From 15a4ebc52d4f95fc63feb0665e9ec84e70918eef Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:04:14 -0700 Subject: [PATCH 01/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index e4ed532b..f70337f3 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -12,7 +12,7 @@ on: schedule: - cron: '29 17 * * 4' push: - branches: [ "main" ] + # branches: [ "main" ] # Declare default permissions as read only. permissions: read-all @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@4 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@2.3.1 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@3.24.10 with: sarif_file: results.sarif From 99bbf0fcaa2cd1c1e0acace2c99d25dcd8842dd0 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:19:59 -0700 Subject: [PATCH 02/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index f70337f3..3073a851 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@4 + uses: actions/checkout@3 with: persist-credentials: false From 8718e491000aaa863406dfb6d1c0645f650e411d Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:23:06 -0700 Subject: [PATCH 03/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index 3073a851..f74e8de3 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@3 + uses: actions/checkout@v4 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@2.3.1 + uses: ossf/scorecard-action@v2.3.1 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3 + uses: actions/upload-artifact@v3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3.24.10 + uses: github/codeql-action/upload-sarif@v3.24.10 with: sarif_file: results.sarif From 42566e95263c272ad38e1fdc450ace1e85bd3805 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:34:37 -0700 Subject: [PATCH 04/13] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 646662c7..892b6fe8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # IntelĀ® AI Containers [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8270/badge)](https://www.bestpractices.dev/projects/8270) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/ai-containers/badge)](https://securityscorecards.dev/viewer/?uri=github.com/intel/ai-containers) +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fintel%2Fai-containers.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fintel%2Fai-containers?ref=badge_shield&issueType=license) This repository contains Dockerfiles, scripts, yaml files, Helm charts, etc. used to scale out AI containers with versions of TensorFlow and PyTorch that have been optimized for Intel platforms. Scaling is done with python, Docker, kubernetes, kubeflow, cnvrg.io, Helm, and other container orchestration frameworks for use in the cloud and on-premise. From 2cbbbbdab3fef84938dfcea590bf706094f30e00 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:34:57 -0700 Subject: [PATCH 05/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index f74e8de3..a0660ecc 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -34,6 +34,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@v4 with: + ref: main persist-credentials: false - name: "Run analysis" From bac78603109b64d076609c28af1f890d816cb65f Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:40:26 -0700 Subject: [PATCH 06/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index a0660ecc..f01409e6 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -7,12 +7,13 @@ on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: + pull_request: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - cron: '29 17 * * 4' push: - # branches: [ "main" ] + branches: [ "main" ] # Declare default permissions as read only. permissions: read-all From 1c510c6542367de4df02ebb421eff420b5dd45b5 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:45:16 -0700 Subject: [PATCH 07/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index f01409e6..a4c77e1e 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -7,7 +7,7 @@ on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: - pull_request: + workflow_dispatch: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: From 19b98851063068eafc2015bfd928c72b90e20fe0 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:53:26 -0700 Subject: [PATCH 08/13] Update lint.yaml --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index fabf8691..646a4aa0 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -9,7 +9,7 @@ concurrency: jobs: build: name: Lint - runs-on: [k8-runners] + runs-on: ubuntu-latest permissions: contents: read packages: read From 2ac05773024f34e93507b5190cb2b1486c146b58 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:53:36 -0700 Subject: [PATCH 09/13] Update unit-test.yaml --- .github/workflows/unit-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index 2ecab062..71fbfe55 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -8,7 +8,7 @@ concurrency: cancel-in-progress: true jobs: unit-test: - runs-on: [ test-runner ] + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: docker/login-action@v3 From 4a4b6b0ac527c36eea41823c138a39504438b4be Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:55:45 -0700 Subject: [PATCH 10/13] Update unit-test.yaml --- .github/workflows/unit-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index 71fbfe55..4da514d1 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - uses: docker/login-action@v3 with: - registry: ${{ vars.REGISTRY }} + registry: ${{ secrets.REGISTRY }} username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Install requirements @@ -27,4 +27,4 @@ jobs: run: venv/bin/python -m pytest tests/utest.py -W ignore::UserWarning working-directory: ${{ github.workspace }}/test-runner env: - REGISTRY: ${{ vars.REGISTRY }} + REGISTRY: ${{ secrets.REGISTRY }} From 31d605c16991985a92779c0ee4b2284ac92a5976 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:57:02 -0700 Subject: [PATCH 11/13] Update unit-test.yaml --- .github/workflows/unit-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index 4da514d1..26ee9d78 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -8,7 +8,7 @@ concurrency: cancel-in-progress: true jobs: unit-test: - runs-on: ubuntu-latest + runs-on: [k8-runners] steps: - uses: actions/checkout@v4 - uses: docker/login-action@v3 From 503dd0e00f2c5d59fa69a7926cf5ee8844b64bcb Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Mon, 8 Apr 2024 16:58:16 -0700 Subject: [PATCH 12/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index a4c77e1e..487127bb 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -7,11 +7,10 @@ on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: - workflow_dispatch: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '29 17 * * 4' + - cron: '0 6 * * 2' push: branches: [ "main" ] From 9fb15cac3c38b314326405cf9626ae02081001f2 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Tue, 9 Apr 2024 09:27:04 -0700 Subject: [PATCH 13/13] Update ossf.yaml --- .github/workflows/ossf.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index 487127bb..d6b624f3 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -7,6 +7,7 @@ on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: + workflow_dispatch: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: