mirror of
https://github.com/meta-llama/llama-stack.git
synced 2025-12-27 17:01:59 +00:00
f9ac055b88
Bumps [medyagh/setup-minikube](https://github.com/medyagh/setup-minikube) from 0.0.20 to 0.0.21. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/medyagh/setup-minikube/releases">medyagh/setup-minikube's releases</a>.</em></p> <blockquote> <h2>v0.0.21</h2> <h2>What's Changed</h2> <ul> <li>add support for none driver on arm64 by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/779">medyagh/setup-minikube#779</a></li> <li>feat: add 'nodes' action input by <a href="https://github.com/zachspar"><code>@zachspar</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/712">medyagh/setup-minikube#712</a></li> </ul> <h2>Test/CI:</h2> <ul> <li>add vkfit test by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/739">medyagh/setup-minikube#739</a></li> <li>ci: add concurrency settings to macos-test workflow by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/780">medyagh/setup-minikube#780</a></li> <li>test: add dry-run tests for windows and macos by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/781">medyagh/setup-minikube#781</a></li> <li>test: Upgrade Kubernetes version and simplify installation by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/762">medyagh/setup-minikube#762</a></li> <li>split workflow "build-test" to "build" and "test" by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/776">medyagh/setup-minikube#776</a></li> <li>refactor: enhance test workflow with matrix strategy for multiple sce… by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/777">medyagh/setup-minikube#777</a></li> <li>add qemu test to github actions by <a href="https://github.com/medyagh"><code>@medyagh</code></a> in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/729">medyagh/setup-minikube#729</a></li> </ul> <h2>build</h2> <ul> <li>build(deps-dev): bump eslint-plugin-jest from 28.11.0 to 29.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/727">medyagh/setup-minikube#727</a></li> <li>build(deps-dev): bump prettier from 3.5.3 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/725">medyagh/setup-minikube#725</a></li> <li>build(deps-dev): bump eslint-plugin-github from 5.1.8 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/724">medyagh/setup-minikube#724</a></li> <li>build(deps-dev): bump eslint from 9.26.0 to 9.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/728">medyagh/setup-minikube#728</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 8.26.1 to 8.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/726">medyagh/setup-minikube#726</a></li> <li>build(deps-dev): bump ts-jest from 29.2.6 to 29.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/730">medyagh/setup-minikube#730</a></li> <li>build(deps-dev): bump eslint from 9.31.0 to 9.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/738">medyagh/setup-minikube#738</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 24.0.11 to 24.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/737">medyagh/setup-minikube#737</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 8.37.0 to 8.38.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/736">medyagh/setup-minikube#736</a></li> <li>build(deps-dev): bump jest-circus from 29.7.0 to 30.0.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/735">medyagh/setup-minikube#735</a></li> <li>build(deps-dev): bump jest and <code>@types/jest</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/734">medyagh/setup-minikube#734</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 24.1.0 to 24.5.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/760">medyagh/setup-minikube#760</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/775">medyagh/setup-minikube#775</a></li> <li>build(deps): bump form-data by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/761">medyagh/setup-minikube#761</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/769">medyagh/setup-minikube#769</a></li> <li>build(deps): bump glob from 10.4.5 to 10.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/774">medyagh/setup-minikube#774</a></li> <li>build(deps): bump js-yaml by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/773">medyagh/setup-minikube#773</a></li> <li>build(deps-dev): bump typescript from 5.8.3 to 5.9.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/766">medyagh/setup-minikube#766</a></li> <li>build(deps-dev): bump eslint from 9.32.0 to 9.38.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/770">medyagh/setup-minikube#770</a></li> <li>build(deps-dev): bump ts-jest from 29.4.0 to 29.4.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/768">medyagh/setup-minikube#768</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/zachspar"><code>@zachspar</code></a> made their first contribution in <a href="https://redirect.github.com/medyagh/setup-minikube/pull/712">medyagh/setup-minikube#712</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/medyagh/setup-minikube/compare/v0...v0.0.21">https://github.com/medyagh/setup-minikube/compare/v0...v0.0.21</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="e9e035a86b"><code>e9e035a</code></a> Merge pull request <a href="https://redirect.github.com/medyagh/setup-minikube/issues/781">#781</a> from medyagh/add_windows_test</li> <li><a href="6d4f8d69da"><code>6d4f8d6</code></a> fix: remove unnecessary --vm argument from download-only step in dry-run work...</li> <li><a href="b0656d9c82"><code>b0656d9</code></a> fix: ensure vfkit installation step runs only on macOS</li> <li><a href="0b40b9148a"><code>0b40b91</code></a> feat: add installation step for vfkit and related tools in dry-run workflow</li> <li><a href="6d08f649f9"><code>6d08f64</code></a> fix: update Docker setup step to install CLI on macOS</li> <li><a href="93224f2cf3"><code>93224f2</code></a> fix: adjust Docker setup condition to run on all OS types</li> <li><a href="24746887ce"><code>2474688</code></a> fix: correct typo in dry-run workflow and adjust Docker setup condition</li> <li><a href="eca7409306"><code>eca7409</code></a> feat: update concurrency settings and refine OS matrix in dry-run workflow</li> <li><a href="d0aca93add"><code>d0aca93</code></a> feat: add Docker setup step to dry-run workflow</li> <li><a href="95b2fc43b9"><code>95b2fc4</code></a> feat: add dry-run workflow for pull requests and scheduled runs</li> <li>Additional commits viewable in <a href="e3c7f79eb1...e9e035a86b">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
176 lines
6.9 KiB
YAML
176 lines
6.9 KiB
YAML
name: Integration Auth Tests
|
|
|
|
run-name: Run the integration test suite with Kubernetes authentication
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- 'release-[0-9]+.[0-9]+.x'
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- 'release-[0-9]+.[0-9]+.x'
|
|
paths:
|
|
- 'distributions/**'
|
|
- 'src/llama_stack/**'
|
|
- '!src/llama_stack_ui/**'
|
|
- 'tests/integration/**'
|
|
- 'uv.lock'
|
|
- 'pyproject.toml'
|
|
- 'requirements.txt'
|
|
- '.github/workflows/integration-auth-tests.yml' # This workflow
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && github.run_id || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
test-matrix:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
auth-provider: [oauth2_token]
|
|
fail-fast: false # we want to run all tests regardless of failure
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
|
|
- name: Install dependencies
|
|
uses: ./.github/actions/setup-runner
|
|
|
|
- name: Install minikube
|
|
if: ${{ matrix.auth-provider == 'kubernetes' }}
|
|
uses: medyagh/setup-minikube@e9e035a86bbc3caea26a450bd4dbf9d0c453682e # v0.0.21
|
|
|
|
- name: Start minikube
|
|
if: ${{ matrix.auth-provider == 'oauth2_token' }}
|
|
run: |
|
|
minikube start
|
|
kubectl get pods -A
|
|
|
|
- name: Configure Kube Auth
|
|
if: ${{ matrix.auth-provider == 'oauth2_token' }}
|
|
run: |
|
|
kubectl create namespace llama-stack
|
|
kubectl create serviceaccount llama-stack-auth -n llama-stack
|
|
kubectl create token llama-stack-auth -n llama-stack > llama-stack-auth-token
|
|
|
|
- name: Set Kubernetes Config
|
|
if: ${{ matrix.auth-provider == 'oauth2_token' }}
|
|
run: |
|
|
echo "KUBERNETES_API_SERVER_URL=$(kubectl get --raw /.well-known/openid-configuration| jq -r .jwks_uri)" >> $GITHUB_ENV
|
|
echo "KUBERNETES_CA_CERT_PATH=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.certificate-authority}')" >> $GITHUB_ENV
|
|
echo "KUBERNETES_ISSUER=$(kubectl get --raw /.well-known/openid-configuration| jq -r .issuer)" >> $GITHUB_ENV
|
|
echo "KUBERNETES_AUDIENCE=$(kubectl create token llama-stack-auth -n llama-stack --duration=1h | cut -d. -f2 | base64 -d | jq -r '.aud[0]')" >> $GITHUB_ENV
|
|
echo "TOKEN=$(cat llama-stack-auth-token)" >> $GITHUB_ENV
|
|
|
|
- name: Set Kube Auth Config and run server
|
|
env:
|
|
INFERENCE_MODEL: "meta-llama/Llama-3.2-3B-Instruct"
|
|
if: ${{ matrix.auth-provider == 'oauth2_token' }}
|
|
run: |
|
|
run_dir=$(mktemp -d)
|
|
cat <<EOF > $run_dir/config.yaml
|
|
version: '2'
|
|
image_name: kube
|
|
apis: []
|
|
providers: {}
|
|
storage:
|
|
backends:
|
|
kv_default:
|
|
type: kv_sqlite
|
|
db_path: $run_dir/kvstore.db
|
|
sql_default:
|
|
type: sql_sqlite
|
|
db_path: $run_dir/sql_store.db
|
|
stores:
|
|
metadata:
|
|
namespace: registry
|
|
backend: kv_default
|
|
inference:
|
|
table_name: inference_store
|
|
backend: sql_default
|
|
conversations:
|
|
table_name: openai_conversations
|
|
backend: sql_default
|
|
prompts:
|
|
namespace: prompts
|
|
backend: kv_default
|
|
server:
|
|
port: 8321
|
|
EOF
|
|
yq eval '.server.auth.provider_config.type = "${{ matrix.auth-provider }}"' -i $run_dir/config.yaml
|
|
yq eval '.server.auth.provider_config.tls_cafile = "${{ env.KUBERNETES_CA_CERT_PATH }}"' -i $run_dir/config.yaml
|
|
yq eval '.server.auth.provider_config.issuer = "${{ env.KUBERNETES_ISSUER }}"' -i $run_dir/config.yaml
|
|
yq eval '.server.auth.provider_config.audience = "${{ env.KUBERNETES_AUDIENCE }}"' -i $run_dir/config.yaml
|
|
yq eval '.server.auth.provider_config.jwks.uri = "${{ env.KUBERNETES_API_SERVER_URL }}"' -i $run_dir/config.yaml
|
|
yq eval '.server.auth.provider_config.jwks.token = "${{ env.TOKEN }}"' -i $run_dir/config.yaml
|
|
cat $run_dir/config.yaml
|
|
|
|
# avoid line breaks in the server log, especially because we grep it below.
|
|
export LLAMA_STACK_LOG_WIDTH=200
|
|
nohup uv run llama stack run $run_dir/config.yaml > server.log 2>&1 &
|
|
|
|
- name: Wait for Llama Stack server to be ready
|
|
run: |
|
|
echo "Waiting for Llama Stack server..."
|
|
for i in {1..30}; do
|
|
# Note: /v1/health does not require authentication
|
|
if curl -s -L http://localhost:8321/v1/health | grep -q "OK"; then
|
|
echo "Llama Stack server is up!"
|
|
if grep -q "Enabling authentication with provider: ${{ matrix.auth-provider }}" server.log; then
|
|
echo "Llama Stack server is configured to use ${{ matrix.auth-provider }} auth"
|
|
exit 0
|
|
else
|
|
echo "Llama Stack server is not configured to use ${{ matrix.auth-provider }} auth"
|
|
cat server.log
|
|
exit 1
|
|
fi
|
|
fi
|
|
sleep 1
|
|
done
|
|
echo "Llama Stack server failed to start"
|
|
cat server.log
|
|
exit 1
|
|
|
|
- name: Test auth
|
|
run: |
|
|
# Function to test API endpoint with authentication
|
|
# Usage: test_endpoint <curl_args> <user_token_file> <expected_status> [output_file]
|
|
test_endpoint() {
|
|
local curl_args="$1"
|
|
local user_token_file=$2
|
|
local expected_status=$3
|
|
local output_file=${4:-/dev/null}
|
|
|
|
local status
|
|
local extra_curl_args=(-s -L -o "$output_file" -w "%{http_code}")
|
|
|
|
if [ "$user_token_file" != "none" ]; then
|
|
extra_curl_args+=(-H "Authorization: Bearer $(cat $user_token_file)")
|
|
fi
|
|
|
|
set -x
|
|
status=$(curl $curl_args "${extra_curl_args[@]}")
|
|
set +x
|
|
|
|
if [ "$status" = "$expected_status" ]; then
|
|
echo " ✓ Status: $status (expected $expected_status)"
|
|
return 0
|
|
else
|
|
echo " ✗ Status: $status (expected $expected_status)"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
echo "Testing /v1/version without token (should succeed)..."
|
|
test_endpoint "http://127.0.0.1:8321/v1/version" "none" "200" || exit 1
|
|
|
|
echo "Testing /v1/providers without token (should fail with 401)..."
|
|
test_endpoint "http://127.0.0.1:8321/v1/providers" "none" "401" || exit 1
|
|
|
|
echo "Testing /v1/providers with valid token (should succeed)..."
|
|
test_endpoint "http://127.0.0.1:8321/v1/providers" "llama-stack-auth-token" "200" "providers.json" || exit 1
|
|
cat providers.json | jq . > /dev/null && echo " ✓ Valid JSON response"
|