From 61e6e880d55ad5d903d2bc8eae2f105e61dacf38 Mon Sep 17 00:00:00 2001 From: OlivierDehaene <23298448+OlivierDehaene@users.noreply.github.com> Date: Thu, 13 Apr 2023 14:51:18 +0200 Subject: [PATCH] activate cosign --- .github/workflows/build.yaml | 127 +++++++++++++++++------------------ 1 file changed, 63 insertions(+), 64 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2d467206..1831571b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -88,76 +88,75 @@ jobs: type=semver,pattern={{major}}.{{minor}} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} type=raw,value=sha-${{ env.GITHUB_SHA_SHORT }} -# - name: Build and push Docker image -# uses: docker/build-push-action@v4 -# with: -# context: . -# file: Dockerfile -# push: ${{ github.event_name != 'pull_request' }} -# platforms: 'linux/amd64' -# tags: ${{ steps.meta.outputs.tags }} -# labels: ${{ steps.meta.outputs.labels }} -# cache-from: type=registry,ref=registry.internal.huggingface.tech/api-inference/community/text-generation-inference:cache,mode=max -# cache-to: type=registry,ref=registry.internal.huggingface.tech/api-inference/community/text-generation-inference:cache,mode=max + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + file: Dockerfile + push: ${{ github.event_name != 'pull_request' }} + platforms: 'linux/amd64' + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=registry.internal.huggingface.tech/api-inference/community/text-generation-inference:cache,mode=max + cache-to: type=registry,ref=registry.internal.huggingface.tech/api-inference/community/text-generation-inference:cache,mode=max # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. - name: Sign the published Docker image -# if: ${{ github.event_name != 'pull_request' }} + if: ${{ github.event_name != 'pull_request' }} env: COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. -# run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} - run: echo "${{ steps.meta.outputs.tags }}" -# -# build-and-push-sagemaker-image: -# needs: -# - build-and-push-image -# runs-on: ubuntu-latest -# steps: -# - name: Checkout repository -# uses: actions/checkout@v3 -# - name: Initialize Docker Buildx -# uses: docker/setup-buildx-action@v2.0.0 -# with: -# install: true -# - name: Inject slug/short variables -# uses: rlespinasse/github-slug-action@v4.4.1 -# - name: Tailscale -# if: github.event_name != 'pull_request' -# uses: tailscale/github-action@v1 -# with: -# authkey: ${{ secrets.TAILSCALE_AUTHKEY }} -# - name: Login to internal Container Registry -# if: github.event_name != 'pull_request' -# uses: docker/login-action@v2.1.0 -# with: -# username: ${{ secrets.TAILSCALE_DOCKER_USERNAME }} -# password: ${{ secrets.TAILSCALE_DOCKER_PASSWORD }} -# registry: registry.internal.huggingface.tech -# - name: Extract metadata (tags, labels) for Docker -# id: meta -# uses: docker/metadata-action@v4.3.0 -# with: -# flavor: | -# latest=auto -# images: | -# registry.internal.huggingface.tech/api-inference/community/text-generation-inference/sagemaker -# tags: | -# type=semver,pattern={{version}} -# type=semver,pattern={{major}}.{{minor}} -# type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} -# type=raw,value=sha-${{ env.GITHUB_SHA_SHORT }} -# - name: Build and push Docker image -# uses: docker/build-push-action@v2 -# with: -# context: . -# file: Dockerfile -# push: ${{ github.event_name != 'pull_request' }} -# platforms: 'linux/amd64' -# target: sagemaker -# tags: ${{ steps.meta.outputs.tags }} -# labels: ${{ steps.meta.outputs.labels }} -# cache-from: type=registry,ref=registry.internal.huggingface.tech/api-inference/community/text-generation-inference:cache,mode=max \ No newline at end of file + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} + + build-and-push-sagemaker-image: + needs: + - build-and-push-image + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Initialize Docker Buildx + uses: docker/setup-buildx-action@v2.0.0 + with: + install: true + - name: Inject slug/short variables + uses: rlespinasse/github-slug-action@v4.4.1 + - name: Tailscale + if: github.event_name != 'pull_request' + uses: tailscale/github-action@v1 + with: + authkey: ${{ secrets.TAILSCALE_AUTHKEY }} + - name: Login to internal Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2.1.0 + with: + username: ${{ secrets.TAILSCALE_DOCKER_USERNAME }} + password: ${{ secrets.TAILSCALE_DOCKER_PASSWORD }} + registry: registry.internal.huggingface.tech + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4.3.0 + with: + flavor: | + latest=auto + images: | + registry.internal.huggingface.tech/api-inference/community/text-generation-inference/sagemaker + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} + type=raw,value=sha-${{ env.GITHUB_SHA_SHORT }} + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + file: Dockerfile + push: ${{ github.event_name != 'pull_request' }} + platforms: 'linux/amd64' + target: sagemaker + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=registry.internal.huggingface.tech/api-inference/community/text-generation-inference:cache,mode=max \ No newline at end of file