Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: add build and push models workflow #474

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from

Commits on Nov 23, 2023

  1. CI: add build and push models workflow

    This workflow will build and push into the ghcr.io the
    example MAP in examples/apps/simple_imaging_app.
    
    This workflow will use terraform to launch a VM with a GPU and then run
    the monai-deploy-sdk package subcommand inside it.
    
    NOTE: you need to setup the secrets:
    * AZURE_CLIENT_ID
    * AZURE_SUBSCRIPTION_ID
    * AZURE_TENANT_ID
    * AZURE_CLIENT_SECRET
    
    The workflow will patch holoscan, so that it works when there is no
    cache.
    
    The workflow will install a "patched" libseccomp package so that we can
    install libnvidia-container.
    
    The workflow will use nvidia docker runtime to build, load, export, ...
    the image.
    
    The workflow uses the smallest/cheapest Azure Image with GPU available
    in Western Europe, which is Standard_NC4as_T4_v3. For this to work,
    you need to request a quota increase to Azure Help Desk.
    
    However, the default 30GB disc is not enough for the build, so you need
    to setup a 64GB.
    
    :WARNING: This will incur in costs in Azure Cloud, use it with caution.
    
    Signed-off-by: Jordi Massaguer Pla <[email protected]>
    jordimassaguerpla committed Nov 23, 2023
    Configuration menu
    Copy the full SHA
    2da3adb View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2023

  1. Add SBOM and sign image

    Sign the image with cosign using the OIDC token.
    Add Software Bill of Materials with trivy as signed cosign attestations.
    
    This informatin is needed for securing the supply chain.
    
    You can verify the image with cosign.
    You can get the SBOM from the attestations and then use trivy to check
    for vulnerabilities.
    
    Signed-off-by: Jordi Massaguer Pla <[email protected]>
    jordimassaguerpla committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    6013c5e View commit details
    Browse the repository at this point in the history