apptainer python ci #210

sramakintel · 2024-07-03T14:35:43Z

Description

Related Issue

Changes Made

The code follows the project's coding standards.
No Intel Internal IP is present within the changes.
The documentation has been updated to reflect any changes in functionality.

Validation

I have tested any changes in container groups locally with test_runner.py with all existing tests passing, and I have added new tests where applicable.

github-actions · 2024-07-03T14:41:49Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 4 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/apptainer-ci.yaml

Package	Version	License	Issue Type
ai-containers	apptainer_python	Null	Unknown License

apptainer/requirements.txt

Package	Version	License	Issue Type
intel-openmp	2024.1.2	Null	Unknown License
mkl-include	2024.1.0	Null	Unknown License
mkl	2024.1.0	Null	Unknown License

OpenSSF Scorecard

Package

Version

Score

Details

actions/actions/checkout

4.*.*

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/ai-containers

apptainer_python

Unknown

actions/eWaterCycle/setup-apptainer

2.0.0

🟢 4.9

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 1/4 approved changesets -- score normalized to 2
Maintained	🟢 10	16 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 7	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

pip/intel-openmp

2024.1.2

Unknown

pip/mkl

2024.1.0

Unknown

pip/mkl-include

2024.1.0

Unknown

pip/numpy

1.26.4

🟢 8.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 10	16 out of 16 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	project has 95 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 9	license file detected
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 9	SAST tool detected but not run on all commits
Security-Policy	🟢 9	security policy file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

pip/psutil

5.9.8

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	24 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 8/30 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/setuptools

69.5.1

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 8	Found 10/12 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

.github/workflows/apptainer-ci.yaml

actions/checkout@4.*.*
ai-containers@apptainer_python
eWaterCycle/setup-apptainer@2.0.0

apptainer/requirements.txt

intel-openmp@2024.1.2
mkl@2024.1.0
mkl-include@2024.1.0
numpy@1.26.4
psutil@5.9.8
setuptools@69.5.1

Signed-off-by: ma-pineda <miguel.pineda.juarez@intel.com> Signed-off-by: Tyler Titsworth <tyler.titsworth@intel.com> Co-authored-by: Tyler Titsworth <tyler.titsworth@intel.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>