chore: sync downstream changes to midstream main

[nathan-weinberg]

Summary by CodeRabbit

• Chores
  • Added automated pre-commit checks in CI with caching and strict cleanliness enforcement.
  • Updated container build workflow to use the new distribution path.
• Refactor
  • Migrated references from the previous “redhat-distribution” location to “distribution” across build assets and tooling.
• Dependency Updates
  • Upgraded core components (e.g., llama-stack to 0.2.18) and tightened minimums (e.g., mcp).
• Documentation
  • Updated README instructions to reflect the new distribution paths and commands.
• Build
  • Revised container entrypoint and configuration to align with the updated distribution structure.

[coderabbitai]

Walkthrough

Adds a pre-commit GitHub Actions workflow and a repository-level pre-commit config. Migrates Red Hat distribution assets from redhat-distribution/ to distribution/, updates README references, bumps llama-stack to 0.2.18, adjusts Containerfile entrypoint to llama_stack.core.server.server, introduces distribution/build.yaml, and updates build script/paths. Removes redhat-distribution/build.yaml.

Changes

Cohort / File(s)	Summary
CI Workflows .github/workflows/pre-commit.yml, .github/workflows/redhat-distro-container-build.yml	New “Pre-commit” workflow runs on push/PR, sets up Python 3.11, executes pre-commit, and asserts a clean git state. Container build workflow now uses distribution/Containerfile instead of redhat-distribution/Containerfile.
Pre-commit Configuration .pre-commit-config.yaml	Adds repo-wide pre-commit with standard hooks, ruff/ruff-format, and a local “Distribution Build” hook running distribution/build.py; specifies Python 3.12 and global exclusions.
Distribution Build System distribution/build.py, distribution/build.yaml, distribution/Containerfile, distribution/Containerfile.in	Introduces distribution/build.yaml. Updates build script to new paths, prints stderr on failure, and bumps llama-stack to 0.2.18. Containerfiles copy from distribution/, set mcp>=1.8.1, and switch entrypoint to llama_stack.core.server.server with positional /opt/app-root/run.yaml.
Docs Update README.md	Updates commands and paths from redhat-distribution/... to distribution/....
Legacy Removal redhat-distribution/build.yaml	Removes old Red Hat distribution build spec; superseded by distribution/build.yaml.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor User as Container Runtime
    participant Img as Container Image
    participant App as Llama Stack Server

    rect rgb(235, 245, 255)
    note over Img: Previous flow (removed)
    User->>Img: Run image
    Img->>App: python -m llama_stack.distribution.server.server --config /opt/app-root/run.yaml
    App-->>User: Start server
    end

    rect rgb(235, 255, 235)
    note over Img: New flow
    User->>Img: Run image
    Img->>App: python -m llama_stack.core.server.server /opt/app-root/run.yaml
    App-->>User: Start server
    end

Loading

sequenceDiagram
    autonumber
    actor GH as GitHub
    participant Runner as ubuntu-latest
    participant PreC as pre-commit
    participant Git as git

    GH->>Runner: Trigger workflow (push to main / PR)
    Runner->>Runner: Setup Python 3.11 + cache
    Runner->>PreC: Run pre-commit (ruff + hooks)
    PreC-->>Runner: Exit with status
    Runner->>Git: git diff --exit-code
    Git-->>Runner: Clean or dirty
    Runner->>Git: git ls-files --others --exclude-standard
    Git-->>Runner: Untracked files?
    alt Any changes detected
        Runner-->>GH: Fail job with instructions
    else Clean
        Runner-->>GH: Success
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I nudge my nose at tidy commits,
Hooks hop quick—no messy bits.
New paths bloom where “distribution” grows,
A core server wakes, and cleanly flows.
Llama stacks rise, versions gleam—
Thump-thump! I ship this polished dream. 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (6)

.github/workflows/redhat-distro-container-build.yml (1)

49-58: Optional: add BuildKit cache and SBOM/provenance to speed builds and improve supply-chain posture.
Small tweak to docker/build-push-action.

Apply this diff inside the build-push step:

       uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
       with:
         context: .
         file: distribution/Containerfile
         platforms: ${{ matrix.platform }}
         push: ${{ github.event_name == 'push' }}
         tags: ${{ env.IMAGE_NAME }}:${{ github.sha }},${{ env.IMAGE_NAME }}:latest
+        cache-from: type=gha,scope=llama-stack-distro
+        cache-to: type=gha,mode=max,scope=llama-stack-distro
+        provenance: mode=max
+        sbom: true

README.md (1)

38-39: Make example image tag consistent with CI.
CI uses :latest and :${sha}. Consider mirroring that in the example.

-podman build --platform linux/amd64 -f distribution/Containerfile -t rh .
+podman build --platform linux/amd64 -f distribution/Containerfile -t quay.io/opendatahub/llama-stack:latest .

distribution/Containerfile (2)

20-20: Consider pinning or using a constraints/lock for reproducibility.
Most packages are unpinned; a constraints.txt (or --require-hashes) would reduce drift.

---

45-46: Avoid relying on APP_ROOT env being pre-set in base image.
Use an absolute path to prevent COPY failures if APP_ROOT isn’t defined.

-COPY distribution/run.yaml ${APP_ROOT}/run.yaml
+COPY distribution/run.yaml /opt/app-root/run.yaml

distribution/build.yaml (1)

31-33: Pin additional_pip_packages to versions.
Prevents silent upgrades breaking generated deps.

distribution/Containerfile.in (1)

8-9: Use absolute path to avoid template/env coupling.
Same rationale as the generated Containerfile.

-COPY distribution/run.yaml ${{APP_ROOT}}/run.yaml
+COPY distribution/run.yaml /opt/app-root/run.yaml

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5061e56 and 4442b05.

📒 Files selected for processing (9)

• .github/workflows/pre-commit.yml (1 hunks)
• .github/workflows/redhat-distro-container-build.yml (1 hunks)
• .pre-commit-config.yaml (1 hunks)
• README.md (3 hunks)
• distribution/Containerfile (3 hunks)
• distribution/Containerfile.in (1 hunks)
• distribution/build.py (5 hunks)
• distribution/build.yaml (1 hunks)
• redhat-distribution/build.yaml (0 hunks)

💤 Files with no reviewable changes (1)

• redhat-distribution/build.yaml

🔇 Additional comments (23)

.github/workflows/redhat-distro-container-build.yml (2)

54-54: Path switch to distribution/Containerfile looks good.
Matches the repo-wide migration away from redhat-distribution.

---

57-58: Verify tag strategy aligns with README and downstream expectations.
Workflow pushes :latest and :${sha}, while README shows a different tag. Align to prevent confusion.

README.md (2)

18-19: LGTM on switching generation command to distribution/build.py.
Consistent with the new layout.

---

28-29: LGTM on template path update.

distribution/Containerfile (2)

43-43: Bump to llama-stack==0.2.18 looks correct.
Matches the entrypoint change to core.server.server.

---

48-48: Confirm positional config arg with 0.2.18.
Ensure llama_stack.core.server.server loads /opt/app-root/run.yaml when passed positionally (no --config).

distribution/build.yaml (1)

36-36: external_providers_dir path looks correct.
Matches COPY in the Containerfile.

distribution/Containerfile.in (2)

6-6: LGTM on llama-stack==0.2.18.

---

11-11: Confirm entrypoint arg semantics for 0.2.18.
Validate that passing run.yaml positionally is the intended interface.

distribution/build.py (9)

8-8: Path reference updated correctly.

The usage comment accurately reflects the new path structure after migrating from redhat-distribution/ to distribution/.

---

62-62: Path updated correctly for distribution migration.

The build configuration path has been appropriately changed from redhat-distribution/build.yaml to distribution/build.yaml, consistent with the project's migration from the redhat-distribution directory structure.

---

64-66: Good formatting improvement.

The multiline subprocess call formatting improves readability while maintaining the same functionality.

---

79-81: Enhanced package sorting logic.

The improved package sorting with deduplication using sorted(set(...)) is a good enhancement that ensures consistent and clean dependency listings.

---

111-111: Enhanced error reporting.

Adding stderr output to the exception handler provides better debugging information when subprocess calls fail.

---

117-118: Template and output paths updated correctly.

Both the template input path (distribution/Containerfile.in) and output path (distribution/Containerfile) have been properly updated to reflect the new directory structure.

---

129-129: Generated file attribution updated.

The warning banner correctly references the new script location at distribution/build.py instead of the old redhat-distribution/build.py path.

---

132-134: Formatting consistency maintained.

The containerfile content generation logic maintains proper formatting with the rstrip() call to ensure clean output.

---

16-16: Confirmed llama-stack==0.2.18 is published on PyPI. The version bump from 0.2.14 to 0.2.18 is valid.

.github/workflows/pre-commit.yml (1)

1-46: Well-configured pre-commit CI workflow.

The workflow follows GitHub Actions best practices with:

• Pinned action versions with commit hashes for security
• Proper concurrency controls to prevent resource conflicts
• Python 3.11 setup with pip caching
• Environment variables for Ruff output formatting
• Post-execution verification to ensure a clean working tree

The verification steps correctly check for both uncommitted changes and new untracked files, providing clear error messages for developers.

.pre-commit-config.yaml (4)

1-5: Standard pre-commit configuration.

The global exclude pattern and Python version setting are appropriately configured. Using Python 3.12 as the default language version is current and well-supported.

---

7-29: Comprehensive pre-commit hooks configuration.

The selection of hooks from pre-commit-hooks is well-balanced, covering essential code quality checks:

• Merge conflict detection with --assume-in-merge for Git workflow safety
• File size limits (1MB) to prevent accidental large file commits
• Branch protection via no-commit-to-branch
• YAML safety checks with --unsafe for flexibility
• Security via private key detection
• Formatting consistency for line endings and file structure

The exclusion of Python files from trailing-whitespace is sensible since Ruff handles Python formatting.

---

31-36: Modern Ruff integration.

Using Ruff v0.9.4 with both linting (ruff --fix) and formatting (ruff-format) provides comprehensive Python code quality enforcement. The auto-fix feature helps maintain consistent code style automatically.

---

40-49: Distribution build integration with version consistency.

The local "Distribution Build" hook correctly targets distribution/build.py and uses the same llama-stack version (0.2.18) that was updated in the build script. This ensures consistency between the pre-commit environment and the actual build process.

The hook configuration is appropriate:

• files: ^distribution/.*$ targets the right directory
• always_run: true ensures it runs even without distribution file changes
• pass_filenames: false since the script doesn't need individual filenames
• require_serial: true prevents parallel execution conflicts

[cdoern]

lgtm at first glance. thanks for changing the directory names.