Skip to content

Commit 07cb797

Browse files
committed
Refactor Dockerfile to simplify model weight preloading condition and improve readability. Update GitHub Actions workflows to use specific commit SHA for actions, ensuring consistency and reliability in builds.
1 parent 6b5571b commit 07cb797

File tree

5 files changed

+26
-21
lines changed

5 files changed

+26
-21
lines changed

.github/workflows/codeql.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,13 @@ jobs:
2222
language: [ 'python' ]
2323
steps:
2424
- name: Checkout repository
25-
uses: actions/checkout@v4
25+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
2626
- name: Initialize CodeQL
27-
uses: github/codeql-action/init@v3
27+
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38a # v3
2828
with:
2929
languages: ${{ matrix.language }}
3030
- name: Autobuild
31-
uses: github/codeql-action/autobuild@v3
31+
uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38a # v3
3232
- name: Perform CodeQL Analysis
33-
uses: github/codeql-action/analyze@v3
33+
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38a # v3
3434

.github/workflows/create-release.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,10 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout
16-
uses: actions/checkout@v4
16+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
1717

1818
- name: Create GitHub Release (official)
19-
uses: actions/github-script@v7
19+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
2020
with:
2121
script: |
2222
const { owner, repo } = context.repo;

.github/workflows/docker-publish.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,18 +15,18 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- name: Checkout
18-
uses: actions/checkout@v4
18+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
1919

2020
- name: Log in to GHCR
21-
uses: docker/login-action@v3
21+
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
2222
with:
2323
registry: ghcr.io
2424
username: ${{ github.actor }}
2525
password: ${{ secrets.GITHUB_TOKEN }}
2626

2727
- name: Extract Docker metadata
2828
id: meta
29-
uses: docker/metadata-action@v5
29+
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5
3030
with:
3131
images: ghcr.io/${{ github.repository }}
3232
tags: |
@@ -36,10 +36,10 @@ jobs:
3636
type=sha
3737
3838
- name: Set up Buildx
39-
uses: docker/setup-buildx-action@v3
39+
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
4040

4141
- name: Build and push (CPU)
42-
uses: docker/build-push-action@v5
42+
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5
4343
with:
4444
context: .
4545
push: true
@@ -49,7 +49,7 @@ jobs:
4949
TORCH_INDEX_URL=https://download.pytorch.org/whl/cpu
5050
5151
- name: Build and push (GPU)
52-
uses: docker/build-push-action@v5
52+
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5
5353
with:
5454
context: .
5555
push: true
@@ -66,7 +66,7 @@ jobs:
6666
contents: write
6767
steps:
6868
- name: Create Nightly Release (official)
69-
uses: actions/github-script@v7
69+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
7070
with:
7171
script: |
7272
const { owner, repo } = context.repo;

.github/workflows/security.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ jobs:
1313
name: Python dependency audit
1414
runs-on: ubuntu-latest
1515
steps:
16-
- uses: actions/checkout@v4
17-
- uses: actions/setup-python@v5
16+
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
17+
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5
1818
with:
1919
python-version: '3.10'
2020
- name: Install deps
@@ -44,15 +44,15 @@ jobs:
4444
build-args: |
4545
TORCH_INDEX_URL=https://download.pytorch.org/whl/cpu
4646
- name: Trivy scan image
47-
uses: aquasecurity/trivy-action@0.22.0
47+
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # 0.22.0
4848
with:
4949
image-ref: lcm:ci-scan
5050
severity: HIGH,CRITICAL
5151
ignore-unfixed: true
5252
format: sarif
5353
output: trivy-results.sarif
5454
- name: Upload SARIF
55-
uses: github/codeql-action/upload-sarif@v3
55+
uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38a # v3
5656
with:
5757
sarif_file: trivy-results.sarif
5858

Dockerfile

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,7 @@ USER appuser
4242

4343
# Optional: pre-download model weights to warm cache (increases image size)
4444
ARG PRELOAD_MODEL=0
45-
RUN if [ "$PRELOAD_MODEL" = "1" ]; then \
46-
python - <<'PY' \
45+
RUN test "$PRELOAD_MODEL" != "1" || python - <<'PY'
4746
import os
4847
import torch
4948
from diffusers import DiffusionPipeline
@@ -54,10 +53,16 @@ custom_pipeline = os.getenv('LCM_CUSTOM_PIPELINE')
5453
custom_revision = os.getenv('LCM_CUSTOM_REVISION')
5554

5655
dtype = torch.float16 if torch.cuda.is_available() else torch.float32
57-
_ = DiffusionPipeline.from_pretrained(model_id, custom_pipeline=custom_pipeline, custom_revision=custom_revision, revision=revision, torch_dtype=dtype, safety_checker=None)
56+
_ = DiffusionPipeline.from_pretrained(
57+
model_id,
58+
custom_pipeline=custom_pipeline,
59+
custom_revision=custom_revision,
60+
revision=revision,
61+
torch_dtype=dtype,
62+
safety_checker=None,
63+
)
5864
print('Model cached')
5965
PY
60-
; fi
6166

6267
EXPOSE 8000
6368

0 commit comments

Comments
 (0)