyter-tensorflow-ubi9-python-3.11 should be available. Please verify this tag exists and is correct.

53-60: Review new startupProbe configuration
A startupProbe with 90 failures at 10s intervals can delay readiness excessively. Confirm this aggressiveness is intentional for large TensorFlow images.

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml (2)

5-14: Ensure selector and template labels are populated by Kustomize transformer
The matchLabels: {} and empty pod labels require a transformer to inject app: workbench. Verify your kustomization includes the correct LabelTransformer.

20-22: Validate new CUDA-PyTorch image tag
Confirm the new image quay.io/opendatahub/workbench-images:cuda-jupyter-pytorch-ubi9-python-3.11 exists and is accessible.

.tekton/cuda-jupyter-pytorch-ubi9-python-3-11-pull-request.yaml (2)

15-20: Verify pipeline trigger patterns
You updated the pathChanged() entries to reference the new jupyter/cuda/pytorch/ubi9-python-3.11 paths. Confirm this covers all modified artifacts (Pipfile.lock, Dockerfile.cuda, pipeline YAML) and that the push pipeline is updated similarly.

46-46: Dockerfile parameter updated to new path
The dockerfile param now points to jupyter/cuda/pytorch/ubi9-python-3.11/Dockerfile.cuda. This aligns with the restructured directories.

ci/cached-builds/make_test.py (2)

47-47: LGTM! Excellent simplification of the command pattern.

The uniform make {action}-{target} pattern is much cleaner than the previous conditional logic. This standardization aligns well with the broader Makefile refactoring mentioned in the PR objectives.

Also applies to: 50-50, 73-73

118-120: Unit tests properly updated to reflect the new uniform command pattern.

All test assertions have been correctly updated to validate the standardized make deploy-*, make test-*, and make undeploy-* command patterns.

Also applies to: 127-129, 136-138, 145-147, 154-156, 163-165, 172-174, 181-183, 190-192

.tekton/cuda-runtime-pytorch-ubi9-python-3-11-pull-request.yaml (1)

1-633: Comprehensive Tekton pipeline with excellent security coverage.

This pipeline includes all the essential components for a secure CI/CD workflow:

Multi-platform builds with trusted artifacts

Comprehensive security scanning (Clair, SAST, ClamAV, RPM signature verification)

Proper conditional execution and resource limits

Integration with OpenShift AppStudio and Pipelines as Code

The configuration follows Tekton best practices and provides robust automation for the CUDA PyTorch runtime environment.

rstudio/c9s-python-3.11/kustomize/base/pod.yaml (4)

5-5: LGTM! Consistent naming standardization.

The renaming from "pod" to "workbench" aligns with the broader standardization effort mentioned in the PR objectives.

Also applies to: 8-8

9-9: Good standardization of container image repository.

Using the centralized quay.io/opendatahub/workbench-images repository with specific tags improves image management and consistency.

18-21: Appropriate resource increases for workbench environment.

The memory increase from 500Mi to 2Gi limit and 1Gi request is reasonable for a workbench environment that may need to handle larger datasets and processing tasks.

22-28: Good addition of memory-backed temporary storage.

The memory-backed emptyDir volume at /opt/app-root/src provides fast temporary storage, which is beneficial for workbench operations.

.tekton/cuda-runtime-tensorflow-ubi9-python-3-11-push.yaml (1)

1-629: Well-configured push pipeline with comprehensive security scanning.

This pipeline mirrors the pull-request pipeline structure while being properly configured for push events. The inclusion of comprehensive security scanning (deprecated base image checks, Clair vulnerability scanning, SAST tools, ClamAV, RPM signature verification) ensures robust security validation for the CUDA TensorFlow runtime environment.

.tekton/cuda-runtime-pytorch-ubi9-python-3-11-push.yaml (1)

1-629: Consistent and comprehensive push pipeline configuration.

This pipeline maintains excellent consistency with the other CUDA runtime pipelines while being properly configured for push events to the main branch. The comprehensive security scanning suite and multi-platform build support provide robust CI/CD automation for the CUDA PyTorch runtime environment.

rstudio/rhel9-python-3.11/kustomize/base/pod.yaml (2)

16-21: Validate increased memory allocations

Memory limits and requests have been bumped substantially. Ensure these new values align with actual workload requirements to avoid overallocation:

limits.memory: 2Gi

requests.memory: 1Gi

22-28: Add ephemeral storage volume for scratch space

Introducing tmp-volume as an in-memory emptyDir is appropriate for scratch storage. Confirm no critical data is expected to persist beyond pod lifetime.

.tekton/cuda-runtime-tensorflow-ubi9-python-3-11-pull-request.yaml (1)

1-633: Skip manual review for autogenerated pipeline

This file is generated by ci/cached-builds/konflux_generate_component_build_pipelines.py. Please apply any required changes in the generator script instead of editing this file directly.

scripts/makefile_utils/test_workbench_container.sh (4)

1-2: Ensure portability and bash compatibility

The shebang #!/usr/bin/env bash is appropriate. Confirm that all environments invoking this script have Bash available.

42-42: Maintain strict error handling

Using set -exuo pipefail enforces strict mode, which is good for CI scripts.

168-176: Verify required command list completeness

Ensure the list in base_required_commands and feature_specific_commands covers all necessary tools (e.g., yq) for different workloads. Document the rationale for each command.

282-290: Handle network dependency for remote curl

_test_runtime fetches external URLs. If network access is restricted, tests will fail. Consider caching or vendoring test assets for offline CI environments.

Makefile (2)

41-47: Standardize Python version variable

Introducing PYTHON_VERSION centralizes the Python version. Ensure all downstream scripts and CI pipelines reference this variable instead of hardcoded versions.

508-528: Keep all-images in sync with supported lists

The all-images target enumerates each variant. Ensure this list remains synchronized with SUPPORTED_WORKBENCH_* variables, perhaps generating it dynamically to avoid drift.

runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

1-12: Kustomization for ROCm TensorFlow runtime is correctly defined

The manifest sets the name prefix, includes the appropriate resources and label transformer, and overrides the image tag to rocm-runtime-tensorflow-ubi9-python-3.11 in line with naming conventions.

runtime/cuda/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml (1)

1-12: Kustomization for CUDA TensorFlow runtime is correctly defined

The manifest configures the name prefix, resources, transformers, and image override to cuda-runtime-tensorflow-ubi9-python-3.11, matching the standardized pattern.

jupyter/cuda/pytorch/ubi9-python-3.11/kustomize/base/labels.yaml (1)

1-14: LabelTransformer for CUDA PyTorch Jupyter is correctly configured

The transformer applies the app: cuda-jupyter-pytorch-ubi9-python-3-11 label to metadata/labels, spec/template/metadata/labels, and spec/selector/matchLabels, adhering to the new kustomize-based labeling strategy.

jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/statefulset.yaml (4)

5-5: StatefulSet renamed to workbench

The metadata.name has been updated to "workbench", aligning with the unified resource naming conventions.

12-14: Empty matchLabels added for label injection

Adding an empty matchLabels: {} allows the LabelTransformer to inject the app label into this field, as configured in labels.yaml.

34-48: Liveness and readiness probes use the new port name

The workbench-port is correctly referenced in both the liveness (line 39) and readiness (line 48) probes, ensuring consistency with the container port definition.

62-69: Memory-backed emptyDir volume mount is configured

The addition of the tmp-volume in-memory (emptyDir with medium: Memory) and its corresponding volumeMounts supports ephemeral workspace storage in line with other manifests.

coderabbitai · 2025-06-19T06:42:50Z

runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml

  containers:
    - name: runtime
-      image: runtime-workbench
+      image: quay.io/opendatahub/workbench-images
      command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]
      imagePullPolicy: Always
      ports:


🛠️ Refactor suggestion

Enforce non-root, non-privileged securityContext
Add a securityContext to the container spec to disallow privilege escalation and enforce non-root execution:

spec: containers: - name: runtime + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false image: quay.io/opendatahub/workbench-images command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"] imagePullPolicy: Always

This addresses CVE risk by minimizing privileges.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

containers:

- name: runtime

image: runtime-workbench

image: quay.io/opendatahub/workbench-images

command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]

imagePullPolicy: Always

ports:

containers:

- name: runtime

securityContext:

runAsNonRoot: true

allowPrivilegeEscalation: false

image: quay.io/opendatahub/workbench-images

command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]

imagePullPolicy: Always

ports:

🤖 Prompt for AI Agents

In runtime/cuda/pytorch/ubi9-python-3.11/kustomize/base/pod.yaml around lines 7 to 12, the container spec lacks a securityContext that enforces non-root user execution and disallows privilege escalation. Add a securityContext section under the container definition with settings to run as a non-root user and set allowPrivilegeEscalation to false to enhance security and reduce CVE risks.

coderabbitai · 2025-06-19T06:42:50Z

runtime/minimal/ubi9-python-3.11/kustomize/base/pod.yaml

+      image: quay.io/opendatahub/workbench-images
      command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]


🛠️ Refactor suggestion

Specify image tag for reproducibility
The image field omits a tag (defaulting to latest). Reference a specific tag (via your kustomization’s newTag) to ensure build consistency.

🤖 Prompt for AI Agents

In runtime/minimal/ubi9-python-3.11/kustomize/base/pod.yaml at lines 9 to 10, the image field lacks a specific tag, defaulting to 'latest', which can cause inconsistent builds. Update the image field to reference a specific tag by using your kustomization's newTag feature or explicitly specify a fixed tag version to ensure reproducibility and build consistency.

coderabbitai · 2025-06-19T06:42:50Z

jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml

 images:
  - name: quay.io/opendatahub/workbench-images
    newName: quay.io/opendatahub/workbench-images
-    newTag: jupyter-pytorch-ubi9-python-3.11-2023a-20231002-4e9bbb3
+    newTag: rocm-jupyter-pytorch-ubi9-python-3.11


⚠️ Potential issue

newTag mismatch in TensorFlow kustomization
The newTag references rocm-jupyter-pytorch-ubi9-python-3.11 in a TensorFlow directory. It should be rocm-jupyter-tensorflow-ubi9-python-3-11.

🤖 Prompt for AI Agents

In jupyter/rocm/tensorflow/ubi9-python-3.11/kustomize/base/kustomization.yaml at line 13, the newTag is incorrectly set to rocm-jupyter-pytorch-ubi9-python-3.11, which mismatches the TensorFlow context. Change the newTag value to rocm-jupyter-tensorflow-ubi9-python-3-11 to correctly reflect the TensorFlow image tag.

coderabbitai · 2025-06-19T06:42:50Z

jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml

+  selector:
+    matchLabels: {}
+  serviceName: workbench


⚠️ Potential issue

Define proper selector matchLabels
Having an empty matchLabels: {} means the StatefulSet won't select any pods. You need to set selector.matchLabels to match labels applied on template.metadata.labels (e.g., opendatahub.io/user: jovyan).

🤖 Prompt for AI Agents

In jupyter/rocm/pytorch/ubi9-python-3.11/kustomize/base/statefulset.yaml around lines 12 to 14, the selector.matchLabels is empty, which prevents the StatefulSet from selecting any pods. Update selector.matchLabels to exactly match the labels defined under template.metadata.labels, such as setting opendatahub.io/user: jovyan, to ensure proper pod selection.

coderabbitai · 2025-06-19T06:42:50Z

runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml

+    - name: runtime
+      image: quay.io/opendatahub/workbench-images
+      command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]
+      imagePullPolicy: Always


⚠️ Potential issue

Pin container image tag and enforce securityContext
The image quay.io/opendatahub/workbench-images uses the implicit latest tag—pin to a specific version for reproducibility. Also add a securityContext with runAsNonRoot: true and allowPrivilegeEscalation: false.

🤖 Prompt for AI Agents

In runtime/rocm/tensorflow/ubi9-python-3.11/kustomize/base/pod.yaml lines 8 to 11, the container image uses the implicit latest tag which should be pinned to a specific version tag for reproducibility. Update the image field to include a fixed version tag instead of relying on latest. Additionally, add a securityContext section under the container spec with runAsNonRoot set to true and allowPrivilegeEscalation set to false to enforce security best practices.

coderabbitai · 2025-06-19T06:42:52Z

scripts/makefile_utils/test_workbench_container.sh

+{
+    local commands=
+    commands=$(_get_required_commands)
+
+    local fail=
+	for cmd in ${commands}; do
+		printf "=> Checking workload '%s' for presence of '%s'...\n" "${workload_name}" "${cmd}"
+		if ! ${kbin} exec "${workload_name}" which $cmd > /dev/null 2>&1 ; then
+			printf '\t%s\n' "**ERROR** '${cmd}' not found"


🛠️ Refactor suggestion

Quote variables and commands

The which $cmd call should be quoted (which "$cmd") to safely handle commands with special characters. Also, looping over ${commands} may split entries with spaces; prefer iterating over an array.

🤖 Prompt for AI Agents

In scripts/makefile_utils/test_workbench_container.sh around lines 334 to 342, the variable $cmd used in the which command should be quoted as "$cmd" to handle special characters safely. Additionally, instead of looping over the unquoted ${commands} which can split entries containing spaces, convert commands into an array and iterate over it properly to preserve each command as a single element.

coderabbitai · 2025-06-19T06:42:52Z

scripts/makefile_utils/test_workbench_container.sh

+function _test_codeserver()
+{
+    :
+}


🛠️ Refactor suggestion

Define codeserver tests or remove placeholder

The _test_codeserver function is empty. Either implement meaningful validation steps or remove this stub to avoid silent skips.

🤖 Prompt for AI Agents

In scripts/makefile_utils/test_workbench_container.sh around lines 230 to 233, the _test_codeserver function is currently an empty placeholder. You should either implement actual test steps to validate codeserver functionality within this function or remove the function entirely to prevent silent test skips and ensure test coverage clarity.

coderabbitai · 2025-06-19T06:42:52Z

scripts/makefile_utils/test_workbench_container.sh

+    esac
+
+    if [ -n "${ide_server_port}" ] && [ -n "${k8s_resource}" ]; then
+        local local_port=
+        local_port=$(find_open_port)
+        "${kbin}" port-forward "${k8s_resource}/${workload_app_name}-workbench" "${local_port}:${ide_server_port}" &
+        local pf_pid=$!
+        local ide_server_url="http://localhost:${local_port}${ide_server_endpoint}"
+        curl --retry 5 --retry-delay 5 --retry-connrefused "${ide_server_url}";
+        kill ${pf_pid}
+    fi


🛠️ Refactor suggestion

Ensure port-forward process cleanup

The script kills the background port-forward PID but does not trap signals. If the script exits early, the kubectl port-forward process may remain. Consider adding a trap "kill $pf_pid" EXIT to guarantee cleanup.

🤖 Prompt for AI Agents

In scripts/makefile_utils/test_workbench_container.sh around lines 147 to 157, the script starts a background port-forward process and kills it afterward but does not handle early script exits, risking orphaned processes. Add a trap command like trap "kill $pf_pid" EXIT immediately after starting the port-forward to ensure the process is always cleaned up when the script exits, regardless of how it terminates.

coderabbitai · 2025-06-19T06:42:52Z

scripts/makefile_utils/_jupyter_test_helper.sh

+function _get_jupyter_imagestream_source_of_truth_filepath()
+{
+    # shellcheck disable=SC2154
+    local manifest_directory="${root_repo_directory}/manifests"
+    local imagestream_directory="${manifest_directory}/base"
+
+    local file_suffix='notebook-imagestream.yaml'
+    local filename=
+    # shellcheck disable=SC2154


🛠️ Refactor suggestion

Handle missing manifests directory

When constructing manifest_directory, ensure the path exists before proceeding, and emit a clear error message if manifests/base is missing.

🤖 Prompt for AI Agents

In scripts/makefile_utils/_jupyter_test_helper.sh around lines 44 to 52, the code sets manifest_directory without checking if the directory exists. Add a check to verify that the manifests/base directory exists, and if not, print a clear error message and exit the script to prevent further errors.

coderabbitai · 2025-06-19T06:42:52Z

scripts/makefile_utils/_jupyter_test_helper.sh

+function _run_jupyter_papermill_test()
+{
+    local test_notebook_file='test_notebook.ipynb'
+    # shellcheck disable=SC2154
+    local repo_test_directory="${root_repo_directory}/${workbench_directory}/test"
+    # shellcheck disable=SC2154
+    local output_file_prefix="${workbench_scope}_${workbench_os}"
+
+    # shellcheck disable=SC2154
+    "${kbin}" cp "${repo_test_directory}/${test_notebook_file}" "${workload_name}:./${test_notebook_file}"


🛠️ Refactor suggestion

Report missing test files

When copying test_notebook.ipynb, check for file existence and error out if the source file is missing to avoid silent failures.

🤖 Prompt for AI Agents

In scripts/makefile_utils/_jupyter_test_helper.sh around lines 120 to 129, the script copies the test_notebook.ipynb file without verifying its existence, which can cause silent failures. Add a check before the copy command to verify that the source test_notebook.ipynb file exists; if it does not, print an error message and exit the script with a non-zero status to prevent proceeding with missing test files.

…flux/component-updates/component-update-odh-workbench-jupyter-tensorflow-rocm-py311-ubi9-n-v2-23 chore(deps): update odh-workbench-jupyter-tensorflow-rocm-py311-ubi9-n-v2-23 to 0cd6a9c

openshift-ci bot added the do-not-merge/work-in-progress label Apr 11, 2025

openshift-merge-robot added the needs-rebase label Apr 11, 2025

openshift-ci bot added the size/xxl label Apr 11, 2025

andyatmiami force-pushed the fix/standardize-makefile-targets branch from 019e0ff to e43fcde Compare April 12, 2025 18:32

openshift-merge-robot removed the needs-rebase label Apr 12, 2025

openshift-ci bot added size/xxl and removed size/xxl labels Apr 12, 2025

andyatmiami force-pushed the fix/standardize-makefile-targets branch from e43fcde to 2be2b0f Compare April 13, 2025 14:54

openshift-ci bot added size/xxl and removed size/xxl labels Apr 13, 2025

don't suppress error logging on rstudio checks

b91b6e6

openshift-ci bot added size/xxl and removed size/xxl labels Apr 13, 2025

add more memory to rstudio workbench container

2d4317f

openshift-ci bot added size/xxl and removed size/xxl labels Apr 13, 2025

add back MACHINE-PARSED LINE for Dockerfile

dd24e56

openshift-ci bot added size/xxl and removed size/xxl labels Apr 13, 2025

add doc separator to labels.yaml to make linter happy

e0444cf

openshift-ci bot added size/xxl and removed size/xxl labels Apr 13, 2025

run ci/generate_code.py

fffa69c

openshift-ci bot added size/xxl and removed size/xxl labels Apr 13, 2025

increate codeserver resources since we start server now

0a1254f

openshift-ci bot removed the size/xxl label Apr 13, 2025

openshift-ci bot added size/xxl and removed size/xxl labels Apr 14, 2025

fix unit test path to runtime/rocm file

872be10

andyatmiami force-pushed the fix/standardize-makefile-targets branch from 5108b11 to 872be10 Compare April 14, 2025 01:15

openshift-ci bot added size/xxl and removed size/xxl labels Apr 14, 2025

andyatmiami mentioned this pull request Apr 14, 2025

feat(kustomize): use LabelTransformer instead of deprecated commonLabels #1017

Closed

3 tasks

openshift-merge-robot added the needs-rebase label Apr 23, 2025

jiridanek mentioned this pull request Jun 13, 2025

RHOAIENG-26702: Update codeflare-sdk versions and shas for v0.29.0 #1154

Merged

3 tasks

openshift-ci bot added size/xxl and removed size/xxl labels Jun 19, 2025

coderabbitai bot reviewed Jun 19, 2025

View reviewed changes

This was referenced Jul 4, 2025

RHOAIENG-28509: release new version of odh-elyra to get fix for RHOAIENG-25809 #1325

Merged

RHOAIENG-28583: Create Runtime Images for Python 3.12 #1333

Merged

		image: quay.io/opendatahub/workbench-images
		command: ["/bin/sh", "-c", "while true ; do date; sleep 1; done;"]

fix(makefile): standardized image targets #1015

Are you sure you want to change the base?

fix(makefile): standardized image targets #1015

Uh oh!

Conversation

andyatmiami commented Apr 11, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

How Has This Been Tested?

Merge criteria:

Summary by CodeRabbit

Uh oh!

openshift-ci bot commented Apr 11, 2025

Uh oh!

openshift-ci bot commented Apr 11, 2025

Uh oh!

openshift-merge-robot commented Apr 23, 2025

Uh oh!

jiridanek commented Jun 19, 2025

Uh oh!

coderabbitai bot commented Jun 19, 2025

Uh oh!

coderabbitai bot commented Jun 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Suggested labels

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Search for any lingering references to 'rstudio' in YAML files under the rstudio/rhel9-python-3.11 directory

Search all files for any lingering references to the old path

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

andyatmiami commented Apr 11, 2025 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Jun 19, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)