Skip to content

LCORE-2874: Migrate the main branch of lightspeed-stack to RHOAI index + PyPI sdists#1931

Merged
tisnik merged 3 commits into
lightspeed-core:mainfrom
Jazzcort:update-rhai-base-image-with-better-grade
Jul 14, 2026
Merged

LCORE-2874: Migrate the main branch of lightspeed-stack to RHOAI index + PyPI sdists#1931
tisnik merged 3 commits into
lightspeed-core:mainfrom
Jazzcort:update-rhai-base-image-with-better-grade

Conversation

@Jazzcort

@Jazzcort Jazzcort commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Description

Switch builder and runtime base images from registry.redhat.io/rhai/base-image-cpu-rhel9:3.2 to quay.io/aipcc/base-images/cpu:3.5.0-1782914735.

Package preference order: RHOAI index wheel -> Source distribution -> PyPI wheel

Thanks @syedriko for the guidance on this one!

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change
  • Unit tests improvement
  • Integration tests improvement
  • End to end tests improvement
  • Benchmarks improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

  • Assisted-by: (e.g., Claude, CodeRabbit, Ollama, etc., N/A if not used)
  • Generated by: (e.g., tool name and version; N/A if not used)

Related Tickets & Documents

LCORE-1435
LCORE-2874

Checklist before requesting a review

  • I have performed a self-review of my code.
  • PR has passed all pre-merge test jobs.
  • If it is a core feature, I have added thorough tests.

Testing

Check Konflux console, those vulnerability warnings should go away.

Summary by CodeRabbit

Summary

  • Chores
    • Updated build/runtime container base images and refreshed image metadata.
    • Regenerated hermetic dependency manifests and wheel hash sets for more reproducible builds, including updated RPM pins/locks.
    • Expanded the Tekton prefetch dependency list and refreshed hermetic tooling/version pins.
  • New Features
    • Added a policy-driven hermetic dependency resolver for wheel compatibility and hashed requirements output.
  • Documentation
    • Added initial guidance for “wheel-only” packages where source builds are unreliable.

@Jazzcort Jazzcort changed the title RCORUpdate RHAI base image to quay.io/aipcc cpu:3.3.2 LCORE-1435: Vulnerabilities found in Konflux pipeline - main branch patch Jun 15, 2026
@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: d0cc020b-9106-452a-bf55-212cfa35843f

📥 Commits

Reviewing files that changed from the base of the PR and between 50610d2 and be0cbc9.

📒 Files selected for processing (1)
  • deploy/lightspeed-stack/Containerfile
📜 Recent review details
⏰ Context from checks skipped due to timeout. (16)
  • GitHub Check: build-pr
  • GitHub Check: unit_tests (3.13)
  • GitHub Check: unit_tests (3.12)
  • GitHub Check: Pylinter
  • GitHub Check: mypy
  • GitHub Check: integration_tests (3.13)
  • GitHub Check: spectral
  • GitHub Check: integration_tests (3.12)
  • GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-0-7-on-pull-request
  • GitHub Check: E2E Tests for Lightspeed Evaluation job
  • GitHub Check: E2E: server mode / ci / group 2
  • GitHub Check: E2E: library mode / ci / group 2
  • GitHub Check: E2E: server mode / ci / group 3
  • GitHub Check: E2E: library mode / ci / group 1
  • GitHub Check: E2E: server mode / ci / group 1
  • GitHub Check: E2E: library mode / ci / group 3
🧰 Additional context used
📓 Path-based instructions (1)
**/*

📄 CodeRabbit inference engine (Custom checks)

**/*: Flag meaningful O(n^2)+ algorithms on non-trivial inputs, including handlers and Kubernetes list operations.
Flag N+1 patterns that list items and then query once per item, including Kubernetes API and database access.
Flag expensive work inside loops, including API calls, JSON parsing, and regex compilation.
Flag unbounded growth in caches, watchers, or buffers when eviction or limits are missing.
Flag missing pagination or limits on list operations and API endpoints.
Flag secrets or tokens logged in plaintext or hardcoded in source.
Flag API endpoints missing authentication or authorization.
Flag injection vulnerabilities, including SQL injection, command injection, and path traversal.
Flag sensitive data leaked in API responses, WebSocket messages, or logs.
Flag Kubernetes Secrets and Red Hat secrets missing OwnerReferences.

Files:

  • deploy/lightspeed-stack/Containerfile
🔇 Additional comments (3)
deploy/lightspeed-stack/Containerfile (3)

95-101: LGTM!


143-143: LGTM!


102-103: 🎯 Functional Correctness

USER=default is consistent with the runtime user. The image runs as UID 1001, which matches UBI’s default account convention, so this env var is intentional.

			> Likely an incorrect or invalid review comment.

Walkthrough

The PR adds a Konflux dependency resolver for RHOAI and PyPI packages, generates hashed requirements and build dependencies, patches Tekton prefetch lists, and adds Python 3.12 profile configuration. It also refreshes base images, RPM locks, dependency pins, hashes, build inputs, and runtime image metadata.

Changes

Konflux dependency resolution and build refresh

Layer / File(s) Summary
Dependency resolver and package metadata handling
scripts/konflux_resolve.py
Adds version and dependency parsing, wheel compatibility filtering, RHOAI and PyPI metadata clients, and BFS dependency resolution.
Resolution classification and generated outputs
scripts/konflux_resolve.py
Classifies packages, collects hashes, writes requirements files, generates build dependencies, and patches Tekton package lists through the CLI flow.
Konflux profile and build configuration
.konflux/build-args-konflux.conf, .konflux/profiles.toml, .konflux/pypi_wheel_only.txt, .konflux/requirements.hermetic.txt, .konflux/rpms.lock.yaml
Adds the Python 3.12 CPU profile and wheel-only policy, updates base images and RPM repository identifiers, and pins the hermetic uv version.
Regenerated dependency and pipeline inputs
.konflux/requirements*, .tekton/*, pyproject.toml
Regenerates build and hash requirements, updates the torch pin, and expands Tekton prefetch package lists.
Runtime image configuration
deploy/lightspeed-stack/Containerfile
Adds runtime environment settings and updates the container image CPE label.

Estimated code review effort: 4 (Complex) | ~60 minutes

Possibly related PRs

Sequence Diagram(s)

sequenceDiagram
  participant CLI as konflux_resolve.py
  participant UV as uv pip compile
  participant RHOAI as RhoaiIndex
  participant PyPI as PypiClient
  participant Outputs as Requirements and Tekton files

  CLI->>UV: Resolve direct dependencies with prefer-index
  UV-->>CLI: Resolved versions and index annotations
  CLI->>RHOAI: Reclassify compatible RHOAI wheels and fetch hashes
  RHOAI-->>CLI: Wheel metadata and hashes
  CLI->>PyPI: Fetch dependency metadata and hashes
  PyPI-->>CLI: Package requirements and hashes
  CLI->>Outputs: Write hashed requirements and patch prefetch packages
Loading
🚥 Pre-merge checks | ✅ 7
✅ Passed checks (7 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the PR’s main goal: migrating lightspeed-stack to the RHOAI index and PyPI sdist-based dependency flow.
Docstring Coverage ✅ Passed Docstring coverage is 90.48% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Performance And Algorithmic Complexity ✅ Passed No blocking perf regression: the new resolver uses per-package caches and set-based dedupe; the loops are linear over resolved packages, with no unbounded growth.
Security And Secret Handling ✅ Passed Reviewed the new resolver and updated configs; no plaintext secrets, auth gaps, injections, or Secret/OwnerReference issues found. Script uses fixed-file I/O and subprocess.run without shell.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@Jazzcort Jazzcort marked this pull request as draft June 15, 2026 14:54
@Jazzcort

Copy link
Copy Markdown
Contributor Author

After checking in with @syedriko, we should wait for the image update on registry.redhat.io instead of using image from quay.io which is a heck for an urgent release. 😁 I'll make this ready for review when they update the image on registry.redhat.io

@Jazzcort Jazzcort force-pushed the update-rhai-base-image-with-better-grade branch from d5b81b4 to 02d7a4f Compare July 9, 2026 14:58
@syedriko

syedriko commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@Jazzcort RHOAI has released 3.5, that's what our main branch should be looking at. #2023 is closer to what we need, but even that is looking at 3.4.

@Jazzcort

Jazzcort commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@syedriko Got it! I was just playing around with the konflux build. I tried to follow the prefetch guideline here but had no luck to make it pass the rpm-lickfile-prototype part. What is the procedure you use to generate rpm.lock.yaml file? So we should be looking at 3.5 for this PR if I'm understanding it right. 😁

Switch builder and runtime base images from
registry.redhat.io/rhai/base-image-cpu-rhel9:3.2 to
quay.io/aipcc/base-images/cpu:3.5.0-1782914735
@Jazzcort Jazzcort force-pushed the update-rhai-base-image-with-better-grade branch 10 times, most recently from 61e43a5 to 631153a Compare July 10, 2026 20:04
@Jazzcort Jazzcort force-pushed the update-rhai-base-image-with-better-grade branch from 631153a to 9217b4c Compare July 13, 2026 13:34
@Jazzcort Jazzcort changed the title LCORE-1435: Vulnerabilities found in Konflux pipeline - main branch patch Migrate the main branch of lightspeed-stack to RHOAI index + PyPI sdists Jul 13, 2026
@Jazzcort Jazzcort changed the title Migrate the main branch of lightspeed-stack to RHOAI index + PyPI sdists LCORE-2874: Migrate the main branch of lightspeed-stack to RHOAI index + PyPI sdists Jul 13, 2026
@Jazzcort

Copy link
Copy Markdown
Contributor Author

@tisnik The konflux build succeeded. It should be good to merge. This is a patch for the konflux build so any test failures are not relevant to this PR.

@Jazzcort Jazzcort marked this pull request as ready for review July 13, 2026 14:08

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/konflux_resolve.py`:
- Around line 573-591: Update _eval_single_marker so comparisons involving
python_version parse both operands as versions before applying the selected
operator, avoiding lexicographic ordering such as treating 3.12 as less than
3.9. Preserve existing string comparison behavior for non-version markers and
the current fallback behavior for unsupported operators or unresolved variables.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 70e121f4-2cfa-46ab-97ba-2594c605a193

📥 Commits

Reviewing files that changed from the base of the PR and between d5b81b4 and 9217b4c.

📒 Files selected for processing (14)
  • .konflux/build-args-konflux.conf
  • .konflux/profiles.toml
  • .konflux/pypi_wheel_only.txt
  • .konflux/requirements-build.txt
  • .konflux/requirements.hashes.source.txt
  • .konflux/requirements.hashes.wheel.pypi.txt
  • .konflux/requirements.hashes.wheel.txt
  • .konflux/requirements.hermetic.txt
  • .konflux/requirements.overrides.txt
  • .konflux/rpms.lock.yaml
  • .tekton/lightspeed-stack-0-7-pull-request.yaml
  • .tekton/lightspeed-stack-0-7-push.yaml
  • pyproject.toml
  • scripts/konflux_resolve.py
💤 Files with no reviewable changes (1)
  • .konflux/requirements.overrides.txt
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
  • GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-0-7-on-pull-request
  • GitHub Check: E2E: server mode / ci / group 2
🧰 Additional context used
📓 Path-based instructions (1)
**/*

📄 CodeRabbit inference engine (Custom checks)

**/*: Flag meaningful O(n^2)+ algorithms on non-trivial inputs, including handlers and Kubernetes list operations.
Flag N+1 patterns that list items and then query once per item, including Kubernetes API and database access.
Flag expensive work inside loops, including API calls, JSON parsing, and regex compilation.
Flag unbounded growth in caches, watchers, or buffers when eviction or limits are missing.
Flag missing pagination or limits on list operations and API endpoints.
Flag secrets or tokens logged in plaintext or hardcoded in source.
Flag API endpoints missing authentication or authorization.
Flag injection vulnerabilities, including SQL injection, command injection, and path traversal.
Flag sensitive data leaked in API responses, WebSocket messages, or logs.
Flag Kubernetes Secrets and Red Hat secrets missing OwnerReferences.

Files:

  • pyproject.toml
  • scripts/konflux_resolve.py
🧠 Learnings (1)
📚 Learning: 2026-06-24T13:45:37.249Z
Learnt from: Jdubrick
Repo: lightspeed-core/lightspeed-stack PR: 1971
File: src/utils/markdown_repair.py:31-36
Timestamp: 2026-06-24T13:45:37.249Z
Learning: In the lightspeed-stack repository, docstrings must use the section header name "Parameters:" (not "Args:") for function arguments, even if the project references Google Python docstring conventions. Ensure docstrings follow the project’s established "Parameters:" header format for any documented function parameters.

Applied to files:

  • scripts/konflux_resolve.py
🪛 ast-grep (0.44.1)
scripts/konflux_resolve.py

[warning] 204-204: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(pyproject_path, "rb")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 914-914: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(output_path, "w")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 925-925: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(yaml_path)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 932-932: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(yaml_path, "w")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 950-950: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(profiles_path, "rb")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 972-972: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(path)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 1151-1151: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(build_file)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 1166-1166: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(build_file, "w")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 1269-1269: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(tmp_sdist_file, "w")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[warning] 1293-1293: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(build_output, "w")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[error] 1040-1040: Command coming from incoming request
Context: subprocess.run(cmd, capture_output=True, text=True, check=True)
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

(subprocess-from-request)


[error] 1273-1283: Command coming from incoming request
Context: subprocess.run(
[
"uv",
"run",
"pybuild-deps",
"compile",
f"--output-file={build_output}",
tmp_sdist_file,
],
check=True,
)
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

(subprocess-from-request)


[warning] 417-417: Request-controlled URL passed to urlopen; validate against an allowlist to prevent SSRF.
Context: urllib.request.urlopen(url, timeout=30)
Note: [CWE-918] Server-Side Request Forgery (SSRF).

(urlopen-unsanitized-data)


[warning] 609-609: Request-controlled URL passed to urlopen; validate against an allowlist to prevent SSRF.
Context: urllib.request.urlopen(url, timeout=30)
Note: [CWE-918] Server-Side Request Forgery (SSRF).

(urlopen-unsanitized-data)


[error] 1040-1040: Use of unsanitized data to create processes
Context: subprocess.run(cmd, capture_output=True, text=True, check=True)
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

(os-system-unsanitized-data)

🔇 Additional comments (15)
scripts/konflux_resolve.py (4)

1070-1114: 📐 Maintainability & Code Quality

reclassify_with_rhoai still looks like dead code unless it’s wired into the uv_resolve flow. If it remains in use, align the input type with uv_resolve’s result shape before calling it.


1235-1240: 🩺 Stability & Availability

Handle the no-match path here If RhoaiIndex.find_best can return None, add a guard or fallback before continuing so the package doesn't reach hashing with no platforms.


1206-1216: 🎯 Functional Correctness

RHOAI detection should use the configured index URL
packages.redhat.com is too specific here; if the RHOAI index is hosted elsewhere, packages will be misclassified as pypi. Match against rhoai_index_url (or its host) instead.


42-53: 🎯 Functional Correctness

Potential version-collision bug in parse_version If 4-segment versions are possible, _VERSION_RE drops everything beyond the third numeric component, so 1.2.3.4 and 1.2.3.9 collapse to the same sort key. That makes max(..., key=parse_version) order-dependent and can widen exact matches. Capture trailing numeric segments if these versions are expected.

.konflux/build-args-konflux.conf (1)

1-3: LGTM!

.konflux/profiles.toml (1)

1-12: LGTM!

.konflux/pypi_wheel_only.txt (1)

1-5: LGTM!

.konflux/requirements.hermetic.txt (1)

1-1: LGTM!

.konflux/rpms.lock.yaml (1)

8-71: LGTM!

Also applies to: 82-145

pyproject.toml (1)

189-189: LGTM!

.konflux/requirements.hashes.source.txt (1)

5-137: LGTM!

.konflux/requirements.hashes.wheel.pypi.txt (1)

1-1: Confirm this index-url-only file is intentionally wired.

This file contains only an --index-url directive and no pins. Note it is not listed among the requirements_files in either .tekton/lightspeed-stack-0-7-pull-request.yaml or .tekton/lightspeed-stack-0-7-push.yaml (which reference requirements.hashes.wheel.txt, requirements.hashes.source.txt, requirements.hermetic.txt). Please confirm any PyPI-wheel-classified packages are not being silently dropped from the hermetic prefetch.

.konflux/requirements.hashes.wheel.txt (1)

141-148: Verify httpcore2 and httpx2 are legitimate, expected dependencies.

httpcore2==2.5.0 and httpx2==2.5.0 are unusual names alongside the standard httpcore==1.0.9 / httpx==0.28.1 entries. Since these are binary-prefetched wheels, please confirm they are genuine transitive deps from the RHOAI index and not accidental/typosquat entries pulled into the lock.

.tekton/lightspeed-stack-0-7-pull-request.yaml (1)

56-56: Verify the prefetch binary.packages list stays in sync with requirements.hashes.wheel.txt. In hermetic mode, any wheel-lock package missing from binary.packages can force a source build and break the pipeline; both Tekton lists should match and include the extra build wheels (maturin, pip, uv).

.konflux/requirements-build.txt (1)

16-24: Duplicate hatchling pins need downstream confirmation hatchling appears at both 1.26.3 and 1.31.0 in the same build requirements file; make sure the build/prefetch path accepts multiple versions of the same package.

Comment on lines +573 to +591
def _eval_single_marker(expr: str, env: dict[str, str]) -> bool:
"""Evaluate a single marker comparison like ``sys_platform == 'linux'``."""
m = _MARKER_COMPARE_RE.match(expr)
if m is None:
return True

left_raw = m.group("left").strip("'\"")
right_raw = m.group("right").strip("'\"")
op = re.sub(r"\s+", " ", m.group("op"))

if left_raw in env:
lval, rval = env[left_raw], right_raw
elif right_raw in env:
lval, rval = left_raw, env[right_raw]
else:
return True

check = _MARKER_CMP_OPS.get(op)
return bool(check(lval, rval)) if check else True

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate the relevant function and nearby helpers.
rg -n "_eval_single_marker|_MARKER_CMP_OPS|python_version|parse_version" scripts/konflux_resolve.py

# Show the relevant section with line numbers.
sed -n '520,620p' scripts/konflux_resolve.py

# Run a small read-only probe to demonstrate the comparison behavior.
python3 - <<'PY'
from functools import cmp_to_key

def lex(a, b):
    return (a > b) - (a < b)

pairs = [("3.12", "3.9"), ("3.10", "3.9"), ("3.9", "3.12")]
for a, b in pairs:
    print(a, ">=", b, lex(a, b) >= 0)
    print(a, "<", b, lex(a, b) < 0)
PY

Repository: lightspeed-core/lightspeed-stack

Length of output: 1987


Compare python_version as a version, not a string. "_eval_single_marker" currently uses plain string ordering, so markers like python_version >= "3.9" can evaluate incorrectly on values such as "3.12", dropping valid dependencies. Parse version-valued markers before comparing.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/konflux_resolve.py` around lines 573 - 591, Update
_eval_single_marker so comparisons involving python_version parse both operands
as versions before applying the selected operator, avoiding lexicographic
ordering such as treating 3.12 as less than 3.9. Preserve existing string
comparison behavior for non-version markers and the current fallback behavior
for unsupported operators or unresolved variables.

@Jazzcort

Copy link
Copy Markdown
Contributor Author

/retest

1 similar comment
@Jazzcort

Copy link
Copy Markdown
Contributor Author

/retest

@tisnik tisnik left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Jazzcort Jazzcort force-pushed the update-rhai-base-image-with-better-grade branch from 50610d2 to be0cbc9 Compare July 13, 2026 19:18
@tisnik tisnik merged commit eacc1e5 into lightspeed-core:main Jul 14, 2026
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants