Skip to content
update-models

update-models #56

Sign in to view logs

update-models

update-models #56

Workflow file for this run

.github/workflows/update-models.yaml at ff77914
name: update-models
on:
workflow_dispatch:
inputs:
staging:
description: 'push to test registry'
required: false
default: false
type: boolean
permissions:
contents: write
packages: write
id-token: write
jobs:
update-models:
strategy:
fail-fast: false
matrix:
model:
- llama-3.1-8b-instruct
- phi-3-3.8b
- gemma-2b-instruct
runs-on: ubuntu-latest
timeout-minutes: 360
steps:
- uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: true
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: true
swap-storage: true
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: block
allowed-endpoints: >
auth.docker.io:443
*.huggingface.co:443
fulcio.sigstore.dev:443
gcr.io:443
ghcr.io:443
github.com:443
huggingface.co:443
*.githubusercontent.com:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
rekor.sigstore.dev:443
storage.googleapis.com:443
tuf-repo-cdn.sigstore.dev:443
sertaccdnvs.azureedge.net:443
developer.download.nvidia.com:443
*.ubuntu.com:80
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- name: Login to GHCR
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: parse matrix
run: |
echo "MODEL_NAME=$(echo ${{ matrix.model }} | sed -E 's/^llama-(3\.1)-([0-9]+\.?[0-9]*b)-.*/llama\1/;t; s/^([a-z]+)-([0-9]+x[0-9]+b|[0-9]+\.?[0-9]*b)-.*/\1/; s/^([a-z]+)-([0-9]+)-.*/\1\2/; s/^([a-z]+)-([0-9]+\.?[0-9]*b)$/\1/')" >> $GITHUB_ENV
echo "MODEL_SIZE=$(echo ${{ matrix.model }} | sed -E 's/^llama-(3\.1)-([0-9]+\.?[0-9]*b)-.*/\2/;t; s/^[a-z]+-([0-9]+x[0-9]+b|[0-9]+\.?[0-9]*b)-.*/\1/; s/^[a-z]+-[0-9]+-([0-9]+\.?[0-9]*b).*/\1/; s/^[a-z]+-([0-9]+\.?[0-9]*b)$/\1/')" >> $GITHUB_ENV
echo "MODEL_TYPE=-$(echo ${{ matrix.model }} | sed -n -e 's/.*\(chat\).*/\1/p' -e 's/.*\(instruct\).*/\1/p')" >> $GITHUB_ENV
- name: Build and push
run: |
if [ "${MODEL_TYPE}" == "-" ]; then
export MODEL_TYPE=""
echo "MODEL_TYPE=''" >> $GITHUB_ENV
fi
if ${{ inputs.staging }}; then
export REGISTRY=ghcr.io/sozercan/test
else
export REGISTRY=ghcr.io/sozercan
fi
docker buildx build . \
-t ${REGISTRY}/${MODEL_NAME}:${MODEL_SIZE} \
-t ${REGISTRY}/${MODEL_NAME}:${MODEL_SIZE}${MODEL_TYPE} \
-f models/${{ matrix.model }}.yaml \
--push --progress plain \
--sbom=true --provenance=true \
--platform linux/amd64,linux/arm64
echo "DIGEST=$(cosign triangulate ${REGISTRY}/${MODEL_NAME}:${MODEL_SIZE} --type digest)" >> $GITHUB_ENV
- name: Sign the images with GitHub OIDC Token
if: ${{ !inputs.staging }}
run: cosign sign --yes ${DIGEST}
- name: Verify image signature
if: ${{ !inputs.staging }}
run: |
cosign verify ${DIGEST} \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp 'https://github\.com/sozercan/aikit/\.github/workflows/.+'