From 8a7ed612c6a52e780945b7a587831f97046c40d0 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 9 Apr 2025 17:55:36 -0500 Subject: [PATCH 01/25] Replace KSM with 1Password in test-mlperf-inference-tvm-resnet50.yml --- .../test-mlperf-inference-tvm-resnet50.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-tvm-resnet50.yml b/.github/workflows/test-mlperf-inference-tvm-resnet50.yml index b2ae35d04..8655491ef 100644 --- a/.github/workflows/test-mlperf-inference-tvm-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-tvm-resnet50.yml @@ -46,17 +46,17 @@ jobs: else echo "run_step=false" >> $GITHUB_ENV fi - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} USER: mlcommons-bot EMAIL: mlcommons-bot@users.noreply.github.com if: github.repository_owner == 'mlcommons' && env.run_step == 'true' From 14d3b9fb5693ad0eb24b66e19f50bd8f932713c9 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 9 Apr 2025 17:59:26 -0500 Subject: [PATCH 02/25] Add back if condition for secret fetching in test-mlperf-inference-tvm-resnet50.yml --- .github/workflows/test-mlperf-inference-tvm-resnet50.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test-mlperf-inference-tvm-resnet50.yml b/.github/workflows/test-mlperf-inference-tvm-resnet50.yml index 8655491ef..393d1c5cd 100644 --- a/.github/workflows/test-mlperf-inference-tvm-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-tvm-resnet50.yml @@ -47,6 +47,7 @@ jobs: echo "run_step=false" >> $GITHUB_ENV fi - name: Load secret + if: github.repository_owner == 'mlcommons' && env.run_step == 'true' id: op-load-secret uses: 1password/load-secrets-action@v2 with: From 5c2888eafcc8d68cd69e3af819d85fef1977a8f9 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 9 Apr 2025 18:01:59 -0500 Subject: [PATCH 03/25] Replace KSM with 1Password in test-mlperf-inference-resnet50.yml --- .../workflows/test-mlperf-inference-resnet50.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-resnet50.yml b/.github/workflows/test-mlperf-inference-resnet50.yml index 9bc5db424..1120c8867 100644 --- a/.github/workflows/test-mlperf-inference-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-resnet50.yml @@ -82,17 +82,18 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper + - name: Load secret if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master + id: op-load-secret + uses: 1password/load-secrets-action@v2 with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From 3f15aa7563964dfc6abbd7fa2eae7efc61ec29e1 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:31:36 -0500 Subject: [PATCH 04/25] Update op-load-secret to support Windows runner in test-mlperf-inference-resnet50.yml --- .../test-mlperf-inference-resnet50.yml | 52 +++++++++++++++---- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-resnet50.yml b/.github/workflows/test-mlperf-inference-resnet50.yml index 1120c8867..13df895e1 100644 --- a/.github/workflows/test-mlperf-inference-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-resnet50.yml @@ -9,7 +9,34 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - uses: actions/checkout@v3 + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + mlc-run-with-results-upload: + needs: [fetch-secret] runs-on: ${{ matrix.os }} env: MLC_INDEX: "on" @@ -82,18 +109,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Load secret - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: op-load-secret - uses: 1password/load-secrets-action@v2 - with: - export-env: false + - name: Decrypt secret + id: decrypt-secret + shell: bash env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From 06eb1d6c4e4a65d8d1e1cbb5084fa8e929d00d44 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:37:55 -0500 Subject: [PATCH 05/25] @nathanw-mlc Replace KSM with 1Password in test-mlperf-inference-rgat.yml --- .../workflows/test-mlperf-inference-rgat.yml | 40 +++++++++++++++---- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-rgat.yml b/.github/workflows/test-mlperf-inference-rgat.yml index f8b0e6116..ce9944374 100644 --- a/.github/workflows/test-mlperf-inference-rgat.yml +++ b/.github/workflows/test-mlperf-inference-rgat.yml @@ -9,6 +9,21 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - uses: actions/checkout@v3 + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + rgat-inference-run: name: ${{ matrix.os }} - ${{ matrix.backend }} - ${{ matrix.implementation }} runs-on: ${{ matrix.os }} @@ -37,17 +52,26 @@ jobs: run: | mlcr run,mlperf,inference,generate-run-cmds,_submission,_short --adr.inference-src.tags=_branch.dev --pull_changes=yes --pull_inference_changes=yes --submitter="MLCommons" --hw_name=gh_${{ matrix.os }}_x86 --model=rgat --implementation=${{ matrix.implementation }} --backend=${{ matrix.backend }} --device=cpu --scenario=Offline --test_query_count=500 --adr.compiler.tags=gcc --category=datacenter --quiet -v --target_qps=1 - - name: Retrieve secrets from Keeper - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} run: | git config --global user.name "mlcommons-bot" git config --global user.email "mlcommons-bot@users.noreply.github.com" From bc947db3a4dcc28baabc24c1942774d491d4fa57 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:44:00 -0500 Subject: [PATCH 06/25] Replace KSM with 1Password in test-mlperf-inference-retinanet.yml --- .../test-mlperf-inference-retinanet.yml | 52 +++++++++++++++---- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml index 40e749831..52bb12523 100644 --- a/.github/workflows/test-mlperf-inference-retinanet.yml +++ b/.github/workflows/test-mlperf-inference-retinanet.yml @@ -9,6 +9,32 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - uses: actions/checkout@v3 + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + mlc-run: runs-on: ${{ matrix.os }} strategy: @@ -77,17 +103,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From 136191692207aaa2a47d8567ae0100e9e77c4be4 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:47:26 -0500 Subject: [PATCH 07/25] Add fetch-secret need in test-mlperf-inference-rgat.yml --- .github/workflows/test-mlperf-inference-rgat.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test-mlperf-inference-rgat.yml b/.github/workflows/test-mlperf-inference-rgat.yml index ce9944374..606513ad3 100644 --- a/.github/workflows/test-mlperf-inference-rgat.yml +++ b/.github/workflows/test-mlperf-inference-rgat.yml @@ -26,6 +26,7 @@ jobs: rgat-inference-run: name: ${{ matrix.os }} - ${{ matrix.backend }} - ${{ matrix.implementation }} + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false From f3d71345682b966638f13b8912e832fbfe33624c Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:48:01 -0500 Subject: [PATCH 08/25] Add fetch-secret need in test-mlperf-inference-retinanet.yml --- .github/workflows/test-mlperf-inference-retinanet.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml index 52bb12523..1a4e838fc 100644 --- a/.github/workflows/test-mlperf-inference-retinanet.yml +++ b/.github/workflows/test-mlperf-inference-retinanet.yml @@ -36,6 +36,7 @@ jobs: echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT mlc-run: + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false From 3a4a5593b544469465536abf432af94c4c00c591 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:50:07 -0500 Subject: [PATCH 09/25] Replace KSM with 1Password in test-mlc-script-features.yml --- .../workflows/test-mlc-script-features.yml | 53 +++++++++++++++---- 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-mlc-script-features.yml b/.github/workflows/test-mlc-script-features.yml index 88708f577..a4c7c6f1d 100644 --- a/.github/workflows/test-mlc-script-features.yml +++ b/.github/workflows/test-mlc-script-features.yml @@ -94,7 +94,34 @@ jobs: run: | mlcr run,docker,container --adr.compiler.tags=gcc --docker_mlc_repo=mlcommons@mlperf-automations --docker_mlc_repo_branch=dev --image_name=mlc-script-app-image-classification-onnx-py --env.MLC_DOCKER_RUN_SCRIPT_TAGS=app,image-classification,onnx,python --env.MLC_DOCKER_IMAGE_BASE=ubuntu:22.04 --env.MLC_DOCKER_IMAGE_REPO=local --quiet + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - uses: actions/checkout@v3 + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + test_mlperf_retinanet_cpp_venv: + needs: [fetch-secret] runs-on: ubuntu-latest strategy: fail-fast: false @@ -148,17 +175,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From eef2739af25da7e709328888f5df841163069cbc Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:51:30 -0500 Subject: [PATCH 10/25] Replace KSM with 1Password in test-mlperf-inference-mlcommons-cpp-resnet50.yml --- ...lperf-inference-mlcommons-cpp-resnet50.yml | 53 +++++++++++++++---- 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml index 737132572..87089592c 100644 --- a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml @@ -9,8 +9,35 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - uses: actions/checkout@v3 + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + build: name: MLPerf inference MLCommons C++ ResNet50 + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -56,17 +83,25 @@ jobs: else echo "run_step=false" >> $GITHUB_ENV fi - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} USER: mlcommons-bot EMAIL: mlcommons-bot@users.noreply.github.com if: github.repository_owner == 'mlcommons' && env.run_step == 'true' From 69da9853324e2c1e4e6ccf3f953fe1730c57fbf8 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:55:42 -0500 Subject: [PATCH 11/25] Simplify op-load-secret in test-mlc-script-features.yml --- .../workflows/test-mlc-script-features.yml | 52 ++++--------------- 1 file changed, 9 insertions(+), 43 deletions(-) diff --git a/.github/workflows/test-mlc-script-features.yml b/.github/workflows/test-mlc-script-features.yml index a4c7c6f1d..8280cdf53 100644 --- a/.github/workflows/test-mlc-script-features.yml +++ b/.github/workflows/test-mlc-script-features.yml @@ -94,34 +94,7 @@ jobs: run: | mlcr run,docker,container --adr.compiler.tags=gcc --docker_mlc_repo=mlcommons@mlperf-automations --docker_mlc_repo_branch=dev --image_name=mlc-script-app-image-classification-onnx-py --env.MLC_DOCKER_RUN_SCRIPT_TAGS=app,image-classification,onnx,python --env.MLC_DOCKER_IMAGE_BASE=ubuntu:22.04 --env.MLC_DOCKER_IMAGE_REPO=local --quiet - fetch-secret: - runs-on: ubuntu-latest - outputs: - encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} - steps: - - uses: actions/checkout@v3 - - name: Load secret - id: op-load-secret - uses: 1password/load-secrets-action@v2 - with: - export-env: false - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - - - name: Encrypt secret - id: encrypt-secret - env: - ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} - run: | - # AES-256 encrypt - encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ - openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) - echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT - test_mlperf_retinanet_cpp_venv: - needs: [fetch-secret] runs-on: ubuntu-latest strategy: fail-fast: false @@ -175,25 +148,18 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Decrypt secret - id: decrypt-secret - shell: bash + - name: Load secret + if: github.repository_owner == 'mlcommons' && env.run_step == 'true' + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false env: - ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} - encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} - run: | - echo "Running on OS: ${{ matrix.os }}" - - # Decrypt - decrypted=$(echo "$encrypted_secret" | \ - openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) - - echo "::add-mask::$decrypted" - echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From 1fe50934a523a90d7360287ee7a42b93b5ae3885 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:58:10 -0500 Subject: [PATCH 12/25] Remove unnecessary checkout from op job in test-mlperf-inference-resnet50.yml --- .github/workflows/test-mlperf-inference-resnet50.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-mlperf-inference-resnet50.yml b/.github/workflows/test-mlperf-inference-resnet50.yml index 13df895e1..fc727062f 100644 --- a/.github/workflows/test-mlperf-inference-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-resnet50.yml @@ -14,7 +14,6 @@ jobs: outputs: encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} steps: - - uses: actions/checkout@v3 - name: Load secret id: op-load-secret uses: 1password/load-secrets-action@v2 From f3652c83e627788808346beb207b4e0b29a5567f Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:58:42 -0500 Subject: [PATCH 13/25] Remove unnecessary checkout from op job in test-mlperf-inference-retinanet.yml --- .github/workflows/test-mlperf-inference-retinanet.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml index 1a4e838fc..b6136a7ce 100644 --- a/.github/workflows/test-mlperf-inference-retinanet.yml +++ b/.github/workflows/test-mlperf-inference-retinanet.yml @@ -14,7 +14,6 @@ jobs: outputs: encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} steps: - - uses: actions/checkout@v3 - name: Load secret id: op-load-secret uses: 1password/load-secrets-action@v2 From 8fd501a7f91546ddb52da4b56328be6929c4a65c Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 20:59:15 -0500 Subject: [PATCH 14/25] Remove unnecessary checkout from op job in test-mlperf-inference-mlcommons-cpp-resnet50.yml --- .../workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml index 87089592c..ebfdc6863 100644 --- a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml @@ -14,7 +14,6 @@ jobs: outputs: encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} steps: - - uses: actions/checkout@v3 - name: Load secret id: op-load-secret uses: 1password/load-secrets-action@v2 From 7470b4614d50e80b9fb7e48df285d07926d67667 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 21:00:51 -0500 Subject: [PATCH 15/25] Replace KSM with 1Password in test-mlperf-inference-resnet50-closed-division.yml --- ...erf-inference-resnet50-closed-division.yml | 52 +++++++++++++++---- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml b/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml index 586317439..fcc33736e 100644 --- a/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml +++ b/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml @@ -5,8 +5,34 @@ on: - cron: '0 0 * * 0' # Runs once a week on Sunday at 00:00 UTC workflow_dispatch: {} # Allows manual triggering of the workflow jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + build: name: MLPerf inference MLCommons ResNet50 Closed Division + needs: [fetch-secret] runs-on: ${{ matrix.os }} env: MLC_INDEX: "on" @@ -81,17 +107,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From dc59fd61f6b23c7c1524aced3930dc9fbf051f71 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 21:02:09 -0500 Subject: [PATCH 16/25] Simplify 1Password implementation in test-mlperf-inference-rgat.yml --- .../workflows/test-mlperf-inference-rgat.yml | 40 +++++-------------- 1 file changed, 9 insertions(+), 31 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-rgat.yml b/.github/workflows/test-mlperf-inference-rgat.yml index 606513ad3..948b5e802 100644 --- a/.github/workflows/test-mlperf-inference-rgat.yml +++ b/.github/workflows/test-mlperf-inference-rgat.yml @@ -9,21 +9,6 @@ on: - '!**.md' jobs: - fetch-secret: - runs-on: ubuntu-latest - outputs: - encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} - steps: - - uses: actions/checkout@v3 - - name: Load secret - id: op-load-secret - uses: 1password/load-secrets-action@v2 - with: - export-env: false - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - rgat-inference-run: name: ${{ matrix.os }} - ${{ matrix.backend }} - ${{ matrix.implementation }} needs: [fetch-secret] @@ -53,26 +38,19 @@ jobs: run: | mlcr run,mlperf,inference,generate-run-cmds,_submission,_short --adr.inference-src.tags=_branch.dev --pull_changes=yes --pull_inference_changes=yes --submitter="MLCommons" --hw_name=gh_${{ matrix.os }}_x86 --model=rgat --implementation=${{ matrix.implementation }} --backend=${{ matrix.backend }} --device=cpu --scenario=Offline --test_query_count=500 --adr.compiler.tags=gcc --category=datacenter --quiet -v --target_qps=1 - - name: Decrypt secret - id: decrypt-secret - shell: bash + - name: Load secret + if: github.repository_owner == 'mlcommons' && env.run_step == 'true' + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false env: - ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} - encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} - run: | - echo "Running on OS: ${{ matrix.os }}" - - # Decrypt - decrypted=$(echo "$encrypted_secret" | \ - openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) - - echo "::add-mask::$decrypted" - echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} run: | git config --global user.name "mlcommons-bot" git config --global user.email "mlcommons-bot@users.noreply.github.com" From b8704991dc7d0d38d6c8183c7b502d33eac3858c Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Tue, 15 Apr 2025 21:04:06 -0500 Subject: [PATCH 17/25] Replace KSM with 1Password in test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml --- ...bert-deepsparse-tf-onnxruntime-pytorch.yml | 52 +++++++++++++++---- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml index 73f0d4adb..bec131ac9 100644 --- a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml +++ b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml @@ -9,8 +9,34 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + build: name: MLPerf Inference Bert ${{ matrix.backend }} on ${{ matrix.os }} + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -58,17 +84,25 @@ jobs: else echo "run_step=false" >> $GITHUB_ENV fi - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" From 27dc6aa26a305c4310be78a851213b7193b99899 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 13:16:11 -0500 Subject: [PATCH 18/25] Replace KSM with 1Password in test-mlperf-inference-tvm-resnet50.yml (#359) * Replace KSM with 1Password in test-mlperf-inference-tvm-resnet50.yml * Add back if condition for secret fetching in test-mlperf-inference-tvm-resnet50.yml * Replace KSM with 1Password in test-mlperf-inference-resnet50.yml * Update op-load-secret to support Windows runner in test-mlperf-inference-resnet50.yml * @nathanw-mlc Replace KSM with 1Password in test-mlperf-inference-rgat.yml * Replace KSM with 1Password in test-mlperf-inference-retinanet.yml * Add fetch-secret need in test-mlperf-inference-rgat.yml * Add fetch-secret need in test-mlperf-inference-retinanet.yml * Replace KSM with 1Password in test-mlc-script-features.yml * Replace KSM with 1Password in test-mlperf-inference-mlcommons-cpp-resnet50.yml * Simplify op-load-secret in test-mlc-script-features.yml * Remove unnecessary checkout from op job in test-mlperf-inference-resnet50.yml * Remove unnecessary checkout from op job in test-mlperf-inference-retinanet.yml * Remove unnecessary checkout from op job in test-mlperf-inference-mlcommons-cpp-resnet50.yml * Replace KSM with 1Password in test-mlperf-inference-resnet50-closed-division.yml * Simplify 1Password implementation in test-mlperf-inference-rgat.yml * Replace KSM with 1Password in test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml --- .../workflows/test-mlc-script-features.yml | 15 +++--- ...bert-deepsparse-tf-onnxruntime-pytorch.yml | 52 +++++++++++++++---- ...lperf-inference-mlcommons-cpp-resnet50.yml | 52 +++++++++++++++---- ...erf-inference-resnet50-closed-division.yml | 52 +++++++++++++++---- .../test-mlperf-inference-resnet50.yml | 52 +++++++++++++++---- .../test-mlperf-inference-retinanet.yml | 52 +++++++++++++++---- .../workflows/test-mlperf-inference-rgat.yml | 17 +++--- .../test-mlperf-inference-tvm-resnet50.yml | 15 +++--- 8 files changed, 241 insertions(+), 66 deletions(-) diff --git a/.github/workflows/test-mlc-script-features.yml b/.github/workflows/test-mlc-script-features.yml index 88708f577..8280cdf53 100644 --- a/.github/workflows/test-mlc-script-features.yml +++ b/.github/workflows/test-mlc-script-features.yml @@ -148,17 +148,18 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper + - name: Load secret if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master + id: op-load-secret + uses: 1password/load-secrets-action@v2 with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" diff --git a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml index 73f0d4adb..bec131ac9 100644 --- a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml +++ b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml @@ -9,8 +9,34 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + build: name: MLPerf Inference Bert ${{ matrix.backend }} on ${{ matrix.os }} + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -58,17 +84,25 @@ jobs: else echo "run_step=false" >> $GITHUB_ENV fi - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" diff --git a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml index 737132572..ebfdc6863 100644 --- a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml @@ -9,8 +9,34 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + build: name: MLPerf inference MLCommons C++ ResNet50 + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -56,17 +82,25 @@ jobs: else echo "run_step=false" >> $GITHUB_ENV fi - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} USER: mlcommons-bot EMAIL: mlcommons-bot@users.noreply.github.com if: github.repository_owner == 'mlcommons' && env.run_step == 'true' diff --git a/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml b/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml index 586317439..fcc33736e 100644 --- a/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml +++ b/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml @@ -5,8 +5,34 @@ on: - cron: '0 0 * * 0' # Runs once a week on Sunday at 00:00 UTC workflow_dispatch: {} # Allows manual triggering of the workflow jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + build: name: MLPerf inference MLCommons ResNet50 Closed Division + needs: [fetch-secret] runs-on: ${{ matrix.os }} env: MLC_INDEX: "on" @@ -81,17 +107,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" diff --git a/.github/workflows/test-mlperf-inference-resnet50.yml b/.github/workflows/test-mlperf-inference-resnet50.yml index 9bc5db424..fc727062f 100644 --- a/.github/workflows/test-mlperf-inference-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-resnet50.yml @@ -9,7 +9,33 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + mlc-run-with-results-upload: + needs: [fetch-secret] runs-on: ${{ matrix.os }} env: MLC_INDEX: "on" @@ -82,17 +108,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml index 40e749831..b6136a7ce 100644 --- a/.github/workflows/test-mlperf-inference-retinanet.yml +++ b/.github/workflows/test-mlperf-inference-retinanet.yml @@ -9,7 +9,33 @@ on: - '!**.md' jobs: + fetch-secret: + runs-on: ubuntu-latest + outputs: + encrypted_secret: ${{ steps.encrypt-secret.outputs.encrypted_secret }} + steps: + - name: Load secret + id: op-load-secret + uses: 1password/load-secrets-action@v2 + with: + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential + + - name: Encrypt secret + id: encrypt-secret + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + run: | + # AES-256 encrypt + encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ + openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + mlc-run: + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -77,17 +103,25 @@ jobs: Write-Host "run_step=false" | Out-File -FilePath $Env:GITHUB_ENV -Append } - - name: Retrieve secrets from Keeper - if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + - name: Decrypt secret + id: decrypt-secret + shell: bash + env: + ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} + encrypted_secret: ${{ needs.fetch-secret.outputs.encrypted_secret }} + run: | + echo "Running on OS: ${{ matrix.os }}" + + # Decrypt + decrypted=$(echo "$encrypted_secret" | \ + openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ + -pass pass:"$ENCRYPTION_KEY" -base64) + + echo "::add-mask::$decrypted" + echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.decrypt-secret.outputs.decrypted_secret }} if: github.repository_owner == 'mlcommons' && env.run_step == 'true' run: | git config --global user.name "mlcommons-bot" diff --git a/.github/workflows/test-mlperf-inference-rgat.yml b/.github/workflows/test-mlperf-inference-rgat.yml index f8b0e6116..948b5e802 100644 --- a/.github/workflows/test-mlperf-inference-rgat.yml +++ b/.github/workflows/test-mlperf-inference-rgat.yml @@ -11,6 +11,7 @@ on: jobs: rgat-inference-run: name: ${{ matrix.os }} - ${{ matrix.backend }} - ${{ matrix.implementation }} + needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -37,17 +38,19 @@ jobs: run: | mlcr run,mlperf,inference,generate-run-cmds,_submission,_short --adr.inference-src.tags=_branch.dev --pull_changes=yes --pull_inference_changes=yes --submitter="MLCommons" --hw_name=gh_${{ matrix.os }}_x86 --model=rgat --implementation=${{ matrix.implementation }} --backend=${{ matrix.backend }} --device=cpu --scenario=Offline --test_query_count=500 --adr.compiler.tags=gcc --category=datacenter --quiet -v --target_qps=1 - - name: Retrieve secrets from Keeper - id: ksecrets - uses: Keeper-Security/ksm-action@master + - name: Load secret + if: github.repository_owner == 'mlcommons' && env.run_step == 'true' + id: op-load-secret + uses: 1password/load-secrets-action@v2 with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} run: | git config --global user.name "mlcommons-bot" git config --global user.email "mlcommons-bot@users.noreply.github.com" diff --git a/.github/workflows/test-mlperf-inference-tvm-resnet50.yml b/.github/workflows/test-mlperf-inference-tvm-resnet50.yml index b2ae35d04..393d1c5cd 100644 --- a/.github/workflows/test-mlperf-inference-tvm-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-tvm-resnet50.yml @@ -46,17 +46,18 @@ jobs: else echo "run_step=false" >> $GITHUB_ENV fi - - name: Retrieve secrets from Keeper + - name: Load secret if: github.repository_owner == 'mlcommons' && env.run_step == 'true' - id: ksecrets - uses: Keeper-Security/ksm-action@master + id: op-load-secret + uses: 1password/load-secrets-action@v2 with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: |- - ubwkjh-Ii8UJDpG2EoU6GQ/field/Access Token > env:PAT + export-env: false + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + PAT: op://7basd2jirojjckncf6qnq3azai/bzbaco3uxoqs2rcyu42rvuccga/credential - name: Push Results env: - GITHUB_TOKEN: ${{ env.PAT }} + GITHUB_TOKEN: ${{ steps.op-load-secret.outputs.PAT }} USER: mlcommons-bot EMAIL: mlcommons-bot@users.noreply.github.com if: github.repository_owner == 'mlcommons' && env.run_step == 'true' From 17b3f5c9166b630a46ece0f3de28c78b4ff0dffe Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 15:48:04 -0500 Subject: [PATCH 19/25] Fix base64 linebreak issue in test-mlperf-inference-resnet50.yml --- .github/workflows/test-mlperf-inference-resnet50.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-resnet50.yml b/.github/workflows/test-mlperf-inference-resnet50.yml index fc727062f..e6788cd71 100644 --- a/.github/workflows/test-mlperf-inference-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-resnet50.yml @@ -31,7 +31,7 @@ jobs: # AES-256 encrypt encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT mlc-run-with-results-upload: @@ -120,7 +120,7 @@ jobs: # Decrypt decrypted=$(echo "$encrypted_secret" | \ openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "::add-mask::$decrypted" echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT From 12aa9dc2d631690cf4fbe8150c5a26a1b6ac9d2b Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 15:48:40 -0500 Subject: [PATCH 20/25] Remove fetch-secret need from test-mlperf-inference-rgat.yml --- .github/workflows/test-mlperf-inference-rgat.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-mlperf-inference-rgat.yml b/.github/workflows/test-mlperf-inference-rgat.yml index 948b5e802..79b0b93a4 100644 --- a/.github/workflows/test-mlperf-inference-rgat.yml +++ b/.github/workflows/test-mlperf-inference-rgat.yml @@ -11,7 +11,6 @@ on: jobs: rgat-inference-run: name: ${{ matrix.os }} - ${{ matrix.backend }} - ${{ matrix.implementation }} - needs: [fetch-secret] runs-on: ${{ matrix.os }} strategy: fail-fast: false From 141abd4c6632b47eda3a54b1ec480a5a8634933e Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 15:49:02 -0500 Subject: [PATCH 21/25] Fix base64 linebreak issue in test-mlperf-inference-mlcommons-cpp-resnet50.yml --- .../test-mlperf-inference-mlcommons-cpp-resnet50.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml index ebfdc6863..10e859922 100644 --- a/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml +++ b/.github/workflows/test-mlperf-inference-mlcommons-cpp-resnet50.yml @@ -31,7 +31,7 @@ jobs: # AES-256 encrypt encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT build: @@ -94,7 +94,7 @@ jobs: # Decrypt decrypted=$(echo "$encrypted_secret" | \ openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "::add-mask::$decrypted" echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT From e0ee4ed771b0a328d6b74ce0aa7d9fef6dcbfcc2 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 15:49:43 -0500 Subject: [PATCH 22/25] Fix base64 linebreak issue in test-mlperf-inference-resnet50-closed-division.yml --- .../test-mlperf-inference-resnet50-closed-division.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml b/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml index fcc33736e..ad536cbcd 100644 --- a/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml +++ b/.github/workflows/test-mlperf-inference-resnet50-closed-division.yml @@ -27,7 +27,7 @@ jobs: # AES-256 encrypt encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT build: @@ -119,7 +119,7 @@ jobs: # Decrypt decrypted=$(echo "$encrypted_secret" | \ openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "::add-mask::$decrypted" echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT From df7ef1005dc4be4f18448d7197c8a96e3aad5692 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 15:52:03 -0500 Subject: [PATCH 23/25] Fix base64 linebreak issue in test-mlperf-inference-retinanet.yml --- .github/workflows/test-mlperf-inference-retinanet.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-retinanet.yml b/.github/workflows/test-mlperf-inference-retinanet.yml index b6136a7ce..d98daa89a 100644 --- a/.github/workflows/test-mlperf-inference-retinanet.yml +++ b/.github/workflows/test-mlperf-inference-retinanet.yml @@ -31,7 +31,7 @@ jobs: # AES-256 encrypt encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT mlc-run: @@ -115,7 +115,7 @@ jobs: # Decrypt decrypted=$(echo "$encrypted_secret" | \ openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "::add-mask::$decrypted" echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT From 8819550a9bbf3e5fb136f3b0c974225e77d07397 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Wed, 16 Apr 2025 15:52:25 -0500 Subject: [PATCH 24/25] Fix base64 linebreak issue in test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml --- ...lperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml index bec131ac9..1d64a37f6 100644 --- a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml +++ b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml @@ -31,7 +31,7 @@ jobs: # AES-256 encrypt encrypted=$(echo "${{ steps.op-load-secret.outputs.pat }}" | \ openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT build: @@ -96,7 +96,7 @@ jobs: # Decrypt decrypted=$(echo "$encrypted_secret" | \ openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ - -pass pass:"$ENCRYPTION_KEY" -base64) + -pass pass:"$ENCRYPTION_KEY" -base64 -A) echo "::add-mask::$decrypted" echo "DECRYPTED_SECRET=$decrypted" >> $GITHUB_OUTPUT From 9cc4b40b644e830a757265b673b03e4abbe8c7e6 Mon Sep 17 00:00:00 2001 From: Nathan Wasson Date: Thu, 17 Apr 2025 14:44:27 -0500 Subject: [PATCH 25/25] Update echo syntax in test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml --- ...lperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml index 5821a0b5c..ca9f70590 100644 --- a/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml +++ b/.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml @@ -33,7 +33,9 @@ jobs: openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 \ -pass pass:"$ENCRYPTION_KEY" -base64 -A) - echo "encrypted_secret=$encrypted" >> $GITHUB_OUTPUT + echo "encrypted_secret<> $GITHUB_OUTPUT + echo "$encrypted" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT build: name: MLPerf Inference Bert ${{ matrix.backend }} on ${{ matrix.os }}