@@ -90,8 +90,8 @@ def createKubernetesPodConfig(type, arch = "amd64", build_wheel = false)
9090 {
9191 case " agent"
9292 containerConfig = """
93- - name: alpine
94- image: urm.nvidia.com/docker/alpine:latest
93+ - name: python3
94+ image: urm.nvidia.com/docker/python:3.12-slim
9595 command: ['cat']
9696 tty: true
9797 resources:
@@ -494,5 +494,45 @@ pipeline {
494494 }
495495 }
496496 }
497+ stage(" Register Images for Security Checks"
498+ when {
499+ expression {
500+ return params. nspect_id && params. action == " push"
501+ }
502+ }
503+ steps {
504+ script {
505+ container(" python3"
506+ trtllm_utils. llmExecStepWithRetry(pipeline, script : " pip3 install --upgrade pip"
507+ trtllm_utils. llmExecStepWithRetry(pipeline, script : " pip3 install --upgrade requests"
508+ def nspect_commit = " 170c09aa35d5dacdc40611dd907f8801742fd5e4"
509+ withCredentials([string(credentialsId : " TRTLLM_NSPECT_REPO" variable : " NSPECT_REPO"
510+ trtllm_utils. checkoutSource(" ${ NSPECT_REPO} " " nspect"
511+ }
512+ def nspect_env = params. nspect_env ? params. nspect_env : " prod"
513+ def program_version_name = params. program_version_name ? params. program_version_name : " PostMerge"
514+ def cmd = """ ./nspect/nspect.py \
515+ --env ${ nspect_env}
516+ --nspect_id ${ params.nspect_id}
517+ --program_version_name '${ program_version_name}
518+ """
519+ if (params. register_images) {
520+ cmd + = " --register "
521+ }
522+ if (params. osrb_ticket) {
523+ cmd + = " --osrb_ticket ${ params.osrb_ticket} "
524+ }
525+ if (params. wait_success_seconds) {
526+ cmd + = " --check_launch_api "
527+ cmd + = " --wait_success ${ params.wait_success_seconds} "
528+ }
529+ cmd + = imageKeyToTag. values(). join(" "
530+ withCredentials([usernamePassword(credentialsId : " NSPECT_CLIENT-${ nspect_env} " usernameVariable : ' NSPECT_CLIENT_ID' passwordVariable : ' NSPECT_CLIENT_SECRET'
531+ sh cmd
532+ }
533+ }
534+ }
535+ }
536+ }
497537 } // stages
498538} // pipeline
0 commit comments