From ed5109bdd9bf085151386caeb7794d74060b9a0d Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 00:05:48 +0000 Subject: [PATCH 1/3] Add container image accessibility validation to PR review prompt Adds a new validation rule that requires all images in *-master.yaml config files to be publicly accessible on NGC, Docker Hub, or other public registries. Local file paths (e.g., /scratch/..., .sqsh files) will be flagged as blocking issues since they are not reproducible. Co-authored-by: functionstackx --- .github/workflows/claude-pr-review.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml index d01a5695c..7fec5d0d1 100644 --- a/.github/workflows/claude-pr-review.yml +++ b/.github/workflows/claude-pr-review.yml @@ -125,6 +125,24 @@ jobs: Remember: Silence is golden. No comment is better than a low-value comment. + ## Container Image Accessibility Validation: + When reviewing changes to `.github/configs/*-master.yaml` files, verify that ALL `image:` values are publicly accessible: + + **Valid image formats (publicly accessible):** + - Docker Hub: `organization/image:tag` (e.g., `lmsysorg/sglang:v0.5.7-rocm700-mi35x`) + - NGC: `nvcr.io/nvidia/...` (e.g., `nvcr.io/nvidia/ai-dynamo/tensorrtllm-runtime:0.8.1.post1`) + - Other public registries: `ghcr.io/...`, `quay.io/...`, `rocm/...` + + **Invalid image formats (NOT publicly accessible):** + - Local file paths: `/scratch/...`, `/home/...`, `/data/...`, or any path starting with `/` + - `.sqsh` files (squashfs containers stored locally) + - Internal/private registry paths that are not publicly resolvable + + If any `image:` field contains a local path or non-public image: + - This is a 🔴 **BLOCKING** issue + - Comment: "Image must be publicly accessible on NGC, Docker Hub, or another public registry. Local paths like `/scratch/...` or `.sqsh` files are not reproducible. Please push the container to a public registry (e.g., `nvcr.io/nvidia/...` for NGC) and update the config with the public image reference." + - Link to the specific line with the invalid image path + ## vLLM and SGLang Source Code Access: You have access to vLLM and SGLang source code via the inferencemax-repos MCP server: - Use `mcp__inferencemax-repos__*` tools to access repository source code From 53ae705b260b1975d0daebed86548bc0aa001fb4 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 00:14:44 +0000 Subject: [PATCH 2/3] Accept nvcr.io# format for NGC container images Update the container image validation rules to also accept images using the # notation (e.g., nvcr.io#nvidia/tensorrt-llm/release:1.1.0rc2.post2) which is used by some container runtimes like Enroot. Co-authored-by: functionstackx --- .github/workflows/claude-pr-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml index 7fec5d0d1..9e9137d0a 100644 --- a/.github/workflows/claude-pr-review.yml +++ b/.github/workflows/claude-pr-review.yml @@ -130,7 +130,7 @@ jobs: **Valid image formats (publicly accessible):** - Docker Hub: `organization/image:tag` (e.g., `lmsysorg/sglang:v0.5.7-rocm700-mi35x`) - - NGC: `nvcr.io/nvidia/...` (e.g., `nvcr.io/nvidia/ai-dynamo/tensorrtllm-runtime:0.8.1.post1`) + - NGC: `nvcr.io/nvidia/...` or `nvcr.io#nvidia/...` (e.g., `nvcr.io/nvidia/ai-dynamo/tensorrtllm-runtime:0.8.1.post1` or `nvcr.io#nvidia/tensorrt-llm/release:1.1.0rc2.post2`) - Other public registries: `ghcr.io/...`, `quay.io/...`, `rocm/...` **Invalid image formats (NOT publicly accessible):** From 92d381094a0a92da71be55f6087674aafaacb453 Mon Sep 17 00:00:00 2001 From: functionstackx <47992694+functionstackx@users.noreply.github.com> Date: Tue, 27 Jan 2026 19:19:01 -0500 Subject: [PATCH 3/3] Update invalid image formats section in workflow Clarified the comment regarding invalid image formats to indicate that local paths and .sqsh files are generally not accepted. --- .github/workflows/claude-pr-review.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml index 9e9137d0a..9fa334f2a 100644 --- a/.github/workflows/claude-pr-review.yml +++ b/.github/workflows/claude-pr-review.yml @@ -133,14 +133,15 @@ jobs: - NGC: `nvcr.io/nvidia/...` or `nvcr.io#nvidia/...` (e.g., `nvcr.io/nvidia/ai-dynamo/tensorrtllm-runtime:0.8.1.post1` or `nvcr.io#nvidia/tensorrt-llm/release:1.1.0rc2.post2`) - Other public registries: `ghcr.io/...`, `quay.io/...`, `rocm/...` - **Invalid image formats (NOT publicly accessible):** + **Invalid image formats (NOT publicly accessible):** + - generally these images are not best practices to have in: - Local file paths: `/scratch/...`, `/home/...`, `/data/...`, or any path starting with `/` - `.sqsh` files (squashfs containers stored locally) - Internal/private registry paths that are not publicly resolvable If any `image:` field contains a local path or non-public image: - This is a 🔴 **BLOCKING** issue - - Comment: "Image must be publicly accessible on NGC, Docker Hub, or another public registry. Local paths like `/scratch/...` or `.sqsh` files are not reproducible. Please push the container to a public registry (e.g., `nvcr.io/nvidia/...` for NGC) and update the config with the public image reference." + - Comment: "Image must be publicly accessible on NGC, Docker Hub, or another public registry. Local paths like `/scratch/...` or `.sqsh` files are generally not accepted. Please push the container to a public registry (e.g., `nvcr.io/nvidia/...` for NGC) and update the config with the public image reference." - Link to the specific line with the invalid image path ## vLLM and SGLang Source Code Access: