Skip to content

Commit caa78be

Browse files
committed
Merge branch 'main' into feat/local-dev-passthrough-and-ui-devmode
Resolve docs conflict from the Astro/Starlight restructure (PR #120): - local-development.md: keep the PR's AI Gateway v0.5 dev-path content and additive sections; adopt main's slug-style internal links and renumber. - ui-development.md: relocate into docs/src/content/docs, add Starlight frontmatter, fix cross-links, add sidebar entry. - check-content-parity.mjs: exclude local-development.md (diverges by design).
2 parents 79bf2d0 + fef992c commit caa78be

44 files changed

Lines changed: 10665 additions & 907 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/add-to-project.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,7 @@ jobs:
1010
add-to-project:
1111
runs-on: ubuntu-latest
1212
steps:
13-
# https://github.com/actions/add-to-project/releases/tag/v1.0.2
14-
- uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e
13+
- uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0
1514
with:
1615
project-url: ${{ vars.PROJECT_BOARD_URL }}
1716
github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}

.github/workflows/build-images.yaml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,18 @@ jobs:
1818
contents: read
1919
packages: write
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
2222

2323
- name: Log in to GHCR
24-
uses: docker/login-action@v3
24+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
2525
with:
2626
registry: ${{ env.REGISTRY }}
2727
username: ${{ github.actor }}
2828
password: ${{ secrets.GITHUB_TOKEN }}
2929

3030
- name: Extract metadata
3131
id: meta
32-
uses: docker/metadata-action@v5
32+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
3333
with:
3434
images: ${{ env.IMAGE_PREFIX }}/operator
3535
tags: |
@@ -39,7 +39,7 @@ jobs:
3939
type=raw,value=latest,enable={{is_default_branch}}
4040
4141
- name: Build and push operator image
42-
uses: docker/build-push-action@v6
42+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
4343
with:
4444
context: operator/
4545
file: operator/Dockerfile
@@ -54,18 +54,18 @@ jobs:
5454
contents: read
5555
packages: write
5656
steps:
57-
- uses: actions/checkout@v4
57+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
5858

5959
- name: Log in to GHCR
60-
uses: docker/login-action@v3
60+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
6161
with:
6262
registry: ${{ env.REGISTRY }}
6363
username: ${{ github.actor }}
6464
password: ${{ secrets.GITHUB_TOKEN }}
6565

6666
- name: Extract metadata
6767
id: meta
68-
uses: docker/metadata-action@v5
68+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
6969
with:
7070
images: ${{ env.IMAGE_PREFIX }}/model-downloader
7171
tags: |
@@ -75,7 +75,7 @@ jobs:
7575
type=raw,value=latest,enable={{is_default_branch}}
7676
7777
- name: Build and push model-downloader image
78-
uses: docker/build-push-action@v6
78+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
7979
with:
8080
context: model-downloader/
8181
file: model-downloader/Dockerfile
@@ -90,18 +90,18 @@ jobs:
9090
contents: read
9191
packages: write
9292
steps:
93-
- uses: actions/checkout@v4
93+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
9494

9595
- name: Log in to GHCR
96-
uses: docker/login-action@v3
96+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
9797
with:
9898
registry: ${{ env.REGISTRY }}
9999
username: ${{ github.actor }}
100100
password: ${{ secrets.GITHUB_TOKEN }}
101101

102102
- name: Extract metadata
103103
id: meta
104-
uses: docker/metadata-action@v5
104+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
105105
with:
106106
images: ${{ env.IMAGE_PREFIX }}/key-manager
107107
tags: |
@@ -111,7 +111,7 @@ jobs:
111111
type=raw,value=latest,enable={{is_default_branch}}
112112
113113
- name: Build and push key-manager image
114-
uses: docker/build-push-action@v6
114+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
115115
with:
116116
context: .
117117
file: key-manager/Dockerfile
Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
name: Docs preview cleanup
2+
# When a PR closes (merged or not), delete the Cloudflare Pages preview
3+
# deployments for that branch. Direct Upload deploys are not tied to the git
4+
# branch lifecycle, so without this they linger after the branch is gone.
5+
on:
6+
pull_request:
7+
types: [closed]
8+
permissions:
9+
contents: read
10+
concurrency:
11+
group: docs-preview-cleanup-${{ github.event.pull_request.number }}
12+
cancel-in-progress: false
13+
env:
14+
CF_PROJECT: llm-serving-pack
15+
jobs:
16+
cleanup:
17+
# Fork PRs never get a preview (deploy is skipped, secrets unavailable),
18+
# so there is nothing to clean up for them.
19+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
20+
runs-on: ubuntu-latest
21+
steps:
22+
- name: Delete this branch's preview deployments
23+
env:
24+
CF_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
25+
CF_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
26+
BRANCH: ${{ github.event.pull_request.head.ref }}
27+
run: |
28+
set -euo pipefail
29+
base="https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/pages/projects/${CF_PROJECT}/deployments"
30+
# The Pages deployments API rejects per_page (HTTP 400) but supports
31+
# `page`, so walk pages until one comes back empty. Filtering by branch
32+
# is client-side because the API has no branch filter.
33+
ids=""
34+
page=1
35+
while [ "$page" -le 50 ]; do
36+
resp=$(curl -fsS -H "Authorization: Bearer ${CF_API_TOKEN}" "${base}?env=preview&page=${page}")
37+
count=$(printf '%s' "$resp" | jq '(.result // []) | length')
38+
[ "$count" -eq 0 ] && break
39+
match=$(printf '%s' "$resp" \
40+
| jq -r --arg b "$BRANCH" '(.result // [])[] | select((.deployment_trigger?.metadata?.branch?) == $b) | .id')
41+
[ -n "$match" ] && ids="${ids}${match}"$'\n'
42+
page=$((page + 1))
43+
done
44+
ids=$(printf '%s' "$ids" | sed '/^$/d' | sort -u)
45+
if [ -z "$ids" ]; then
46+
echo "No preview deployments found for branch '$BRANCH'."
47+
exit 0
48+
fi
49+
while IFS= read -r id; do
50+
echo "Deleting preview deployment $id (branch '$BRANCH')"
51+
curl -fsS -X DELETE -H "Authorization: Bearer ${CF_API_TOKEN}" "${base}/${id}?force=true" >/dev/null
52+
done <<< "$ids"
53+
echo "Cleaned up preview deployments for branch '$BRANCH'."
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
name: Docs preview purge (manual)
2+
# Manually delete Cloudflare Pages preview deployments. Leave `branch` empty to
3+
# purge every preview deployment (e.g. to clear orphans left by past cleanup
4+
# failures); set it to remove only one branch's previews. The per-PR job in
5+
# docs-preview-cleanup.yml handles the normal on-close case.
6+
on:
7+
workflow_dispatch:
8+
inputs:
9+
branch:
10+
description: "Branch to purge previews for. Leave empty to purge ALL preview deployments."
11+
required: false
12+
default: ""
13+
permissions:
14+
contents: read
15+
env:
16+
CF_PROJECT: llm-serving-pack
17+
jobs:
18+
purge:
19+
runs-on: ubuntu-latest
20+
steps:
21+
- name: Delete preview deployments
22+
env:
23+
CF_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
24+
CF_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
25+
BRANCH: ${{ github.event.inputs.branch }}
26+
run: |
27+
set -euo pipefail
28+
base="https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/pages/projects/${CF_PROJECT}/deployments"
29+
# The Pages deployments API rejects per_page (HTTP 400) but supports
30+
# `page`, so walk pages until one comes back empty.
31+
ids=""
32+
page=1
33+
while [ "$page" -le 50 ]; do
34+
resp=$(curl -fsS -H "Authorization: Bearer ${CF_API_TOKEN}" "${base}?env=preview&page=${page}")
35+
count=$(printf '%s' "$resp" | jq '(.result // []) | length')
36+
[ "$count" -eq 0 ] && break
37+
if [ -z "${BRANCH}" ]; then
38+
match=$(printf '%s' "$resp" | jq -r '(.result // [])[] | .id')
39+
else
40+
match=$(printf '%s' "$resp" \
41+
| jq -r --arg b "$BRANCH" '(.result // [])[] | select((.deployment_trigger?.metadata?.branch?) == $b) | .id')
42+
fi
43+
[ -n "$match" ] && ids="${ids}${match}"$'\n'
44+
page=$((page + 1))
45+
done
46+
ids=$(printf '%s' "$ids" | sed '/^$/d' | sort -u)
47+
if [ -z "$ids" ]; then
48+
echo "No preview deployments to purge (branch='${BRANCH:-<all>}')."
49+
exit 0
50+
fi
51+
echo "Purging $(printf '%s\n' "$ids" | wc -l) preview deployment(s) (branch='${BRANCH:-<all>}')."
52+
while IFS= read -r id; do
53+
echo "Deleting preview deployment $id"
54+
curl -fsS -X DELETE -H "Authorization: Bearer ${CF_API_TOKEN}" "${base}/${id}?force=true" >/dev/null
55+
done <<< "$ids"
56+
echo "Done."

.github/workflows/docs.yml

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
name: Docs
2+
on:
3+
push:
4+
branches: [main]
5+
paths: ['docs/**', 'scripts/check-links.sh', '.github/workflows/docs.yml']
6+
pull_request:
7+
paths: ['docs/**', 'scripts/check-links.sh', '.github/workflows/docs.yml']
8+
workflow_dispatch:
9+
permissions:
10+
contents: read
11+
pull-requests: write
12+
concurrency:
13+
group: docs-${{ github.ref }}
14+
cancel-in-progress: true
15+
env:
16+
PACK_SLUG: llm-serving-pack
17+
jobs:
18+
docs:
19+
runs-on: ubuntu-latest
20+
steps:
21+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
22+
with: { fetch-depth: 0 }
23+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
24+
with:
25+
node-version: '22'
26+
cache: npm
27+
cache-dependency-path: docs/package-lock.json
28+
29+
- name: Install deps
30+
working-directory: docs
31+
run: npm ci
32+
33+
- name: Install Playwright (mermaid rendering)
34+
working-directory: docs
35+
run: npx playwright install --with-deps chromium
36+
37+
- name: Unit tests
38+
working-directory: docs
39+
run: npm test
40+
41+
- name: Compute site, base, and deploy branch
42+
id: base
43+
env:
44+
HEAD_REF: ${{ github.head_ref || github.ref_name }}
45+
run: |
46+
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
47+
echo "site=https://packs.nebari.dev" >> "$GITHUB_OUTPUT"
48+
echo "base=/${PACK_SLUG}/" >> "$GITHUB_OUTPUT"
49+
echo "branch=main" >> "$GITHUB_OUTPUT"
50+
else
51+
ALIAS=$(printf '%s' "$HEAD_REF" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g')
52+
echo "site=https://${ALIAS}.${PACK_SLUG}.pages.dev" >> "$GITHUB_OUTPUT"
53+
echo "base=/" >> "$GITHUB_OUTPUT"
54+
echo "branch=${HEAD_REF}" >> "$GITHUB_OUTPUT"
55+
fi
56+
57+
- name: Build
58+
working-directory: docs
59+
env:
60+
SITE: ${{ steps.base.outputs.site }}
61+
BASE: ${{ steps.base.outputs.base }}
62+
run: npm run build
63+
64+
- name: Check internal links
65+
env:
66+
BASE: ${{ steps.base.outputs.base }}
67+
run: SKIP_BUILD=1 bash scripts/check-links.sh
68+
69+
# Fork PRs cannot read secrets; skip deploy there (build + link-check still gate).
70+
- name: Deploy to Cloudflare Pages
71+
id: deploy
72+
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
73+
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
74+
with:
75+
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
76+
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
77+
command: pages deploy docs/dist --project-name=${{ env.PACK_SLUG }} --branch=${{ steps.base.outputs.branch }}
78+
79+
- name: Comment preview URL
80+
if: ${{ github.event_name == 'pull_request' && steps.deploy.outcome == 'success' }}
81+
uses: marocchino/sticky-pull-request-comment@5770ad5eb8f42dd2c4f34da00c94c5381e49af88 # v3.0.5
82+
with:
83+
header: docs-preview
84+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
85+
message: |
86+
📄 **Docs preview** for `${{ github.event.pull_request.head.ref }}`:
87+
${{ steps.deploy.outputs.pages-deployment-alias-url }}

.github/workflows/lint.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -11,15 +11,15 @@ jobs:
1111
name: Lint operator
1212
runs-on: ubuntu-latest
1313
steps:
14-
- uses: actions/checkout@v4
14+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
1515

16-
- uses: actions/setup-go@v5
16+
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
1717
with:
1818
go-version-file: operator/go.mod
1919
cache-dependency-path: operator/go.sum
2020

2121
- name: golangci-lint
22-
uses: golangci/golangci-lint-action@v7
22+
uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0
2323
with:
2424
version: v2.4.0
2525
working-directory: operator
@@ -28,15 +28,15 @@ jobs:
2828
name: Lint key-manager
2929
runs-on: ubuntu-latest
3030
steps:
31-
- uses: actions/checkout@v4
31+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
3232

33-
- uses: actions/setup-go@v5
33+
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
3434
with:
3535
go-version-file: key-manager/go.mod
3636
cache-dependency-path: key-manager/go.sum
3737

3838
- name: golangci-lint
39-
uses: golangci/golangci-lint-action@v7
39+
uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0
4040
with:
4141
version: v2.4.0
4242
working-directory: key-manager
@@ -45,10 +45,10 @@ jobs:
4545
name: Lint Helm chart
4646
runs-on: ubuntu-latest
4747
steps:
48-
- uses: actions/checkout@v4
48+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
4949

5050
- name: Set up Helm
51-
uses: azure/setup-helm@v4
51+
uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1
5252

5353
- name: Lint chart
5454
run: helm lint charts/nebari-llm-serving/

.github/workflows/test.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,9 @@ jobs:
1111
name: Test operator
1212
runs-on: ubuntu-latest
1313
steps:
14-
- uses: actions/checkout@v4
14+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
1515

16-
- uses: actions/setup-go@v5
16+
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
1717
with:
1818
go-version-file: operator/go.mod
1919
cache-dependency-path: operator/go.sum
@@ -26,9 +26,9 @@ jobs:
2626
name: Test key-manager
2727
runs-on: ubuntu-latest
2828
steps:
29-
- uses: actions/checkout@v4
29+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
3030

31-
- uses: actions/setup-go@v5
31+
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
3232
with:
3333
go-version-file: key-manager/go.mod
3434
cache-dependency-path: key-manager/go.sum

0 commit comments

Comments
 (0)