Commit Graph

53 Commits

Author SHA1 Message Date
stuxf a6c30b30bf build: migrate packaging, CI, and Docker from Poetry to uv (#25007)
* build: migrate packaging metadata to uv

* ci: move automation and local tooling to uv

* docker: migrate image builds and runtime setup to uv

* docs: update install and deployment guidance for uv

* chore: align auxiliary scripts and tests with uv

* test: harden test_litellm isolation

* fix: keep release and health check images self-contained

* build: pin uv tooling and health check deps

* test: isolate bedrock image request formatting from suite state

* test: cover sandbox executor requirements flow

* ci: fix circleci no-op command steps

* ci: fix circleci publish workflow parsing

* fix: stabilize remaining uv migration CI checks

* ci: increase matrix test timeout headroom

* fix: restore published docker and license coverage

* fix: restore proxy runtime build parity

* fix: restore proxy extras parity and venv migrations

* ci: persist uv path across circleci steps

* fix: keep psycopg binary in default test env

* docker: preserve prisma cache across stages

* test: run local proxy checks through uv python

* build: restore runtime deps moved into ci

* build: refresh uv lock after upstream merge

* fix: restore module import in test_check_migration after merge

The conflict resolution imported only the function but the test body
references check_migration as a module throughout.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: revert dependency promotions, remove nodejs-wheel-binaries, fix Docker layer caching

- Move google-generativeai, Pillow, tenacity back to ci group (they are
  lazily imported and bloat the base SDK install needlessly)
- Remove nodejs-wheel-binaries from extra_proxy and proxy-dev (redundant
  in Docker where system Node.js is already installed via apk)
- Remove all nodejs-wheel node replacement and venv npm patching blocks
  from Dockerfiles since the wheel is no longer installed
- Add --no-default-groups to CodSpeed benchmark workflow so the benchmark
  environment matches the old minimal pip install footprint
- Apply standard uv two-phase Docker pattern: copy metadata first, install
  deps (cached layer), then copy source and install project
- Replace CircleCI enterprise no-op with proper uv sync command

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: regenerate uv.lock after removing nodejs-wheel-binaries

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): use cache/restore instead of cache to prevent cache poisoning

The old workflow used actions/cache/restore (read-only). The uv migration
changed it to actions/cache (read-write), which zizmor flags as a cache
poisoning risk. Restore the safer read-only variant.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): disable setup-uv built-in cache to silence cache-poisoning alert

The setup-uv action enables caching by default, which zizmor flags as a
cache poisoning risk. Disable it since we already use a read-only
cache/restore step.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): disable setup-uv cache in publish workflow

Silences zizmor cache-poisoning alert. Publishing workflow runs
infrequently on protected branches so caching adds no real benefit.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(test): remove duplicate verbose_logger mock in test_check_migration

The logger was patched twice — first via mocker.patch() then via
mocker.patch.object(autospec=True). The second call fails because
autospec cannot inspect an already-mocked attribute. Remove the
redundant first patch.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): free disk space before Docker build in test-server-root-path

The Dockerfile.non_root build ran out of disk on the CI runner. Remove
Android SDK, .NET, Boost, and GHC toolchains (~12GB) to free space.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 11:46:23 -07:00
joereyna 41407d0287 Fix node-gyp symlink path after npm upgrade in Dockerfile 2026-04-07 17:01:55 -07:00
Yuneng Jiang 537727f0da [Fix] Dockerfile.non_root: handle missing .npmrc gracefully
The .npmrc file (ignore-scripts=true, min-release-age=3d) is temporarily
removed during the Docker build since lifecycle scripts are needed by
npm ci. However, the unconditional `mv` fails when the build context
doesn't include .npmrc (e.g. when LiteLLM is vendored in a subdirectory).

Make all .npmrc mv operations conditional. This is safe because npm ci
already installs from package-lock.json with pinned versions and
integrity hashes.
2026-04-07 12:44:04 -07:00
Sameer Kankute 08df8643bf fix(docker): include enterprise bridge in non-root runtime image (#24917)
Copy the /app/enterprise bridge package into the non-root runtime image so enterprise proxy hooks register correctly (including managed_files).
2026-04-04 14:04:31 -07:00
Yuneng Jiang fa629c307c [Fix] Dockerfile.non_root: install node-gyp for npm ci
The wolfi-base npm@11.12.1 package does not bundle node-gyp, causing
`npm ci` to fail with `Cannot find module 'node-gyp/bin/node-gyp.js'`
when building the Admin UI in the non-root Docker image.

Install node-gyp@12.2.0 globally and symlink it into npm's internal
node_modules where @npmcli/run-script expects to find it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 17:29:47 -07:00
Yuneng Jiang 85f72c9d24 [Fix] Remove unused aioboto3 dependency and botocore conflict workarounds
aioboto3 was listed as a dependency for async sagemaker calls but is not
imported anywhere in the codebase — async calls use httpx + botocore SigV4
instead. Removing it eliminates the unresolvable botocore version conflict
between boto3 and aiobotocore, along with all grep -v / --no-deps workarounds
across Dockerfiles and CI.

Also addresses Greptile review feedback: collapse redundant grpcio
python-version markers, bump pyproject.toml cryptography to 46.0.5 to
match Docker (GHSA-r6ph-v2qm-q3c2), and fix misleading .npmrc comment.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 14:25:44 -07:00
Yuneng Jiang 821a634d25 [Fix] Handle boto3/aioboto3 botocore conflict across CI and Docker builds
boto3==1.42.80 and aioboto3==15.5.0 have incompatible botocore version
ranges. No aioboto3 release supports botocore 1.42.x yet. Both uv and
pip 26.0.1 reject the resolution.

Fix: filter aioboto3 out of requirements.txt at install time, then
install aioboto3+aiobotocore with --no-deps to bypass resolution.
Added wrapt and aioitertools to requirements.txt as pinned transitive
deps of aiobotocore (skipped by --no-deps). Fixed pip stdin handling
(/dev/stdin). Applied to all 5 Dockerfiles and all CircleCI install
paths.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 12:27:21 -07:00
Yuneng Jiang 5f63873dca [Infra] Pin all Docker build dependencies to exact versions
Pin every dependency across all Docker builds so upgrades are intentional.
Verified by building all 3 production images and diffing pip freeze against
known-good v1.83.0-nightly baselines — zero version drift.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 00:05:39 -07:00
stuxf 7066c895f6 chore: harden npm supply chain — pin overrides, enforce npm ci, add ignore-scripts (#24838)
* chore: harden npm supply chain — pin overrides, enforce npm ci, add ignore-scripts

Replace open-ended >= version overrides with exact pins matching lockfile
versions across all 6 package.json files. Remove dead overrides for packages
not present in lockfiles. Switch CI and devcontainer from npm install to
npm ci for deterministic lockfile-based installs.

Add .npmrc to all 7 JS project directories with ignore-scripts=true (blocks
postinstall RAT vectors like the axios@1.14.1 supply chain attack) and
min-release-age=3d (refuses packages published <3 days ago, requires npm
>=11.10). Remove Yarn-only resolutions field from docs/my-website.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: bump sharp to 0.33.5 in docs, add docs .npmrc

sharp 0.32.x uses postinstall to download native binaries, which breaks
with ignore-scripts=true. sharp 0.33+ distributes via optionalDependencies
instead, making it compatible with the new .npmrc hardening.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: remove docs .npmrc to fix Vercel deploy

Vercel's build for docs/my-website uses npm install which needs
sharp 0.32.6's postinstall script. Since we don't control Vercel's
build process, remove the .npmrc from docs rather than fight it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: Dockerfile npm ci + nvm checksum verification

- Replace npm install with npm ci in Dockerfile.non_root,
  Dockerfile.custom_ui, and spend-logs/Dockerfile for deterministic
  lockfile-based installs
- Replace curl-pipe-bash nvm install with download-then-verify pattern
  in build_admin_ui.sh, build_ui.sh, and build_ui_custom_path.sh
- Update nvm from v0.38.0 (2021) to v0.40.4 (Jan 2026) with SHA256
  checksum verification before execution

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: macOS sha256sum compat + clarify min-release-age scope

- Use shasum -a 256 fallback on macOS where sha256sum is unavailable
- Clarify in .npmrc comments that min-release-age only protects local
  npm install, not npm ci (used in CI)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 13:41:37 -07:00
yuneng-jiang d3587b1d8e fix: bump PyJWT to 2.12.0 in all Dockerfiles and tar to 7.5.11
All Dockerfiles were pinning PyJWT 2.9.0 (Dockerfile, Dockerfile.database,
Dockerfile.dev) or had a stale wheel build for 2.9.0 (Dockerfile.non_root).
Updated to 2.12.0 to match pyproject.toml. Also bumps tar to 7.5.11 in
Dockerfile.non_root for security.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 19:54:54 -07:00
yuneng-jiang 1f485007fb fix: update PyJWT pin in Dockerfile.non_root to 2.12.0
The wheels directory contains 2.12.0 after the pyproject.toml bump,
so the hardcoded 2.10.1 pin fails at build time.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 19:53:52 -07:00
Krish Dholakia e7714f0ce6 Fix CVEs: bump tar/minimatch/pypdf + harden Docker SBOM patching (#23082)
* fix(docker): bump tar/minimatch/pypdf for CVE fixes + harden SBOM patching

- Bump tar 7.5.8→7.5.10, minimatch 10.2.1→10.2.4, pypdf 6.6.2→6.7.3
- Add sed-based SBOM metadata patching with properly indented find/sed
- Add npm package manager cleanup (apk del / apt-get purge) to remove
  stale SBOM entries from image scanners
- Scope || true to only apk del via brace grouping { ... || true; }
- Guard npm root -g with non-empty assertion to prevent silent failures
- Scope minimatch sed regex to ^10.x to avoid matching other major versions

Addresses: CVE-2026-27903, CVE-2026-27904, GHSA-qffp-2rhf-9h96, CVE-2026-27888

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(docker): scope find to /usr/local/lib /usr/lib, drop autoremove

- Replace `find /` with `find /usr/local/lib /usr/lib` to avoid
  traversing /proc, /sys, /dev during SBOM metadata patching
- Remove `apt-get autoremove -y` from Debian-based Dockerfiles to
  prevent nodejs from being removed as an auto-installed dependency

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 18:31:27 -08:00
Harshit28j 3e6c10a071 security: fix critical/high CVEs in OS-level libs and NPM transitive 2026-02-24 19:40:09 +05:30
Achilleas Athanasiou Fragkoulis cb95b1cf92 fix: Add LITELLM_UI_PATH and LITELLM_ASSETS_PATH for read-only filesystem support (#20492)
Fixes #19578

---

When deploying the LiteLLM proxy with `readOnlyRootFilesystem: true` in Kubernetes, UI routes returned `404` because:

- Hardcoded paths:
  - `/var/lib/litellm/ui`
  - `/var/lib/litellm/assets`
- Runtime copy/restructure operations failed on read-only filesystems
- No detection mechanism for pre-restructured UI

---

Add configurable environment variables with intelligent detection, graceful fallbacks, and code quality improvements.

---

- **`LITELLM_UI_PATH`** — Custom UI directory location
  - Default: `/var/lib/litellm/ui` (when `LITELLM_NON_ROOT=true`)
  - Default: packaged UI path (otherwise)
  - Example: `/app/var/litellm/ui` for `emptyDir` volumes

- **`LITELLM_ASSETS_PATH`** — Custom assets directory location
  - Default: `/var/lib/litellm/assets` (when `LITELLM_NON_ROOT=true`)
  - Default: current working directory (otherwise)
  - Example: `/app/var/litellm/assets`

---

UI is detected as **pre-restructured and ready** if any of the following apply:

1. **Primary**: `.litellm_ui_ready` marker file exists (created by Dockerfile)
2. **Fallback**: Pattern-based detection — finds *any* subdirectory containing `index.html`
   (resilient to UI structure changes; no hardcoded route names)
3. **Safety**: Filesystem writability check before operations

---

**`litellm/proxy/proxy_server.py`**

- `_validate_ui_directory()` — Verifies UI has required structure (`index.html`, `_next/`)
- `_is_ui_pre_restructured()` — Pattern-based detection (not hardcoded routes)
- `_try_populate_ui_directory()` — Helper for clean error handling
- Refactored UI path decision tree with numbered cases (1, 2, 3, 4a, 4b)
- Updated UI path logic to use `LITELLM_UI_PATH`
- Added writability checks before copy/restructure operations
- Graceful fallback to packaged UI if operations fail
- Updated `server_root_path` replacement with read-only check
- Simplified assets directory creation (try/except instead of complex parent checks)
- Updated `get_image()` endpoint to use `LITELLM_ASSETS_PATH`
- Added validation for packaged and final UI paths

**`docker/Dockerfile.non_root`**

- Added `touch .litellm_ui_ready` marker after UI restructuring
- Enables automatic detection of pre-built UI in Docker images

**`tests/proxy_unit_tests/test_ui_path_detection.py`**

- Added comprehensive unit tests for new functionality
- Tests env var handling, detection logic, and writability checks

---

**`docs/my-website/docs/proxy/config_settings.md`**

- Added `LITELLM_UI_PATH` and `LITELLM_ASSETS_PATH` to env vars table
- Documented defaults and use cases

**`docs/my-website/docs/proxy/prod.md`**

- Added comprehensive "Read-Only Root Filesystem" section
- Quick fixes for permission errors
- Full Kubernetes setup with `initContainer` + `emptyDir` volumes
- API-only deployment option
- Environment variables reference table
- Notes on migrations, caching, and `server_root_path`

**`docker/README.md`**

- Updated hardened setup notes to mention pre-built UI
- Added details about UI serving from read-only paths

---

- No breaking changes
- Existing deployments continue working without modifications
- New env vars are optional with sensible defaults
- Detection logic supports both old and new builds
- Graceful fallbacks throughout

---

```yaml
apiVersion: apps/v1
kind: Deployment
spec:
  template:
    spec:
      initContainers:
        - name: setup-ui
          image: ghcr.io/berriai/litellm:main-stable
          command: ["sh", "-c", "cp -r /var/lib/litellm/ui/* /app/var/litellm/ui/"]
          volumeMounts:
            - name: ui-volume
              mountPath: /app/var/litellm/ui
      containers:
        - name: litellm
          env:
            - name: LITELLM_UI_PATH
              value: "/app/var/litellm/ui"
            - name: LITELLM_ASSETS_PATH
              value: "/app/var/litellm/assets"
          securityContext:
            readOnlyRootFilesystem: true
          volumeMounts:
            - name: ui-volume
              mountPath: /app/var/litellm/ui
      volumes:
        - name: ui-volume
          emptyDir:
            sizeLimit: 100Mi
2026-02-12 19:39:04 +05:30
Harshit Jain 3b043ee8bf fix critical CVE vulnerabliltes (#20683) 2026-02-07 22:23:01 -08:00
Ishaan Jaffer ef66a6cb62 fix security scans 2026-02-07 11:15:02 -08:00
yuneng-jiang 7831e30666 keep package-lock.json in non-root 2026-02-04 17:58:22 -08:00
Ishaan Jaffer a002907389 fix tar security issue with TAR 2026-01-31 11:46:53 -08:00
milan-berri 8fcdf6105f fix: run prisma generate as nobody user in non-root container (#20000)
Fixes permission error where prisma generate fails with 'Permission denied'
when trying to write schema.prisma in non-root containers.

The issue was that prisma generate was running as root before switching
to nobody user, causing generated files to be owned by root:root.
Moving prisma generate after USER nobody ensures files are owned by
nobody:nobody and can be written to during runtime.

Fixes #19859
2026-01-29 19:04:59 -08:00
yuneng-jiang 1bf32deb6c Adding python3-dev to non root 2026-01-22 10:05:09 -08:00
Ishaan Jaff f98814ba8a fix include proxy/prisma_migration.py in non root (#18971) 2026-01-12 08:12:39 -08:00
Alexsander Hamir 1544e8f971 feat: Add line_profiler support for performance analysis and fix Windows CRLF issues in Docker builds (#18773) 2026-01-07 11:36:57 -08:00
yuneng-jiang 05dd247ff5 Fix UI disappearing for development instances 2025-12-23 15:24:07 -08:00
yuneng-jiang 6bb5254c9b Revert "[Fix] UI - Disappears in Development Environments" 2025-12-23 15:08:07 -08:00
yuneng-jiang fccd2d1e87 Fix UI disappearing for development instances 2025-12-23 11:46:55 -08:00
Alexsander Hamir 4b652e19d8 [Fix] CI/CD - security­_tests (#18305) 2025-12-20 17:08:28 -08:00
Mateo Di Loreto 107ea9043a [Feature] Download Prisma binaries at build time instead of at runtime for Security Restricted environments (#17695)
* Use config file to enable prometheus metrics

* Revert "Use config file to enable prometheus metrics"

This reverts commit 15ae36e1711791c0ac0a7aa84dcec142951717f5.

* Improve hardened stack and Prisma offline flow

* Document hardened compose usage

* Remove undesired change in fastapi-sso

* Restore dashboard lockfile

* Remove unecessary tempdirs

* Document hardened/offline Docker validation flow
2025-12-16 21:25:53 +05:30
yuneng-jiang 1d95595522 Merge remote-tracking branch 'origin' into litellm_non_root_docker_logo_fix 2025-12-06 20:00:33 -08:00
Alexsander Hamir db40a38999 Add retry logic to apk package installation in Dockerfile.non_root (#17596)
- Add retry loop (3 attempts with 5s delay) to builder stage apk add command
- Add retry logic to runtime stage apk upgrade and apk add commands
- Improves resilience to transient network errors during package downloads
2025-12-06 08:17:50 -08:00
Krish Dholakia 74ba18df55 Litellm chainguard fixes 12 02 2025 p1 (#17406)
* build: update dockerfile non root

* build: update build

* build: update non root

* build: dockerfile fixes

* build: ensure dockerfile + dockerfile.database also work
2025-12-02 22:50:13 -08:00
Krrish Dholakia 8ee298f9c9 fix: remove python3 headers 2025-12-02 16:06:06 -08:00
Krrish Dholakia 7fb2f4730b build: remove duplicate packages 2025-12-02 15:53:10 -08:00
yuneng-jiang 031677636a Add user writable file to non root docker for logo 2025-11-26 21:44:02 -08:00
yuneng-jiang e371ff454a Non root docker build fix (#17060) 2025-11-24 20:45:56 -08:00
Ishaan Jaffer be71138af3 fix build bad db url 2025-11-22 10:10:08 -08:00
Ishaan Jaffer c34d8af329 test fix 2025-11-22 10:02:15 -08:00
Ishaan Jaff 9288c8543c fix docker (#16342) 2025-11-07 14:38:20 -08:00
yuneng-jiang 5d158775b1 [Fix] Litellm non root docker Model Hub Table fix (#16282)
* Fix model hub table 404 on non-root docker

* Adding test
2025-11-05 18:30:20 -08:00
Arthur 6c97a31c9c bug: add supervisor to non-root image 2025-08-24 15:43:57 +02:00
Jan Kessler 3eecff44c6 fix permission access on prisma migrate in non-root image 2025-08-21 09:00:55 +02:00
Ishaan Jaff a328ad56e3 [Bug Fix] Fixes for using Auto Router with LiteLLM Docker Image (#13788)
* fix install auto router.sh

* fixes for Docker IMG
2025-08-19 18:36:30 -07:00
Parham Alvani 849c262a02 fix: we need to have project files for running migration using this image (#13379) 2025-08-07 13:31:10 -07:00
Jugal D. Bhatt 9aeca96c16 fix openshift (#13239) 2025-08-02 22:37:02 -07:00
Mateo Di Loreto 6e5fe51184 add openssl in apk install in runtime stage in dockerfile.non_root (#13168)
* add openssl in apk install in runtime stage in dockerfile.non_rootdocker-compose logs -f litellm

* Improve Docker-compose.yaml for local debugging

---------

Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>
2025-07-31 21:52:11 -07:00
Ishaan Jaff 106a298f0a [Feat] UI - Allow Adding LiteLLM Auto Router on UI (#12960)
* add router.json

* test_router_auto_router

* async_pre_routing_hook

* fixes for auto router

* add async_pre_routing_hook

* add LiteLLMRouterEncoder

* update test auto_router_embedding_model

* add auto_router_embedding_model

* add AutoRouter

* fix async_pre_routing_hook

* update async_pre_routing_hook

* fix auto router

* fix router.json

* working router init

* working embedding encoder

* working auto router

* test_router_auto_router

* test auto router

* add semantic-router as optional for litellm

* add extras

* semantic_router==0.1.10

* ruff fix

* use aiohttp==3.10.11

* python-dotenv==1.0.1

* test auto router

* test_router_auto_router

* semantic_router

* test_is_auto_router_deployment

* fix check

* fix docker build step

* add semantic_router

* UI  - Add auto router on litellm

* working utterances config

* fix route config builder

* kind of working add automodel router

* move loc of add deployment

* fixes for AutoRouter

* add auto_router_config in types.py

* fixes for init_auto_router_deployment

* fix adding auto router models

* working auto-router with dB

* Revert "add semantic_router"

This reverts commit 537b67288798731a119d811f643b682086377ee9.

* TestAutoRouter

* fix linting

* add semantic router to docker

* test fix

* fix router config builder

* remove export button
2025-07-24 19:58:49 -07:00
Mateo Di Loreto c65392cf81 Replace non-root Dockerfile base with Alpine multi-stage build; (#12707)
* Change Dockerfile.noon_root with alpine base image

* Improve non_root docker image

* Re add the build_admin_ui.sh script step

* Re add the build_admin_ui.sh script step

* Remove unnecessary workdir set

* Remove unnecessary workdir set

* Configure chainguard image

* A bit of optimization and improve comments

* delete extra build_ui script run

* Optimizie Dockerfile copy statements
2025-07-22 08:53:10 -07:00
Jugal D. Bhatt a112ec5b02 Health check app on separate port (#12718)
* add separate health app

* add new docs

* refactor

* fix colons

* Update config_settings.md

* refactor

* docs

* add unit test

* added supervisord

* remove app

* add supervisor conf

* Add markdown

* add video to md

* remove test

* docs build failure

* add to all docker files, change prod.md and add tests

* change dockerfiles

* remove extra file

* remove extra file

* remove extra file

* change apt->apk

* remove rdb file

* add fixed file
2025-07-18 11:17:15 -07:00
Tyler Hutcherson 7864cd1f76 update redisvl dependency 2025-03-24 08:42:11 -04:00
Krish Dholakia d4ed985173 Add back in non root image fixes (#7781) (#7795)
* Add back in non root image fixes (#7781)

* Add back in non root image fixes

* Fix dockerfile

* Fix perms

* Add in container structure tests for the nonroot image (#7796)

* feat(helm): add securityContext and pull policy values to migration job (#7652)

* fix(helm): corrected indentation in migration-job.yaml

* feat(helm): add securityContext and pull policy values to migration job

* fix confusing save button label (#7778)

* [integrations/lunary] Improve Lunary documentaiton (#7770)

* update lunary doc

* better title

* tweaks

* Update langchain.md

* Update lunary_integration.md

* Fix wrong URL for internal user invitation (#7762)

* format

* done

* Update instructor tutorial (#7784)

* Add in container structure tests for the nonroot image

---------

Co-authored-by: Zackeus Bengtsson <32719220+Hexoplon@users.noreply.github.com>
Co-authored-by: yujonglee <yujonglee.dev@gmail.com>
Co-authored-by: Hugues Chocart <chocart.hugues@icloud.com>
Co-authored-by: Nikolaiev Dmytro <dima.nikol.99@gmail.com>

---------

Co-authored-by: Rajat Vig <rajatvig@users.noreply.github.com>
Co-authored-by: Zackeus Bengtsson <32719220+Hexoplon@users.noreply.github.com>
Co-authored-by: yujonglee <yujonglee.dev@gmail.com>
Co-authored-by: Hugues Chocart <chocart.hugues@icloud.com>
Co-authored-by: Nikolaiev Dmytro <dima.nikol.99@gmail.com>
2025-01-15 21:49:03 -08:00
Ishaan Jaff 6125ba1e2b (Feat) - allow including dd-trace in litellm base image (#7587)
* introduce USE_DDTRACE=true

* update dd tracer

* update

* bump dd trace

* use og slim image

* DD tracing

* fix _init_dd_tracer
2025-01-06 17:27:09 -08:00