Skip to content

LCORE-1026: Updated Konflux requirements #880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tisnik merged 1 commit into from
Dec 8, 2025
Merged

LCORE-1026: Updated Konflux requirements #880

tisnik merged 1 commit into from
Dec 8, 2025
+26 −46

Conversation

@tisnik
Copy link
Contributor

@tisnik tisnik commented Dec 8, 2025
edited by coderabbitai bot
Loading

Description

LCORE-1026: Updated Konflux requirements

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change
  • Unit tests improvement
  • Integration tests improvement
  • End to end tests improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

  • Assisted-by: N/A
  • Generated by: N/A

Related Tickets & Documents

  • Related Issue #LCORE-1026

Summary by CodeRabbit

  • Chores
    • Updated llama-stack and llama-stack-client to version 0.3.0.
    • Reorganized and streamlined dependency configuration.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 8, 2025
edited
Loading

Walkthrough

Updates platform-specific requirements files (requirements.aarch64.txt and requirements.x86_64.txt) by upgrading llama-stack and llama-stack-client from 0.2.22 to 0.3.0, removing python-jose and ecdsa dependencies, updating corresponding hashes, and reorganizing dependency provenance comments.

Changes

Cohort / File(s) Change Summary
Dependency & Hash Updates
requirements.aarch64.txt, requirements.x86_64.txt		 Upgraded llama-stack and llama-stack-client from 0.2.22 to 0.3.0 with corresponding hash updates; removed python-jose and ecdsa entries and their associated dependencies; reorganized "via" provenance comments to reflect updated dependency graph across both architecture-specific files.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

  • Verification of hash values for upgraded packages (llama-stack, llama-stack-client) across both architecture variants
  • Validation of dependency graph changes after removal of python-jose and ecdsa
  • Consistency check between requirements.aarch64.txt and requirements.x86_64.txt to ensure alignment despite minor formatting differences

Possibly related PRs

Suggested reviewers

  • radofuchs

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly describes the main change: updating Konflux requirements as part of LCORE-1026, which aligns with the changeset modifications to both requirements files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 809a2df and e957f02.

📒 Files selected for processing (2)
  • requirements.aarch64.txt (4 hunks)
  • requirements.x86_64.txt (4 hunks)
🧰 Additional context used
🧠 Learnings (3)
📚 Learning: 2025-08-18T10:58:14.951Z 
Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:47-47
Timestamp: 2025-08-18T10:58:14.951Z
Learning: psycopg2-binary is required by some llama-stack providers in the lightspeed-stack project, so it cannot be replaced with psycopg v3 or moved to optional dependencies without breaking llama-stack functionality.

Applied to files:

  • requirements.aarch64.txt
  • requirements.x86_64.txt
📚 Learning: 2025-08-18T10:57:39.266Z 
Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:59-59
Timestamp: 2025-08-18T10:57:39.266Z
Learning: In the lightspeed-stack project, transitive dependencies like faiss-cpu are intentionally pinned as top-level dependencies to maintain better control over the dependency graph and avoid version conflicts when bundling ML/LLM tooling packages.

Applied to files:

  • requirements.aarch64.txt
  • requirements.x86_64.txt
📚 Learning: 2025-08-18T10:56:55.349Z 
Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:0-0
Timestamp: 2025-08-18T10:56:55.349Z
Learning: The lightspeed-stack project intentionally uses a "generic image" approach, bundling many dependencies directly in the base runtime image to work for everyone, rather than using lean base images with optional dependency groups.

Applied to files:

  • requirements.aarch64.txt
  • requirements.x86_64.txt
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: build-pr
  • GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
  • GitHub Check: E2E: library mode / ci
  • GitHub Check: E2E: server mode / ci
  • GitHub Check: E2E: server mode / azure
  • GitHub Check: E2E: library mode / azure
🔇 Additional comments (8)
requirements.aarch64.txt (5)

3152-3152: rsa now only “via google-auth” — confirm no extra signers needed

If prior jose usage required ecdsa, ensure all JWTs use RSA/RS256 via google-auth/PyJWT. If any provider still expects ES256, re-add ecdsa explicitly.

3364-3366: sqlalchemy marked as “via llama-stack” — DB driver coverage looks OK

psycopg2-binary remains pinned here, satisfying llama-stack providers that need it. No action.

Based on learnings, psycopg2-binary must stay pinned.

2761-2763: Verify JWT library migration from python-jose/ecdsa to PyJWT — No code path should reference the removed libraries, and all token algorithms must remain supported.

Confirm that no imports of python-jose, jose, or ecdsa exist in the codebase or provider implementations, and that pyjwt provides equivalent cryptographic algorithm support for existing token operations.

1396-1398: llama-stack and llama-stack-client 0.3.0 — note significant breaking changes

Good to align server/client at 0.3.0. Be aware that 0.3.0 includes breaking changes:

  • API reorganization (endpoints split into /v1/, /v1alpha/, /v1beta/; deprecated endpoints unpublished)
  • Batch inference removed
  • Client-side tool schema change: tools now use input_schema instead of parameters

Verify that downstream code consuming these libraries (especially tool definitions) is compatible with the new schema before the upgrade reaches production builds.

Also applies to: 1400-1402

1396-1402: Konflux build hygiene for this bump

  • Verify both aarch64 and x86_64 lockfiles are updated consistently with llama-stack/client 0.3.0 (both packages are pure-Python universal wheels compatible with all architectures).
  • Ensure hashes remain deterministic across rebuilds; pin all dependencies and use hermetic/reproducible build practices.
  • Confirm no forbidden packages remain (python-jose, ecdsa, psycopg2-binary).
requirements.x86_64.txt (3)

2761-2763: Verify python-jose removal and confirm no lingering jose/ecdsa usage in codebase.

After python-jose dependency removal from requirements.x86_64.txt, search for any remaining imports from jose module, JWT decode patterns using python-jose, and explicit ecdsa usage that may have been dragged in as a transitive dependency. Ensure JWT handling uses PyJWT or Authlib instead.

3364-3367: Scipy transitively via llama-stack: monitor potential image size and build-time impacts.

SciPy 1.16.x wheels for CPython 3.12 manylinux x86_64 are available on PyPI, so dependency resolution should not be blocked. However, verify that Konflux image size and build times remain acceptable with this transitive addition, and confirm the build cache operates as expected.

1396-1402: llama-stack/client → 0.3.0: confirm downstream provider compatibility before merge.

llama-stack 0.3.0 introduces breaking changes including API reorganization (stable /v1/, experimental /v1alpha/, /v1beta/), removal of /v1/inference APIs and batch inference. llama-stack-client 0.3.0 requires Python 3.12+ and bumps httpx-aiohttp to 0.1.9. Run smoke tests for all enabled providers to validate the upgrade path.

Keep psycopg2-binary pinned as some llama-stack providers depend on it; do not demote to optional dependencies.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@tisnik tisnik merged commit 4479d2f into lightspeed-core:main Dec 8, 2025
21 of 25 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Jan 14, 2026
Merged
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tisnik