Skip to content

Replace KSM with 1Password in test-mlperf-inference-tvm-resnet50.yml #359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Apr 16, 2025
Merged

Replace KSM with 1Password in test-mlperf-inference-tvm-resnet50.yml #359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
8a7ed61
Replace KSM with 1Password in test-mlperf-inference-tvm-resnet50.yml
nathanw-mlc Apr 9, 2025
14d3b9f
Add back if condition for secret fetching in test-mlperf-inference-tv…
nathanw-mlc Apr 9, 2025
5c2888e
Replace KSM with 1Password in test-mlperf-inference-resnet50.yml
nathanw-mlc Apr 9, 2025
3f15aa7
Update op-load-secret to support Windows runner in test-mlperf-infere…
nathanw-mlc Apr 16, 2025
06eb1d6
@nathanw-mlc Replace KSM with 1Password in test-mlperf-inference-rgat…
nathanw-mlc Apr 16, 2025
bc947db
Replace KSM with 1Password in test-mlperf-inference-retinanet.yml
nathanw-mlc Apr 16, 2025
1361916
Add fetch-secret need in test-mlperf-inference-rgat.yml
nathanw-mlc Apr 16, 2025
f3d7134
Add fetch-secret need in test-mlperf-inference-retinanet.yml
nathanw-mlc Apr 16, 2025
3a4a559
Replace KSM with 1Password in test-mlc-script-features.yml
nathanw-mlc Apr 16, 2025
eef2739
Replace KSM with 1Password in test-mlperf-inference-mlcommons-cpp-res…
nathanw-mlc Apr 16, 2025
69da985
Simplify op-load-secret in test-mlc-script-features.yml
nathanw-mlc Apr 16, 2025
1fe5093
Remove unnecessary checkout from op job in test-mlperf-inference-resn…
nathanw-mlc Apr 16, 2025
f3652c8
Remove unnecessary checkout from op job in test-mlperf-inference-reti…
nathanw-mlc Apr 16, 2025
8fd501a
Remove unnecessary checkout from op job in test-mlperf-inference-mlco…
nathanw-mlc Apr 16, 2025
7470b46
Replace KSM with 1Password in test-mlperf-inference-resnet50-closed-d…
nathanw-mlc Apr 16, 2025
dc59fd6
Simplify 1Password implementation in test-mlperf-inference-rgat.yml
nathanw-mlc Apr 16, 2025
b870499
Replace KSM with 1Password in test-mlperf-inference-bert-deepsparse-t…
nathanw-mlc Apr 16, 2025
730604d
Merge branch 'main' into 1password-transition
anandhu-eng Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions .github/workflows/test-mlc-script-features.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,17 +148,18 @@ jobs:
Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append
}

- name: Retrieve secrets from Keeper
- name: Load secret
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
id: ksecrets
uses: Keeper-Security/ksm-action@master
id: op-load-secret
uses: 1password/load-secrets-action@v2
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential
- name: Push Results
env:
GITHUB_TOKEN: ${{ env.PAT }}
GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }}
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
run: |
git config --global user.name "mlcommons-bot"
Expand Down
52 changes: 43 additions & 9 deletions .github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,34 @@ on:
- '!**.md'

jobs:
fetch-secret:
runs-on: ubuntu-latest
outputs:
encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }}
steps:
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential

- name: Encrypt secret
id: encrypt-secret
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
run: |
# AES-256 encrypt
encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \
openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)
echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT

build:
name: MLPerf Inference Bert ${{ matrix.backend }} on ${{ matrix.os }}
needs: [fetch-secret]
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand Down Expand Up @@ -58,17 +84,25 @@ jobs:
else
echo "run_step=false" >> $GITHUB_ENV
fi
- name: Retrieve secrets from Keeper
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT
- name: Decrypt secret
id: decrypt-secret
shell: bash
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }}
run: |
echo "Running on OS: ${{ matrix.os }}"

# Decrypt
decrypted=$(echo "$encrypted_secret" | \
openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)

echo "::add-mask::$decrypted"
echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT
- name: Push Results
env:
GITHUB_TOKEN: ${{ env.PAT }}
GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }}
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
run: |
git config --global user.name "mlcommons-bot"
Expand Down
52 changes: 43 additions & 9 deletions .github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,34 @@ on:
- '!**.md'

jobs:
fetch-secret:
runs-on: ubuntu-latest
outputs:
encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }}
steps:
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential

- name: Encrypt secret
id: encrypt-secret
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
run: |
# AES-256 encrypt
encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \
openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)
echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT

build:
name: MLPerf inference MLCommons C++ ResNet50
needs: [fetch-secret]
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand Down Expand Up @@ -56,17 +82,25 @@ jobs:
else
echo "run_step=false" >> $GITHUB_ENV
fi
- name: Retrieve secrets from Keeper
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT
- name: Decrypt secret
id: decrypt-secret
shell: bash
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }}
run: |
echo "Running on OS: ${{ matrix.os }}"

# Decrypt
decrypted=$(echo "$encrypted_secret" | \
openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)

echo "::add-mask::$decrypted"
echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT
- name: Push Results
env:
GITHUB_TOKEN: ${{ env.PAT }}
GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }}
USER: mlcommons-bot
EMAIL: mlcommons-bot@users.noreply.github.com
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
Expand Down
52 changes: 43 additions & 9 deletions .github/workflows/test-mlperf-inference-resnet50-closed-division.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,34 @@ on:
- cron: '0 0 * * 0' # Runs once a week on Sunday at 00:00 UTC
workflow_dispatch: {} # Allows manual triggering of the workflow
jobs:
fetch-secret:
runs-on: ubuntu-latest
outputs:
encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }}
steps:
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential

- name: Encrypt secret
id: encrypt-secret
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
run: |
# AES-256 encrypt
encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \
openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)
echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT

build:
name: MLPerf inference MLCommons ResNet50 Closed Division
needs: [fetch-secret]
runs-on: ${{ matrix.os }}
env:
MLC_INDEX: "on"
Expand Down Expand Up @@ -81,17 +107,25 @@ jobs:
Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append
}

- name: Retrieve secrets from Keeper
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT
- name: Decrypt secret
id: decrypt-secret
shell: bash
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }}
run: |
echo "Running on OS: ${{ matrix.os }}"

# Decrypt
decrypted=$(echo "$encrypted_secret" | \
openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)

echo "::add-mask::$decrypted"
echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT
- name: Push Results
env:
GITHUB_TOKEN: ${{ env.PAT }}
GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }}
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
run: |
git config --global user.name "mlcommons-bot"
Expand Down
52 changes: 43 additions & 9 deletions .github/workflows/test-mlperf-inference-resnet50.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,33 @@ on:
- '!**.md'

jobs:
fetch-secret:
runs-on: ubuntu-latest
outputs:
encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }}
steps:
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential

- name: Encrypt secret
id: encrypt-secret
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
run: |
# AES-256 encrypt
encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \
openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)
echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT

mlc-run-with-results-upload:
needs: [fetch-secret]
runs-on: ${{ matrix.os }}
env:
MLC_INDEX: "on"
Expand Down Expand Up @@ -82,17 +108,25 @@ jobs:
Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append
}

- name: Retrieve secrets from Keeper
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT
- name: Decrypt secret
id: decrypt-secret
shell: bash
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }}
run: |
echo "Running on OS: ${{ matrix.os }}"

# Decrypt
decrypted=$(echo "$encrypted_secret" | \
openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)

echo "::add-mask::$decrypted"
echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT
- name: Push Results
env:
GITHUB_TOKEN: ${{ env.PAT }}
GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }}
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
run: |
git config --global user.name "mlcommons-bot"
Expand Down
52 changes: 43 additions & 9 deletions .github/workflows/test-mlperf-inference-retinanet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,33 @@ on:
- '!**.md'

jobs:
fetch-secret:
runs-on: ubuntu-latest
outputs:
encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }}
steps:
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential

- name: Encrypt secret
id: encrypt-secret
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
run: |
# AES-256 encrypt
encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \
openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)
echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT

mlc-run:
needs: [fetch-secret]
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand Down Expand Up @@ -77,17 +103,25 @@ jobs:
Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append
}

- name: Retrieve secrets from Keeper
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT
- name: Decrypt secret
id: decrypt-secret
shell: bash
env:
ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }}
encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }}
run: |
echo "Running on OS: ${{ matrix.os }}"

# Decrypt
decrypted=$(echo "$encrypted_secret" | \
openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \
-pass pass:"$ENCRYPTION_KEY" -base64)

echo "::add-mask::$decrypted"
echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT
- name: Push Results
env:
GITHUB_TOKEN: ${{ env.PAT }}
GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }}
if: github.repository_owner == 'mlcommons' && env.run_step == 'true'
run: |
git config --global user.name "mlcommons-bot"
Expand Down
Loading
Loading