Skip to content

chore: Refactor and optimize instance single api and batch api#154

Draft
kunzhao-nv wants to merge 8 commits intomainfrom
chore/instance-api-refactor
Draft

chore: Refactor and optimize instance single api and batch api#154
kunzhao-nv wants to merge 8 commits intomainfrom
chore/instance-api-refactor

Conversation

@kunzhao-nv
Copy link
Contributor

@kunzhao-nv kunzhao-nv commented Feb 20, 2026
edited
Loading

Summary

  • Extract duplicated validation logic between CreateInstanceHandler and BatchCreateInstanceHandler into a shared InstanceCreateValidator in common_instance.go
  • Shared validations include: tenant/VPC/site readiness, network interfaces, DPU extension services, network security groups, SSH key groups, OS config, InfiniBand/NVLink/DPU capabilities, and Temporal workflow request building
  • Use the Validator Service pattern: infrastructure deps (dbSession, cfg, logger) bound once on the struct, domain data flows explicitly through method params and return values — consistent with existing handler struct conventions in this codebase

@copy-pr-bot
Copy link

copy-pr-bot bot commented Feb 20, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@kunzhao-nv kunzhao-nv marked this pull request as draft February 20, 2026 21:18
@github-actions
Copy link

github-actions bot commented Feb 21, 2026

🔐 TruffleHog Secret Scan

No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

🕐 Last updated: 2026-02-21 02:19:46 UTC | Commit: a2c3a29

@github-actions
Copy link

github-actions bot commented Feb 21, 2026

🛡️ Vulnerability Scan

🚨 Found 56 vulnerability(ies)

Severity Breakdown:

  • 🔴 Critical/High: 56
  • 🟡 Medium: 0
  • 🔵 Low/Info: 0
📋 Top Vulnerabilities
  • AVD-KSV-0109: Artifact: deploy/kustomize/base/api/configmap.yaml
    Type: kubernetes
    Vulnerability AVD-KSV-0109
    Severity: HIGH
    Message: ConfigMap 'carbide-rest-api-config' in 'default' namespace stores secrets in key(s) or value(s) '{" password"}'
    Link: AVD-KSV-0109 (deploy/kustomize/base/api/configmap.yaml)
  • KSV014: Artifact: deploy/kustomize/base/api/deployment.yaml
    Type: kubernetes
    Vulnerability KSV014
    Severity: HIGH
    Message: Container 'api' of Deployment 'carbide-rest-api' should set 'securityContext.readOnlyRootFilesystem' to true
    Link: KSV014 (deploy/kustomize/base/api/deployment.yaml)
  • KSV118: Artifact: deploy/kustomize/base/api/deployment.yaml
    Type: kubernetes
    Vulnerability KSV118
    Severity: HIGH
    Message: container carbide-rest-api in default namespace is using the default security context
    Link: KSV118 (deploy/kustomize/base/api/deployment.yaml)
  • KSV118: Artifact: deploy/kustomize/base/api/deployment.yaml
    Type: kubernetes
    Vulnerability KSV118
    Severity: HIGH
    Message: deployment carbide-rest-api in default namespace is using the default security context, which allows root privileges
    Link: KSV118 (deploy/kustomize/base/api/deployment.yaml)
  • KSV014: Artifact: deploy/kustomize/base/db/job.yaml
    Type: kubernetes
    Vulnerability KSV014
    Severity: HIGH
    Message: Container 'migrations' of Job 'db' should set 'securityContext.readOnlyRootFilesystem' to true
    Link: KSV014 (deploy/kustomize/base/db/job.yaml)
  • KSV014: Artifact: deploy/kustomize/base/db/job.yaml
    Type: kubernetes
    Vulnerability KSV014
    Severity: HIGH
    Message: Container 'wait-for-postgres' of Job 'db' should set 'securityContext.readOnlyRootFilesystem' to true
    Link: KSV014 (deploy/kustomize/base/db/job.yaml)
  • KSV118: Artifact: deploy/kustomize/base/db/job.yaml
    Type: kubernetes
    Vulnerability KSV118
    Severity: HIGH
    Message: container db in default namespace is using the default security context
    Link: KSV118 (deploy/kustomize/base/db/job.yaml)
  • KSV118: Artifact: deploy/kustomize/base/db/job.yaml
    Type: kubernetes
    Vulnerability KSV118
    Severity: HIGH
    Message: container db in default namespace is using the default security context
    Link: KSV118 (deploy/kustomize/base/db/job.yaml)
  • KSV118: Artifact: deploy/kustomize/base/db/job.yaml
    Type: kubernetes
    Vulnerability KSV118
    Severity: HIGH
    Message: job db in default namespace is using the default security context, which allows root privileges
    Link: KSV118 (deploy/kustomize/base/db/job.yaml)
  • KSV014: Artifact: deploy/kustomize/base/keycloak/deployment.yaml
    Type: kubernetes
    Vulnerability KSV014
    Severity: HIGH
    Message: Container 'keycloak' of Deployment 'keycloak' should set 'securityContext.readOnlyRootFilesystem' to true
    Link: KSV014 (deploy/kustomize/base/keycloak/deployment.yaml)

💡 Note: Enable GitHub Advanced Security to see full details in the Security tab.

🕐 Last updated: 2026-02-21 02:19:48 UTC | Commit: a2c3a29

@github-actions
Copy link

github-actions bot commented Feb 21, 2026
edited
Loading

Test Results

6 949 tests  ±0   6 947 ✅ ±0   7m 3s ⏱️ ±0s
  115 suites ±0       2 💤 ±0 
   12 files   ±0       0 ❌ ±0 

Results for commit 971e456. ± Comparison against base commit a186bf8.

♻️ This comment has been updated with latest results.

@kunzhao-nv kunzhao-nv requested review from thossain-nv and removed request for thossain-nv February 25, 2026 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kunzhao-nv