Skip to content

Add GARM Incus pilot validation#2924

Draft
UnArbosFive wants to merge 2 commits into
mainfrom
codex/garm-incus-pilot-validation
Draft

Add GARM Incus pilot validation#2924
UnArbosFive wants to merge 2 commits into
mainfrom
codex/garm-incus-pilot-validation

Conversation

@UnArbosFive

Copy link
Copy Markdown
Contributor

What

Add a narrowly scoped same-repository workflow that validates the GARM + Incus pilot on its dedicated garm-incus-turbo-8 runner label.

The representative job verifies KVM VM isolation and capacity, exercises Docker, runs the repository Rust setup action, and compiles the safe-math workspace crate.

Safety

  • fork PRs are rejected before the self-hosted job
  • workflow token is read-only
  • runner is an ephemeral Incus VM
  • workflow only auto-triggers when this pilot workflow file changes

Validation

  • targeted actionlint
  • live GARM controller, idle runner, Incus VM, firewall, vmagent targets, and central Prometheus ingestion validated before opening this PR

@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 15, 2026 9:06pm

Request Review

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny — repository admin/nucleus contributor on main; matching commit identity, substantial merged work, and no Gittensor association found.

The workflow is limited to same-repository PRs, uses a read-only token, and runs on an ephemeral Incus VM. It changes no review-control files, runtime code, dependencies, or persistent privileged credentials.

Findings

No findings.

Conclusion

No malicious behavior or security vulnerability was found in the static diff.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

UNKNOWN Gittensor association; recently created account but established repository administrator with substantial merged contributions and no overlapping PRs.

The workflow’s fork gate prevents the self-hosted workload from being scheduled for fork PRs. Its read-only token, targeted trigger, timeout, explicit VM-capacity checks, Docker smoke test, and representative Rust compilation match the stated pilot-validation scope.

The PR description is substantive and consistent with the implementation. No runtime code is affected, so no spec-version bump or build/test escalation is required. No auto-fixes were needed.

Findings

No findings.

Conclusion

The workflow is narrowly scoped, follows existing repository CI gating patterns, and adequately validates the pilot runner without introducing a substantive domain issue.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant