merge

Author: Bryannah Hernandez

.github/workflows/codeql.yml

@@ -5,7 +5,7 @@ on:
   pull_request:
     branches: [ "master" ]
   schedule:
-    - cron: '30 8 * * *'
+    - cron: '30 15 * * *'
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})

.github/workflows/security-monitoring.yml

@@ -0,0 +1,122 @@
+name: Security Monitoring
+
+on:
+  schedule:
+    - cron: '0 16 * * *'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  id-token: write
+
+jobs:
+  check-code-scanning-alerts:
+    runs-on: ubuntu-latest
+    outputs:
+      code_scanning_alert_status: ${{ steps.check-code-scanning-alerts.outputs.code_scanning_alert_status }}
+    steps:
+      - name: Check for security alerts
+        id: check-code-scanning-alerts
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+        with:
+          github-token: ${{ secrets.GH_PAT }}
+          script: |
+            async function checkAlerts() {
+              const owner = '${{ github.repository_owner }}';
+              const repo = '${{ github.event.repository.name }}';
+              const ref = 'refs/heads/master';
+            
+              const codeScanningAlerts = await github.rest.codeScanning.listAlertsForRepo({
+                owner,
+                repo,
+                ref: ref
+              });
+              const activeCodeScanningAlerts = codeScanningAlerts.data.filter(alert => alert.state === 'open');
+              core.setOutput('code_scanning_alert_status', activeCodeScanningAlerts.length > 0 ? '1': '0');
+            }
+            await checkAlerts();
+
+  check-dependabot-alerts:
+    runs-on: ubuntu-latest
+    outputs:
+      dependabot_alert_status: ${{ steps.check-dependabot-alerts.outputs.dependabot_alert_status }}
+    steps:
+      - name: Check for dependabot alerts
+        id: check-dependabot-alerts
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+        with:
+          github-token: ${{ secrets.GH_PAT }}
+          script: |
+            async function checkAlerts() {
+              const owner = '${{ github.repository_owner }}';
+              const repo = '${{ github.event.repository.name }}';
+            
+              const dependabotAlerts = await github.rest.dependabot.listAlertsForRepo({
+                owner,
+                repo,
+                headers: {
+                  'accept': 'applications/vnd.github+json'
+                }
+              }); 
+              const activeDependabotAlerts = dependabotAlerts.data.filter(alert => alert.state === 'open');
+              core.setOutput('dependabot_alert_status', activeDependabotAlerts.length > 0 ? '1': '0');
+            }
+            await checkAlerts();
+
+  check-secret-scanning-alerts:
+    runs-on: ubuntu-latest
+    outputs:
+      secret_scanning_alert_status: ${{ steps.check-secret-scanning-alerts.outputs.secret_scanning_alert_status }}
+    steps:
+      - name: Check for secret scanning alerts
+        id: check-secret-scanning-alerts
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+        with:
+          github-token: ${{ secrets.GH_PAT }}
+          script: |
+            async function checkAlerts() {
+              const owner = '${{ github.repository_owner }}';
+              const repo = '${{ github.event.repository.name }}';
+
+              const secretScanningAlerts = await github.rest.secretScanning.listAlertsForRepo({
+                owner,
+                repo,
+              }); 
+              const activeSecretScanningAlerts = secretScanningAlerts.data.filter(alert => alert.state === 'open');
+              core.setOutput('secret_scanning_alert_status', activeSecretScanningAlerts.length > 0 ? '1': '0');
+              console.log("Active Secret Scanning Alerts", activeSecretScanningAlerts);
+            }
+            await checkAlerts();
+
+  put-metric-data:
+    runs-on: ubuntu-latest
+    needs: [check-code-scanning-alerts, check-dependabot-alerts, check-secret-scanning-alerts]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@12e3392609eaaceb7ae6191b3f54bbcb85b5002b
+        with:
+          role-to-assume: ${{ secrets.MONITORING_ROLE_ARN }}
+          aws-region: us-west-2
+      - name: Put Code Scanning Alert Metric Data
+        run: |
+          if [ "${{ needs.check-code-scanning-alerts.outputs.code_scanning_alert_status }}" == "1" ]; then
+            aws cloudwatch put-metric-data --metric-name CodeScanningAlert --namespace SecurityMonitoringMetrics --value 1 --unit Count --dimensions ProjectName=sagemaker-python-sdk
+          else
+            aws cloudwatch put-metric-data --metric-name CodeScanningAlert --namespace SecurityMonitoringMetrics --value 0 --unit Count --dimensions ProjectName=sagemaker-python-sdk
+          fi
+      - name: Put Dependabot Alert Metric Data
+        run: |
+          if [ "${{ needs.check-dependabot-alerts.outputs.dependabot_alert_status }}" == "1" ]; then
+            aws cloudwatch put-metric-data --metric-name DependabotAlert --namespace SecurityMonitoringMetrics --value 1 --unit Count --dimensions ProjectName=sagemaker-python-sdk
+          else
+            aws cloudwatch put-metric-data --metric-name DependabotAlert --namespace SecurityMonitoringMetrics --value 0 --unit Count --dimensions ProjectName=sagemaker-python-sdk
+          fi
+      - name: Put Secret Scanning Alert Metric Data
+        run: |
+          if [ "${{ needs.check-secret-scanning-alerts.outputs.secret_scanning_alert_status }}" == "1" ]; then
+            aws cloudwatch put-metric-data --metric-name SecretScanningAlert --namespace SecurityMonitoringMetrics --value 1 --unit Count --dimensions ProjectName=sagemaker-python-sdk
+          else
+            aws cloudwatch put-metric-data --metric-name SecretScanningAlert --namespace SecurityMonitoringMetrics --value 0 --unit Count --dimensions ProjectName=sagemaker-python-sdk
+          fi

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## v2.228.0 (2024-08-06)
+
+### Features
+
+ * triton v24.05
+
+### Bug Fixes and Other Changes
+
+ * chore: telemetry for deployment configs
+ * censoring sensitive values from being logged
+ * update image_uri_configs  08-05-2024 07:17:38 PST
+ * enable uncompressed model artifacts upload to S3 for SAGEMAKER_ENDPOINT overwrite for TGI, TEI, MMS model servers
+ * ModelReference deployment for Alt Configs models
+ * Add optional typecheck for nullable parameters
+ * Update package metadata
+ * release TEI 1.4.0
+
 ## v2.227.0 (2024-07-30)
 
 ### Features

VERSION

@@ -1 +1 @@
-2.227.1.dev0
+2.228.1.dev0

requirements/extras/test_requirements.txt

@@ -13,7 +13,7 @@ awslogs==0.14.0
 black==24.3.0
 stopit==1.1.2
 # Update tox.ini to have correct version of airflow constraints file
-apache-airflow==2.9.2
+apache-airflow==2.9.3
 apache-airflow-providers-amazon==7.2.1
 attrs>=23.1.0,<24
 fabric==2.6.0

src/sagemaker/image_uri_config/djl-lmi.json

@@ -3,6 +3,38 @@
         "inference"
     ],
     "versions": {
+        "0.29.0": {
+            "registries": {
+                "af-south-1": "626614931356",
+                "il-central-1": "780543022126",
+                "ap-east-1": "871362719292",
+                "ap-northeast-1": "763104351884",
+                "ap-northeast-2": "763104351884",
+                "ap-northeast-3": "364406365360",
+                "ap-south-1": "763104351884",
+                "ap-southeast-1": "763104351884",
+                "ap-southeast-2": "763104351884",
+                "ap-southeast-3": "907027046896",
+                "ca-central-1": "763104351884",
+                "cn-north-1": "727897471807",
+                "cn-northwest-1": "727897471807",
+                "eu-central-1": "763104351884",
+                "eu-north-1": "763104351884",
+                "eu-west-1": "763104351884",
+                "eu-west-2": "763104351884",
+                "eu-west-3": "763104351884",
+                "eu-south-1": "692866216735",
+                "me-south-1": "217643126080",
+                "sa-east-1": "763104351884",
+                "us-east-1": "763104351884",
+                "us-east-2": "763104351884",
+                "us-west-1": "763104351884",
+                "us-west-2": "763104351884",
+                "ca-west-1": "204538143572"
+            },
+            "repository": "djl-inference",
+            "tag_prefix": "0.29.0-lmi11.0.0-cu124"
+        },
         "0.28.0": {
             "registries": {
                 "af-south-1": "626614931356",

src/sagemaker/image_uri_config/djl-neuronx.json

@@ -3,6 +3,24 @@
         "inference"
     ],
     "versions": {
+        "0.29.0": {
+            "registries": {
+                "ap-northeast-1": "763104351884",
+                "ap-south-1": "763104351884",
+                "ap-southeast-1": "763104351884",
+                "ap-southeast-2": "763104351884",
+                "eu-central-1": "763104351884",
+                "eu-west-1": "763104351884",
+                "eu-west-3": "763104351884",
+                "sa-east-1": "763104351884",
+                "us-east-1": "763104351884",
+                "us-east-2": "763104351884",
+                "us-west-2": "763104351884",
+                "ca-west-1": "204538143572"
+            },
+            "repository": "djl-inference",
+            "tag_prefix": "0.29.0-neuronx-sdk2.19.1"
+        },
         "0.28.0": {
             "registries": {
                 "ap-northeast-1": "763104351884",

src/sagemaker/image_uri_config/djl-tensorrtllm.json

@@ -3,6 +3,38 @@
         "inference"
     ],
     "versions": {
+        "0.29.0": {
+            "registries": {
+                "af-south-1": "626614931356",
+                "il-central-1": "780543022126",
+                "ap-east-1": "871362719292",
+                "ap-northeast-1": "763104351884",
+                "ap-northeast-2": "763104351884",
+                "ap-northeast-3": "364406365360",
+                "ap-south-1": "763104351884",
+                "ap-southeast-1": "763104351884",
+                "ap-southeast-2": "763104351884",
+                "ap-southeast-3": "907027046896",
+                "ca-central-1": "763104351884",
+                "cn-north-1": "727897471807",
+                "cn-northwest-1": "727897471807",
+                "eu-central-1": "763104351884",
+                "eu-north-1": "763104351884",
+                "eu-west-1": "763104351884",
+                "eu-west-2": "763104351884",
+                "eu-west-3": "763104351884",
+                "eu-south-1": "692866216735",
+                "me-south-1": "217643126080",
+                "sa-east-1": "763104351884",
+                "us-east-1": "763104351884",
+                "us-east-2": "763104351884",
+                "us-west-1": "763104351884",
+                "us-west-2": "763104351884",
+                "ca-west-1": "204538143572"
+            },
+            "repository": "djl-inference",
+            "tag_prefix": "0.29.0-tensorrtllm0.11.0-cu124"
+        },
         "0.28.0": {
             "registries": {
                 "af-south-1": "626614931356",

src/sagemaker/jumpstart/constants.py

@@ -182,6 +182,16 @@
             content_bucket="jumpstart-cache-prod-il-central-1",
             gated_content_bucket="jumpstart-private-cache-prod-il-central-1",
         ),
+        JumpStartLaunchedRegionInfo(
+            region_name="us-gov-east-1",
+            content_bucket="jumpstart-cache-prod-us-gov-east-1",
+            gated_content_bucket="jumpstart-private-cache-prod-us-gov-east-1",
+        ),
+        JumpStartLaunchedRegionInfo(
+            region_name="us-gov-west-1",
+            content_bucket="jumpstart-cache-prod-us-gov-west-1",
+            gated_content_bucket="jumpstart-private-cache-prod-us-gov-west-1",
+        ),
     ]
 )
 

src/sagemaker/model.py

@@ -1377,6 +1377,7 @@ def deploy(
         managed_instance_scaling: Optional[str] = None,
         inference_component_name=None,
         routing_config: Optional[Dict[str, Any]] = None,
+        model_reference_arn: Optional[str] = None,
         **kwargs,
     ):
         """Deploy this ``Model`` to an ``Endpoint`` and optionally return a ``Predictor``.
@@ -1483,6 +1484,8 @@ def deploy(
                     {
                         "RoutingStrategy":  sagemaker.enums.RoutingStrategy.RANDOM
                     }
+            model_reference_arn (Optional [str]): Hub Content Arn of a Model Reference type
+                content (default: None).
         Raises:
              ValueError: If arguments combination check failed in these circumstances:
                 - If no role is specified or
@@ -1697,7 +1700,8 @@ def deploy(
                 accelerator_type=accelerator_type,
                 tags=tags,
                 serverless_inference_config=serverless_inference_config,
-                **kwargs,
+                accept_eula=accept_eula,
+                model_reference_arn=model_reference_arn,
             )
             serverless_inference_config_dict = (
                 serverless_inference_config._to_request_dict() if is_serverless else None