Skip to content

sync: upstream v0.9.0-rc2#258

Merged
zdtsw merged 5 commits into
opendatahub-io:mainfrom
zdtsw-forking:sync/upstream-0.8.0-rc2
Jun 17, 2026
Merged

sync: upstream v0.9.0-rc2#258
zdtsw merged 5 commits into
opendatahub-io:mainfrom
zdtsw-forking:sync/upstream-0.8.0-rc2

Conversation

@zdtsw

@zdtsw zdtsw commented Jun 17, 2026

Copy link
Copy Markdown
Member

last batch of commits in upstream llm-d-router v0.9.0-rc.2

Summary by CodeRabbit

Release Notes

  • Configuration

    • Updated deployment manifests with pinned container image versions: vLLM v0.21.0 and sglang v0.5.12 for improved stability
  • Improvements

    • Build artifacts now include commit SHA in image tags for unique and immutable identification

gyliu513 and others added 5 commits June 16, 2026 05:54
* Pin :latest image tags and enable strict presubmit check

Pin GPU manifest images to specific versions (vllm/vllm-openai:v0.21.0,
lmsysorg/sglang:v0.5.12) so the check-latest-tags script passes in
strict mode.

Flip the presubmit target from check-latest-tags (warn-only) to
check-latest-tags-strict so :latest regressions block merge.

Fix the grep pattern in check-latest-tags.sh to also detect an image:
key at column 0 in YAML files, where the previous pattern required
leading whitespace.

Resolves llm-d#1568

Signed-off-by: Jonathan Wrede <wrede.jonathan00@gmail.com>

* Allow :latest for llm-d-owned images in tag check

External images are pinned because llm-d does not control their release
cadence, and unannounced API or behavior changes there have repeatedly
broken PR CI. Images owned by the llm-d project track :latest on main so
cross-component regressions surface in normal PR runs rather than later.
The check now fails only on :latest for external images and skips images
under ghcr.io/llm-d and quay.io/llm-d.

Signed-off-by: Jonathan Wrede <wrede.jonathan00@gmail.com>

---------

Signed-off-by: Jonathan Wrede <wrede.jonathan00@gmail.com>
Signed-off-by: llm-d-router-release-notes[bot] <287676111+llm-d-router-release-notes[bot]@users.noreply.github.com>
Co-authored-by: llm-d-router-release-notes[bot] <287676111+llm-d-router-release-notes[bot]@users.noreply.github.com>
…#1675)

* release: configure and pass LATENCY_PREDICTOR_TAG via Makefile

Signed-off-by: Cong Liu <conliu@google.com>

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Cong Liu <conliu@google.com>

---------

Signed-off-by: Cong Liu <conliu@google.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

The PR pins external container images (vllm/vllm-openai:v0.21.0, lmsysorg/sglang:v0.5.12) in all vllm and sglang Kubernetes manifests, replacing floating :latest tags. scripts/check-latest-tags.sh gains an OWNED_IMAGE_RE allowlist that exempts llm-d-owned registries, with the Makefile presubmit target switching to check-latest-tags-strict. A new LATENCY_PREDICTOR_TAG Makefile variable (derived from EXTRA_TAG or BUILD_REF) is threaded into hack/push-chart.sh. OpenTelemetry span attribute keys are uniformly renamed from llm_d.* to llm_d.epp.* across the producer, disagg profile handler, pd profile handler, and prefix-cache scorer. The release issue template is rewritten to use VERSION/BRANCH_VERSION variables with an LLM-assisted release-notes workflow. A release note documents commit-SHA image tagging.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
No Injection Vectors ⚠️ Warning The Makefile helm-push target contains CWE-78 (shell injection): CHART=$(CHART) is unquoted while passed to ./hack/push-chart.sh. Additionally, .github/ISSUE_TEMPLATE/new-release.md instructs sendi... Quote CHART as "$(CHART)" in Makefile line 352. Remove LLM instruction or require sanitization of sensitive/embargoed content before external service use.
✅ Passed checks (9 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title "sync: upstream v0.9.0-rc2" accurately describes the primary change—syncing upstream commits for version 0.9.0-rc2—and is clear, concise, and specific.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection ✅ Passed PR is legitimate upstream sync (v0.9.0-rc.2) from llm-d-router by coherent author. Broad scope (14 files, telemetry, config, release automation) without templated/auto-generated patterns. Real secu...
No Hardcoded Secrets ✅ Passed No hardcoded secrets found in any of the 13 changed files. All sensitive data references use proper Kubernetes secret references via secretKeyRef instead of inline credentials.
No Weak Cryptography ✅ Passed PR introduces no banned cryptographic primitives (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or insecure secret comparisons. Changes are telemetry normalization, CI/C...
No Privileged Containers ✅ Passed No privileged containers detected. All modified Kubernetes manifests contain only image tag updates. No privileged: true, hostPID, hostNetwork, hostIPC, runAsUser: 0, allowPrivilegeEscalation: true...
No Sensitive Data In Logs ✅ Passed All logging changes use structured telemetry attributes with safe values: request IDs (Envoy-generated UUIDs), model names, and numeric metrics. No passwords, tokens, API keys, PII, or raw request/...

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/ISSUE_TEMPLATE/new-release.md:
- Around line 114-124: The release template in the new-release.md issue template
instructs contributors to send unreleased and potentially embargoed release
notes to external third-party LLM services (Gemini, Copilot, ChatGPT), creating
a data exposure vulnerability. Remove or replace the instruction block (the
numbered list item mentioning "Summarize the release notes using an LLM of your
choice") with a safer alternative that either omits the LLM summarization step
entirely, restricts it to only already-published content, or recommends using
internal tools only. This prevents sensitive pre-release information from being
transmitted to external services before official publication.

In `@Makefile`:
- Line 352: The CHART variable in the helm-push target is unquoted when
interpolated into the shell command passed to hack/push-chart.sh, creating a
shell injection vulnerability. Quote the CHART variable assignment using double
quotes (similar to how other variables like HELM and YQ are already quoted in
the same line) to prevent shell metacharacters from being interpreted as
commands.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0e71baf0-b06d-4d61-b6cc-3f8467b62e7d

📥 Commits

Reviewing files that changed from the base of the PR and between 4e12850 and 33eb8c8.

📒 Files selected for processing (13)
  • .github/ISSUE_TEMPLATE/new-release.md
  • Makefile
  • config/manifests/sglang/gpu-deployment.yaml
  • config/manifests/vllm/gpu-deployment.yaml
  • config/manifests/vllm/gpu-grpc-deployment.yaml
  • config/manifests/vllm/gpu-multilora-deployment.yaml
  • config/manifests/vllm/gpu-prefix-cache-deployment.yaml
  • pkg/epp/framework/plugins/requestcontrol/dataproducer/preciseprefixcache/producer.go
  • pkg/epp/framework/plugins/scheduling/profilehandler/disagg/disagg_profile_handler.go
  • pkg/epp/framework/plugins/scheduling/profilehandler/disagg/pd_profile_handler.go
  • pkg/epp/framework/plugins/scheduling/scorer/preciseprefixcache/precise_prefix_cache.go
  • release-notes.d/unreleased/1657.md
  • scripts/check-latest-tags.sh

Comment on lines +114 to 124
1. Summarize the release notes using an LLM of your choice (e.g., Gemini, Copilot, ChatGPT). Provide the newly compiled release notes block from `RELEASE-NOTES.md` (or the unreleased fragments in `release-notes.d/unreleased/`) with the following prompt:

```text
Please summarize these release notes into three clear sections:
1. Highlights (key features, performance wins, bug fixes)
2. Upgrade Steps & Deprecations (configuration changes, deprecated flags/metrics)
3. Known Issues (if any, otherwise omit)
```

Review the generated content, edit it if necessary to ensure accuracy, and then copy and prepend this summary at the very top of the release description box on GitHub.
1. If this is a release candidate, select the "This is a pre-release" checkbox.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Release template instructs external LLM use on unreleased notes, creating data-exposure risk (CWE-200).

This workflow can disclose embargoed/security-sensitive release content to third-party services before publication.

Patch
-    1. Summarize the release notes using an LLM of your choice (e.g., Gemini, Copilot, ChatGPT). Provide the newly compiled release notes block from `RELEASE-NOTES.md` (or the unreleased fragments in `release-notes.d/unreleased/`) with the following prompt:
+    1. Summarize release notes only after removing confidential/embargoed/security-sensitive details. Prefer approved internal tooling; do not paste unreleased sensitive content into third-party LLM services.
+       Use the following prompt with sanitized content:

As per coding guidelines, "**/.github/**: ... controls CI/CD, code review ownership, and repository behavior. Changes here have outsized security impact."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/ISSUE_TEMPLATE/new-release.md around lines 114 - 124, The release
template in the new-release.md issue template instructs contributors to send
unreleased and potentially embargoed release notes to external third-party LLM
services (Gemini, Copilot, ChatGPT), creating a data exposure vulnerability.
Remove or replace the instruction block (the numbered list item mentioning
"Summarize the release notes using an LLM of your choice") with a safer
alternative that either omits the LLM summarization step entirely, restricts it
to only already-published content, or recommends using internal tools only. This
prevents sensitive pre-release information from being transmitted to external
services before official publication.

Source: Coding guidelines

Comment thread Makefile
helm-push: yq helm-install ## Package and push a specified Helm chart. Usage: make helm-push CHART=<chart_name>
@if [ -z "$(CHART)" ]; then echo "Error: CHART variable is required (e.g. CHART=llm-d-router-standalone)"; exit 1; fi
CHART=$(CHART) EXTRA_TAG="$(EXTRA_TAG)" CHART_SUFFIX="$(CHART_SUFFIX)" EPP_RELEASE_IMAGE_REPOSITORY="$(EPP_RELEASE_IMAGE_REPOSITORY)" YQ="$(YQ)" HELM="$(HELM)" ./hack/push-chart.sh
CHART=$(CHART) EXTRA_TAG="$(EXTRA_TAG)" CHART_SUFFIX="$(CHART_SUFFIX)" EPP_RELEASE_IMAGE_REPOSITORY="$(EPP_RELEASE_IMAGE_REPOSITORY)" LATENCY_PREDICTOR_TAG="$(LATENCY_PREDICTOR_TAG)" YQ="$(YQ)" HELM="$(HELM)" ./hack/push-chart.sh

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Unquoted CHART in helm-push enables shell injection (CWE-78).

CHART=$(CHART) is unquoted while interpolated into a shell command line. A crafted value like make helm-push CHART='x; touch /tmp/pwned #' can execute unintended commands in release environments.

Patch
-	CHART=$(CHART) EXTRA_TAG="$(EXTRA_TAG)" CHART_SUFFIX="$(CHART_SUFFIX)" EPP_RELEASE_IMAGE_REPOSITORY="$(EPP_RELEASE_IMAGE_REPOSITORY)" LATENCY_PREDICTOR_TAG="$(LATENCY_PREDICTOR_TAG)" YQ="$(YQ)" HELM="$(HELM)" ./hack/push-chart.sh
+	CHART="$(CHART)" EXTRA_TAG="$(EXTRA_TAG)" CHART_SUFFIX="$(CHART_SUFFIX)" EPP_RELEASE_IMAGE_REPOSITORY="$(EPP_RELEASE_IMAGE_REPOSITORY)" LATENCY_PREDICTOR_TAG="$(LATENCY_PREDICTOR_TAG)" YQ="$(YQ)" HELM="$(HELM)" ./hack/push-chart.sh

As per coding guidelines, "**/Makefile: ... Quote shell variables in targets".

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` at line 352, The CHART variable in the helm-push target is unquoted
when interpolated into the shell command passed to hack/push-chart.sh, creating
a shell injection vulnerability. Quote the CHART variable assignment using
double quotes (similar to how other variables like HELM and YQ are already
quoted in the same line) to prevent shell metacharacters from being interpreted
as commands.

Source: Coding guidelines

@zdtsw zdtsw mentioned this pull request Jun 17, 2026
@zdtsw zdtsw merged commit 8247e5a into opendatahub-io:main Jun 17, 2026
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants