Sagemaker Hyperpod Recipes Release 1.4.0 #41
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.8' # Set python version to 3.8 | ||
|
|
||
| - name: Install pre-commit dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install pre-commit | ||
|
|
||
| - name: Run pre-commit checks | ||
| run: | | ||
| pre-commit run --all-files |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To fix the issue, we need to add a permissions block to the workflow. Since the workflow does not require write access, we can set the permissions to contents: read, which limits the GITHUB_TOKEN to read-only access to the repository contents. This change ensures that the workflow operates securely and adheres to the principle of least privilege.
The permissions block should be added at the root level of the workflow, applying to all jobs in the workflow. This avoids redundancy and ensures consistent permissions across all jobs.
| @@ -2,2 +2,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| submodules: recursive # Checkout submodules as well | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.8' # Set python version to 3.8 | ||
|
|
||
| - name: Install unit test dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install -r launcher/nemo/nemo_framework_launcher/requirements.txt | ||
| pip install pytest | ||
| pip install pytest-cov | ||
|
|
||
| - name: Run unit tests | ||
| run: | | ||
| python -m pytest |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To fix the issue, we need to add a permissions block to the workflow file. Since the workflow is focused on running unit tests, it likely only requires read access to the repository contents. We will add the permissions key at the root level of the workflow to apply the least privilege permissions (contents: read) to all jobs in the workflow. This ensures that the GITHUB_TOKEN has minimal access.
| @@ -7,2 +7,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: |
There was a problem hiding this comment.
Why is this change included?
|
Closing PR since the Prime Nova team intends to introduce additional changes |
2 participants
Description
Motivation
We are adding recipes for AWS Nova models. These recipes will be used by customer to trigger SMTJ.
Changes
Testing
AGI Team and SMTJ team tested these recipes on SMTJ platform and made sure they are working with a successful training job.
Merge Checklist
Put an x in the boxes that apply. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.
General
pre-commit run --all-fileson my code. It will check for this configuration.Tests
pyteston my code and all unit tests passed.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.