Add proxy support for model pulling behind firewall

[ericcurtin]

• Pass proxy environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) to docker-model-runner container
• Configure HTTP transport to use ProxyFromEnvironment for model pulling
• Add tests for proxy configuration in both container creation and transport

Summary by Sourcery

Enable HTTP(S) proxy support for model pulling behind a firewall by configuring the HTTP transport with ProxyFromEnvironment and passing proxy environment variables into spawned containers, with accompanying unit tests.

New Features:

• Enable HTTP(S) proxy support for model pulling via ProxyFromEnvironment in the HTTP transport

Enhancements:

• Pass proxy environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY and lowercase equivalents) into the docker-model-runner container

Tests:

• Add unit tests for proxy-aware HTTP transport configuration
• Add unit tests to verify proxy environment variables are correctly passed to container creation

[sourcery-ai]

Reviewer's Guide

Adds proxy support for model pulling by injecting proxy env vars into Docker containers and configuring HTTP transports to use ProxyFromEnvironment, with accompanying tests to verify both container setup and transport configuration.

Sequence diagram for proxy environment variable injection during container creation

sequenceDiagram
participant "CLI"
participant "OS Environment"
participant "Docker Container"
CLI->>"OS Environment": Read proxy env vars (HTTP_PROXY, HTTPS_PROXY, NO_PROXY, etc.)
alt Proxy env vars set
    CLI->>"Docker Container": Pass proxy env vars in container config
end

Loading

Class diagram for updated model manager HTTP transport configuration

classDiagram
class ClientConfig {
  +StoreRootPath string
  +Logger logrus.FieldLogger
  +Transport http.RoundTripper
}
class Manager {
  +ClientConfig config
  +memEstimator Estimator
}
class resumable {
  +New(baseTransport http.RoundTripper)
}
ClientConfig <|-- Manager
Manager o-- ClientConfig
ClientConfig o-- resumable: uses Transport
resumable : New(baseTransport)

class http.Transport {
  +Proxy func(*Request) (*url.URL, error)
}
http.Transport <|-- baseTransport
baseTransport : Proxy = http.ProxyFromEnvironment

Loading

File-Level Changes

Change	Details	Files
Enable proxy-aware HTTP transport for model manager	Clone http.DefaultTransport Set Proxy to http.ProxyFromEnvironment Pass cloned transport to resumable.New in models.NewManager	main.go
Pass proxy environment variables into controller container configuration	Define list of proxy env var names Iterate over proxy variables and append set values to container Env	cmd/cli/pkg/standalone/containers.go
Add tests for proxy transport configuration	Create TestProxyTransportConfiguration in main_test.go Simulate various HTTP/HTTPS/NO_PROXY env scenarios Verify that transport.Proxy is set	main_test.go
Add tests for proxy environment variable collection for containers	Create TestProxyEnvironmentVariablesPassedToContainer Simulate different cases of proxy env var presence Verify expected env strings	cmd/cli/pkg/standalone/containers_test.go

Possibly linked issues

• #issue: The PR passes proxy environment variables to the model-runner container and configures the HTTP transport for model pulling to use them, directly resolving the issue's firewall proxy problem.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @ericcurtin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the application's network capabilities by introducing robust proxy support. It ensures that all components involved in model pulling, including the docker-model-runner container and the internal HTTP client, can seamlessly function in environments requiring proxy configurations, such as those behind a corporate firewall. This change significantly improves the application's adaptability and deployment flexibility.

Highlights

• Container Proxy Support: Proxy environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY, and their lowercase equivalents) are now automatically passed from the host system to the docker-model-runner container, enabling it to operate behind a firewall.
• HTTP Transport Proxy Configuration: The HTTP transport used for pulling models has been explicitly configured to respect system-wide proxy settings by utilizing http.ProxyFromEnvironment.
• Comprehensive Testing: New unit tests have been added to verify both the correct propagation of proxy environment variables to containers and the proper configuration of the HTTP transport for proxy awareness.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Consider extracting the proxyEnvVars slice into a shared constant or helper to avoid duplicating the list across main.go, containers.go, and tests.
• In your tests, you can simplify environment setup and teardown by using t.Setenv (Go 1.17+) instead of manually saving and restoring os.Environ values.
• Since http.DefaultTransport already uses ProxyFromEnvironment by default, double-check whether cloning and re-setting the Proxy field is necessary or if you can just pass the default transport directly.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider extracting the proxyEnvVars slice into a shared constant or helper to avoid duplicating the list across main.go, containers.go, and tests.
- In your tests, you can simplify environment setup and teardown by using t.Setenv (Go 1.17+) instead of manually saving and restoring os.Environ values.
- Since http.DefaultTransport already uses ProxyFromEnvironment by default, double-check whether cloning and re-setting the Proxy field is necessary or if you can just pass the default transport directly.

## Individual Comments

### Comment 1
<location> `main_test.go:113` </location>
<code_context>
+
+// TestProxyTransportConfiguration verifies that the HTTP transport
+// is configured to use proxy settings from environment variables.
+func TestProxyTransportConfiguration(t *testing.T) {
+	tests := []struct {
+		name     string
</code_context>

<issue_to_address>
**suggestion (testing):** Consider adding assertions that the Proxy function actually uses the environment variables to set up the proxy.

The test could be improved by verifying that the proxy URL is determined from the environment variables, either by making a dummy HTTP request or inspecting baseTransport.Proxy with a sample request.

Suggested implementation:

```golang
func TestProxyTransportConfiguration(t *testing.T) {
	tests := []struct {
		name     string
		envVars  map[string]string
		expected string
	}{
		{
			name: "HTTP_PROXY set",
			envVars: map[string]string{
				"HTTP_PROXY": "http://proxy.example.com:8080",
			},
			expected: "http://proxy.example.com:8080",
		},
		{
			name: "HTTPS_PROXY set",

```

```golang
			// Add more test cases as needed
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			// Save old env vars and set new ones
			oldEnv := make(map[string]string)
			for k, v := range tt.envVars {
				oldEnv[k] = os.Getenv(k)
				os.Setenv(k, v)
			}

			// Create transport using ProxyFromEnvironment
			transport := &http.Transport{
				Proxy: http.ProxyFromEnvironment,
			}

			// Create dummy request
			req, err := http.NewRequest("GET", "http://example.com", nil)
			if err != nil {
				t.Fatalf("failed to create request: %v", err)
			}

			// Get proxy URL
			proxyURL, err := transport.Proxy(req)
			if err != nil {
				t.Fatalf("Proxy function returned error: %v", err)
			}

			if tt.expected == "" {
				if proxyURL != nil {
					t.Errorf("expected no proxy, got %v", proxyURL)
				}
			} else {
				if proxyURL == nil {
					t.Errorf("expected proxy %v, got nil", tt.expected)
				} else if proxyURL.String() != tt.expected {
					t.Errorf("expected proxy %v, got %v", tt.expected, proxyURL.String())
				}
			}

			// Restore old env vars
			for k, v := range oldEnv {
				os.Setenv(k, v)
			}
		})
	}
}

```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Copilot]

Pull Request Overview

Adds proxy support for model pulling behind firewalls by wiring proxy environment variables into the container runtime and configuring HTTP transport to respect proxy settings.

• Configure HTTP transport to use ProxyFromEnvironment for model pulls
• Pass HTTP(S)_PROXY and NO_PROXY (both cases) into the docker-model-runner container
• Add tests for transport configuration and proxy env propagation

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
main.go	Clones and configures an HTTP transport with ProxyFromEnvironment and injects it into the models manager.
main_test.go	Adds TestProxyTransportConfiguration to assert proxy function presence on the HTTP transport.
cmd/cli/pkg/standalone/containers.go	Appends proxy-related environment variables (upper/lower case) to the container env.
cmd/cli/pkg/standalone/containers_test.go	Adds tests that simulate collecting proxy env vars for container configuration.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[ericcurtin]

@holger-stenzhorn, @xenoscopic should this close:

#139

?

[gemini-code-assist]

Code Review

This pull request adds support for using an HTTP/S proxy when pulling models, which is a great feature for users behind corporate firewalls. The changes correctly pass proxy environment variables to the container and configure the HTTP transport. The accompanying tests are a good start, but I have some suggestions to make them more robust and meaningful. I've also pointed out a small redundancy in the transport configuration.

[holger-stenzhorn]

@holger-stenzhorn, @xenoscopic should this close:

#139

?

@ericcurtin: Yes, that should do the trick. I will test it as soon as I can today. Thanks a lot for your support.

[p1-0tr]

nit: LookupEnv may be a bit more accurate. Though I assume none of those variables make sense with an empty value.

[ericcurtin]

@p1-0tr could you further explain? It's unclear to be what advantage this would bring, or maybe something else is being suggested?

-     if value := os.Getenv(proxyVar); value != "" {
+     if value, ok := os.LookupEnv(proxyVar); ok && value != "" {

[p1-0tr]

I meant that:

-     if value := os.Getenv(proxyVar); value != "" {
+     if value, ok := os.LookupEnv(proxyVar); ok {

would be "more correct" in terms of how env variables work in general. It probably does not change much in the context of the variables we are forwarding (they likely are never used with an empty value), but I can't say for sure OTOH (so I would lean toward the more generic logic by default).

[ericcurtin]

The way we did it is the curl_getenv way.

We need this PR unblocked, lets change

[Copilot]

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[ericcurtin]

@doringeman test removed, please re-review

[Copilot]

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}