Merge branch 'main' into tylertitsworth/update-optimized-dh

intel · May 30, 2024 · a03737b · a03737b
2 parents d20467f + 1a1a1b7
commit a03737b
Show file tree

Hide file tree

Showing 41 changed files with 205 additions and 1,028 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -71,3 +71,43 @@ updates:
     package-ecosystem: pip
     schedule:
       interval: weekly
+
+  - package-ecosystem: docker
+    directory: /classical-ml
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /preset/classical-ml
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /preset/data-analytics
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /preset/deep-learning
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /preset/inference-optimization
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /python
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /pytorch
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /tensorflow
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/chart-ci.yaml b/.github/workflows/chart-ci.yaml
@@ -27,17 +27,22 @@ jobs:
   helm-ci:
     runs-on: kubectl
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         fetch-depth: 0
-        # ref: ${{ github.event.pull_request.head.ref || github.ref }}
-    - uses: azure/setup-kubectl@v4
-    - uses: azure/[email protected]
-    - uses: actions/setup-python@v5
+        # ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
+    - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+    - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       with:
         python-version: 3.x
     - name: Setup chart-testing
-      uses: helm/[email protected]
+      uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
     - name: Get chart diff
       id: changed
       run: |

diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml
@@ -38,6 +38,7 @@ on:
       ref:
         description: 'Enter Git Ref:'
         required: true
+        default: 'main'
         type: string
       runner_label:
         description: 'Enter Validation Runner Label:'
@@ -82,7 +83,11 @@ jobs:
       matrix: ${{ steps.build-matrix.outputs.matrix }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ inputs.ref }}
     - name: Set Matrix
@@ -101,11 +106,11 @@ jobs:
     outputs:
       group: ${{ steps.build-group.outputs.container-group }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ inputs.ref }}
       if: ${{ !inputs.no_build }}
-    - uses: docker/login-action@v3
+    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
       with:
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.REGISTRY_USER }}
@@ -114,7 +119,7 @@ jobs:
     - name: Build Container Group
       if: ${{ !inputs.no_build }}
       id: build-group
-      uses: intel/ai-containers/.github@main
+      uses: intel/ai-containers/.github@9ea41c5c0d4800e338625898fc5872c85637d857 # main
       with:
         group_dir: ${{ inputs.group_dir }}
         env_overrides: ${{ inputs.env_overrides || env.env_overrides || '' }}
@@ -131,7 +136,11 @@ jobs:
     outputs:
       matrix: ${{ steps.scan-matrix.outputs.matrix }}
     steps:
-    - uses: actions/download-artifact@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
       with:
         path: matrix
     - name: Set Matrix
@@ -146,25 +155,25 @@ jobs:
         container: ${{ fromJSON(needs.setup-scan.outputs.matrix) }}
       fail-fast: false
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ inputs.ref }}
-    - uses: docker/login-action@v3
+    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
       with:
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.REGISTRY_USER }}
         password: ${{ secrets.REGISTRY_TOKEN }}
     - name: Pull Image
       run: docker pull ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
     - name: Scan Container
-      uses: intel/ai-containers/.github/scan@main
+      uses: intel/ai-containers/.github/scan@9ea41c5c0d4800e338625898fc5872c85637d857 # main
       with:
         image-ref: ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
         output: ${{ matrix.container }}-scan.sarif
     - name: Cleanup
       if: always()
       run: docker rmi -f ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
-    - uses: github/codeql-action/upload-sarif@v3
+    - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
       with:
         sarif_file: '${{ matrix.container }}-scan.sarif'
         ####################################################################################################
@@ -176,7 +185,11 @@ jobs:
     outputs:
       matrix: ${{ steps.test-matrix.outputs.matrix }}
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ inputs.ref }}
     - name: Get Recipes
@@ -192,19 +205,19 @@ jobs:
         experimental: [true]
       fail-fast: false
     steps:
-    - uses: step-security/harden-runner@v2
+    - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
       with:
         egress-policy: audit
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ inputs.ref }}
-    - uses: docker/login-action@v3
+    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
       with:
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.REGISTRY_USER }}
         password: ${{ secrets.REGISTRY_TOKEN }}
     - name: Test Container Group
-      uses: intel/ai-containers/test-runner@main
+      uses: intel/ai-containers/test-runner@9ea41c5c0d4800e338625898fc5872c85637d857 # main
       with:
         cache_registry: ${{ secrets.CACHE_REGISTRY }}
         recipe_dir: ${{ inputs.group_dir }}

diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -21,7 +21,10 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 name: 'Dependency Review'
-on: [pull_request]
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+    branches: [main]
 permissions:
   contents: read
 concurrency:
@@ -32,7 +35,11 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/dependency-review-action@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
       with:
         comment-summary-in-pr: true
diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml
@@ -23,7 +23,12 @@ jobs:
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - name: Set matrix data
       id: set-matrix
       run: echo "matrix=$(jq -c . < .github/dockerhub-readmes.json)" >> $GITHUB_OUTPUT
@@ -34,8 +39,13 @@ jobs:
       matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
       fail-fast: false
     steps:
-    - uses: actions/checkout@v4
-    - uses: peter-evans/dockerhub-description@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}

diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml
@@ -15,7 +15,6 @@
 name: Docs
 on:
   merge_group: null
-  pull_request: null
   push:
     branches:
     - main
@@ -31,17 +30,21 @@ jobs:
       id-token: write
       pages: write
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       with:
         python-version: 3.8
         cache: pip
     - name: Install python requirements
       run: python -m pip install -r docs/requirements.txt
     - name: Build
       run: mkdocs build --clean
-    - uses: actions/upload-pages-artifact@v3
+    - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
       with:
         path: site
     - if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
-      uses: actions/deploy-pages@v4
+      uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml
@@ -14,24 +14,25 @@
 
 name: gitleaks
 on:
-  push:
-    branches:
-    - main
+  merge_group: null
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
     branches: [main]
-  workflow_dispatch: null
 permissions: read-all
 jobs:
   scan:
     name: gitleaks
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.ref || github.ref }}
-    - uses: gitleaks/gitleaks-action@v2
+        ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: gitleaks/gitleaks-action@44c470ffc35caa8b1eb3e8012ca53c2f9bea4eb5 # v2.3.6
       env:
         GITHUB_TOKEN: ${{ secrets.ACTION_TOKEN }}
         GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml
@@ -28,10 +28,14 @@ jobs:
     outputs:
       groups: ${{ steps.group-list.outputs.FOLDERS }}
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.ref || github.ref }}
+        ref: "refs/pull/${{ github.event.number }}/merge"
     - name: Output Modified Group Directories
       id: group-list
       run: |
@@ -75,6 +79,10 @@ jobs:
     runs-on: ubuntu-latest
     if: always()
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
     - run: exit 1
       if: >-
         ${{

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -19,9 +19,6 @@ on:
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
     branches: [main]
-  push:
-    branches:
-    - main
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
@@ -30,11 +27,15 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.ref || github.ref }}
-    - uses: super-linter/super-linter/[email protected]
+        ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: super-linter/super-linter/slim@5b638caee6ba65e25e07143887b669a1233847a0 # v6.5.1
       env:
         # To report GitHub Actions status checks
         GITHUB_TOKEN: ${{ secrets.ACTION_TOKEN }}