Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync release-2024a from opendatahub-io:2024a #334

Merged
merged 45 commits into from
Jul 26, 2024
Merged

sync release-2024a from opendatahub-io:2024a #334

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
9a9a4a0
ci: get a list of changed files using git diff instead of GitHub APIv4
jiridanek Jun 28, 2024
bc66678
Add daily check for vulnerability issues using Trivy
caponetto Jul 1, 2024
9fadd34
Update the pipfile.lock via the weekly workflow action
github-actions[bot] Jul 1, 2024
d7b7438
Merge pull request #600 from caponetto/RHOAIENG-8779
openshift-merge-bot[bot] Jul 2, 2024
c1b315b
ci: start podman.socket and pass it to trivy to avoid unnecessary pul…
jiridanek Jul 3, 2024
64fb240
ci: implement ghcr.io expiration for images and cache layers (#601)
jiridanek Jul 3, 2024
9b1e380
Optionally enable Trivy for pull requests
caponetto Jul 4, 2024
12828e9
Bump requests lib to 2.31.0
caponetto Jul 5, 2024
ab84dfa
Merge pull request #602 from jiridanek/jd_use_git_not_gh_api
openshift-merge-bot[bot] Jul 8, 2024
3ec36c9
fix tensorflow rocm resolution by installing it from .whl file
atheo89 Jul 8, 2024
74e032e
Merge pull request #609 from atheo89/resolve-tensorflow-rocm
openshift-merge-bot[bot] Jul 8, 2024
55652c0
Updated Pipfile and requirements-elyra.txt files
paulovmr Jul 8, 2024
773a763
Update the pipfile.lock via the weekly workflow action
github-actions[bot] Jul 8, 2024
a0fd31e
Merge pull request #607 from caponetto/RHOAIENG-9473
openshift-merge-bot[bot] Jul 9, 2024
f9f3586
Updated lock files
paulovmr Jul 9, 2024
19654a3
ci: use a smarter check for uncommitted files (#612)
jiridanek Jul 10, 2024
9b5cd75
Update OWNERS file with adding more approvers
jstourac Jul 9, 2024
f284774
Enable all types of severity on the daily report too
caponetto Jul 11, 2024
0cb7484
Merge pull request #613 from paulovmr/RHOAIENG-1751
openshift-merge-bot[bot] Jul 11, 2024
dca3bef
Update of the TrustyAI version in the Jupyter TrustyAI notebook
jstourac Jul 11, 2024
832677a
Merge pull request #614 from caponetto/allow-trivy-severities
openshift-merge-bot[bot] Jul 11, 2024
079199a
Merge pull request #608 from caponetto/RHOAIENG-1249
openshift-merge-bot[bot] Jul 12, 2024
e506603
Merge pull request #615 from jstourac/updateTrustyManifest
openshift-merge-bot[bot] Jul 12, 2024
6da0818
update the contributing guide
jstourac Jul 10, 2024
b06d3d5
Update the pipfile.lock via the weekly workflow action
github-actions[bot] Jul 15, 2024
99f3288
RHOAIENG-9168: Remove unused images from notebooks repo
paulovmr Jul 16, 2024
700f961
Remove papermill test call for trustyai-ubi8 image
paulovmr Jul 16, 2024
615ad96
Add Tensorflow/PyTorch version compatibility
caponetto Jul 17, 2024
821a004
Merge pull request #618 from caponetto/RHOAIENG-9741
openshift-merge-bot[bot] Jul 17, 2024
fecd10c
ci: initial implementation of top-level pytest tests (#433)
jiridanek Jul 17, 2024
ebf4daa
Update .github/workflows/build-notebooks.yaml file
paulovmr Jul 17, 2024
205388b
Merge pull request #611 from jstourac/ownersUpdate
openshift-merge-bot[bot] Jul 17, 2024
7bdd04a
Show podman images information on CI
caponetto Jul 18, 2024
145a234
Merge pull request #622 from caponetto/list-images
openshift-merge-bot[bot] Jul 18, 2024
cdbf086
Merge pull request #621 from paulovmr/RHOAIENG-9168
openshift-merge-bot[bot] Jul 18, 2024
a1154b4
feat(ci): add helpful error when check-generated-code gha workflow fa…
jiridanek Jul 19, 2024
fdf988d
Use UBI based base image for AMD rocm builds.
harshad16 Jul 15, 2024
a76ab25
Update the pipfile.lock via the weekly workflow action
github-actions[bot] Jul 22, 2024
bc3b27e
Merge pull request #620 from harshad16/switch-ubi
openshift-merge-bot[bot] Jul 23, 2024
dbeac5b
fix(ci): update target names in selftests for github action scripting…
jiridanek Jul 23, 2024
7a6d8e2
Combine RUN commands to reduce image size
caponetto Jul 23, 2024
ed46263
Merge pull request #634 from caponetto/rocm-combine-run
openshift-merge-bot[bot] Jul 24, 2024
3334ba0
Merge branch 'main' of github.com:opendatahub-io/notebooks into sync-…
harshad16 Jul 26, 2024
076f523
Merge pull request #643 from harshad16/sync-2024a
harshad16 Jul 26, 2024
1d39d1f
Merge branch '2024a' of https://github.com/opendatahub-io/notebooks i…
harshad16 Jul 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 72 additions & 4 deletions .github/workflows/build-notebooks-TEMPLATE.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,21 @@ jobs:

- name: Free up additional disk space
# https://docs.github.com/en/actions/learn-github-actions/expressions
if: "${{ contains(inputs.target, 'amd') || contains(inputs.target, 'cuda') || contains(inputs.target, 'intel') ||
if: "${{ contains(inputs.target, 'rocm') || contains(inputs.target, 'cuda') || contains(inputs.target, 'intel') ||
contains(inputs.target, 'pytorch') || contains(inputs.target, 'tensorflow') }}"
run: |
set -x

df -h

sudo apt-get update
sudo apt-get remove -y '^dotnet-.*'
sudo apt-get remove -y '^llvm-.*'
sudo apt-get remove -y 'php.*'
sudo apt-get remove -y '^mongodb-.*'
sudo apt-get autoremove -y
sudo apt-get clean
sudo rm -rf /usr/local/.ghcup &
sudo rm -rf /usr/local/lib/android &
sudo rm -rf /usr/local/share/boost &
sudo rm -rf /usr/local/lib/node_modules &
Expand All @@ -61,7 +69,7 @@ jobs:
df -h
free -h

bash ./ci/cached-builds/gha_lvm_overlay.bash
bash ./ci/cached-builds/gha_lvm_overlay.sh

df -h
free -h
Expand Down Expand Up @@ -95,10 +103,18 @@ jobs:
podman system reset --force
mkdir -p $HOME/.local/share/containers/storage/tmp

# start systemd user service
# since `brew services start podman` is buggy, let's do our own brew-compatible service
mkdir -p "${HOME}/.config/systemd/user/"
cp ci/cached-builds/homebrew.podman.service "${HOME}/.config/systemd/user/homebrew.podman.service"
systemctl --user daemon-reload
systemctl --user start homebrew.podman.service
echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV

# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
- name: "push: make ${{ inputs.target }}"
- name: "push|schedule: make ${{ inputs.target }}"
run: "make ${{ inputs.target }}"
if: "${{ fromJson(inputs.github).event_name == 'push' }}"
if: ${{ fromJson(inputs.github).event_name == 'push' || fromJson(inputs.github).event_name == 'schedule' }}
env:
IMAGE_TAG: "${{ github.ref_name }}_${{ github.sha }}"
IMAGE_REGISTRY: "ghcr.io/${{ github.repository }}/workbench-images"
Expand All @@ -119,5 +135,57 @@ jobs:
IMAGE_REGISTRY: "localhost:5000/workbench-images"
CONTAINER_BUILD_CACHE_ARGS: "--cache-from ${{ env.CACHE }}"

- name: "Show podman images information"
run: podman images

- name: "pull_request|schedule: resolve image name if Trivy scan should run"
id: resolve-image
if: ${{ fromJson(inputs.github).event_name == 'pull_request' || fromJson(inputs.github).event_name == 'schedule' }}
env:
EVENT_NAME: ${{ fromJson(inputs.github).event_name }}
HAS_TRIVY_LABEL: ${{ contains(fromJson(inputs.github).event.pull_request.labels.*.name, 'trivy-scan') }}
run: |
if [[ "$EVENT_NAME" == "pull_request" && "$HAS_TRIVY_LABEL" == "true" ]]; then
IMAGE_NAME="localhost:5000/workbench-images:${{ inputs.target }}-${{ github.sha }}"
echo "image=$IMAGE_NAME" >> $GITHUB_OUTPUT
elif [[ "$EVENT_NAME" == "schedule" ]]; then
IMAGE_NAME="ghcr.io/${{ github.repository }}/workbench-images:${{ inputs.target }}-${{ github.ref_name }}_${{ github.sha }}"
echo "image=$IMAGE_NAME" >> $GITHUB_OUTPUT
fi

if [[ -z "$IMAGE_NAME" ]]; then
echo "Trivy scan won't run"
fi

- name: Run Trivy vulnerability scanner
if: ${{ steps.resolve-image.outputs.image }}
run: |
TRIVY_VERSION=0.53.0
REPORT_FOLDER=${{ github.workspace }}/report
REPORT_FILE=trivy-report.md
REPORT_TEMPLATE=trivy-markdown.tpl

mkdir -p $REPORT_FOLDER
cp ci/$REPORT_TEMPLATE $REPORT_FOLDER

IMAGE_NAME=${{ steps.resolve-image.outputs.image }}
echo "Scanning $IMAGE_NAME"

# have trivy access podman socket,
# https://github.com/aquasecurity/trivy/issues/580#issuecomment-666423279
podman run --rm \
-v ${PODMAN_SOCK}:/var/run/podman/podman.sock \
-v ${REPORT_FOLDER}:/report \
docker.io/aquasec/trivy:$TRIVY_VERSION \
image \
--image-src podman \
--podman-host /var/run/podman/podman.sock \
--scanners vuln --ignore-unfixed \
--exit-code 0 --timeout 30m \
--format template --template "@/report/$REPORT_TEMPLATE" -o /report/$REPORT_FILE \
$IMAGE_NAME

cat $REPORT_FOLDER/$REPORT_FILE >> $GITHUB_STEP_SUMMARY

- run: df -h
if: "${{ !cancelled() }}"
19 changes: 13 additions & 6 deletions .github/workflows/build-notebooks-pr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
"name": "Build Notebooks"
"name": "Build Notebooks (pr)"
"on":
"pull_request":

Expand All @@ -8,6 +8,10 @@ permissions:
packages: read
pull-requests: read

concurrency:
group: ${{ format('build-notebooks-pr-{0}', github.event.pull_request.number) }}
cancel-in-progress: true

jobs:
gen:
name: Generate job matrix
Expand All @@ -18,15 +22,18 @@ jobs:
steps:
- uses: actions/checkout@v4

- run: |
- name: Determine targets to build based on changed files
run: |
set -x
git fetch --no-tags origin 'pull/${{ github.event.pull_request.number }}/head:${{ github.event.pull_request.head.ref }}'
git fetch --no-tags origin '+refs/heads/${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }}'
python3 ci/cached-builds/gen_gha_matrix_jobs.py \
--owner=${{ github.repository_owner }} \
--repo=${{ github.event.pull_request.base.repo.name }} \
--pr-number=${{ github.event.pull_request.number }} \
--skip-unchanged
--from-ref 'origin/${{ github.event.pull_request.base.ref }}' \
--to-ref '${{ github.event.pull_request.head.ref }}'
id: gen
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash

build:
needs: ["gen"]
Expand Down
72 changes: 22 additions & 50 deletions .github/workflows/build-notebooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
---
# This file is autogenerated by ci/cached-builds/gen_gha_matrix_jobs.py
{
"name": "Build Notebooks",
"name": "Build Notebooks (push)",
"permissions": {
"packages": "write"
},
"on": {
"push": {},
"workflow_dispatch": {}
"workflow_dispatch": {},
"schedule": [
{
"cron": "0 2 * * *"
}
]
},
"jobs": {
"base-ubi8-python-3_8": {
Expand Down Expand Up @@ -74,28 +79,6 @@
},
"secrets": "inherit"
},
"jupyter-trustyai-ubi8-python-3_8": {
"needs": [
"jupyter-datascience-ubi8-python-3_8"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "jupyter-trustyai-ubi8-python-3.8",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"habana-jupyter-1_9_0-ubi8-python-3_8": {
"needs": [
"jupyter-datascience-ubi8-python-3_8"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "habana-jupyter-1.9.0-ubi8-python-3.8",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"habana-jupyter-1_10_0-ubi8-python-3_8": {
"needs": [
"jupyter-datascience-ubi8-python-3_8"
Expand All @@ -107,17 +90,6 @@
},
"secrets": "inherit"
},
"habana-jupyter-1_11_0-ubi8-python-3_8": {
"needs": [
"jupyter-datascience-ubi8-python-3_8"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "habana-jupyter-1.11.0-ubi8-python-3.8",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"habana-jupyter-1_13_0-ubi8-python-3_8": {
"needs": [
"jupyter-datascience-ubi8-python-3_8"
Expand Down Expand Up @@ -444,57 +416,57 @@
},
"secrets": "inherit"
},
"amd-c9s-python-3_9": {
"rocm-ubi9-python-3_9": {
"needs": [
"base-c9s-python-3_9"
"base-ubi9-python-3_9"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "amd-c9s-python-3.9",
"target": "rocm-ubi9-python-3.9",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"amd-jupyter-minimal-c9s-python-3_9": {
"rocm-jupyter-minimal-ubi9-python-3_9": {
"needs": [
"amd-c9s-python-3_9"
"rocm-ubi9-python-3_9"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "amd-jupyter-minimal-c9s-python-3.9",
"target": "rocm-jupyter-minimal-ubi9-python-3.9",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"amd-jupyter-datascience-c9s-python-3_9": {
"rocm-jupyter-datascience-ubi9-python-3_9": {
"needs": [
"amd-jupyter-minimal-c9s-python-3_9"
"rocm-jupyter-minimal-ubi9-python-3_9"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "amd-jupyter-datascience-c9s-python-3.9",
"target": "rocm-jupyter-datascience-ubi9-python-3.9",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"amd-jupyter-tensorflow-c9s-python-3_9": {
"rocm-jupyter-tensorflow-ubi9-python-3_9": {
"needs": [
"amd-jupyter-datascience-c9s-python-3_9"
"rocm-jupyter-datascience-ubi9-python-3_9"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "amd-jupyter-tensorflow-c9s-python-3.9",
"target": "rocm-jupyter-tensorflow-ubi9-python-3.9",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
},
"amd-jupyter-pytorch-c9s-python-3_9": {
"rocm-jupyter-pytorch-ubi9-python-3_9": {
"needs": [
"amd-jupyter-datascience-c9s-python-3_9"
"rocm-jupyter-datascience-ubi9-python-3_9"
],
"uses": "./.github/workflows/build-notebooks-TEMPLATE.yaml",
"with": {
"target": "amd-jupyter-pytorch-c9s-python-3.9",
"target": "rocm-jupyter-pytorch-ubi9-python-3.9",
"github": "${{ toJSON(github) }}"
},
"secrets": "inherit"
Expand Down
57 changes: 48 additions & 9 deletions .github/workflows/code-quality.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,59 @@ jobs:
- uses: actions/checkout@v4

- name: Rerun all code generators we have
run: python3 ci/cached-builds/gen_gha_matrix_jobs.py
run: bash ci/generate_code.sh

- name: Check there aren't any modified files present
run: |
if [[ $(git ls-files . -d -m -o --exclude-standard --full-name -v | tee modified.log | wc -l) -gt 0 ]]; then
echo "There are changed files"
exit 1
clean=$(git status --porcelain)
if [[ -z "$clean" ]]; then
echo "Empty git status --porcelain: $clean"
else
echo "::error::Please run 'bash ci/generate_code.sh' (the command from the previous step), commit the changed files locally, and push again."
echo "Uncommitted file changes detected: $clean"
git diff
exit 1
fi

- name: Print modified files
if: ${{ failure() }}
run: |
cat modified.log
git diff
pytest-tests:
runs-on: ubuntu-latest
env:
poetry_version: '1.8.3'
steps:
- uses: actions/checkout@v4

- name: Cache poetry in ~/.local
uses: actions/cache/restore@v4
id: cache-poetry-restore
with:
path: ~/.local
key: "${{ runner.os }}-local-${{ env.poetry_version }}"

- name: Install poetry
if: steps.cache-poetry-restore.outputs.cache-hit != 'true'
run: pip install poetry==${{ env.poetry_version }}

- name: Save cache
if: steps.cache-poetry-restore.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: ~/.local
key: ${{ steps.cache-poetry-restore.outputs.cache-primary-key }}

- name: Set up Python
id: setup-python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'poetry'

- name: Configure poetry
run: poetry env use "${{ steps.setup-python.outputs.python-path }}"

- name: Install deps
run: poetry install --sync

- run: poetry run pytest

code-static-analysis:
runs-on: ubuntu-latest
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/purge-ghcr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
name: "Purge old ghcr.io test images periodically"

"on":
workflow_dispatch:
inputs:
dry_run:
type: boolean
default: true
description: "Do a dry run?"
schedule:
- cron: "0 5 * * *" # at 05:00 every day

permissions:
packages: write

jobs:
clean:
runs-on: ubuntu-latest
name: Delete old test images
steps:
# https://github.com/snok/container-retention-policy?tab=readme-ov-file#parameters
- uses: snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03 # v3.0.0
with:
# account must be the gh org name when running for an org, and 'user' when running for a user
account: ${{ (github.repository_owner == github.actor) && 'user' || github.repository_owner }}
token: ${{ secrets.GITHUB_TOKEN }}
image-names: |
${{ github.event.repository.name }}/workbench-images
${{ github.event.repository.name }}/workbench-images/build-cache
image-tags: "*"
cut-off: "3w"
dry-run: ${{ inputs.dry_run || false }}
env:
RUST_BACKTRACE: 1
Loading