update to hsdk 4.0.0

[wyli]

Summary by CodeRabbit

• Chores
  • Added release manifests for 4.0.0 and historical 3.x entries providing versioned metadata: container image mappings for DGPU/IGPU/CPU targets across architectures, base/build image references per version, and health-probe URLs for linux/amd64 and linux/arm64.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a1fa75c1-c87f-4dfb-bf0e-17c8e4a52c78

📥 Commits

Reviewing files that changed from the base of the PR and between 8422b10 and 13229e1.

📒 Files selected for processing (2)

• releases/4.0.0/artifacts-cu12.json
• releases/4.0.0/artifacts.json

---

Walkthrough

Adds two JSON release manifests under releases/4.0.0 (artifacts.json, artifacts-cu12.json) mapping Holoscan versions (4.0.0 and historical 3.x) to debian/wheel versions, base/build container images for dgpu/igpu/cpu, and grpc-health-probe URLs for amd64 and arm64.

Changes

Cohort / File(s)	Summary
Release Artifacts Manifests releases/4.0.0/artifacts.json, releases/4.0.0/artifacts-cu12.json	Added two manifest JSON files enumerating per-version fields: debian-version, wheel-version, base-images, build-images (dgpu/igpu/cpu with per-arch tags), and health-probes URLs for linux/amd64 and linux/arm64. Includes entries for 4.0.0 and historical 3.x releases.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• release based on hsdk 3.11 #130: Adds similarly structured artifacts manifest JSONs for other release directories (schema match).
• update release based on v3.10.0 #125: Adds/updates release artifact manifests (artifacts.json / artifacts-cu12.json) with comparable Holoscan release metadata.
• update to release based on v3.9.0 #106: Adds analogous release artifact manifests for another release version with matching structure.

Suggested reviewers

• wendell-hom
• MMelQin

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'update to hsdk 4.0.0' directly reflects the main change: adding manifest files for Holoscan SDK 4.0.0 release with version-specific container image mappings.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

releases/4.0.0/artifacts-cu12.json (1)

26-29: grpc-health-probe v0.4.38 is pinned across all entries — a newer version is available

The latest grpc-health-probe release is v0.4.39 (and further releases exist up to v0.4.45), while all entries pin v0.4.38. Pinning is generally safe and v0.4.38 is a valid, confirmed release, but consider evaluating whether a newer version should be adopted for the 4.0.0 manifest.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@releases/4.0.0/artifacts-cu12.json` around lines 26 - 29, The "health-probes"
entries currently pin grpc-health-probe to v0.4.38; update the two URLs under
the "health-probes" key to point to the newer release (e.g., change the version
segment from v0.4.38 to v0.4.39 in the linux/amd64 and linux/arm64 URLs), then
run any release validation you use (download/sha/checks) to confirm the new
binaries; alternatively, if you intend to adopt a different newer patch
(v0.4.40+), replace v0.4.38 with that chosen tag consistently in both URLs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@releases/4.0.0/artifacts-cu12.json`:
- Around line 10-24: The build-images entries ("build-images" -> "igpu", "dgpu",
"cpu") currently reference the staging registry prefix
"nvcr.io/nvstaging/holoscan/holoscan:v4.0.0.0-cuda12-*" and must be updated to
the production registry paths; locate the image strings under the keys igpu,
dgpu, and cpu and replace the "nvcr.io/nvstaging/..." prefixes with the correct
production registry/image names for v4.0.0.0-cuda12 (ensuring each image tag
stays the same, e.g., replace
nvcr.io/nvstaging/holoscan/holoscan:v4.0.0.0-cuda12-igpu with the corresponding
production registry path).

In `@releases/4.0.0/artifacts.json`:
- Around line 9-18: The manifest's build-images entries use the staging registry
host "nvcr.io/nvstaging" (see keys "build-images" -> "dgpu"/"cpu" image
strings), which will be unreachable to most users; replace those staging image
references with the production registry namespace (e.g., change
"nvcr.io/nvstaging/holoscan/holoscan:v4.0.0.0-cuda13" to the agreed production
host such as "nvcr.io/nvidia/holoscan/holoscan:v4.0.0.0-cuda13" or
"nvcr.io/nvidia/clara-holoscan/holoscan:v4.0.0.0-cuda13") and ensure the
corresponding images are promoted to that production registry before this
manifest is merged.

---

Nitpick comments:
In `@releases/4.0.0/artifacts-cu12.json`:
- Around line 26-29: The "health-probes" entries currently pin grpc-health-probe
to v0.4.38; update the two URLs under the "health-probes" key to point to the
newer release (e.g., change the version segment from v0.4.38 to v0.4.39 in the
linux/amd64 and linux/arm64 URLs), then run any release validation you use
(download/sha/checks) to confirm the new binaries; alternatively, if you intend
to adopt a different newer patch (v0.4.40+), replace v0.4.38 with that chosen
tag consistently in both URLs.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e54ff68 and 39fef25.

📒 Files selected for processing (2)

• releases/4.0.0/artifacts-cu12.json
• releases/4.0.0/artifacts.json

[coderabbitai]

♻️ Duplicate comments (1)

releases/4.0.0/artifacts.json (1)

10-17: ⚠️ Potential issue | 🟠 Major

Switch 4.0.0 build images from staging to production registry before merge.

The 4.0.0 manifest still points build-images to nvcr.io/nvstaging/... (dgpu and cpu). That will fail for users without staging access when this manifest is consumed.

#!/bin/bash
# Read-only check: find staging registry usage across release manifests.
fd 'artifacts.*\.json$' releases -t f -x sh -c '
  echo "== $1 ==";
  rg -n "nvcr\.io/nvstaging/" "$1" || true
' sh {}

Please replace with the agreed production namespace/tag set in this file (and mirror it in artifacts-cu12.json if it also contains staging refs).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@releases/4.0.0/artifacts.json` around lines 10 - 17, The artifacts.json still
references the staging registry image tags for dgpu and cpu (e.g., values under
"dgpu" -> "x64-workstation" and "sbsa", and "cpu" -> "x64-workstation") which
will fail for users without staging access; update those image strings from
nvcr.io/nvstaging/... to the agreed production namespace and tag (the production
nvcr.io/... holoscan:v4.0.0.1-cuda13 equivalent) and ensure the same
replacements are applied in the corresponding artifacts-cu12.json so both
manifests point to production images.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@releases/4.0.0/artifacts.json`:
- Around line 10-17: The artifacts.json still references the staging registry
image tags for dgpu and cpu (e.g., values under "dgpu" -> "x64-workstation" and
"sbsa", and "cpu" -> "x64-workstation") which will fail for users without
staging access; update those image strings from nvcr.io/nvstaging/... to the
agreed production namespace and tag (the production nvcr.io/...
holoscan:v4.0.0.1-cuda13 equivalent) and ensure the same replacements are
applied in the corresponding artifacts-cu12.json so both manifests point to
production images.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 39fef25 and 8422b10.

📒 Files selected for processing (2)

• releases/4.0.0/artifacts-cu12.json
• releases/4.0.0/artifacts.json

✅ Files skipped from review due to trivial changes (1)

• releases/4.0.0/artifacts-cu12.json