Skip to content

Commit

Permalink
[ci] moving to temporary iam credentials for publishing steps (#3462)
Browse files Browse the repository at this point in the history
  • Loading branch information
@siddvenk
siddvenk committed Sep 10, 2024
1 parent bf4ae89 commit 8476565
Show file tree
Hide file tree
Showing 14 changed files with 103 additions and 66 deletions.
7 changes: 5 additions & 2 deletions .github/workflows/docker_publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ on:
required: true
default: 'nightly'

permissions:
id-token: write
contents: read

jobs:
publish:
if: github.repository == 'deepjavalibrary/djl'
Expand All @@ -21,8 +25,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Login to Amazon ECR
id: login-ecr
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/docs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ on:
default: master
required: false

permissions:
id-token: write
contents: read

jobs:
documentation:
if: github.repository == 'deepjavalibrary/djl'
Expand Down Expand Up @@ -85,8 +89,7 @@ jobs:
- name: Configure Deployment AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2

- name: Copy files to S3 with the AWS CLI
Expand Down
33 changes: 20 additions & 13 deletions .github/workflows/native_jni_s3_pytorch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ on:
schedule:
- cron: '0 5 * * *'

permissions:
id-token: write
contents: read

jobs:
build-pytorch-jni-linux:
if: github.repository == 'deepjavalibrary/djl'
Expand Down Expand Up @@ -55,10 +59,9 @@ jobs:
./gradlew :engines:pytorch:pytorch-native:compileJNI -Pprecxx11 -Pcuda=$CUDA_VERSION -Ppt_version=$PYTORCH_VERSION
./gradlew :engines:pytorch:pytorch-native:cleanJNI
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand All @@ -74,8 +77,6 @@ jobs:
image: amazonlinux:2
env:
JAVA_HOME: /usr/lib/jvm/java-17-amazon-corretto
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
timeout-minutes: 30
needs: create-aarch64-runner
steps:
Expand All @@ -101,6 +102,11 @@ jobs:
./gradlew :engines:pytorch:pytorch-native:compileJNI -Pprecxx11 -Ppt_version=$PYTORCH_VERSION
export PYTORCH_PRECXX11=true
./gradlew -Pjni -Ppt_version=$PYTORCH_VERSION :integration:test "-Dai.djl.default_engine=PyTorch"
- name: Configure Deployment AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
PYTORCH_VERSION=${{ github.event.inputs.pt_version }}
Expand Down Expand Up @@ -148,11 +154,10 @@ jobs:
set CUDA_VERSION=${{ github.event.inputs.cuda }}
if "%CUDA_VERSION%" == "" set CUDA_VERSION=cu124
gradlew :engines:pytorch:pytorch-native:cleanJNI :engines:pytorch:pytorch-native:compileJNI -Pcuda=%CUDA_VERSION% -Ppt_version=${{ github.event.inputs.pt_version }}
- name: Configure AWS Credentials
- name: Configure Deployment AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
shell: bash
Expand Down Expand Up @@ -187,11 +192,10 @@ jobs:
echo $PYTORCH_VERSION
./gradlew :engines:pytorch:pytorch-native:compileJNI -Ppt_version=$PYTORCH_VERSION
./gradlew -Pjni -Ppt_version=$PYTORCH_VERSION :integration:test "-Dai.djl.default_engine=PyTorch"
- name: Configure AWS Credentials
- name: Configure Deployment AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
shell: bash
Expand Down Expand Up @@ -224,8 +228,6 @@ jobs:
image: amazonlinux:2
env:
JAVA_HOME: /usr/lib/jvm/java-17-amazon-corretto.aarch64
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
timeout-minutes: 30
needs: create-aarch64-runner
steps:
Expand All @@ -250,6 +252,11 @@ jobs:
echo $PYTORCH_VERSION
./gradlew :engines:pytorch:pytorch-native:compileJNI -Pprecxx11 -Ppt_version=$PYTORCH_VERSION
./gradlew -Pjni -Ppt_version=$PYTORCH_VERSION :integration:test "-Dai.djl.default_engine=PyTorch"
- name: Configure Deployment AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
PYTORCH_VERSION=${{ github.event.inputs.pt_version }}
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/native_jni_s3_pytorch_android.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ on:
schedule:
- cron: '0 6 * * *'

permissions:
id-token: write
contents: read

jobs:
build-pytorch-jni-android:
if: github.repository == 'deepjavalibrary/djl'
Expand Down Expand Up @@ -35,8 +39,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/native_jni_s3_tensorrt.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ name: Native JNI S3 TensorRT
on:
workflow_dispatch:

permissions:
id-token: write
contents: read

jobs:
build-tensorrt-jni-linux:
runs-on: ubuntu-latest
Expand All @@ -25,10 +29,9 @@ jobs:
- name: Release JNI prep
run: ./gradlew :engines:tensorrt:compileJNI
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand Down
14 changes: 8 additions & 6 deletions .github/workflows/native_s3_fasttext.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ name: Native S3 fastText
on:
workflow_dispatch:

permissions:
id-token: write
contents: read

jobs:
build-fasttext-jni-linux:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -33,10 +37,9 @@ jobs:
./gradlew :extensions:fasttext:compileJNI
./gradlew -Pjni :extensions:fasttext:test
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand Down Expand Up @@ -64,11 +67,10 @@ jobs:
run: |
./gradlew :extensions:fasttext:compileJNI
./gradlew -Pjni :extensions:fasttext:test
- name: Configure AWS Credentials
- name: Configure Deployment AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand Down
29 changes: 18 additions & 11 deletions .github/workflows/native_s3_huggingface.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,17 @@ on:
paths:
- extensions/tokenizers/rust/**

permissions:
id-token: write
contents: read

jobs:
build-tokenizers-jni-linux:
runs-on: ubuntu-latest
container:
image: amazonlinux:2
env:
JAVA_HOME: /usr/lib/jvm/java-17-amazon-corretto
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
steps:
- name: Install Environment
run: |
Expand All @@ -35,6 +37,11 @@ jobs:
- name: Build djl-converter wheel
working-directory: extensions/tokenizers/src/main/python/
run: ./setup.py bdist_wheel
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
DJL_VERSION=$(awk -F '=' '/djl / {gsub(/ ?"/, "", $2); print $2}' gradle/libs.versions.toml)
Expand Down Expand Up @@ -73,8 +80,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
shell: bash
Expand Down Expand Up @@ -111,8 +117,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
shell: bash
Expand Down Expand Up @@ -157,8 +162,6 @@ jobs:
image: amazonlinux:2
env:
JAVA_HOME: /usr/lib/jvm/java-17-amazon-corretto.aarch64
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
steps:
- name: Install Environment
run: |
Expand All @@ -174,6 +177,11 @@ jobs:
source "$HOME/.cargo/env"
./gradlew :extensions:tokenizers:compileJNI
PYTORCH_PRECXX11=true ./gradlew -Pjni :extensions:tokenizers:test
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
DJL_VERSION=$(awk -F '=' '/djl / {gsub(/ ?"/, "", $2); print $2}' gradle/libs.versions.toml)
Expand Down Expand Up @@ -217,10 +225,9 @@ jobs:
. "$HOME/.cargo/env"
./gradlew :extensions:tokenizers:compileJNI -Pcuda=${{ env.CUDA_VERSION }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/native_s3_pytorch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ name: Native S3 PyTorch
on:
workflow_dispatch:

permissions:
id-token: write
contents: read

jobs:
build:
runs-on: macos-latest
Expand All @@ -23,8 +27,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3
run: |
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/native_s3_pytorch_android.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ name: Native S3 PyTorch Android
on:
workflow_dispatch:

permissions:
id-token: write
contents: read

jobs:
build:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -41,8 +45,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::425969335547:role/djl-ci-publish-role
aws-region: us-east-2
- name: Copy files to S3 with the AWS CLI
run: |
Expand Down
Loading

0 comments on commit 8476565

Please sign in to comment.