diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index fabf8691..646a4aa0 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -9,7 +9,7 @@ concurrency: jobs: build: name: Lint - runs-on: [k8-runners] + runs-on: ubuntu-latest permissions: contents: read packages: read diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index e4ed532b..d6b624f3 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -7,10 +7,11 @@ on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: + workflow_dispatch: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '29 17 * * 4' + - cron: '0 6 * * 2' push: branches: [ "main" ] @@ -32,12 +33,13 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@v4 with: + ref: main persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@v2.3.1 with: results_file: results.sarif results_format: sarif @@ -59,7 +61,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@v3 with: name: SARIF file path: results.sarif @@ -67,6 +69,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@v3.24.10 with: sarif_file: results.sarif diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index 2ecab062..26ee9d78 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -8,12 +8,12 @@ concurrency: cancel-in-progress: true jobs: unit-test: - runs-on: [ test-runner ] + runs-on: [k8-runners] steps: - uses: actions/checkout@v4 - uses: docker/login-action@v3 with: - registry: ${{ vars.REGISTRY }} + registry: ${{ secrets.REGISTRY }} username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Install requirements @@ -27,4 +27,4 @@ jobs: run: venv/bin/python -m pytest tests/utest.py -W ignore::UserWarning working-directory: ${{ github.workspace }}/test-runner env: - REGISTRY: ${{ vars.REGISTRY }} + REGISTRY: ${{ secrets.REGISTRY }} diff --git a/README.md b/README.md index 646662c7..892b6fe8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # IntelĀ® AI Containers [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8270/badge)](https://www.bestpractices.dev/projects/8270) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/ai-containers/badge)](https://securityscorecards.dev/viewer/?uri=github.com/intel/ai-containers) +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fintel%2Fai-containers.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fintel%2Fai-containers?ref=badge_shield&issueType=license) This repository contains Dockerfiles, scripts, yaml files, Helm charts, etc. used to scale out AI containers with versions of TensorFlow and PyTorch that have been optimized for Intel platforms. Scaling is done with python, Docker, kubernetes, kubeflow, cnvrg.io, Helm, and other container orchestration frameworks for use in the cloud and on-premise.