From df3ecd0841d01619cce900bc0d36740db5261e5f Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Thu, 9 Jan 2025 21:19:41 -0600 Subject: [PATCH 1/6] Fetch PAT with KSM in sync.yml --- .github/workflows/sync.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index 3ee246fc..235e8889 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -11,9 +11,16 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@master + - name: Retrieve secrets from Keeper + id: ksecrets + uses: Keeper-Security/ksm-action@master + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + secrets: |- + oISGH1N1wIEirucX9m5ung/field/Access Token > env:PAT # Fetch PAT and store in environment variable - name: Run GitHub File Sync uses: BetaHuhn/repo-file-sync-action@v1 with: - GH_PAT: ${{ secrets.INFERENCE_ACCESS_TOKEN }} + GH_PAT: ${{ env.PAT }} # Use PAT fetched from Keeper TEAM_REVIEWERS: wg-inference SKIP_PR: false From 41a94b490f04c9a1a224fe4fbaf34b1794a6a49c Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Thu, 9 Jan 2025 21:23:20 -0600 Subject: [PATCH 2/6] Fetch token with KSM in inference_power_workflow.yaml --- .github/workflows/inference_power_workflow.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/inference_power_workflow.yaml b/.github/workflows/inference_power_workflow.yaml index 901aa268..b2501c2c 100644 --- a/.github/workflows/inference_power_workflow.yaml +++ b/.github/workflows/inference_power_workflow.yaml @@ -28,10 +28,18 @@ jobs: python3 -m pip install cmind cm pull repo mlcommons@ck cm run script --quiet --tags=get,sys-utils-cm + + - name: Retrieve secrets from Keeper + id: ksecrets + uses: Keeper-Security/ksm-action@master + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + secrets: |- + cAEVIvfzh_W2DWjhDoGiQQ/field/Access Token > env:PAT # Fetch PAT and store in environment variable - name: Start power server run: | - cm run script --tags=run,mlperf,power,server --device_type=0 --screen=yes --quiet --env.CM_GH_TOKEN=${{ secrets.ACCESS_TOKEN }} + cm run script --tags=run,mlperf,power,server --device_type=0 --screen=yes --quiet --env.CM_GH_TOKEN=${{ env.PAT }} # Use PAT fetched from Keeper - name: Test CM Script for MLPerf Inference ResNet50 with power run: | From 855c6a3e87ae29151359f23147ec8793a6daf3c5 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Thu, 9 Jan 2025 21:33:57 -0600 Subject: [PATCH 3/6] Update PAT naming in sync.yml --- .github/workflows/sync.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index 235e8889..f17f1ea4 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -17,10 +17,10 @@ jobs: with: keeper-secret-config: ${{ secrets.KSM_CONFIG }} secrets: |- - oISGH1N1wIEirucX9m5ung/field/Access Token > env:PAT # Fetch PAT and store in environment variable + oISGH1N1wIEirucX9m5ung/field/Access Token > env:INFERENCE_ACCESS_TOKEN # Fetch PAT and store in environment variable - name: Run GitHub File Sync uses: BetaHuhn/repo-file-sync-action@v1 with: - GH_PAT: ${{ env.PAT }} # Use PAT fetched from Keeper + GH_PAT: ${{ env.INFERENCE_ACCESS_TOKEN }} # Use PAT fetched from Keeper TEAM_REVIEWERS: wg-inference SKIP_PR: false From abf1120dc1e80ff4f8fecfd52120833abfb4ab12 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Thu, 9 Jan 2025 21:34:59 -0600 Subject: [PATCH 4/6] Update PAT naming in inference_power_workflow.yaml --- .github/workflows/inference_power_workflow.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/inference_power_workflow.yaml b/.github/workflows/inference_power_workflow.yaml index b2501c2c..b572b8cc 100644 --- a/.github/workflows/inference_power_workflow.yaml +++ b/.github/workflows/inference_power_workflow.yaml @@ -35,11 +35,11 @@ jobs: with: keeper-secret-config: ${{ secrets.KSM_CONFIG }} secrets: |- - cAEVIvfzh_W2DWjhDoGiQQ/field/Access Token > env:PAT # Fetch PAT and store in environment variable + cAEVIvfzh_W2DWjhDoGiQQ/field/Access Token > env:ACCESS_TOKEN # Fetch PAT and store in environment variable - name: Start power server run: | - cm run script --tags=run,mlperf,power,server --device_type=0 --screen=yes --quiet --env.CM_GH_TOKEN=${{ env.PAT }} # Use PAT fetched from Keeper + cm run script --tags=run,mlperf,power,server --device_type=0 --screen=yes --quiet --env.CM_GH_TOKEN=${{ env.ACCESS_TOKEN }} # Use PAT fetched from Keeper - name: Test CM Script for MLPerf Inference ResNet50 with power run: | From 4c978522aa6c24f48dd1034055bd6c46f661126d Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Fri, 24 Jan 2025 21:14:19 -0600 Subject: [PATCH 5/6] Remove breaking code comment in inference_power_workflow.yaml --- .github/workflows/inference_power_workflow.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/inference_power_workflow.yaml b/.github/workflows/inference_power_workflow.yaml index b572b8cc..dc8bae94 100644 --- a/.github/workflows/inference_power_workflow.yaml +++ b/.github/workflows/inference_power_workflow.yaml @@ -35,8 +35,7 @@ jobs: with: keeper-secret-config: ${{ secrets.KSM_CONFIG }} secrets: |- - cAEVIvfzh_W2DWjhDoGiQQ/field/Access Token > env:ACCESS_TOKEN # Fetch PAT and store in environment variable - + cAEVIvfzh_W2DWjhDoGiQQ/field/Access Token > env:ACCESS_TOKEN - name: Start power server run: | cm run script --tags=run,mlperf,power,server --device_type=0 --screen=yes --quiet --env.CM_GH_TOKEN=${{ env.ACCESS_TOKEN }} # Use PAT fetched from Keeper From 8f06828327defb777d0200f1ca1bb3094c8112b2 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Fri, 24 Jan 2025 21:14:36 -0600 Subject: [PATCH 6/6] Remove breaking code comment in sync.yml --- .github/workflows/sync.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index f17f1ea4..a15fb88f 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -17,7 +17,7 @@ jobs: with: keeper-secret-config: ${{ secrets.KSM_CONFIG }} secrets: |- - oISGH1N1wIEirucX9m5ung/field/Access Token > env:INFERENCE_ACCESS_TOKEN # Fetch PAT and store in environment variable + oISGH1N1wIEirucX9m5ung/field/Access Token > env:INFERENCE_ACCESS_TOKEN - name: Run GitHub File Sync uses: BetaHuhn/repo-file-sync-action@v1 with: