[WIP] RHOAIENG-9707 ci: testing of container images with pytest and dagger #629

jiridanek · 2024-07-22T12:08:47Z

Rebooted in

RHOAIENG-17695: chore(ci): create a test for calling oc version in the test, which can be run with ci testing #829

This is a followup to

ci: initial implementation of top-level pytest tests #433

https://issues.redhat.com/browse/RHOAIENG-9707

Description

Example run

https://github.com/jiridanek/notebooks/actions/runs/10040438261/job/27746490803#step:9:19

Things to check or do

how this works with podman
how to test both kubernetes and docker with the same tests
how to run the notebook server and check that that works
generate test_* methods for every target in Makefile
commandline parameter to specify image to test
without parameter with image to test it can build the image as part of test

For now it uses images from

https://github.com/jiridanek/notebooks/actions/runs/10006075164/job/27658080202

and not from the current build.

How Has This Been Tested?

Merge criteria:

The commits are squashed in a cohesive manner and have meaningful messages.
Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

New Features
- Introduced new tests for validating container images and notebook execution environments using Docker and Kubernetes.
- Added utility functions for copying files and executing commands within Docker containers.
- Implemented a function to manipulate file contents for future test automation.
Documentation
- Expanded the README with a section explaining container self-tests and the use of Dagger.io and Testcontainers.
Chores
- Updated development dependencies and added new testing tools.
- Added .gitignore to exclude test log files from version control.
- Set environment variables to disable telemetry during tests.

openshift-ci · 2024-07-22T12:08:55Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from jiridanek. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Things to check or do * [ ] how this works with podman * [ ] how to test both kubernetes and docker with the same tests * [ ] how to run the notebook server and check that that works * [ ] generate test_* methods for every target in Makefile * [ ] commandline parameter to specify image to test * [ ] without parameter with image to test it can build the image as part of test For now it uses images from https://github.com/jiridanek/notebooks/actions/runs/10006075164/job/27658080202 and not from the current build.

openshift-merge-robot · 2024-12-19T15:03:40Z

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci · 2024-12-19T15:06:24Z

@jiridanek: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/runtime-rocm-tensorflow-ubi9-python-3-9-pr-image-mirror	`a0163e2`	link	true	`/test runtime-rocm-tensorflow-ubi9-python-3-9-pr-image-mirror`
ci/prow/runtime-rocm-pytorch-ubi9-python-3-9-pr-image-mirror	`a0163e2`	link	true	`/test runtime-rocm-pytorch-ubi9-python-3-9-pr-image-mirror`
ci/prow/runtimes-ubi8-e2e-tests	`a0163e2`	link	true	`/test runtimes-ubi8-e2e-tests`
ci/prow/runtime-rocm-pytorch-ubi9-python-3-11-pr-image-mirror	`4b32eb2`	link	true	`/test runtime-rocm-pytorch-ubi9-python-3-11-pr-image-mirror`
ci/prow/rstudio-notebook-e2e-tests	`4b32eb2`	link	true	`/test rstudio-notebook-e2e-tests`
ci/prow/codeserver-notebook-e2e-tests	`4b32eb2`	link	true	`/test codeserver-notebook-e2e-tests`
ci/prow/runtimes-ubi9-e2e-tests	`4b32eb2`	link	true	`/test runtimes-ubi9-e2e-tests`
ci/prow/intel-notebooks-e2e-tests	`4b32eb2`	link	true	`/test intel-notebooks-e2e-tests`
ci/prow/rocm-notebooks-e2e-tests	`4b32eb2`	link	true	`/test rocm-notebooks-e2e-tests`
ci/prow/rocm-runtimes-ubi9-e2e-tests	`4b32eb2`	link	true	`/test rocm-runtimes-ubi9-e2e-tests`
ci/prow/notebooks-ubi9-e2e-tests	`4b32eb2`	link	true	`/test notebooks-ubi9-e2e-tests`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

…lux/component-updates/component-update-odh-workbench-jupyter-trustyai-cpu-py311-ubi9-n-v2-22 Update odh-workbench-jupyter-trustyai-cpu-py311-ubi9-n-v2-22 to 269b6f1

jiridanek · 2025-06-19T06:33:24Z

@coderabbitai review

coderabbitai · 2025-06-19T06:33:30Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai · 2025-06-19T06:33:33Z

Walkthrough

The changes introduce containerized testing infrastructure using Dagger.io and Testcontainers, update development dependencies, and add new test utilities and test cases for validating container images and notebook execution. The README is updated with details about container self-tests, and new configuration files and helper scripts are added to support robust and flexible container-based test workflows.

Changes

File(s)	Change Summary
README.md	Added a section on "Container selftests" describing Dagger.io usage and container test strategies.
pyproject.toml	Updated `pytest` and `pytest-subtests` versions; added `pytest-logger`, `testcontainers`, `pyfakefs`.
tests/init.py	Added ROOT_PATH constant and environment variable setup for telemetry opt-out.
tests/conftest.py	New pytest config: sets testcontainers' ryuk_privileged and ensures cleanup at session end.
tests/docker_utils.py	New utility module for copying files and executing commands in Docker containers.
tests/logs/.gitignore	Added `.gitignore` to exclude `pytest-logs.txt` from version control.
tests/test_check_dagger.py	New tests for container image validation, notebook execution, and file block manipulation helpers.

Sequence Diagram(s)

sequenceDiagram
    participant Tester
    participant Pytest
    participant Testcontainers
    participant Docker
    participant Notebook

    Tester->>Pytest: Run tests
    Pytest->>Testcontainers: Start Docker container
    Testcontainers->>Docker: Launch container
    Pytest->>Docker: Copy test data into container
    Pytest->>Docker: Install dependencies (e.g., papermill)
    Pytest->>Docker: Execute notebook via papermill
    Docker->>Notebook: Run notebook
    Notebook-->>Docker: Execution complete
    Docker-->>Pytest: Return results
    Pytest->>Testcontainers: Stop and cleanup container

Suggested labels

lgtm, size/l, tide/merge-method-squash

Poem

In the warren where containers run,
Rabbits test with Dagger, oh what fun!
With logs ignored and notebooks spun,
Dependencies fresh, the work’s begun.
Utilities hop in, helpers appear—
Code and carrots, the future is clear!
🐇✨

✨ Finishing Touches

📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 7

🧹 Nitpick comments (5)

tests/__init__.py (1)
9-10: Fix spacing around assignment operators.

Missing spaces around the = operators in environment variable assignments.
-os.environ["DO_NOT_TRACK"]= "1"
-os.environ["NOTHANKS"]= "1"
+os.environ["DO_NOT_TRACK"] = "1"
+os.environ["NOTHANKS"] = "1"
README.md (1)
67-80: Consider refining the documentation for clarity.

The container selftests section provides good context, but the prominent TODO and uncertainty about the approach might confuse users. Consider:

Moving the TODO to a less prominent position or converting it to a GitHub issue

Providing clearer guidance on the current recommended approach

Adding examples of when each tool might be preferred
##### Container selftests

-We're using [Dagger.io](https://dagger.io) to run containers from Python tests.
+We currently support [Dagger.io](https://dagger.io) for running containers from Python tests.
 It has very nice verbose logging by default for every action that is running.

-**TODO** need to decide which is more suitable;
-ideally the tests should allow switching between Kubernetes and Docker/Podman.
-That means tying it to this fancy Dagger thing may not be the smartest thing to do.
+We are evaluating support for switching between Kubernetes and Docker/Podman environments.

 We also considered [Testcontainers.com](https://testcontainers.com/).
 The main difference between the two is that Dagger creates more abstractions over the container engine.
 Especially Dagger [does not allow bind-mounting local directories](https://docs.dagger.io/cookbook/#modify-a-copied-directory-or-remote-repository-in-a-container)
 directly to the container but always copies files in and out.
tests/docker_utils.py (2)
42-56: Consider reducing function complexity.

The container_exec function has 13 parameters, which makes it difficult to use and maintain. Consider using a configuration object or builder pattern.

However, given this is a low-level utility wrapper around Docker's exec API, the current parameter list mirrors the underlying API and may be acceptable for this use case.

114-116: Clarify or remove uncertain error handling.

The comment and exception suggest uncertainty about when this condition could occur. Either provide a clear explanation or handle this case more definitively.
-        while self.poll() is None:
-            raise RuntimeError("Hm could that really happen?")
+        # Wait for the command to complete
+        while self.poll() is None:
+            raise RuntimeError("Command execution did not complete properly")
tests/test_check_dagger.py (1)
3-6: Remove unused imports.

The os and sys modules are imported but not used in the active code.
-import os
 import pathlib
-import sys
 import logging

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 82cb2bf and 4b32eb2.

⛔ Files ignored due to path filters (1)

poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

README.md (1 hunks)
pyproject.toml (1 hunks)
tests/__init__.py (1 hunks)
tests/conftest.py (1 hunks)
tests/docker_utils.py (1 hunks)
tests/logs/.gitignore (1 hunks)
tests/test_check_dagger.py (1 hunks)

🧰 Additional context used

🪛 Ruff (0.11.9)

tests/docker_utils.py

21-21: Use a context manager for opening files

(SIM115)

tests/test_check_dagger.py

3-3: os imported but unused

Remove unused import: os

(F401)

5-5: sys imported but unused

Remove unused import: sys

(F401)

295-295: Use a context manager for opening files

(SIM115)

🪛 Pylint (3.3.7)

tests/docker_utils.py

[error] 25-25: function already defined line 23

(E0102)

[refactor] 21-21: Consider using 'with' for resource-allocating operations

(R1732)

[refactor] 42-42: Too many arguments (13/5)

(R0913)

[refactor] 42-42: Too many positional arguments (13/5)

(R0917)

tests/test_check_dagger.py

[refactor] 184-184: Redefining argument with the local name 'cmd'

(R1704)

[refactor] 295-295: Consider using 'with' for resource-allocating operations

(R1732)

🔇 Additional comments (6)

tests/__init__.py (1)

5-6: Good approach for determining project root path.

Using pathlib.Path(__file__).parent.parent is a clean and reliable way to establish the project root directory for test utilities.
pyproject.toml (1)

13-17: Verify that the dependency versions are current and secure.

The new testing dependencies look appropriate for the container testing infrastructure. Please ensure these versions are current and free from known vulnerabilities.
Are there any known security vulnerabilities in pytest 8.3.2, pytest-subtests 0.13.1, pytest-logger 1.1.1, testcontainers 4.7.2, or pyfakefs 5.6.0?
tests/logs/.gitignore (1)

1-1: Good practice for ignoring test log files.

Properly excluding pytest log files from version control is the right approach for test infrastructure.
tests/conftest.py (3)

16-18: Proper cleanup implementation.

The pytest_sessionfinish hook correctly ensures cleanup of testcontainers Reaper instances after test completion. This prevents resource leaks and follows testcontainers best practices.

1-9: Good use of type checking imports.

Using TYPE_CHECKING to conditionally import pytest types is an efficient approach that avoids runtime imports while providing proper type hints.

11-13: Consider security implications of privileged containers.

While setting ryuk_privileged = True solves SELinux issues with Podman, it grants elevated privileges to the Ryuk container. Ensure this is acceptable for your testing environment and consider documenting any security trade-offs.
What are the security implications of running testcontainers Ryuk in privileged mode?

coderabbitai · 2025-06-19T06:39:38Z

tests/docker_utils.py

+    tar = tarfile.open(fileobj=fh, mode="w:gz")
+
+    tar_filter = None
+    if user or group:
+        def tar_filter(f: tarfile.TarInfo) -> tarfile.TarInfo:
+            if user:
+                f.uid = user
+            if group:
+                f.gid = group
+            return f
+
+    logging.debug(f"Adding {src=} to archive {dst=}")
+    try:
+        tar.add(src, arcname=os.path.basename(src), filter=tar_filter)
+    finally:
+        tar.close()


🛠️ Refactor suggestion

Use context manager for tarfile resource management.

The tarfile should be properly closed using a context manager to ensure resource cleanup.

- fh = io.BytesIO() - tar = tarfile.open(fileobj=fh, mode="w:gz") + fh = io.BytesIO() + with tarfile.open(fileobj=fh, mode="w:gz") as tar: + tar_filter = None + if user or group: + def tar_filter(f: tarfile.TarInfo) -> tarfile.TarInfo: + if user: + f.uid = user + if group: + f.gid = group + return f - tar_filter = None - if user or group: - def tar_filter(f: tarfile.TarInfo) -> tarfile.TarInfo: - if user: - f.uid = user - if group: - f.gid = group - return f - - logging.debug(f"Adding {src=} to archive {dst=}") - try: - tar.add(src, arcname=os.path.basename(src), filter=tar_filter) - finally: - tar.close() + logging.debug(f"Adding {src=} to archive {dst=}") + tar.add(src, arcname=os.path.basename(src), filter=tar_filter)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

tar = tarfile.open(fileobj=fh, mode="w:gz")

tar_filter = None

if user or group:

def tar_filter(f: tarfile.TarInfo) -> tarfile.TarInfo:

if user:

f.uid = user

if group:

f.gid = group

return f

logging.debug(f"Adding {src=} to archive {dst=}")

try:

tar.add(src, arcname=os.path.basename(src), filter=tar_filter)

finally:

tar.close()

fh = io.BytesIO()

with tarfile.open(fileobj=fh, mode="w:gz") as tar:

tar_filter = None

if user or group:

def tar_filter(f: tarfile.TarInfo) -> tarfile.TarInfo:

if user:

f.uid = user

if group:

f.gid = group

return f

logging.debug(f"Adding {src=} to archive {dst=}")

tar.add(src, arcname=os.path.basename(src), filter=tar_filter)

🧰 Tools

🪛 Ruff (0.11.9)

21-21: Use a context manager for opening files

(SIM115)

🪛 Pylint (3.3.7)

[error] 25-25: function already defined line 23

(E0102)

[refactor] 21-21: Consider using 'with' for resource-allocating operations

(R1732)

🤖 Prompt for AI Agents

In tests/docker_utils.py around lines 21 to 36, the tarfile is opened and closed manually, which risks resource leaks if exceptions occur. Replace the manual open and close calls with a context manager (using the "with" statement) to automatically handle closing the tarfile resource. This ensures proper cleanup even if errors happen during the tarfile operations.

coderabbitai · 2025-06-19T06:39:38Z

tests/test_check_dagger.py

+    uid = 123456
+    gid = 0
+    test_data_dir = str(ROOT_PATH / "jupyter" / notebook_name / f"{ubi_flavor}-{python_kernel}" / "test")
+    image = "ghcr.io/jiridanek/notebooks/workbench-images:jupyter-minimal-ubi9-python-3.9-jd_helpful_error_751147cd93fed327e940670edbc99c6f44a1ac24"


🛠️ Refactor suggestion

Replace hardcoded image reference with parameterized value.

The hardcoded image name should be configurable to support testing different images and versions.

Consider adding a pytest fixture or parameter to make the image configurable:

@pytest.mark.parametrize("image", [ "ghcr.io/jiridanek/notebooks/workbench-images:jupyter-minimal-ubi9-python-3.9-jd_helpful_error_751147cd93fed327e940670edbc99c6f44a1ac24" ]) def test_something_with_papermill(image): # ... rest of the test

🤖 Prompt for AI Agents

In tests/test_check_dagger.py at line 33, the image reference is hardcoded, limiting flexibility. Refactor the test to accept the image as a parameter by adding a pytest fixture or using pytest.mark.parametrize to pass the image string. Update the test function signature to accept this parameter and replace the hardcoded image variable with the parameter value to allow testing with different images and versions.

coderabbitai · 2025-06-19T06:39:38Z

tests/test_check_dagger.py

+    #     # run_kubectl(["wait", "--for=condition=ready", "pod", "runtime-pod", "--timeout=300s"])
+    #     # LOGGER.error("Usage: make validate-runtime-image image=<container-image-name>")
+    #     # fail = False
+    image = "ghcr.io/jiridanek/notebooks/workbench-images:runtime-minimal-ubi9-python-3.9-jd_helpful_error_751147cd93fed327e940670edbc99c6f44a1ac24"


🛠️ Refactor suggestion

Replace hardcoded image reference with parameterized value.

Similar to the other test, this hardcoded image name should be configurable.

Consider using the same parameterization approach as suggested for the papermill test.

🤖 Prompt for AI Agents

In tests/test_check_dagger.py at line 178, the Docker image reference is hardcoded, which reduces flexibility. Replace the hardcoded image string with a parameter or fixture that can be configured externally or passed into the test, following the parameterization approach used in the papermill test. This will make the test more adaptable and maintainable.

coderabbitai · 2025-06-19T06:39:38Z

tests/test_check_dagger.py

+# def run_kubectl(args: list[str], check=True, background=False, stdout=None, stderr=None) -> subprocess.Popen | subprocess.CompletedProcess:
+#     return run_command([str(ROOT_PATH / 'bin/kubectl')] + args, check=check, background=background, stdout=stdout, stderr=stderr)
+#
+#
+# def run_command(args: list[str], check=True, background=False, stdout=None, stderr=None):
+#     p = subprocess.Popen(args, text=True, stdout=stdout, stderr=stderr)
+#     LOGGER.info(f"Running command: {shlex.join(args)}")
+#     if background:
+#         return p
+#     stdout, stderr = p.communicate(timeout=COMMAND_TIMEOUT)
+#     if stdout:
+#         LOGGER.debug(f"Command output: {stdout}")
+#     if check and p.returncode != 0:
+#         raise subprocess.CalledProcessError(p.returncode, shlex.join(args), stdout, stderr)
+#     return subprocess.CompletedProcess(args, p.returncode, stdout, stderr)
+
+
+# class Substring(str):
+#     # """
+#     # >>> match Substring("abrakadabra"):
+#     # ...    case "raka":  # matches
+#     # ...        pass
+#     # """
+#     __eq__ = str.__contains__
+
+# def test_jupyter_minimal_ubi9_python_3_9():
+#     test_notebook(notebook_name="jupyter-minimal-ubi9-python-3.9")
+#
+# def test_jupyter_datascience_ubi9_python_3_9():
+#     test_notebook(notebook_name="jupyter-datascience-ubi9-python-3.9")
+#
+# def test_notebook(notebook_name) -> None:
+#     notebook_name = notebook_name.replace("cuda-", "").replace(".", "-")
+#     LOGGER.info("# Running tests for $(NOTEBOOK_NAME) notebook...")
+#     # Verify the notebook's readiness by pinging the /api endpoint
+#     run_kubectl(["wait", "--for=condition=ready", "pod", "-l", f"app={notebook_name}", "--timeout=600s"])
+#     with run_kubectl(["port-forward", f"svc/{notebook_name}-notebook", "8888:8888"], background=True) as p:
+#         run_command(["curl", "--retry", "25", "--retry-delay", "1", "--retry-connrefused",
+#                      "http://localhost:8888/notebook/opendatahub/jovyan/api"])
+#         p.kill()
+#     full_notebook_name = run_kubectl(["get", "pods", "-l", f"app={notebook_name}", "-o", "custom-columns=:metadata.name"], stdout=subprocess.PIPE).stdout.strip()
+#
+#     match Substring(full_notebook_name):
+#         case "minimal-ubi9":
+#             test_with_papermill(full_notebook_name, "minimal", "ubi9", "python-3.9")
+#         case "datascience-ubi9":
+#             validate_ubi9_datascience(full_notebook_name)
+#         case "pytorch-ubi9":
+#             validate_ubi9_datascience(full_notebook_name)
+#             test_with_papermill("pytorch", "ubi9", "python-3.9")
+#         case "tensorflow-ubi9":
+#             validate_ubi9_datascience(full_notebook_name)
+#             test_with_papermill("tensorflow", "ubi9", "python-3.9")
+#         case "trustyai-ubi9":
+#             validate_ubi9_datascience(full_notebook_name)
+#             test_with_papermill("trustyai", "ubi9", "python-3.9")
+#         case "minimal-ubi8":
+#             test_with_papermill("minimal", "ubi8", "python-3.8")
+#         case "datascience-ubi8":
+#             validate_ubi8_datascience(full_notebook_name)
+#         case "trustyai-ubi8":
+#             validate_ubi8_datascience(full_notebook_name)
+#             test_with_papermill("trustyai", "ubi8", "python-3.8")
+#         case "anaconda":
+#             print("There is no test notebook implemented yet for Anaconda Notebook....")
+#         case _:
+#             print(f"No matching condition found for {full_notebook_name}.")
+
+
+# def test_with_tenacity() -> None:
+
+# NOTEBOOK_REPO_BRANCH_BASE = os.environ.get("NOTEBOOK_REPO_BRANCH_BASE") or "https://raw.githubusercontent.com/opendatahub-io/notebooks/main"
+# NOTEBOOK_REPO_BRANCH_BASE = os.environ.get("NOTEBOOK_REPO_BRANCH_BASE") or "https://raw.githubusercontent.com/jiridanek/notebooks/jd_update_nbformat"
+#
+#
+
+REQUIRED_RUNTIME_IMAGE_COMMANDS = ["curl", "python3"]
+REQUIRED_CODE_SERVER_IMAGE_COMMANDS = ["curl", "python", "oc", "code-server"]
+REQUIRED_R_STUDIO_IMAGE_COMMANDS = ["curl", "python", "oc", "/usr/lib/rstudio-server/bin/rserver"]
+
+
+#     # Function for testing a notebook with papermill
+# #   ARG 1: Notebook name
+# #   ARG 1: UBI flavor
+# #   ARG 1: Python kernel
+# def test_with_papermill(full_notebook_name, notebook_name, ubi_flavor, python_kernel):
+#     run_kubectl(['exec', full_notebook_name, '--', '/bin/sh', "-c", "python3 -m pip install papermill"])
+#     r = run_kubectl(['exec', full_notebook_name, '--', '/bin/sh', "-c",
+#                      f"wget {NOTEBOOK_REPO_BRANCH_BASE}/jupyter/{notebook_name}/{ubi_flavor}-{python_kernel}/test/test_notebook.ipynb -O test_notebook.ipynb"
+#                      f" && python3 -m papermill test_notebook.ipynb {notebook_name}_{ubi_flavor}_output.ipynb --kernel python3 --stderr-file {notebook_name}_{ubi_flavor}_error.txt"], check=False)
+#     if r.returncode != 0:
+#         LOGGER.error(f"ERROR: The {notebook_name} {ubi_flavor} notebook encountered a failure."
+#                      f" To investigate the issue, you can review the logs located in the ocp-ci cluster on 'artifacts/notebooks-e2e-tests/jupyter-$(1)-$(2)-$(3)-test-e2e' directory or run 'cat $(1)_$(2)_error.txt' within your container."
+#                      f" The make process has been aborted.")
+#         assert False
+#     else:
+#         r = run_kubectl(["exec", full_notebook_name, "--", "/bin/sh", "-c", f"cat {notebook_name}_{ubi_flavor}_error.txt | grep --quiet FAILED"], check=False)
+#         if r.returncode == 0:
+#             LOGGER.error(f"ERROR: The {notebook_name} {ubi_flavor} notebook encountered a failure. The make process has been aborted.")
+#             run_kubectl(["exec", full_notebook_name, "--", "/bin/sh", "-c", f"cat {notebook_name}_{ubi_flavor}_error.txt"])
+#             assert False
+
+
+# def validate_ubi9_datascience(full_notebook_name):
+#     test_with_papermill(full_notebook_name, "minimal", "ubi9", "python-3.9")
+#     test_with_papermill(full_notebook_name, "datascience", "ubi9", "python-3.9")
+#
+# def validate_ubi8_datascience(full_notebook_name):
+#     test_with_papermill(full_notebook_name,"minimal","ubi8","python-3.8")
+#     test_with_papermill(full_notebook_name,"datascience","ubi8","python-3.8")
+#
+@pytest.mark.parametrize("cmd", REQUIRED_RUNTIME_IMAGE_COMMANDS)
+def test_validate_runtime_image(cmd: str):
+    LOGGER.info("# Running tests for $(NOTEBOOK_NAME) runtime...")
+    #     # run_kubectl(["wait", "--for=condition=ready", "pod", "runtime-pod", "--timeout=300s"])
+    #     # LOGGER.error("Usage: make validate-runtime-image image=<container-image-name>")
+    #     # fail = False
+    image = "ghcr.io/jiridanek/notebooks/workbench-images:runtime-minimal-ubi9-python-3.9-jd_helpful_error_751147cd93fed327e940670edbc99c6f44a1ac24"
+    #     async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:
+    container = testcontainers.core.container.DockerContainer(image)
+    container.with_command("tail -f /dev/null")
+    with container.start():
+        #         c = (client.container().from_(image))
+        for cmd in REQUIRED_RUNTIME_IMAGE_COMMANDS:
+            LOGGER.info(f"=> Checking container image {image} for {cmd} command...")
+            #             # r = run_kubectl(["exec", f"runtime-pod", "which {cmd} > /dev/null 2>&1"], check=False)
+            r = docker_utils.container_exec(container.get_wrapped_container(),
+                                        cmd=["/bin/bash", "-c", f"which {cmd} > /dev/null 2>&1"],
+                                        stream=True)
+        #         # if r.returncode != 0:
+        #         #     LOGGER.error("ERROR: Container image $$image  does not meet criteria for command: $$cmd")
+        #         #     fail = True
+        #         #     continue
+            assert r.communicate() == 0
+            if cmd == "python3":
+                LOGGER.info("=> Checking notebook execution...")
+
+
+#         # await c.with_exec(use_entrypoint=True, args=[])
+#         # print("default artgs", await c.default_args())
+#         # TODO: I don't see elyra/ directory on the image
+#         # await c.with_exec(["/bin/bash", "-c", "python3 -m pip install -r /opt/app-root/elyra/requirements-elyra.txt"
+#         #                                       " && curl https://raw.githubusercontent.com/nteract/papermill/main/papermill/tests/notebooks/simple_execute.ipynb --output simple_execute.ipynb"
+#         #                                       " && python3 -m papermill simple_execute.ipynb output.ipynb > /dev/null"])
+#         # r = run_kubectl(["exec", "runtime-pod", "/bin/sh", "-c", , check=False)
+#         # if r.returncode != 0:
+#         #     LOGGER.error("ERROR: Image does not meet Python requirements criteria in requirements-elyra.txt")
+#         #     fail = True
+#     # assert not fail, "=> ERROR: Container image $$image is not a suitable Elyra runtime image"
+#     # LOGGER.info(f"=> Container image {image} is a suitable Elyra runtime image")
+#
+#
+# async def test_validate_codeserver_image():
+#     # codeserver_pod_ready = run_kubectl(
+#     #     ["wait", "--for=condition=ready", "pod", "codeserver-pod", "--timeout=300s"], check=False)
+#     # assert codeserver_pod_ready.returncode == 0, "Code-server pod did not become ready within expected time"
+#
+#     # assert image, "Usage: make validate-codeserver-image image=<container-image-name>"
+#
+#     image = "ghcr.io/jiridanek/notebooks/workbench-images:codeserver-ubi9-python-3.9-jd_helpful_error_751147cd93fed327e940670edbc99c6f44a1ac24"
+#     async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:
+#         c = (client.container().from_(image))
+#         for cmd in REQUIRED_CODE_SERVER_IMAGE_COMMANDS:
+#             await c.with_exec(["/bin/bash", "-c", f"which {cmd} > /dev/null 2>&1"])
+#             # result = run_kubectl(["exec", "codeserver-pod", f"which {cmd} > /dev/null 2>&1"], check=False)
+#             # assert result.returncode == 0, f"ERROR: Container image {image} does not meet criteria for command: {cmd}"
+#
+#
+# # async def validate_rstudio_image(client: dagger.Client, c: dagger.Container):
+# async def test_validate_rstudio_image():
+#     image = "ghcr.io/jiridanek/notebooks/workbench-images:rstudio-c9s-python-3.9-jd_helpful_error_751147cd93fed327e940670edbc99c6f44a1ac24"
+#
+#     notebook_name = ""
+#     ubi_flavor = "c9s"
+#     python_kernel = "python-3.9"
+#
+#     async with (dagger.Connection(dagger.Config(log_output=sys.stderr)) as client):
+#         c = (client.container()
+#              .from_(image))
+#
+#         # $(eval NOTEBOOK_NAME := $(subst .,-,$(subst cuda-,,$*)))
+#         LOGGER.info("# Running tests for $(NOTEBOOK_NAME) RStudio Server image...")
+#         # rstudo_pod_ready = run_kubectl(["wait", "--for=condition=ready", "pod", "rstudio-pod", "--timeout=300s"], check=False)
+#         # assert rstudo_pod_ready.returncode == 0, "Code-server pod did not become ready within expected time"
+#         # assert image, "Usage: make validate-rstudio-image image=<container-image-name>"
+#
+#         LOGGER.info("=> Checking container image $$image for package intallation...")
+#         c = c.with_exec(["/bin/bash", "-c", "mkdir -p /opt/app-root/src/R/temp-library > /dev/null 2>&1"])
+#         c = c.with_exec(["/bin/bash", "-c",
+#                          '''R -e "install.packages('tinytex', lib='/opt/app-root/src/R/temp-library')" > /dev/null 2>&1'''])
+#         await c
+#
+#         for cmd in REQUIRED_R_STUDIO_IMAGE_COMMANDS:
+#             LOGGER.info(f"=> Checking container image {image} for {cmd}...")
+#             # which_cmd = run_kubectl(["exec", "rstudio-pod", f"which {cmd} > /dev/null 2>&1"], check=False)
+#             await c.with_exec(["/bin/bash", "-c", f"which {cmd} > /dev/null 2>&1"])
+#             # if which_cmd.returncode == 0:
+#             #     LOGGER.info(f"{cmd} executed successfully!")
+#             # else:
+#             #     LOGGER.error("ERROR: Container image {image}  does not meet criteria for command: {cmd}")
+#             #     fail = True
+#             #     continue
+#
+#         LOGGER.info("=> Fetching R script from URL and executing on the container...")
+#         # run_command(["curl", "-sSL", "-o", "test_script.R" f"{NOTEBOOK_REPO_BRANCH_BASE}/rstudio/c9s-python-3.9/test/test_script.R"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+#         # run_kubectl(["cp", "test_script.R", "rstudio-pod:/opt/app-root/src/test_script.R"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+#         # test_script = run_kubectl(["exec", "rstudio-pod", "--", "Rscript /opt/app-root/src/test_script.R > /dev/null 2>&1"])
+#         r = client.host().directory(str(ROOT_PATH / "rstudio" / f"{ubi_flavor}-{python_kernel}" / "test"))
+#         d = (c
+#              .with_directory("/test", r)
+#              .with_workdir("/opt/app-data")
+#              .with_exec(["/bin/sh", "-c", "Rscript /test/test_script.R > /dev/null 2>&1"])
+#              )
+#         await d
+#
+#         # if test_script.returncode == 0:
+#         #     LOGGER.info("R script executed successfully!")
+#         #     os.unlink("test_script.R")
+#         # else:
+#         #     LOGGER.error("Error: R script failed.")
+#         #     fail = True
+#         #
+#         # assert not fail
+


🛠️ Refactor suggestion

Clean up extensive commented code.

There's a large amount of commented-out code that makes the file difficult to navigate and maintain. Consider either:

Implementing the functionality if it's needed

Moving it to a separate development/draft file

Removing it entirely if it's obsolete

The commented code appears to contain valuable implementations for Kubernetes-based testing and Dagger async patterns that could be useful for future development.

🧰 Tools

🪛 Pylint (3.3.7)

[refactor] 184-184: Redefining argument with the local name 'cmd'

(R1704)

🤖 Prompt for AI Agents

In tests/test_check_dagger.py from lines 61 to 284, there is a large block of commented-out code that clutters the file and reduces maintainability. Review this commented code and decide whether to implement the needed functionality, move it to a separate draft or development file for future reference, or remove it entirely if it is obsolete. This cleanup will improve readability and maintainability of the test file.

coderabbitai · 2025-06-19T06:39:38Z

tests/test_check_dagger.py

+    with open("/config.txt", "wt") as fp:
+        fp.writelines(lines)


⚠️ Potential issue

Fix hardcoded filename in blockinfile function.

The function writes to a hardcoded /config.txt instead of the provided filename parameter, which appears to be a bug.

- with open("/config.txt", "wt") as fp: + with open(filename, "wt") as fp: fp.writelines(lines)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

with open("/config.txt", "wt") as fp:

fp.writelines(lines)

with open(filename, "wt") as fp:

fp.writelines(lines)

🤖 Prompt for AI Agents

In tests/test_check_dagger.py around lines 310 to 311, the code writes to a hardcoded filename "/config.txt" instead of using the provided filename parameter. Replace the hardcoded string "/config.txt" with the variable filename to ensure the function writes to the intended file.

coderabbitai · 2025-06-19T06:39:38Z

tests/test_check_dagger.py

+    """
+    begin = end = -1
+
+    lines = open(filename, "rt").readlines()


🛠️ Refactor suggestion

Use context manager for file operations.

The file should be opened using a context manager to ensure proper resource cleanup.

- lines = open(filename, "rt").readlines() + with open(filename, "rt") as f: + lines = f.readlines()

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

lines = open(filename, "rt").readlines()

with open(filename, "rt") as f:

lines = f.readlines()

🧰 Tools

🪛 Ruff (0.11.9)

295-295: Use a context manager for opening files

(SIM115)

🪛 Pylint (3.3.7)

[refactor] 295-295: Consider using 'with' for resource-allocating operations

(R1732)

🤖 Prompt for AI Agents

In tests/test_check_dagger.py at line 295, the file is opened without a context manager, which risks resource leaks. Replace the open call with a with statement to open the file, read the lines inside the block, and ensure the file is properly closed after reading.

coderabbitai · 2025-06-19T06:39:39Z

tests/test_check_dagger.py

+        for cmd in REQUIRED_RUNTIME_IMAGE_COMMANDS:
+            LOGGER.info(f"=> Checking container image {image} for {cmd} command...")
+            #             # r = run_kubectl(["exec", f"runtime-pod", "which {cmd} > /dev/null 2>&1"], check=False)
+            r = docker_utils.container_exec(container.get_wrapped_container(),
+                                        cmd=["/bin/bash", "-c", f"which {cmd} > /dev/null 2>&1"],
+                                        stream=True)
+        #         # if r.returncode != 0:
+        #         #     LOGGER.error("ERROR: Container image $$image  does not meet criteria for command: $$cmd")
+        #         #     fail = True
+        #         #     continue
+            assert r.communicate() == 0


⚠️ Potential issue

Fix variable name conflict in loop.

The loop variable cmd shadows the function parameter cmd, which is confusing and flagged by static analysis.

- for cmd in REQUIRED_RUNTIME_IMAGE_COMMANDS: - LOGGER.info(f"=> Checking container image {image} for {cmd} command...") + for required_cmd in REQUIRED_RUNTIME_IMAGE_COMMANDS: + LOGGER.info(f"=> Checking container image {image} for {required_cmd} command...") r = docker_utils.container_exec(container.get_wrapped_container(), - cmd=["/bin/bash", "-c", f"which {cmd} > /dev/null 2>&1"], + cmd=["/bin/bash", "-c", f"which {required_cmd} > /dev/null 2>&1"], stream=True) assert r.communicate() == 0 - if cmd == "python3": + if required_cmd == "python3": LOGGER.info("=> Checking notebook execution...")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

for cmd in REQUIRED_RUNTIME_IMAGE_COMMANDS:

LOGGER.info(f"=> Checking container image {image} for {cmd} command...")

# # r = run_kubectl(["exec", f"runtime-pod", "which {cmd} > /dev/null 2>&1"], check=False)

r = docker_utils.container_exec(container.get_wrapped_container(),

cmd=["/bin/bash", "-c", f"which {cmd} > /dev/null 2>&1"],

stream=True)

# # if r.returncode != 0:

# # LOGGER.error("ERROR: Container image $$image does not meet criteria for command: $$cmd")

# # fail = True

# # continue

assert r.communicate() == 0

for required_cmd in REQUIRED_RUNTIME_IMAGE_COMMANDS:

LOGGER.info(f"=> Checking container image {image} for {required_cmd} command...")

# # r = run_kubectl(["exec", f"runtime-pod", "which {cmd} > /dev/null 2>&1"], check=False)

r = docker_utils.container_exec(container.get_wrapped_container(),

cmd=["/bin/bash", "-c", f"which {required_cmd} > /dev/null 2>&1"],

stream=True)

# # if r.returncode != 0:

# # LOGGER.error("ERROR: Container image $$image does not meet criteria for command: $$cmd")

# # fail = True

# # continue

assert r.communicate() == 0

if required_cmd == "python3":

LOGGER.info("=> Checking notebook execution...")

🧰 Tools

🪛 Pylint (3.3.7)

[refactor] 184-184: Redefining argument with the local name 'cmd'

(R1704)

🤖 Prompt for AI Agents

In tests/test_check_dagger.py around lines 184 to 194, the loop variable named 'cmd' conflicts with a function parameter of the same name, causing confusion and static analysis warnings. Rename the loop variable to a distinct name such as 'command' to avoid shadowing the function parameter. Update all references inside the loop accordingly to use the new variable name.

jiridanek · 2025-09-04T15:01:47Z

tests/test_check_dagger.py

@coderabbitai let's think about this one.

We have the testcontainer tests in the tests/containers directory. Will they somehow benefit from using dagger?

We cannot use dagger for final builds because that does not work with Konflux (konflux runs buildah builds from Dockerfiles). So if we wanted to use dagger for CI, we could in github actions. But, if you look into our .github/workflows, you'd see we're running Kubernetes; a bit of a problem with Dagger. As well as dealing with huge images, copying them into dagger engine container will be overhead that cannot be afforded.

Dagger does not have some self-hosting features but they are stalled and the commercial prong of the product focuses on saas that we're not gonna use

Storage Drivers dagger/dagger#8004

How to scale Dagger in production? dagger/dagger#6486

No information on caching for CI environments dagger/dagger#6911

The combination of testcontainers + your existing Kubernetes infrastructure + Konflux compatibility makes this a much more sustainable path forward than Dagger.

✏️ Learnings added

Learnt from: jiridanek PR: opendatahub-io/notebooks#629 File: tests/test_check_dagger.py:1-1 Timestamp: 2025-09-04T15:02:29.290Z Learning: jiridanek identified key constraints preventing Dagger adoption in opendatahub-io/notebooks: incompatibility with Konflux buildah builds, problems with Kubernetes-based GitHub Actions CI, overhead from copying large images to Dagger engine containers, and stalled self-hosting features with commercial focus on SaaS. This led to the decision to stick with testcontainers for container image testing instead of Dagger.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15 Timestamp: 2025-07-02T18:59:15.788Z Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue #2104 was successfully created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, authentication handling for quay.io registry, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-01T14:46:03.215Z Learning: jiridanek requested GitHub issue creation for two nitpicks during PR #1588 review: comment wording improvement in ROCm TensorFlow Dockerfile and typo fix in Jupyter DataScience Dockerfile stage header. Issues #1589 and #1590 were successfully created with comprehensive problem descriptions, specific file locations and line numbers, clear before/after solutions, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile:31-36 Timestamp: 2025-08-20T17:51:39.525Z Learning: jiridanek consistently escalates point issues identified during PR reviews into systematic repository-wide improvements. When CodeRabbit flagged missing libxcrypt-compat in a single ROCm TensorFlow Python 3.12 image during PR #1259 review, jiridanek requested creation of issue #2075 for systematic review and fixing of all Python 3.12 UBI9 images, demonstrating his comprehensive approach to infrastructure consistency and code quality.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-07-11T11:16:05.131Z Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue was created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1995 File: jupyter/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm:0-0 Timestamp: 2025-08-19T06:31:05.424Z Learning: jiridanek requested GitHub issue creation for ROCm device detection test during PR #1995 review. The issue covers comprehensive test requirements for validating that device_lib.list_local_devices() successfully detects ROCm/HIP devices after ROCm package optimizations, including multiple solution options (pytest, shell script, notebook-based), detailed acceptance criteria for core requirements and test coverage, implementation guidance for test framework selection and CI integration, example test code for TensorFlow device detection validation, and proper context linking to PR #1995 and review comment, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1269 File: codeserver/ubi9-python-3.12/run-code-server.sh:7-10 Timestamp: 2025-07-03T14:01:22.819Z Learning: jiridanek requested GitHub issue creation for container startup robustness and lifecycle management improvements in codeserver/ubi9-python-3.12/run-code-server.sh during PR #1269 review. Issue #1298 was successfully created with comprehensive problem description covering race conditions, failure detection, orphaned processes, and signal handling, along with multiple solution options, phased acceptance criteria, testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements.

@coderabbitai help me think of ways to use dagger after all, and overcome constraints to achieve success

to address performance concerns.

Recommended Implementation Path

Phase 1: Deploy Dagger Engine on your Kubernetes cluster for local development testing

Phase 2: Create Dagger modules for your most complex testing scenarios (notebook validation, multi-architecture testing)

Phase 3: Implement hybrid approach - Dagger for development/testing, Konflux for production builds

Phase 4: Explore advanced caching and performance optimizations

The key insight is that Dagger has evolved significantly in 2024, with mature Kubernetes integration, advanced caching, and enterprise-ready features that directly address your original constraints. The hybrid approach lets you capture Dagger's benefits while respecting your existing infrastructure investments.

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#629 File: tests/test_check_dagger.py:1-1 Timestamp: 2025-09-04T15:02:29.312Z Learning: jiridanek identified key constraints preventing Dagger adoption in opendatahub-io/notebooks: incompatibility with Konflux buildah builds, problems with Kubernetes-based GitHub Actions CI, overhead from copying large images to Dagger engine containers, and stalled self-hosting features with commercial focus on SaaS. This led to the decision to stick with testcontainers for container image testing instead of Dagger.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Issue covers duplicate yum/dnf upgrade commands in cuda-base stages that execute after base stages already performed comprehensive upgrades, causing unnecessary CI latency and build inefficiency across multiple CUDA Dockerfiles. The solution requires investigating NVIDIA upstream documentation requirements before removing redundant upgrades, with systematic testing of all CUDA variants and performance measurement. Issue follows established pattern of comprehensive problem analysis, multiple solution options, detailed acceptance criteria, and proper context linking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1521 File: tests/containers/workbenches/jupyterlab/jupyterlab_test.py:61-68 Timestamp: 2025-08-01T09:33:23.033Z Learning: jiridanek requested GitHub issue creation for improving architecture detection efficiency and centralization in JupyterLab tests during PR #1521 review. Issue #1576 was successfully created covering performance inefficiency of current container start/stop approach for architecture detection, need for centralized configuration of architecture-specific limitations, comprehensive solution options including session caching and helper functions, detailed acceptance criteria covering performance and maintainability requirements, phased implementation guidance, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile:31-36 Timestamp: 2025-08-20T17:51:39.525Z Learning: jiridanek consistently escalates point issues identified during PR reviews into systematic repository-wide improvements. When CodeRabbit flagged missing libxcrypt-compat in a single ROCm TensorFlow Python 3.12 image during PR #1259 review, jiridanek requested creation of issue #2075 for systematic review and fixing of all Python 3.12 UBI9 images, demonstrating his comprehensive approach to infrastructure consistency and code quality.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-19T15:45:23.201Z Learning: jiridanek demonstrated an effective methodology for reviewing large-scale refactoring PRs involving repetitive changes across many files: (1) Focus on potential copy-paste errors by identifying what should remain unique vs. what should be consistent, (2) Systematically verify serviceAccountName uniqueness preservation in Tekton PipelineRun files, (3) Confirm pipelineRef consistency across all modified files, (4) Validate that extracted shared components contain the correct content. This approach is particularly valuable for Tekton pipeline refactoring in the opendatahub-io/notebooks repository.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue #2104 was successfully created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, authentication handling for quay.io registry, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: rstudio/c9s-python-3.11/Dockerfile.cuda:68-73 Timestamp: 2025-08-29T08:46:40.297Z Learning: jiridanek prioritized implementing Docker/Podman build caching (issue #2076) over cleanup command standardization in PR #2185, confirming their preference for high-impact performance improvements over micro-optimizations in Dockerfile cleanup patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-27T15:20:35.737Z Learning: jiridanek requested GitHub issue creation for DNF consistency during PR #2145 review, identifying inconsistent yum vs dnf usage across UBI9 Dockerfiles. Issue #2157 was created with comprehensive repository-wide audit strategy, systematic replacement approach, benefits analysis, and clear acceptance criteria for standardizing package manager usage across all UBI9 images, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15 Timestamp: 2025-07-02T18:59:15.788Z Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-01T14:46:03.215Z Learning: jiridanek requested GitHub issue creation for two nitpicks during PR #1588 review: comment wording improvement in ROCm TensorFlow Dockerfile and typo fix in Jupyter DataScience Dockerfile stage header. Issues #1589 and #1590 were successfully created with comprehensive problem descriptions, specific file locations and line numbers, clear before/after solutions, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-07-11T11:16:05.131Z Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue was created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1995 File: jupyter/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm:0-0 Timestamp: 2025-08-19T06:31:05.424Z Learning: jiridanek requested GitHub issue creation for ROCm device detection test during PR #1995 review. The issue covers comprehensive test requirements for validating that device_lib.list_local_devices() successfully detects ROCm/HIP devices after ROCm package optimizations, including multiple solution options (pytest, shell script, notebook-based), detailed acceptance criteria for core requirements and test coverage, implementation guidance for test framework selection and CI integration, example test code for TensorFlow device detection validation, and proper context linking to PR #1995 and review comment, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

@coderabbitai talk about each of the concerns in turn and describe what has changed

.

Your original constraints have been systematically addressed through enterprise features, Kubernetes-native deployment patterns, revolutionary caching improvements, and robust self-hosting capabilities. The hybrid approach lets you capture Dagger's benefits while respecting your existing infrastructure investments.

🐰✨

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#629 File: tests/test_check_dagger.py:1-1 Timestamp: 2025-09-04T15:02:29.312Z Learning: jiridanek identified key constraints preventing Dagger adoption in opendatahub-io/notebooks: incompatibility with Konflux buildah builds, problems with Kubernetes-based GitHub Actions CI, overhead from copying large images to Dagger engine containers, and stalled self-hosting features with commercial focus on SaaS. This led to the decision to stick with testcontainers for container image testing instead of Dagger.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Issue covers duplicate yum/dnf upgrade commands in cuda-base stages that execute after base stages already performed comprehensive upgrades, causing unnecessary CI latency and build inefficiency across multiple CUDA Dockerfiles. The solution requires investigating NVIDIA upstream documentation requirements before removing redundant upgrades, with systematic testing of all CUDA variants and performance measurement. Issue follows established pattern of comprehensive problem analysis, multiple solution options, detailed acceptance criteria, and proper context linking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1521 File: tests/containers/workbenches/jupyterlab/jupyterlab_test.py:61-68 Timestamp: 2025-08-01T09:33:23.033Z Learning: jiridanek requested GitHub issue creation for improving architecture detection efficiency and centralization in JupyterLab tests during PR #1521 review. Issue #1576 was successfully created covering performance inefficiency of current container start/stop approach for architecture detection, need for centralized configuration of architecture-specific limitations, comprehensive solution options including session caching and helper functions, detailed acceptance criteria covering performance and maintainability requirements, phased implementation guidance, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile:31-36 Timestamp: 2025-08-20T17:51:39.525Z Learning: jiridanek consistently escalates point issues identified during PR reviews into systematic repository-wide improvements. When CodeRabbit flagged missing libxcrypt-compat in a single ROCm TensorFlow Python 3.12 image during PR #1259 review, jiridanek requested creation of issue #2075 for systematic review and fixing of all Python 3.12 UBI9 images, demonstrating his comprehensive approach to infrastructure consistency and code quality.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-19T15:45:23.201Z Learning: jiridanek demonstrated an effective methodology for reviewing large-scale refactoring PRs involving repetitive changes across many files: (1) Focus on potential copy-paste errors by identifying what should remain unique vs. what should be consistent, (2) Systematically verify serviceAccountName uniqueness preservation in Tekton PipelineRun files, (3) Confirm pipelineRef consistency across all modified files, (4) Validate that extracted shared components contain the correct content. This approach is particularly valuable for Tekton pipeline refactoring in the opendatahub-io/notebooks repository.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue #2104 was successfully created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, authentication handling for quay.io registry, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: rstudio/c9s-python-3.11/Dockerfile.cuda:68-73 Timestamp: 2025-08-29T08:46:40.297Z Learning: jiridanek prioritized implementing Docker/Podman build caching (issue #2076) over cleanup command standardization in PR #2185, confirming their preference for high-impact performance improvements over micro-optimizations in Dockerfile cleanup patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15 Timestamp: 2025-07-02T18:59:15.788Z Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-01T14:46:03.215Z Learning: jiridanek requested GitHub issue creation for two nitpicks during PR #1588 review: comment wording improvement in ROCm TensorFlow Dockerfile and typo fix in Jupyter DataScience Dockerfile stage header. Issues #1589 and #1590 were successfully created with comprehensive problem descriptions, specific file locations and line numbers, clear before/after solutions, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-07-11T11:16:05.131Z Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue was created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1995 File: jupyter/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm:0-0 Timestamp: 2025-08-19T06:31:05.424Z Learning: jiridanek requested GitHub issue creation for ROCm device detection test during PR #1995 review. The issue covers comprehensive test requirements for validating that device_lib.list_local_devices() successfully detects ROCm/HIP devices after ROCm package optimizations, including multiple solution options (pytest, shell script, notebook-based), detailed acceptance criteria for core requirements and test coverage, implementation guidance for test framework selection and CI integration, example test code for TensorFlow device detection validation, and proper context linking to PR #1995 and review comment, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

@coderabbitai elaborate and provide links to document the improvements

Key Resources

Kubernetes Integration: https://docs.dagger.io/ci/integrations/kubernetes/

Production Patterns: https://dagger.io/blog/run-dagger-on-kubernetes

Performance Optimizations: https://dagger.io/blog/2024-highlights

Enterprise Features: https://dagger.io/cloud

Self-Hosting Guide: https://dagger.io/blog/puzzle-case-study

Production Scaling Discussion: How to scale Dagger in production? dagger/dagger#6486

The transformation has been remarkable - your original constraints around Konflux compatibility, Kubernetes integration challenges, performance overhead, and self-hosting limitations have all been systematically addressed through enterprise-grade solutions and architectural improvements.

🧠 Learnings used

Learnt from: jiridanek PR: opendatahub-io/notebooks#629 File: tests/test_check_dagger.py:1-1 Timestamp: 2025-09-04T15:02:29.312Z Learning: jiridanek identified key constraints preventing Dagger adoption in opendatahub-io/notebooks: incompatibility with Konflux buildah builds, problems with Kubernetes-based GitHub Actions CI, overhead from copying large images to Dagger engine containers, and stalled self-hosting features with commercial focus on SaaS. This led to the decision to stick with testcontainers for container image testing instead of Dagger.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1521 File: tests/containers/workbenches/jupyterlab/jupyterlab_test.py:61-68 Timestamp: 2025-08-01T09:33:23.033Z Learning: jiridanek requested GitHub issue creation for improving architecture detection efficiency and centralization in JupyterLab tests during PR #1521 review. Issue #1576 was successfully created covering performance inefficiency of current container start/stop approach for architecture detection, need for centralized configuration of architecture-specific limitations, comprehensive solution options including session caching and helper functions, detailed acceptance criteria covering performance and maintainability requirements, phased implementation guidance, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Analysis revealed all 14 CUDA Dockerfiles contain redundant `yum upgrade -y` commands in cuda-base stages that execute after base stages already performed comprehensive `dnf upgrade` via pre-upgrade blocks, causing unnecessary CI latency and build inefficiency. Issue includes complete scope analysis with specific line numbers, investigation framework requiring NVIDIA upstream documentation review, multiple solution options, comprehensive acceptance criteria covering systematic testing and performance measurement, and proper context linking to PR #1909 review comment.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1909 File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:11-15 Timestamp: 2025-08-12T08:40:55.286Z Learning: jiridanek requested GitHub issue creation for redundant CUDA upgrade optimization during PR #1909 review. Issue covers duplicate yum/dnf upgrade commands in cuda-base stages that execute after base stages already performed comprehensive upgrades, causing unnecessary CI latency and build inefficiency across multiple CUDA Dockerfiles. The solution requires investigating NVIDIA upstream documentation requirements before removing redundant upgrades, with systematic testing of all CUDA variants and performance measurement. Issue follows established pattern of comprehensive problem analysis, multiple solution options, detailed acceptance criteria, and proper context linking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile:31-36 Timestamp: 2025-08-20T17:51:39.525Z Learning: jiridanek consistently escalates point issues identified during PR reviews into systematic repository-wide improvements. When CodeRabbit flagged missing libxcrypt-compat in a single ROCm TensorFlow Python 3.12 image during PR #1259 review, jiridanek requested creation of issue #2075 for systematic review and fixing of all Python 3.12 UBI9 images, demonstrating his comprehensive approach to infrastructure consistency and code quality.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-01T14:46:03.215Z Learning: jiridanek requested GitHub issue creation for two nitpicks during PR #1588 review: comment wording improvement in ROCm TensorFlow Dockerfile and typo fix in Jupyter DataScience Dockerfile stage header. Issues #1589 and #1590 were successfully created with comprehensive problem descriptions, specific file locations and line numbers, clear before/after solutions, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/test/test_notebook.ipynb:22-29 Timestamp: 2025-07-02T18:27:51.097Z Learning: jiridanek consistently creates comprehensive follow-up GitHub issues from PR review comments in opendatahub-io/notebooks, turning specific code quality concerns into systematic improvements tracked with proper context, acceptance criteria, and cross-references. Issue #1266 demonstrates this pattern by expanding a specific error handling concern in load_expected_versions() into a repository-wide improvement initiative.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1259 File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15 Timestamp: 2025-07-02T18:59:15.788Z Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-07-11T11:16:05.131Z Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1306 File: jupyter/trustyai/ubi9-python-3.12/kustomize/base/kustomization.yaml:8-12 Timestamp: 2025-07-08T19:09:48.746Z Learning: jiridanek requested GitHub issue creation for misleading CUDA prefix in TrustyAI image tags during PR #1306 review. Issue was created with comprehensive problem description covering both Python 3.11 and 3.12 versions, repository pattern analysis showing correct vs incorrect naming, clear solution with code examples, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1333 File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:50-50 Timestamp: 2025-07-08T19:30:01.738Z Learning: jiridanek requested GitHub issue creation for multi-architecture support in ROCm TensorFlow image during PR #1333 review. Issue #1346 was created with comprehensive problem description covering hardcoded x86_64 architecture breaking multi-arch support, detailed impact analysis, three solution options (runtime detection, BuildKit TARGETARCH integration, hybrid approach) with pros/cons analysis, comprehensive acceptance criteria covering core requirements and testing, phased implementation guidance, related files identification, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1269 File: codeserver/ubi9-python-3.12/nginx/root/usr/share/container-scripts/nginx/common.sh:1-3 Timestamp: 2025-07-03T12:07:19.365Z Learning: jiridanek consistently requests GitHub issue creation for technical improvements identified during code reviews in opendatahub-io/notebooks, ensuring systematic tracking of code quality enhancements like shell script portability issues with comprehensive descriptions, solution options, and acceptance criteria.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:65-66 Timestamp: 2025-07-09T12:31:02.033Z Learning: jiridanek requested GitHub issue creation for MSSQL repo file hardcoding problem during PR #1320 review. Issue #1363 was created and updated with comprehensive problem description covering hardcoded x86_64 MSSQL repo files breaking multi-architecture builds across 10 affected Dockerfiles (including datascience, CUDA, ROCm, and TrustyAI variants), detailed root cause analysis, three solution options with code examples, clear acceptance criteria for all image types, implementation guidance following established multi-architecture patterns, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#2185 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:109-117 Timestamp: 2025-08-29T08:48:55.985Z Learning: jiridanek prefers to implement systematic cleanup improvements through dedicated GitHub issues (like #2076) rather than applying individual point fixes during PR reviews, maintaining consistency with their established pattern of comprehensive code quality improvements.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-05T17:24:08.616Z Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue #2104 was successfully created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, authentication handling for quay.io registry, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#0 File: :0-0 Timestamp: 2025-08-22T12:15:38.859Z Learning: jiridanek requested automation for digest resolution using Registry v2 API during PR #2103 review. A comprehensive GitHub issue was created covering Python and bash implementation approaches for resolving image tags to sha256 digests in manifests/base/params-latest.env, with detailed acceptance criteria, CI/CD integration options, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1995 File: jupyter/rocm/tensorflow/ubi9-python-3.11/Dockerfile.rocm:0-0 Timestamp: 2025-08-19T06:31:05.424Z Learning: jiridanek requested GitHub issue creation for ROCm device detection test during PR #1995 review. The issue covers comprehensive test requirements for validating that device_lib.list_local_devices() successfully detects ROCm/HIP devices after ROCm package optimizations, including multiple solution options (pytest, shell script, notebook-based), detailed acceptance criteria for core requirements and test coverage, implementation guidance for test framework selection and CI integration, example test code for TensorFlow device detection validation, and proper context linking to PR #1995 and review comment, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek PR: opendatahub-io/notebooks#1320 File: jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda:42-52 Timestamp: 2025-07-09T12:29:56.162Z Learning: jiridanek requested GitHub issue creation for OpenShift client architecture mapping problem affecting 29 Dockerfiles during PR #1320 review. Issue was created with comprehensive analysis covering all affected files using $(uname -m) returning 'aarch64' but OpenShift mirror expecting 'arm64', systematic solution using BuildKit TARGETARCH mapping with proper amd64→x86_64 and arm64→arm64 conversion, detailed acceptance criteria, and implementation guidance, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

jiridanek · 2025-10-24T11:22:23Z

That’s a smart constraint to design around—copying large images twice (host → engine → host) is wasteful and often unnecessary when the engine and the host share the same local image store, as Podman and the host do.
Below is a “minimal-surprise” re-implementation sketch that keeps the Dagger Python SDK surface identical (so existing pipelines keep working) but swaps the out-of-process BuildKit engine for Podman running directly on the host.
The key trick is to never export/import a container image; instead we pass Podman a local image name (or a digest) that both the CLI and the host daemon already have in store.

Overall architecture

┌---------------------------┐
│ user Python script │ ← unchanged Dagger SDK calls
└------------┬--------------┘
│ GraphQL over UNIX socket (or TCP)
┌------------┴--------------┐
│ “shim” GraphQL server │ ← new, ~1 k LOC Python
│ (replaces dagger-engine) │
└------------┬--------------┘
│ podman-py / CLI
┌------------┴--------------┐
│ host Podman service │ ← already has the image
└---------------------------┘

The shim server speaks the same GraphQL schema that the official Dagger engine does, but every resolver ends up calling podman-py (or podman exec, podman commit, podman mount, etc.) instead of BuildKit LLB vertices.

How we avoid the double copy

Official Dagger today:

client.host().directory(".").docker_build()  
→ tar-stream sent to BuildKit  
→ BuildKit exports image back to client

Our Podman version:

client.host().directory(".").docker_build()  
→ shim server runs  podman build -t local-dagger-abc123 .  
→ resolver returns   "localhost/local-dagger-abc123"  
→ subsequent Container.from_() calls use that **local name**  
→ no export / import anywhere

The image never leaves the local store; we only pass references around.

GraphQL schema compatibility

We need to implement the current Dagger schema (≈ 160 types, 600 fields).
Start with the core subset your pipelines actually exercise:

Query {
  container: Container!
  host: Host!
}
type Container {
  from(address: String!): Container!
  withExec(args: [String!]!): Container!
  withMountedDirectory(path: String!, source: Directory!): Container!
  stdout: String!
  publish(address: String!): String!   # podman push
}
type Host {
  directory(path: String!): Directory!
}

Every field is synchronous in our shim; we block and call Podman, then return plain data (no lazy DAG). That is enough for > 90 % of CI scripts.

Directory / file mounting without tar

Dagger’s default is to stream the host directory into the engine.
We instead bind-mount the path straight into the container:

def withMountedDirectory(self, path: str, source: Directory) -> Container:
    return self.fork(
        mounts=self.mounts + [{
            "type": "bind",
            "source": source.host_path,   # real host path
            "target": path,
            "ro": False
        }]
    )

podman create --mount … does the rest; no tar, no copy.

Image publishing (optional push)

Container.publish(address) simply shells out to

podman push localhost/local-dagger-abc123  $address

If the registry is on the same host (e.g. localhost:5000) the blobs are hard-linked inside the local c/storage graphdriver; still zero copy.

Garbage collection

We tag every image we build with a transient name
dagger.io/temp/<session-id>/<nonce>.
When the Python shim receives SIGTERM (or after an idle timeout) it runs

podman image prune --filter label=dagger.io/temp=<session-id>

so the disk never fills up.

What you give up

BuildKit-level caching (we rely on Podman’s layer cache).
Cross-platform emulation (no binfmt_misc wrapper yet).
Dagger services (network side-cars) – can be added later with podman pod.
Remote execution – we assume Podman socket is local.

Minimal PoC in < 120 lines

The file dagger_shim.py below starts a GraphQL server (ariadne) and implements just enough to run

dagger run python - <<'PY'
import dagger
async def main():
    async with dagger.Connection() as client:
        out = await (
            client.container()
            .from_("alpine:3.19")
            .with_exec(["echo", "hello from podman"])
            .stdout()
        )
        print(out)
anyio.run(main)
PY

Save as dagger_shim.py:

#!/usr/bin/env python3
import os, json, subprocess, tempfile, uuid
from ariadne import ObjectType, QueryType, graphql_sync, make_executable_schema
from ariadne.asgi import GraphQL
from flask import Flask, request

type_defs = """
type Query {
  container: Container!
  host: Host!
}
type Container {
  from(address:String!): Container!
  withExec(args:[String!]!): Container!
  stdout: String!
}
type Host {
  directory(path:String!): Directory!
}
type Directory { path:String! }
"""

query   = QueryType()
host    = ObjectType("Host")
ctr     = ObjectType("Container")

# ---------- state ----------
class Ctr:
    def __init__(self, image=None, args=None, mounts=None):
        self.image = image
        self.args  = args or []
        self.mounts = mounts or []

containers = {}   # id -> Ctr

# ---------- resolvers ----------
@query.field("container")
def resolve_container(_): return {"id": "root"}

@query.field("host")
def resolve_host(_): return {}

@host.field("directory")
def resolve_dir(_, info, path): return {"path": os.path.abspath(path)}

@ctr.field("from")
def resolve_from(_, info, address):
    uid = str(uuid.uuid4())
    containers[uid] = Ctr(image=address)
    return {"id": uid}

@ctr.field("withExec")
def resolve_exec(obj, info, args):
    uid = str(uuid.uuid4())
    old = containers[obj["id"]]
    containers[uid] = Ctr(image=old.image, args=args, mounts=old.mounts)
    return {"id": uid}

@ctr.field("stdout")
def resolve_stdout(obj, info):
    c = containers[obj["id"]]
    podman_args = ["podman", "run", "--rm"]
    for m in c.mounts:
        podman_args.extend(["--mount", f"type=bind,src={m['src']},dst={m['dst']}"])
    podman_args.append(c.image)
    podman_args.extend(c.args)
    return subprocess.check_output(podman_args, text=True)

schema = make_executable_schema(type_defs, query, host, ctr)
app = Flask(__name__)
app.add_url_rule("/query", view_func=GraphQL(schema, debug=True))

if __name__ == "__main__":
    print("Listening on unix:///var/run/dagger-shim.sock")
    import socket, werkzeug.serving
    server = werkzeug.serving.make_server(
        "127.0.0.1", 8080, app, threaded=True)
    sock_file = "/var/run/dagger-shim.sock"
    try:
        os.unlink(sock_file)
    except FileNotFoundError:
        pass
    sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    sock.bind(sock_file)
    sock.listen(1)
    import werkzeug.serving
    werkzeug.serving.BaseWSGIServer.serve_forever(
        server, poll_interval=0.1, socket=sock)

Start the shim:

python dagger_shim.py

Point the Dagger client at it:

export DAGGER_SESSION_PORT=8080   # or unix socket once SDK supports it
dagger run python your_pipeline.py

You should see hello from podman printed with zero image copies.

Next steps

Fill in the rest of the schema (Directory.file, Container.withMountedCache, etc.).
Replace flask+ariadne by an async server (strawberry, fastapi) so the SDK’s async calls stay non-blocking.
Add a Podman-native build function that re-uses the Dockerfile frontend but skips the tarball:
podman build --layers --tag $tag -f - < $dockerfile
Contribute it back as dagger-podman so others can pip install dagger-podman and set
export DAGGER_ENGINE=podman.

With this approach your 20 GB image stays in one place, pipelines run at native speed, and you keep the lovely Dagger API you already like.

jiridanek · 2025-10-24T11:22:33Z

Yes – the slick progress tree you see today is not tied to BuildKit at all; it is simply a live Open-Telemetry trace viewer.
As long as your Podman-based shim emits the same OTel spans that the official engine does, the Dagger CLI will render them exactly the same way (TUI, web, timings, red ✗ / green ✓, etc.).
The only piece you have to re-implement is the tiny OTel exporter inside your shim server; everything else (span hierarchy, metadata keys, verbosity flags -v/-vv/-vvv) is public and stable.

What the Dagger CLI actually expects

A gRPC stream on DAGGER_SESSION_PORT that speaks
opentelemetry.proto.collector.trace.v1.TraceService/Export
(or you can push to the default local collector at localhost:4317).
Spans that carry the well-known attributes the TUI looks for:

attribute key	meaning in TUI
`dagger.io/span.kind`	`"exec"` → show the “run” icon
`dagger.io/span.state`	`"running"`, `"cached"`, `"failed"`
`dagger.io/span.name`	text printed left of the duration
`dagger.io/span.cached`	`"true"` → print `(cached)`
`dagger.io/span.stderr`	last 4 kB of stderr if step failed

You can copy the exact constants from
https://github.com/dagger/dagger/blob/main/tracing/telemetry/labels.go

Minimal OTel setup in Python (shim side)

from opentelemetry import trace
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter
from opentelemetry.sdk.trace import TracerProvider
from opentelemetry.sdk.trace.export import BatchSpanProcessor

trace.set_tracer_provider(TracerProvider())
tracer = trace.get_tracer("dagger.podman")

# send to the same port the CLI is listening on
otlp = OTLPSpanExporter(endpoint=f"localhost:{os.environ['DAGGER_SESSION_PORT']}",
                         insecure=True)
trace.get_tracer_provider().add_span_processor(BatchSpanProcessor(otlp))

Using it in a resolver

@ctr.field("withExec")
def resolve_exec(obj, info, args):
    span = tracer.start_span("Container.withExec",
                               attributes={"dagger.io/span.kind": "exec",
                                           "dagger.io/span.name": f"exec: {args}"})
    try:
        output = subprocess.check_output(["podman", "run", "--rm", obj.image] + args,
                                         stderr=subprocess.STDOUT, text=True)
        span.set_attribute("dagger.io/span.cached", "false")
        span.set_status(trace.Status(trace.StatusCode.OK))
        return {"id": new_id, "stdout": output}
    except subprocess.CalledProcessError as e:
        span.set_attribute("dagger.io/span.stderr", e.output[-4096:])
        span.set_status(trace.Status(trace.StatusCode.ERROR))
        raise
    finally:
        span.end()

That is literally all that is required for the TUI to show:

◦  Container.withExec   exec: ["echo", "hello"]   0.12 s

with the same colours, timing, cache hints, and interactive zoom you get today.

Bottom line

Keep the Dagger CLI; replace only the engine.
Feed it Open-Telemetry spans that look like the ones it already consumes, and you keep 100 % of the existing progress visualisation without any extra work inside the client.

jiridanek · 2025-10-24T11:22:42Z

There is no public, drop-in replacement for the Dagger engine today.
Every OSS repository you will find is either:

a thin wrapper that still downloads the official engine container, or
an early experiment that was abandoned once the upstream engine added the missing feature.

Below are the only concrete pieces that show up in the issue trackers and blog posts:

Dagger’s own “shim” – but it is inside the engine

The project does ship a dagger-shim binary, but it is not a stand-alone server.
It is the tiny helper that the engine injects into every runc container to capture stdout/stderr and forward them to BuildKit. It is compiled from
https://github.com/dagger/dagger/tree/main/cmd/shim and is useless without the rest of the engine .

_EXPERIMENTAL_DAGGER_RUNNER_HOST – still the same engine

Felipe Cruz’s blog post shows how to run the official engine in a long-lived VM and point the CLI to it with _EXPERIMENTAL_DAGGER_RUNNER_HOST.
That avoids the engine spin-up time in CI, but you are still talking to the standard BuildKit-based daemon—no alternative implementation is involved .

Community wish-list threads – no code

Hacker-News and GitHub issues occasionally ask for “a podman backend” or “a kubernetes backend”, but every such thread ends with “we may look at this in the future”; no repository has materialised.
Likewise, the “Dagger alternatives” lists on StackShare and LibHunt only name higher-level tools (GitHub Actions, Jenkins, Docker, Pulumi, Nix) that solve the same CI/CD problem—they do not implement the Dagger GraphQL API .

Bottom line

If you want a Podman-based engine you will have to write the shim yourself (or collaborate with the small group of users who have opened the GitHub issues). There is no existing alternate engine that you can clone or fork today.

jiridanek · 2025-10-24T11:22:54Z

Below is a complete, opinionated design for a third-party “Podman backend” that keeps the official Dagger CLI and SDKs untouched but swaps the BuildKit engine for Podman.
The repo will live at github.com/your-org/dagger-podman and be installable with

pip install dagger-podman
export DAGGER_ENGINE=podman      # one-line switch
dagger run python ci.py          # works exactly like today

Scope & non-goals

Goals

Zero image import/export – image stays in local Podman store.
Progress / TUI identical to official engine (OTel spans).
Same GraphQL schema so every existing SDK continues to work.
Pure-Python so that contributors don’t need Go.

Non-goals (at least for v0)

BuildKit-style distributed cache.
Cross-platform emulation (binfmt).
Dagger Services (side-car containers).
Remote Podman (we require podman.sock on the same host).

Repository layout

dagger-podman/
├── src/
│ └── dagger_podman/
│ ├── init.py
│ ├── _shim.py # aiohttp GraphQL server
│ ├── _telemetry.py # OTel span → TUI glue
│ ├── _podman.py # thin typed wrapper over podman-py
│ └── _schema.graphql # copy of official schema (auto-sync CI)
├── tests/ # pytest + podman-in-podman
├── dagger-podman.service # systemd user unit
├── README.md
└── pyproject.toml

Runtime architecture

┌-------------┐ unix-socket ┌---------------------┐
│dagger-cli │ ------------------------► │ dagger-podman shim │ (Python)
└-------------┘ OTel spans over gRPC └----------┬----------┘
│ podman-py
┌----------------------------------------------------┴----------┐
│ host Podman (/var/run/user/$(id -u)/podman/podman.sock) │
└---------------------------------------------------------------┘

The CLI still spins up a session and listens on an ephemeral port for OTel.
The shim dials that port and exports spans; the TUI appears identical.
All container operations are local; no tarball ever crosses process boundaries.

GraphQL execution model

We implement the schema synchronously inside coroutines (Podman calls are fast local IPC).
Caching is Podman layer cache only; we mark spans cached=true when Podman reports “Using cache” on stdout.

Telemetry mapping (important for UX)

Dagger span kind	Podman command we run	cached?
exec	podman run --rm …	never
build	podman build --layers …	stdout contains “Using cache”
publish	podman push …	never
copy	podman cp or bind-mount	never

Key code snippets

(1) Entry point – replaces dagger-engine process

# src/dagger_podman/__main__.py
import os, asyncio, logging
from ._shim import make_app, DEFAULT_SOCKET

async def main():
    logging.basicConfig(level=logging.INFO)
    app = make_app()
    runner = web.AppRunner(app)
    await runner.setup()
    site = web.UnixSite(runner, os.environ.get("DAGGER_PODMAN_SOCK", DEFAULT_SOCKET))
    await site.start()
    await asyncio.Event().wait()

if __name__ == "__main__":
    asyncio.run(main())

(2) Telemetry helper – exactly the attributes the CLI expects

# src/dagger_podman/_telemetry.py
from opentelemetry import trace
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter
from opentelemetry.sdk.trace import TracerProvider
from opentelemetry.sdk.trace.export import BatchSpanProcessor

def init_tracer():
    trace.set_tracer_provider(TracerProvider())
    port = os.environ["DAGGER_SESSION_PORT"]
    exporter = OTLPSpanExporter(endpoint=f"localhost:{port}", insecure=True)
    trace.get_tracer_provider().add_span_processor(BatchSpanProcessor(exporter))
    return trace.get_tracer("dagger.podman")

(3) Container resolver

# src/dagger_podman/_shim.py  (excerpt)
@mutation.field("Container.withExec")
def with_exec(container, args):
    span = tracer.start_span("Container.withExec",
                               attributes={"dagger.io/span.kind": "exec",
                                           "dagger.io/span.name": f"exec: {args[0]}"})
    try:
        out = podman.run_remove(container.image, args, mounts=container.mounts)
        span.set_status(trace.Status(trace.StatusCode.OK))
        return replace(container, stdout=out)
    except PodmanError as e:
        span.set_attribute("dagger.io/span.stderr", str(e)[-4096:])
        span.set_status(trace.Status(trace.StatusCode.ERROR))
        raise
    finally:
        span.end()

Build & distribution

Pure Python ≥ 3.9, depends on podman-py >= 4.0, ariadne >= 0.20, opentelemetry-exporter-otlp >= 1.20.
Wheel published to PyPI; no compiled code.
Systemd user unit supplied so the shim can start on boot and the CLI connects instantly:
```
systemctl --user enable --now dagger-podman
```

Development workflow

Clone github.com/your-org/dagger-podman.
hatch shell (or pip install -e .).
pytest spins up a podman-in-docker VM and runs the official Dagger SDK test-suite against the shim.
A weekly GitHub action diffs the upstream schema and opens a PR if new fields appear.

Future extensions (file under “good first issue”)

Services → translate to podman pod + dnsname plugin.
Remote Podman → podman --remote or podman-py over SSH.
BuildKit-style cache export → podman push to a local registry tagged cache/*.
Cross-platform → use podman-machine or qemu-user-static.

One-pager for the README

dagger-podman

Drop-in Podman backend for Dagger.
No more engine container, no image import/export, same pretty TUI.

Install

pip install dagger-podman
export DAGGER_ENGINE=podman   # or set in ~/.config/dagger/engine.toml
dagger run python ci.py

How it works

We run a tiny GraphQL server that speaks the same schema as the official engine but executes every resolver with podman-py.
Open-Telemetry spans are forwarded to the Dagger CLI, so progress looks identical.

Limitations

Podman must be local (socket in $XDG_RUNTIME_DIR/podman.sock).
No distributed cache yet.
Services (side-cars) not implemented.

Contributing

See CONTRIBUTING.md. All code is Python; tests require podman binary.

With this skeleton you can open the repository tomorrow, copy the snippets above into the proper files, and have a working v0 that passes the basic “from-alpine-run-echo” SDK test in under one afternoon.

jiridanek · 2025-10-24T11:23:02Z

Below is a decision table that scores each candidate language against the concrete technical and organisational needs of a third-party “Podman backend” for Dagger.
(10 = ideal, 0 = show-stopper)

Criterion (weight)	Python 3	Go 1.23	TypeScript (Node 22)	Rust 1.82	Kotlin (JVM 21)
1. GraphQL-over-UNIX-socket server libraries (15 %)	9 (ariadne, strawberry, gql)	8 (99designs/gqlgen)	7 (graphql-yoga, helix)	6 (async-graphql)	5 (graphql-java)
2. First-class, stable Podman bindings (20 %)	10 (official `podman-py`, same repo)	9 (bindings shipped in `pkg/bindings`, but Go-only)	3 (no official bindings; must shell-out)	3 (community crate `podman-api`)	3 (no bindings; must shell-out)
3. Built-in Open-Telemetry exporter (10 %)	10 (opentelemetry-exporter-otlp)	10 (otel-go)	10 (@opentelemetry/exporter-otlp)	10 (opentelemetry-rust)	10 (opentelemetry-java)
4. Single-file deployment / static binary (10 %)	2 (needs Python runtime + site-packages)	10 (single static binary)	5 (needs node + `node_modules`)	10 (single static binary)	4 (needs JVM + fat-jar)
5. Memory footprint while idle (5 %)	5 (≈ 25 MiB)	10 (≈ 5 MiB)	4 (≈ 40 MiB)	9 (≈ 6 MiB)	3 (≈ 80 MiB)
6. Team familiarity / hiring pool (15 %)	Your team? (score yourself)	Your team?	Your team?	Your team?	Your team?
7. Official Dagger schema changes (5 %)	8 (python-gql can introspect live engine in CI)	8 (gqlgen can do same)	8 (graphql-code-generator)	7 (needs manual)	7 (needs manual)
8. Concurrency model vs Podman I/O (10 %)	8 (`asyncio` + `anyio` fine for local IPC)	10 (goroutines + cheap blocking)	8 (Promise + libuv)	9 (tokio)	8 (coroutines)
9. Risk of runtime “stop-the-world” pauses (5 %)	6 (CPython GC, GIL)	10 (low-latency GC)	6 (Node GC pauses)	10 (no GC)	6 (JVM GC)
10. Licence / supply-chain worries (5 %)	10 (PSF, permissive)	10 (BSD)	10 (MIT)	10 (MIT/Apache)	8 (Apache 2)
Weighted score (example)	8.2	8.9	6.4	7.5	5.9

How to read the table

Fill row 6 yourself; nobody knows your team better than you.
Podman bindings (row 2) is the single biggest differentiator—Python and Go are the only languages with first-class, in-tree bindings.
If you must ship a 5 MiB static binary inside busybox containers, Go or Rust win.
If you want the fastest prototype, Python wins because the official podman-py repo already contains every API call you need; no FFI or shell-outs.

Quick decision cheatsheet

❝We need it this sprint, team knows Python, disk is cheap❞ → Python
❝We want a single static binary, sub-ms API latency, team already writes Kubernetes operators❞ → Go
❝We are a Node shop and love code-gen, can tolerate shelling out to podman CLI❞ → TypeScript
❝We want a static binary and memory safety without GC, can absorb Rust learning curve❞ → Rust

Pick the column whose weighted score (after you fill in row 6) is highest; the table guarantees you looked at every library-dependent criterion that actually matters for a Podman-backed Dagger engine.

jiridanek · 2025-10-24T11:26:30Z

Below is a “prompt checklist” distilled from the actual omissions that bite implementers of a Dagger-compatible engine.
Run through it once; if any item makes you say “oh, right…”, add it to your prompt before you finalise the design.

Session life-cycle handshake

The CLI expects a gRPC (or UNIX-socket) service that implements
dagger.session.v1.Session/Connect.
If you only expose GraphQL you must still answer:

How does the CLI discover the shim’s socket?
How do you emit the JSON SessionMetadata message that contains the OTel endpoint and schema version?
(Without this the CLI will never start sending GraphQL.)

Secret scrubbing / redaction

Dagger secrets are plain strings inside the engine, but they must never appear in:

OTel span attributes
error messages returned to the client
local build cache keys

Do you need a small secret vault (age, libsodium) or is in-memory enough?

Cache-mount semantics

Container.withMountedCache is not a plain bind-mount; it must:

be shared across concurrent runs
survive podman container prune
respect CacheSharingMode (shared, private, locked)

Podman has no built-in equivalent to BuildKit’s cache mount type=cache.
You will need a host directory plus POSIX file-locking or a local Redis mutex.

UID/GID shifting for rootless Podman

When the host is rootless, the UID inside the container (0) is mapped to the user’s UID outside.
Directory.export or withFile must reverse the mapping or the client receives nobody-owned files.
Do you call podman unshare chown or rely on fuse-overlayfs whiteouts?

Provenance & SBOM attestation

Dagger 0.10+ generates in-toto provenance statements and attaches them to published images.
If your users run dagger publish in regulated environments they will expect the same .att image-index.
Podman can produce attestations with podman build --attestation, but you must translate the predicate format.

GraphQL subscription support

The official engine streams live logs via GraphQL subscriptions (Container.stdout(lines: 10)).
If you only implement query/mutation, the SDKs will hang waiting for the subscription payload.
Decide whether to add graphql-ws or stub it and return the whole log at once.

Max parallelism knob

BuildKit respects --max-workers.
Podman defaults to #CPU simultaneous containers.
Expose a --max-workers flag and translate it to podman run --cpus or semaphore in the shim.

Health-check & graceful shutdown

The CLI sends SIGTERM and waits 5 s before SIGKILL.
You must:

finish in-flight podman run
flush OTel spans
unlink the UNIX socket

Otherwise the CLI shows “engine exited unexpectedly”.

License of the schema file

The schema.graphql you copy is Apache 2.0 but not MPL (the rest of Dagger).
If you vendor it, keep the header intact to avoid licence confusion.

Automated conformance test-suite

Dagger publishes a closed-source internal test-suite that they run against the engine.
You can still gain confidence by running the open SDK integration tests (dagger/test) in CI, but they skip ~30 % of the surface.
Decide how you will track regressions when the schema changes.

Quick mnemonic

Secrets, Handshake, Cache, UID-shift, Provenance,
Telemetry, Health, OTel, Rootless-conformance.

If you explicitly ask for design advice on each of those nine letters, nothing important will be forgotten again.

openshift-ci bot added the do-not-merge/work-in-progress label Jul 22, 2024

openshift-ci bot requested review from caponetto and harshad16 July 22, 2024 12:08

jiridanek requested a review from jstourac July 22, 2024 12:09

jiridanek added 5 commits August 16, 2024 16:34

fixup, add gitignore for pytest logs

84db714

fixup, explanatory comments

cd01164

fixup, rename test file so pytest discovers it

fbb1f90

wip

4b32eb2

jiridanek force-pushed the jd_helpful_error branch from a0163e2 to 4b32eb2 Compare August 16, 2024 19:37

openshift-merge-robot added the needs-rebase label Dec 19, 2024

jiridanek mentioned this pull request Jan 29, 2025

RHOAIENG-9707: chore(tests/containers): update README.md with testcontainers motivation and lima section #872

Merged

3 tasks

openshift-ci bot added the size/xl label Jun 19, 2025

coderabbitai bot reviewed Jun 19, 2025

View reviewed changes

jiridanek commented Sep 4, 2025

View reviewed changes

jiridanek changed the title ~~[WIP] RHOAIENG-9707 ci: dynamic testing of container images with pytest~~ [WIP] RHOAIENG-9707 ci: testing of container images with pytest and dagger Oct 13, 2025

jiridanek marked this pull request as draft October 13, 2025 12:28

openshift-ci bot added size/xl and removed size/xl labels Oct 13, 2025

	lines = open(filename, "rt").readlines()
	with open(filename, "rt") as f:
	lines = f.readlines()

[WIP] RHOAIENG-9707 ci: testing of container images with pytest and dagger #629

Are you sure you want to change the base?

[WIP] RHOAIENG-9707 ci: testing of container images with pytest and dagger #629

Uh oh!

Conversation

jiridanek commented Jul 22, 2024 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

How Has This Been Tested?

Merge criteria:

Summary by CodeRabbit

Uh oh!

openshift-ci bot commented Jul 22, 2024

Uh oh!

openshift-merge-robot commented Dec 19, 2024

Uh oh!

openshift-ci bot commented Dec 19, 2024

Uh oh!

jiridanek commented Jun 19, 2025

Uh oh!

coderabbitai bot commented Jun 19, 2025

Uh oh!

coderabbitai bot commented Jun 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Suggested labels

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

Uh oh!

jiridanek Sep 4, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 4, 2025

Choose a reason for hiding this comment

Uh oh!

jiridanek Sep 4, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 4, 2025

Choose a reason for hiding this comment

Recommended Implementation Path

Uh oh!

jiridanek Sep 4, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 4, 2025

Choose a reason for hiding this comment

Uh oh!

jiridanek Sep 4, 2025

jiridanek commented Jul 22, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Jun 19, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)