opendatahub-io
diff --git a/‎.github/workflows/code-quality.yaml
Lines changed: 17 additions & 6 deletions b/‎.github/workflows/code-quality.yaml
Lines changed: 17 additions & 6 deletions
diff --git a/‎.github/workflows/notebooks-digest-updater-upstream.yaml
Lines changed: 9 additions & 8 deletions b/‎.github/workflows/notebooks-digest-updater-upstream.yaml
Lines changed: 9 additions & 8 deletions
diff --git a/‎.github/workflows/params-env.yaml
Lines changed: 23 additions & 0 deletions b/‎.github/workflows/params-env.yaml
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/workflows/sec-scan.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/sec-scan.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎Makefile
Lines changed: 12 additions & 0 deletions b/‎Makefile
Lines changed: 12 additions & 0 deletions
diff --git a/‎base/anaconda-python-3.8/Dockerfile
Lines changed: 3 additions & 3 deletions b/‎base/anaconda-python-3.8/Dockerfile
Lines changed: 3 additions & 3 deletions
diff --git a/‎base/c9s-python-3.9/Dockerfile
Lines changed: 3 additions & 3 deletions b/‎base/c9s-python-3.9/Dockerfile
Lines changed: 3 additions & 3 deletions
diff --git a/‎base/ubi8-python-3.8/Dockerfile
Lines changed: 2 additions & 2 deletions b/‎base/ubi8-python-3.8/Dockerfile
Lines changed: 2 additions & 2 deletions
diff --git a/‎base/ubi9-python-3.9/Dockerfile
Lines changed: 3 additions & 3 deletions b/‎base/ubi9-python-3.9/Dockerfile
Lines changed: 3 additions & 3 deletions
@@ -9,25 +9,26 @@ jobs:
   code-static-analysis:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Validate YAML files (best code practices check included)
         id: validate-yaml-files
-        uses: ibiqlik/[email protected]
-        with:
-          config_file: ./ci/yamllint-config.yaml
+        run: |
+          type yamllint || sudo apt-get -y install yamllint
+          find . -name "*.yaml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml
+          find . -name "*.yml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml
 
       # In some YAML files we use JSON strings, let's check these
       - name: Validate JSON strings in YAML files (just syntax)
         id: validate-json-strings-in-yaml-files
         run: |
-          type json_verify || sudo apt-get install yajl-tools
+          type json_verify || sudo apt-get -y install yajl-tools
           bash ./ci/check-json.sh
 
       - name: Validate JSON files (just syntax)
         id: validate-json-files
         run: |
-          type json_verify || sudo apt-get install yajl-tools
+          type json_verify || sudo apt-get -y install yajl-tools
           shopt -s globstar
           ret_code=0
           echo "-- Checking a regular '*.json' files"
@@ -40,3 +41,13 @@ jobs:
               echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there."
           fi
           exit "${ret_code}"
+
+      - name: Validate Dockerfiles
+        id: validate-dockerfiles
+        run: |
+          type hadolint || sudo apt-get -y install wget \
+                             && wget --output-document=hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
+                             && chmod a+x hadolint
+          echo "Starting Hadolint"
+          find . -name "Dockerfile" | xargs ./hadolint --config ./ci/hadolint-config.yaml
+          echo "Hadolint done"
@@ -13,8 +13,8 @@ on:  # yamllint disable-line rule:truthy
 env:
   DIGEST_UPDATER_BRANCH: digest-updater-${{ github.run_id }}
   BRANCH_NAME: ${{ github.event.inputs.branch || 'main' }}
-  RELEASE_VERSION_N: 2023b
-  RELEASE_VERSION_N_1: 2023a
+  RELEASE_VERSION_N: 2024a
+  RELEASE_VERSION_N_1: 2023b
 jobs:
   initialize:
     runs-on: ubuntu-latest
@@ -51,7 +51,7 @@ jobs:
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          git config --global user.name "GitHub Actions"
 
-      # Get the latest weekly build commit hash: https://github.com/opendatahub-io/notebooks/commits/2023b
+      # Get the latest weekly build commit hash: https://github.com/opendatahub-io/notebooks/commits/2024a
       - name: Checkout upstream notebooks repo
         uses: actions/checkout@v3
         with:
@@ -109,7 +109,7 @@ jobs:
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          git config --global user.name "GitHub Actions"
 
-      # Get the latest weekly build commit hash: https://github.com/opendatahub-io/notebooks/commits/2023a
+      # Get the latest weekly build commit hash: https://github.com/opendatahub-io/notebooks/commits/2023b
       - name: Checkout upstream notebooks repo
         uses: actions/checkout@v3
         with:
@@ -146,15 +146,16 @@ jobs:
                 sed -i "s|${image}=.*|${image}=$output|" manifests/base/params.env
               done
               git fetch origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git pull origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git add manifests/base/params.env && git commit -m "Update images for release N-1 via ${{ env.DIGEST_UPDATER_BRANCH }} GitHub action" && git push origin  ${{ env.DIGEST_UPDATER_BRANCH }}
+
       - name: Fetch digest, and update the commit.env file
         run: |
-              echo Latest commit is: ${{ steps.hash-n.outputs.HASH_N }} on ${{ env.RELEASE_VERSION_N}}
-              COMMIT=("odh-minimal-notebook-image-commit-n" "odh-minimal-gpu-notebook-image-commit-n" "odh-pytorch-gpu-notebook-image-commit-n" "odh-generic-data-science-notebook-image-commit-n" "odh-tensorflow-gpu-notebook-image-commit-n" "odh-trustyai-notebook-image-commit-n")
+              echo Latest commit is: ${{ steps.hash-n-1.outputs.HASH_N_1 }} on ${{ env.RELEASE_VERSION_N_1}}
+              COMMIT=("odh-minimal-notebook-image-commit-n-1" "odh-minimal-gpu-notebook-image-commit-n-1" "odh-pytorch-gpu-notebook-image-commit-n-1" "odh-generic-data-science-notebook-image-commit-n-1" "odh-tensorflow-gpu-notebook-image-commit-n-1" "odh-trustyai-notebook-image-commit-n-1")
               for val in "${COMMIT[@]}"; do
                 echo $val
-                sed -i "s|${val}=.*|${val}=${{ steps.hash-n.outputs.HASH_N }}|" manifests/base/commit.env
+                sed -i "s|${val}=.*|${val}=${{ steps.hash-n-1.outputs.HASH_N_1 }}|" manifests/base/commit.env
               done
-              git fetch origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git pull origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git add manifests/base/commit.env && git commit -m "Update image commits for release N via ${{ env.DIGEST_UPDATER_BRANCH }} GitHub action" && git push origin  ${{ env.DIGEST_UPDATER_BRANCH }}
+              git fetch origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git pull origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git add manifests/base/commit.env && git commit -m "Update image commits for release N-1 via ${{ env.DIGEST_UPDATER_BRANCH }} GitHub action" && git push origin  ${{ env.DIGEST_UPDATER_BRANCH }}
   # Creates the Pull Request
   open-pull-request:
     needs: [update-n-version, update-n-1-version]
 
@@ -0,0 +1,23 @@
+---
+name: Validation of params.env content (image SHAs)
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    paths:
+      - 'manifests/base/params.env'
+
+permissions:
+  contents: read
+
+jobs:
+  validation-of-params-env:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get install -y skopeo jq
+
+      - name: Validate the 'manifests/base/params.env' file content
+        run: |
+          bash ./ci/check-params-env.sh
@@ -1,14 +1,14 @@
 ---
 # The aim of this GitHub workflow is to update the `ci/securitty-scan/security_scan_results.md` with latest security scan results.
 name: Update notebook image security reports
-on:
+on:  # yamllint disable-line rule:truthy
   workflow_dispatch:
     inputs:
       branch:
         required: true
         description: "Provide the name of the branch you want to update ex main, vYYYYx etc: "
   schedule:
-    - cron: "0 0 */21 * 5"  #Scheduled every third Friday
+    - cron: "0 0 */21 * 5"  # Scheduled every third Friday
 env:
   SEC_SCAN_BRANCH: sec-scan-${{ github.run_id }}
   BRANCH_NAME: main
 
@@ -202,6 +202,16 @@ intel-runtime-tensorflow-ubi9-python-3.9: intel-base-gpu-ubi9-python-3.9
 jupyter-intel-tensorflow-ubi9-python-3.9: intel-runtime-tensorflow-ubi9-python-3.9
 	$(call image,$@,jupyter/intel/tensorflow/ubi9-python-3.9,$<)
 
+# Build and push intel-runtime-pytorch-ubi9-python-3.9 image to the registry
+.PHONY: intel-runtime-pytorch-ubi9-python-3.9
+intel-runtime-pytorch-ubi9-python-3.9: intel-base-gpu-ubi9-python-3.9
+	$(call image,$@,intel/runtimes/pytorch/ubi9-python-3.9,$<)
+
+# Build and push jupyter-intel-pytorch-ubi9-python-3.9 image to the registry
+.PHONY: jupyter-intel-pytorch-ubi9-python-3.9
+jupyter-intel-pytorch-ubi9-python-3.9: intel-runtime-pytorch-ubi9-python-3.9
+	$(call image,$@,jupyter/intel/pytorch/ubi9-python-3.9,$<)
+
 ####################################### Buildchain for Python 3.9 using C9S #######################################
 
 # Build and push base-c9s-python-3.9 image to the registry
@@ -352,6 +362,8 @@ test-%: bin/kubectl
 		$(call test_with_papermill,minimal,ubi9,python-3.9) \
 	elif echo "$(FULL_NOTEBOOK_NAME)" | grep -q "intel-tensorflow-ubi9"; then \
 		$(call test_with_papermill,intel/tensorflow,ubi9,python-3.9) \
+	elif echo "$(FULL_NOTEBOOK_NAME)" | grep -q "intel-pytorch-ubi9"; then \
+		$(call test_with_papermill,intel/pytorch,ubi9,python-3.9) \
 	elif echo "$(FULL_NOTEBOOK_NAME)" | grep -q "datascience-ubi9"; then \
 		$(MAKE) validate-ubi9-datascience -e FULL_NOTEBOOK_NAME=$(FULL_NOTEBOOK_NAME); \
 	elif echo "$(FULL_NOTEBOOK_NAME)" | grep -q "pytorch-ubi9"; then \
 
@@ -79,7 +79,7 @@ ENV BASH_ENV="source /opt/anaconda3/bin/activate ${APP_ROOT}" \
 USER 1001
 
 # Set the default CMD to print the usage of the language image.
-CMD $STI_SCRIPTS_PATH/usage
+CMD ["$STI_SCRIPTS_PATH/usage"]
 
 
 FROM s2i-python-anaconda-38-base
@@ -93,12 +93,12 @@ LABEL name="odh-notebook-base-ubi8-anaconda-python-3.8" \
 WORKDIR /opt/app-root/bin
 
 # Install the oc client
-RUN curl -L https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz \
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
         -o /tmp/openshift-client-linux.tar.gz && \
     tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
     rm -f /tmp/openshift-client-linux.tar.gz
 
 # Fix permissions to support pip in Openshift environments
 RUN fix-permissions /opt/app-root -P
 
-WORKDIR /opt/app-root/src
+WORKDIR /opt/app-root/src
@@ -13,7 +13,7 @@ LABEL name="odh-notebook-base-centos-stream9-python-3.9" \
 WORKDIR /opt/app-root/bin
 
 # Install micropipenv to deploy packages from Pipfile.lock
-RUN pip install -U "micropipenv[toml]"
+RUN pip install --no-cache-dir -U "micropipenv[toml]"
 
 # Install Python dependencies from Pipfile.lock file
 COPY Pipfile.lock ./
@@ -22,14 +22,14 @@ COPY Pipfile.lock ./
 USER root
 
 # Install usefull OS packages
-RUN dnf install -y mesa-libGL
+RUN dnf install -y mesa-libGL && dnf clean all && rm -rf /var/cache/yum
 
 # Other apps and tools installed as default user
 USER 1001
 
 RUN echo "Installing softwares and packages" && micropipenv install && rm -f ./Pipfile.lock && \
     # Install the oc client \
-    curl -L https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz \
+    curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
         -o /tmp/openshift-client-linux.tar.gz && \
     tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
     rm -f /tmp/openshift-client-linux.tar.gz && \
 
@@ -13,7 +13,7 @@ LABEL name="odh-notebook-base-ubi8-python-3.8" \
 WORKDIR /opt/app-root/bin
 
 # Install micropipenv to deploy packages from Pipfile.lock
-RUN pip install -U "micropipenv[toml]"
+RUN pip install --no-cache-dir -U "micropipenv[toml]"
 
 # Install Python dependencies from Pipfile.lock file
 COPY Pipfile.lock ./
@@ -30,7 +30,7 @@ RUN dnf install -y mesa-libGL libnghttp2 && dnf clean all
 USER 1001
 
 # Install the oc client
-RUN curl -L https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz \
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
         -o /tmp/openshift-client-linux.tar.gz && \
     tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
     rm -f /tmp/openshift-client-linux.tar.gz
 
@@ -13,7 +13,7 @@ LABEL name="odh-notebook-base-ubi9-python-3.9" \
 WORKDIR /opt/app-root/bin
 
 # Install micropipenv to deploy packages from Pipfile.lock
-RUN pip install -U "micropipenv[toml]"
+RUN pip install --no-cache-dir -U "micropipenv[toml]"
 
 # Install Python dependencies from Pipfile.lock file
 COPY Pipfile.lock ./
@@ -24,13 +24,13 @@ RUN echo "Installing softwares and packages" && micropipenv install && rm -f ./P
 USER root
 
 # Install usefull OS packages
-RUN dnf install -y mesa-libGL
+RUN dnf install -y mesa-libGL && dnf clean all && rm -rf /var/cache/yum
 
 # Other apps and tools installed as default user
 USER 1001
 
 # Install the oc client
-RUN curl -L https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz \
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
         -o /tmp/openshift-client-linux.tar.gz && \
     tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
     rm -f /tmp/openshift-client-linux.tar.gz