Skip to content

Commit

Permalink
fixing runs on for unit-tests
Browse files Browse the repository at this point in the history
Signed-off-by: greg pereira <[email protected]>
  • Loading branch information
Gregory-Pereira committed May 16, 2024
1 parent 81c3d93 commit 546aabd
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 49 deletions.
35 changes: 18 additions & 17 deletions .github/workflows/pin_deps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,17 @@ defaults:
jobs:
pin:
name: Generate dependency lock
runs-on: ${{ matrix.os.runner_name }}
runs-on: ${{ runner.os }}
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
os:
- runner_name: ubuntu-latest
os_family: Linux
- runner_os_name: macos-latest
os: [macos-latest, ubuntu-latest, windows-latest]
include:
- os: macos-latest
os_family: Darwin
- runner_name: windows-latest
- os: ubuntu-latest
os_family: Linux
- os: windows-latest
os_family: Windows
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
Expand All @@ -31,9 +32,9 @@ jobs:
python-version: 3.11
cache: pip
cache-dependency-path: |
model_signing/install/requirements_${{ matrix.os.os_family }}.txt
model_signing/install/requirements_test_${{ matrix.os.os_family }}.txt
slsa_for_models/install/requirements_${{ matrix.os.os_family }}.txt
model_signing/install/requirements_${{ matrix.include.os_family }}.txt
model_signing/install/requirements_test_${{ matrix.include.os_family }}.txt
slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt
- name: Create an empty virtualenv and install `pip-tools`
run: |
set -exuo pipefail
Expand All @@ -45,38 +46,38 @@ jobs:
run: |
set -exuo pipefail
.github/workflows/scripts/venv_activate.sh
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ matrix.os.os_family }}.txt model_signing/install/requirements.in
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ matrix.os.os_family }}.txt model_signing/install/requirements_test.in
pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ matrix.os.os_family }}.txt slsa_for_models/install/requirements.in
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ matrix.include.os_family }}.txt model_signing/install/requirements.in
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ matrix.include.os_family }}.txt model_signing/install/requirements_test.in
pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt slsa_for_models/install/requirements.in
- name: Test freeze file (for model signing)
run: |
set -exuo pipefail
rm -rf venv # Need clean sandbox
python -m venv venv
.github/workflows/scripts/venv_activate.sh
pip install -r model_signing/install/requirements_${{ matrix.os.os_family }}.txt
pip install -r model_signing/install/requirements_${{ matrix.include.os_family }}.txt
pip list # For debugging
- name: Test freeze file (for testing model signing)
run: |
set -exuo pipefail
rm -rf venv # Need clean sandbox
python -m venv venv
.github/workflows/scripts/venv_activate.sh
pip install -r model_signing/install/requirements_test_${{ matrix.os.os_family }}.txt
pip install -r model_signing/install/requirements_test_${{ matrix.include.os_family }}.txt
pip list # For debugging
- name: Test freeze file (for SLSA for models)
run: |
set -exuo pipefail
rm -rf venv # Need clean sandbox
python -m venv venv
.github/workflows/scripts/venv_activate.sh
pip install -r slsa_for_models/install/requirements_${{ matrix.os.os_family }}.txt
pip install -r slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt
pip list # For debugging
- name: Upload freeze files
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: freeze-files-${{ matrix.os.runner_name }}
path: ./*/install/requirements*${{ matrix.os.os_family }}*txt
name: freeze-files-${{ runner.os }}
path: ./*/install/requirements*${{ matrix.include.os_family }}*txt

# Separate PR creation job to make sure it creates only one single PR with
# all changed files, eliminate race-conditions and restrict permissions only
Expand Down
23 changes: 12 additions & 11 deletions .github/workflows/slsa_for_ml.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,17 @@ defaults:
jobs:
train:
name: Train model
runs-on: ${{ matrix.os.runner_name }}
runs-on: ${{ runner.os }}
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
os:
- runner_name: ubuntu-latest
os_family: Linux
- runner_os_name: macos-latest
os: [macos-latest, ubuntu-latest, windows-latest]
include:
- os: macos-latest
os_family: Darwin
- runner_name: windows-latest
- os: ubuntu-latest
os_family: Linux
- os: windows-latest
os_family: Windows
outputs:
hash-ubuntu-latest: ${{ steps.hash.outputs.hash-ubuntu-latest }}
Expand All @@ -51,13 +52,13 @@ jobs:
with:
python-version: 3.11
cache: pip
cache-dependency-path: slsa_for_models/install/requirements_${{ matrix.os.os_family }}.txt
cache-dependency-path: slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt
- name: Install dependencies
run: |
set -exuo pipefail
python -m venv venv
.github/workflows/scripts/venv_activate.sh
python -m pip install --require-hashes -r slsa_for_models/install/requirements_${{ matrix.os.os_family }}.txt
python -m pip install --require-hashes -r slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt
- name: Build model
env:
MODEL_TYPE: ${{ github.event.inputs.model_type || 'pytorch_jitted_model.pt' }}
Expand All @@ -69,15 +70,15 @@ jobs:
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
path: ${{ github.event.inputs.model_type || 'pytorch_jitted_model.pt' }}
name: ${{ github.event.inputs.model_type || 'pytorch_jitted_model.pt' }}_${{ matrix.os.os_family }}
name: ${{ github.event.inputs.model_type || 'pytorch_jitted_model.pt' }}_${{ matrix.include.os_family }}
if-no-files-found: error
- id: hash
env:
MODEL: ${{ github.event.inputs.model_type || 'pytorch_jitted_model.pt' }}
run: |
set -euo pipefail
(sha256sum -t "$MODEL" || shasum -a 256 "$MODEL") > checksum
echo "hash-${{ matrix.os.runner_name }}=$(base64 -w0 checksum || base64 checksum)" >> "${GITHUB_OUTPUT}"
echo "hash-${{ runner.os }}=$(base64 -w0 checksum || base64 checksum)" >> "${GITHUB_OUTPUT}"
provenance:
# TODO(mihaimaruseac): Don't run on pull requests for now
Expand All @@ -93,5 +94,5 @@ jobs:
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.train.outputs[format('hash-{0}', matrix.os)] }}"
base64-subjects: "${{ needs.train.outputs[format('hash-{0}', runner.os)] }}"
upload-assets: true # NOTE: This does nothing unless 'upload-tag-name' parameter is also set to an existing tag
21 changes: 11 additions & 10 deletions .github/workflows/unit_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,17 @@ defaults:
jobs:
model-signing-unit-tests:
name: Run unit tests for signing
runs-on: ${{ matrix.os.runner_name }}
runs-on: ${{ runner.os }}
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
os:
- runner_name: ubuntu-latest
os_family: Linux
- runner_os_name: macos-latest
os: [macos-latest, ubuntu-latest, windows-latest]
include:
- os: macos-latest
os_family: Darwin
- runner_name: windows-latest
- os: ubuntu-latest
os_family: Linux
- os: windows-latest
os_family: Windows
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
Expand All @@ -34,15 +35,15 @@ jobs:
python-version: 3.11
cache: pip
cache-dependency-path: |
model_signing/install/requirements_${{ matrix.os.os_family }}.txt
model_signing/install/requirements_test_${{ matrix.os.os_family }}.txt
model_signing/install/requirements_${{ matrix.include.os_family }}.txt
model_signing/install/requirements_test_${{ matrix.include.os_family }}.txt
- name: Install dependencies
run: |
set -exuo pipefail
python -m venv venv
.github/workflows/scripts/venv_activate.sh
python -m pip install --require-hashes -r model_signing/install/requirements_${{ matrix.os.os_family }}.txt
python -m pip install --require-hashes -r model_signing/install/requirements_test_${{ matrix.os.os_family }}.txt
python -m pip install --require-hashes -r model_signing/install/requirements_${{ matrix.include.os_family }}.txt
python -m pip install --require-hashes -r model_signing/install/requirements_test_${{ matrix.include.os_family }}.txt
- name: Run unit tests
run: |
set -euo pipefail
Expand Down
23 changes: 12 additions & 11 deletions .github/workflows/validate_deps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,34 +18,35 @@ defaults:
jobs:
model-signing:
name: Test model signing dependencies
runs-on: ${{ matrix.os.runner_name }}
runs-on: ${{ runner.os }}
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
os:
- runner_name: ubuntu-latest
os_family: Linux
- runner_os_name: macos-latest
os: [macos-latest, ubuntu-latest, windows-latest]
include:
- os: macos-latest
os_family: Darwin
- runner_name: windows-latest
- os: ubuntu-latest
os_family: Linux
- os: windows-latest
os_family: Windows
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.11
cache: pip
cache-dependency-path: model_signing/install/requirements_${{ matrix.os.runner_name.os_family }}.txt
cache-dependency-path: model_signing/install/requirements_${{ matrix.include.os_family }}.txt
- name: Install dependencies
run: |
set -exuo pipefail
python -m venv venv
.github/workflows/scripts/venv_activate.sh
python -m pip install --require-hashes -r model_signing/install/requirements_${{ matrix.os.runner_name.os_family }}.txt
python -m pip install --require-hashes -r model_signing/install/requirements_${{ matrix.include.os_family }}.txt
slsa-for-ml:
name: Test SLSA for ML demo dependencies
runs-on: ${{ matrix.os.runner_name }}
runs-on: ${{ runner.os }}
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
Expand All @@ -56,10 +57,10 @@ jobs:
with:
python-version: 3.11
cache: pip
cache-dependency-path: slsa_for_models/install/requirements_${{ matrix.os.runner_name.os_family }}.txt
cache-dependency-path: slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt
- name: Install dependencies
run: |
set -exuo pipefail
python -m venv venv
.github/workflows/scripts/venv_activate.sh
python -m pip install --require-hashes -r slsa_for_models/install/requirements_${{ matrix.os.runner_name.os_family }}.txt
python -m pip install --require-hashes -r slsa_for_models/install/requirements_${{ matrix.include.os_family }}.txt

0 comments on commit 546aabd

Please sign in to comment.