Skip to content

Use dev-container image #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Matts966 wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Use dev-container image #45

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6c6be8f
Use dev-container image
Matts966 Apr 10, 2026
8d9f6fe
Remove keepalive_time_ms to avoid GOAWAY too_many_pings
Matts966 Apr 14, 2026
5800432
Change keepalive_time_ms from 10s to 300s to avoid GOAWAY too_many_pings
Matts966 Apr 14, 2026
73e5bb6
Set keepalive_time_ms to 20min to avoid GOAWAY too_many_pings
Matts966 Apr 14, 2026
fe93834
Try pr-3448 image
Matts966 Apr 15, 2026
d193ee9
Revert "Try pr-3448 image"
Matts966 Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,11 @@ jobs:
e2e:
runs-on: ubuntu-latest
container:
image: ghcr.io/vdaas/vald/vald-ci-container:nightly
image: ghcr.io/vdaas/vald/vald-dev-container:nightly
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/e2e.yaml | head -40

Repository: vdaas/vald-client-python

Length of output: 1370

🏁 Script executed:

# Check for files that might generate this workflow
find . -type f -name "*.py" -o -name "*.sh" -o -name "*.ts" | xargs grep -l "e2e.yaml" 2>/dev/null | head -10

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check for any Makefile or script that mentions this workflow
find . -type f \( -name "Makefile" -o -name "*.sh" \) | xargs grep -l "e2e" 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 52

🏁 Script executed:

# Check git history to see if this file is modified manually
git log --oneline .github/workflows/e2e.yaml 2>/dev/null | head -20

Repository: vdaas/vald-client-python

Length of output: 93

🏁 Script executed:

# Search for documentation about image management
find . -type f \( -name "README*" -o -name "*.md" \) | xargs grep -l "nightly\|container.*image\|digest" 2>/dev/null | head -5

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check the full git history with more details
git log -p .github/workflows/e2e.yaml 2>/dev/null | head -100

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Look for template files or generation logic
find . -type f -name "*template*" -o -name "*generate*" 2>/dev/null | grep -i workflow

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check if there's a .github directory structure
ls -la .github/workflows/

Repository: vdaas/vald-client-python

Length of output: 559

🏁 Script executed:

# Search for references to vald-dev-container in the repo
rg "vald-dev-container" --type yaml

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check all commits touching the workflows directory
git log --oneline .github/workflows/ 2>/dev/null | head -20

Repository: vdaas/vald-client-python

Length of output: 93

🏁 Script executed:

# Look at the actual content of the e2e.yaml more carefully
cat .github/workflows/e2e.yaml

Repository: vdaas/vald-client-python

Length of output: 1125

🏁 Script executed:

# Check if there are any scripts in the repo root or scripts directory
find . -maxdepth 2 -name "*.py" -o -name "*.sh" | head -20

Repository: vdaas/vald-client-python

Length of output: 92

🏁 Script executed:

# Search for any mentions of digest or sha256 in workflows
rg "sha256|@sha256|digest" .github/

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check the other workflow files for image usage patterns
for f in .github/workflows/*.yaml .github/workflows/*.yml; do
  echo "=== $(basename $f) ==="
  grep -E "image:|uses:" "$f" | head -10
done

Repository: vdaas/vald-client-python

Length of output: 705

🏁 Script executed:

# Check if there's documentation about why "DO NOT EDIT" is there
find . -type f -name "*.md" | xargs grep -l "DO NOT EDIT\|auto.*generat\|workflow.*generat" 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 52

🏁 Script executed:

# Look at the external action that handles e2e tests
rg "vdaas/vald-client-ci" --type yaml -A 3 -B 3

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check if there's a reference to vdaas/vald-client-ci in docs or comments
find . -type f \( -name "*.md" -o -name "*.txt" \) | xargs grep -l "vdaas/vald-client-ci" 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 52

🏁 Script executed:

# Look at the git log more detail to understand workflow changes
git log --all --oneline --decorate 2>/dev/null | head -30

Repository: vdaas/vald-client-python

Length of output: 2114

🏁 Script executed:

# Check if there's any reference to code generation or templating
find . -type f -name "*.py" -o -name "Makefile" | xargs grep -l "workflow\|template" 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 52

🏁 Script executed:

# Check the README for information about workflow management
head -100 README.md 2>/dev/null || head -100 README.rst 2>/dev/null || echo "No README found"

Repository: vdaas/vald-client-python

Length of output: 2191

🏁 Script executed:

# Check if there's a parent repository reference or sync configuration
find . -type f \( -name ".gitmodules" -o -name "*.json" \) | xargs grep -l "client-ci\|sync" 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 52

🏁 Script executed:

# Look for any CI configuration that might explain the "DO NOT EDIT" comment
cat .github/workflows/sync.yaml 2>/dev/null || echo "No sync.yaml or cannot read"

Repository: vdaas/vald-client-python

Length of output: 1034

🏁 Script executed:

# Check if actions/checkout is pinned properly (good practice indicator)
rg "actions/checkout" .github/workflows/

Repository: vdaas/vald-client-python

Length of output: 128

🏁 Script executed:

# Search web for information about vald-dev-container nightly tag
web_search
ghcr.io vdaas vald-dev-container nightly digest pinning

Repository: vdaas/vald-client-python

Length of output: 164

🌐 Web query:

vdaas vald-dev-container nightly image digest pinning GitHub Actions

💡 Result:

The vdaas/vald-dev-container is a nightly-built Docker image used for development containers (devcontainers) in the Vald project (github.com/vdaas/vald). It is built via GitHub Actions workflow .github/workflows/dockers-dev-container-image.yaml on pushes to main (nightly tag) and PRs (pr-XXXX tags). Images are published to Docker Hub (hub.docker.com/r/vdaas/vald-dev-container) and GHCR. No evidence of digest pinning (e.g., image:tag@sha256:digest) in workflows or devcontainer.json for this image or its base images. Workflows use tag references like :nightly or :pr-XXXX. Docker Hub lists digests (e.g., sha256:8d544902cc0a for pr-3493), but they are not pinned in configs. General pinning best practices apply (e.g., result 2 recommends digest pinning for security), but Vald workflows do not implement it for vald-dev-container. Devcontainer.json likely references "vdaas/vald-dev-container:nightly" by tag.

Citations:

Coordinate with vdaas/vald-client-ci to pin container image by digest.

Line 28 uses :nightly, a mutable tag that rebuilds daily and can cause non-deterministic E2E results. However, this file is marked "DO NOT EDIT" and auto-synced from vdaas/vald-client-ci. The fix should be coordinated at the source (vdaas/vald-client-ci level) or the nightly build process should support stable digest references. Pinning locally may be overwritten on next sync.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yaml at line 28, The workflow currently references a
mutable image tag "ghcr.io/vdaas/vald/vald-dev-container:nightly" in
.github/workflows/e2e.yaml which is auto-synced and should not be edited
locally; coordinate with the vdaas/vald-client-ci maintainers to publish and
expose an immutable digest (or a stable digest-tag pair) for vald-dev-container
and update the source pipeline to emit that digest so the synced file can
reference "ghcr.io/vdaas/vald/vald-dev-container@sha256:..." instead of
:nightly; alternatively adjust the nightly build process in vdaas/vald-client-ci
to also publish a pinned digest reference that the sync can consume.

options: "--add-host host.docker.internal:host-gateway"
steps:
- uses: actions/checkout@v3
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify no deprecated checkout major versions remain in workflows.
rg -nP 'uses:\s*actions/checkout@v[123]\b' .github/workflows

Repository: vdaas/vald-client-python

Length of output: 131

🌐 Web query:

GitHub Actions checkout v3 deprecated support 2025

💡 Result:

actions/checkout@v3 is not formally deprecated or scheduled for support end in 2025. It uses Node 16 runtime, which reached end-of-life in GitHub Actions runners on November 12, 2024. Using v3 now produces deprecation warnings due to Node 16, and workflows may fail if runners no longer support it post-EOL. Official docs and changelog recommend upgrading to v4 (Node 20), v5 (Node 24), or latest v6 for continued support and security updates. No specific 2025 cutoff for v3 is announced; older major versions receive security fixes indefinitely per GitHub policy. Upgrade to actions/checkout@v6 (latest as of 2026-01-09) to avoid issues.

Citations:

🏁 Script executed:

#!/bin/bash
# Examine the full e2e.yaml workflow to verify claims in scratchpad
head -50 .github/workflows/e2e.yaml | cat -n

Repository: vdaas/vald-client-python

Length of output: 1370

🏁 Script executed:

#!/bin/bash
# Check all GitHub workflow files for action versions and permissions
echo "=== Checking for permissions block in e2e.yaml ==="
grep -n "permissions:" .github/workflows/e2e.yaml || echo "No permissions block found"

echo -e "\n=== Full workflow structure (first 40 lines) ==="
cat -n .github/workflows/e2e.yaml | head -40

Repository: vdaas/vald-client-python

Length of output: 1498

Upgrade actions/checkout to a supported version.

Line 31 uses actions/checkout@v3, which relies on Node 16. GitHub Actions sunset Node 16 support on November 12, 2024, and official guidance recommends upgrading to v4 or later. Using v3 may produce deprecation warnings and eventually fail on current runners. Upgrade to v4 or the latest v6 for ongoing compatibility and security patches.

Proposed fix 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
🧰 Tools
🪛 actionlint (1.7.12)

[error] 31-31: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yaml at line 31, Update the checkout action version
used in the workflow: replace the reference to actions/checkout@v3 with a
supported release (e.g., actions/checkout@v4 or the latest v6) to avoid Node 16
deprecation issues; edit the workflow step that currently lists "uses:
actions/checkout@v3", update the tag to v4 or v6, run the workflow locally or in
a branch to confirm no breaking changes, and pin to the chosen major version
(not a full SHA) for continued compatibility.

- uses: vdaas/vald-client-ci/.github/actions/e2e@main
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, locate and examine the e2e.yaml workflow file
find . -path "./.github/workflows/e2e.yaml" -type f | head -1

Repository: vdaas/vald-client-python

Length of output: 96

🏁 Script executed:

# Read the file content around line 32 to verify the issue
cat -n .github/workflows/e2e.yaml | sed -n '20,45p'

Repository: vdaas/vald-client-python

Length of output: 577

🏁 Script executed:

# Check all action usages in the file to see the overall pattern
rg 'uses:' .github/workflows/e2e.yaml -n

Repository: vdaas/vald-client-python

Length of output: 167

Pin the reusable action to an immutable commit SHA, not @main.

The reference to vdaas/vald-client-ci/.github/actions/e2e@main at line 32 tracks a mutable branch, compromising reproducibility and CI/CD supply-chain integrity. Pin to a specific commit SHA to ensure deterministic behavior across runs and maintain the security posture aligned with Vald's coding standards.

Compare with line 31 (actions/checkout@v3), which correctly uses a pinned version.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yaml at line 32, The workflow is pinning the reusable
action to a mutable ref "vdaas/vald-client-ci/.github/actions/e2e@main"; replace
that with an immutable commit SHA (e.g.,
"vdaas/vald-client-ci/.github/actions/e2e@<commit-sha>") so the action is fixed
to a specific commit; update the reference string in the workflow line that
currently contains vdaas/vald-client-ci/.github/actions/e2e@main to use the
exact commit SHA from the upstream repo and commit the change.

with:
client_type: python
image_tag: pr-3448
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's examine the e2e.yaml workflow file
cat -n .github/workflows/e2e.yaml | head -50

Repository: vdaas/vald-client-python

Length of output: 1370

🏁 Script executed:

# Also check if there are other workflows that manage image tags
fd -t f '\.yaml$' .github/workflows/ | head -20

Repository: vdaas/vald-client-python

Length of output: 231

🏁 Script executed:

# Search for how image tags are typically managed in workflows
rg "image_tag" .github/workflows/ -A 2 -B 2

Repository: vdaas/vald-client-python

Length of output: 221

🏁 Script executed:

# Check for any documentation or comments about image tags
rg "VALD_IMAGE_TAG|pr-3448" --type yaml --type md

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Look at other workflows to see how they reference images
rg "image:" .github/workflows/ -B 1 -A 1

Repository: vdaas/vald-client-python

Length of output: 284

🏁 Script executed:

# Check if there's any GitHub vars definition or similar patterns
find .github -name "*.yml" -o -name "*.yaml" | xargs grep -l "vars\." 2>/dev/null | head -10

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check git history or comments around this file
git log -p --all -S "pr-3448" -- ".github/workflows/e2e.yaml" 2>/dev/null | head -100 || echo "No git history available"

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check if there are any GitHub Actions secrets or variables referenced elsewhere
rg "secrets\.|vars\." .github/workflows/ -o

Repository: vdaas/vald-client-python

Length of output: 448

🏁 Script executed:

# Look at the reusable action being called to understand image_tag parameter
# First, find if there's documentation about this action
rg "vald-client-ci|e2e" .github -B 2 -A 2

Repository: vdaas/vald-client-python

Length of output: 2054

🏁 Script executed:

# Check if there's any README or documentation about image tags
cat README.md 2>/dev/null | head -100 || echo "No README in root"

Repository: vdaas/vald-client-python

Length of output: 2191

🏁 Script executed:

# Look for any configuration or environment-related files
ls -la .github/ | grep -v "^d"

Repository: vdaas/vald-client-python

Length of output: 143

🏁 Script executed:

# Check if this file is auto-generated or synced (the "DO NOT EDIT" comment)
head -20 .github/workflows/e2e.yaml

Repository: vdaas/vald-client-python

Length of output: 741

🏁 Script executed:

# Look for any sync configuration or references to vald-client-ci
cat .github/dependabot-cli.yaml

Repository: vdaas/vald-client-python

Length of output: 316

🏁 Script executed:

# Check if there's any documentation about workflow management
find . -name "*.md" -type f | xargs grep -l "workflow\|e2e" 2>/dev/null | head -5

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Verify the actual hardcoded value and understand the context better
grep -n "pr-3448" .github/workflows/e2e.yaml

Repository: vdaas/vald-client-python

Length of output: 99

🏁 Script executed:

# Check the full context of the e2e.yaml workflow to understand intent
cat -n .github/workflows/e2e.yaml

Repository: vdaas/vald-client-python

Length of output: 1370

🏁 Script executed:

# Look for any recent changes or comments about pr-3448
git log --all --oneline -- ".github/workflows/e2e.yaml" 2>/dev/null | head -20 || echo "No git log"

Repository: vdaas/vald-client-python

Length of output: 212

🏁 Script executed:

# Check if there's a .syncpackage or similar file indicating syncing
find .github -type f -name "*sync*" -o -name "*template*" 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 95

🏁 Script executed:

# Check the sync.yaml to understand how workflows are synced
cat .github/workflows/sync.yaml

Repository: vdaas/vald-client-python

Length of output: 1034

🏁 Script executed:

# Look at the git commit that introduced pr-3448 to understand context
git show fe93834 --stat 2>/dev/null | head -30 || echo "No commit details"

Repository: vdaas/vald-client-python

Length of output: 1669

🏁 Script executed:

# Check if vars are used anywhere in GitHub Actions contexts
rg "\$\{\{" .github/workflows/ | head -20

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check the vald-client-ci repository or documentation about how image_tag is managed
# First, let's see if there's any issue tracker or documentation
find . -name "*.md" -type f -exec grep -l "image_tag\|pr-3448" {} \; 2>/dev/null

Repository: vdaas/vald-client-python

Length of output: 50

🏁 Script executed:

# Check what the e2e action expects and if it supports variable interpolation
# Since we can't access the external repo, let's check if there are any env vars or workflow_call inputs
grep -r "workflow_call\|inputs:" .github/workflows/ 2>/dev/null || echo "No workflow_call found"

Repository: vdaas/vald-client-python

Length of output: 90

🏁 Script executed:

# Verify the current status: is pr-3448 a stable, maintained tag or a temporary one?
# Check container registries info if available in docs
rg "ghcr.io|vald.*image" --type md -A 2 -B 2

Repository: vdaas/vald-client-python

Length of output: 50

Hardcoded PR-scoped image tags should be replaced with configurable values.

Line 35 uses image_tag: pr-3448, which creates brittle E2E testing if that tag is rotated or removed. Note that this file is auto-synced from vdaas/vald-client-ci (indicated by the "DO NOT EDIT" header and the sync.yaml workflow), so the fix should be applied at the source repository level to ensure it survives the next sync. Consider updating the e2e action or workflow template to use a configurable variable (e.g., ${{ vars.VALD_IMAGE_TAG || 'nightly' }}) or default to a stable tag like nightly instead.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yaml at line 35, The workflow uses a hardcoded image
tag value (image_tag: pr-3448) which is brittle; update the e2e
workflow/template in the source repo (vdaas/vald-client-ci) so image_tag is
configurable and has a sensible default (for example use a variable like
VALD_IMAGE_TAG with fallback to 'nightly' or another stable tag), and propagate
that change into the e2e action or workflow template so the generated
.github/workflows/e2e.yaml receives image_tag from the variable rather than a
fixed literal.

5 changes: 3 additions & 2 deletions src/tests/test_e2e.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ def __init__(self, *args, **kwargs):
self.data = json.load(open("wordvecs1000.json", "r"))

def setUp(self):
options = [("grpc.keepalive_time_ms", 10000),
("grpc.keepalive_timeout_ms", 5000),
options = [("grpc.keepalive_time_ms", 1200000),
("grpc.keepalive_timeout_ms", 20000),
("grpc.keepalive_permit_without_calls", 0),
("grpc.client_channel_backup_poll_interval_ms", 100)]
self.channel = grpc.insecure_channel(
target="localhost:8081", options=options)
Expand Down
Loading