-
-
Notifications
You must be signed in to change notification settings - Fork 31
Add installable ovllm verifier and signed publish loop #93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
5269328
b5b4b9b
d396205
6829bfc
425f571
4d9d39e
3febcd3
12b3eb1
845d0d3
bd33f2e
56e093d
b308f1c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,86 @@ | ||
| name: Publish Verified Model | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| model_name: | ||
| description: "Name to put in ovllm_manifest.json" | ||
| required: true | ||
| default: "gpt10m-shakespeare" | ||
| hf_repo_id: | ||
| description: "Optional Hugging Face repo id, e.g. owner/gpt10m-shakespeare" | ||
| required: false | ||
| default: "" | ||
| publish_to_hf: | ||
| description: "Upload the signed directory to Hugging Face" | ||
| required: true | ||
| default: false | ||
| type: boolean | ||
|
|
||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| jobs: | ||
| placeholder-job: | ||
| sign-and-verify: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - run: echo "This is just a temporary placeholder" | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.12" | ||
| cache: "pip" | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install -r requirements.txt | ||
| python -m pip install -e . | ||
|
|
||
| - name: Train real model (smoke steps) | ||
| run: | | ||
| python run_experiment.py \ | ||
| --model gpt10m \ | ||
| --dataset shakespeare \ | ||
| --precision fp32 \ | ||
| --deterministic on \ | ||
| --steps 8 \ | ||
| --batch-size 8 \ | ||
| --block-size 64 \ | ||
| --keep-artifact | ||
|
|
||
| - name: Prepare publish directory | ||
| run: | | ||
| ovllm prepare-publish \ | ||
| --weights artifacts/gpt10m_shakespeare_fp32_deton_s99.safetensors \ | ||
| --out dist/gpt10m-shakespeare \ | ||
| --name "${{ inputs.model_name }}" | ||
|
Comment on lines
+55
to
+60
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win Harden
🔒 Suggested fix: pass inputs through env vars - name: Prepare publish directory
run: |
ovllm prepare-publish \
--weights openverifiable-smoke.safetensors \
--out dist/openverifiable-smoke \
- --name "${{ inputs.model_name }}"
+ --name "$MODEL_NAME"
+ env:
+ MODEL_NAME: ${{ inputs.model_name }} - name: Publish to Hugging Face
if: ${{ inputs.publish_to_hf && inputs.hf_repo_id != '' }}
env:
HF_TOKEN: ${{ secrets.HF_TOKEN }}
+ HF_REPO_ID: ${{ inputs.hf_repo_id }}
run: |
- ovllm publish-hf "${{ inputs.hf_repo_id }}" dist/openverifiable-smoke
+ ovllm publish-hf "$HF_REPO_ID" dist/openverifiable-smokeAlso applies to: 82-88 🧰 Tools🪛 zizmor (1.26.1)[error] 61-61: code injection via template expansion (template-injection): may expand into attacker-controllable code (template-injection) 🤖 Prompt for AI AgentsSource: Linters/SAST tools |
||
|
|
||
| - name: Sign with GitHub Actions OIDC | ||
| env: | ||
| SIGSTORE_IDENTITY: "https://github.com/${{ github.repository }}/.github/workflows/publish-verified-model.yml@${{ github.ref }}" | ||
| SIGSTORE_IDENTITY_PROVIDER: "https://token.actions.githubusercontent.com" | ||
| run: | | ||
| ovllm sign dist/gpt10m-shakespeare \ | ||
| --identity "$SIGSTORE_IDENTITY" \ | ||
| --identity-provider "$SIGSTORE_IDENTITY_PROVIDER" \ | ||
| --use-ambient-credentials | ||
|
|
||
| - name: Verify signed artifact | ||
| run: ovllm verify dist/gpt10m-shakespeare --skip-replay | ||
|
|
||
| - name: Upload signed model directory | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: gpt10m-shakespeare-signed | ||
| path: dist/gpt10m-shakespeare | ||
|
|
||
| - name: Publish to Hugging Face | ||
| if: ${{ inputs.publish_to_hf && inputs.hf_repo_id != '' }} | ||
| env: | ||
| HF_TOKEN: ${{ secrets.HF_TOKEN }} | ||
| run: | | ||
| ovllm publish-hf "${{ inputs.hf_repo_id }}" dist/gpt10m-shakespeare | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Set
persist-credentials: falseon checkout.zizmor flags credential persistence (artipacked) here — the ambient
GITHUB_TOKENstays in the local git config for the rest of the job unless explicitly disabled.🔒 Suggested fix
- name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false📝 Committable suggestion
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 29-30: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Source: Linters/SAST tools