[ci] refactor auth out of copy_files #60614
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
Reviews in this chain: |
Contributor
Author
|
This was referenced Jan 30, 2026
![gemini-code-assist[bot]](https://cdn.statically.io/img/avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request refactors authentication logic into a new centralized library, ci/ray_ci/rayci_auth.py, which is a great improvement for code organization and reusability. The new implementation for Docker Hub login also enhances security by using --password-stdin, preventing password exposure in the process list. My review focuses on the new rayci_auth.py file, offering suggestions to improve its robustness, maintainability, and error handling.
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
68188cc to
7452f4c
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/upload-guards
branch
from
2195731 to
e8e58b5
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
2 times, most recently
from
54061a8 to
9fc08d8
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/upload-guards
branch
from
e8e58b5 to
26fe123
Compare
![cursor[bot]](https://cdn.statically.io/img/avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
2 times, most recently
from
aa87d9d to
c6a71b7
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/upload-guards
branch
from
26fe123 to
60f859b
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
c6a71b7 to
86e7fb9
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/upload-guards
branch
2 times, most recently
from
557b8d7 to
99cf7b7
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
86e7fb9 to
6f67b57
Compare
andrew-anyscale
changed the base branch from
andrew/revup/master/upload-guards
to
andrew/revup/master/multiplat-support
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
6f67b57 to
c77beb5
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/multiplat-support
branch
from
f43d7b0 to
aa0695a
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
c77beb5 to
ecb0349
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/multiplat-support
branch
from
aa0695a to
2b49072
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
ecb0349 to
89c3834
Compare
andrew-anyscale
force-pushed
the
andrew/revup/master/multiplat-support
branch
from
2b49072 to
44aa52e
Compare
Base automatically changed from
andrew/revup/master/multiplat-support
to
master
January 31, 2026 00:56
For the Wanda version of building each Ray Image, we want to selectively upload to DockerHub only in certain postsubmit cases. Rather than calling on 'buildkite:copy_files --destination docker_login' separately, this refactor pushes the auth setup to a central library that can be called on certain conditions. Without this, logic would need to be pushed into the Rayci step itself, since current login is gated on a per-Pipeline-ID basis. Topic: auth-refactor Relative: multiplat-support Labels: draft Signed-off-by: andrew <andrew@anyscale.com>
andrew-anyscale
force-pushed
the
andrew/revup/master/auth-refactor
branch
from
89c3834 to
44f98a4
Compare
aslonnie
reviewed
Jan 31, 2026
Collaborator
aslonnie
left a comment
aslonnie
left a comment
There was a problem hiding this comment.
why is this in draft? is this ready for review?
Comment on lines
+545
to
+550
| mock_config, | ||
| mock_exists, | ||
| mock_copy, | ||
| mock_ecr_login, | ||
| mock_ci_init, | ||
| mock_docker_login, |
Collaborator
There was a problem hiding this comment.
these are a lot of mocks.. we probably need to talk about this in person..
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For the Wanda version of building each Ray Image, we want to selectively upload to DockerHub only in certain postsubmit cases. Rather than calling on 'buildkite:copy_files --destination docker_login' separately, this refactor pushes the auth setup to a central library that can be called on certain conditions.
Without this, logic would need to be pushed into the Rayci step itself, since current login is gated on a per-Pipeline-ID basis.
Topic: auth-refactor
Relative: multiplat-support
Labels: draft
Signed-off-by: andrew andrew@anyscale.com