[build] Add safety report to docker image #1186
Conversation
| assert (safety_check.run_safety_check_with_ignore_list(docker_exec_cmd, ignore_str) == 0), \ | ||
| f"Safety test failed for {image}" | ||
| else: | ||
| LOGGER.info(f"Safety check is complete as a part of docker build and report exist at {SAFETY_FILE}") |
1. common_stage 2. constant.py (Only to this PR's code) 3. image_buider (Only to this PR's code) 4. image 5. test_safety_report_file 6. metrics.py (Only to this PR's code) 7. utils.py (Only to this PR's code) 8. safety_report_generato (Already ran) Not run on: 1. Dockerfile.common 2. Data Json 3. test_safety_check
…eport PULL request
src/image.py
Outdated
| if self.to_push: | ||
| raise ValueError("Corresponding common stage image can only exist if the image is non-pushable") |
There was a problem hiding this comment.
Why can this only exist if the image is non-pushable?
There was a problem hiding this comment.
Changed as per conversation.
| "38452":"for shipping pillow<=6.2.2 - the last available version for py2", | ||
| "35015":"for shipping pycrypto<=2.6.1 - the last available version for py2" | ||
| }, | ||
| "py3": { |
There was a problem hiding this comment.
Should this contain the python minor version as well? What happens when a DLC has 2 python version support?
src/image_builder.py
Outdated
| THREADS = {} | ||
| # Standard images must be built before example images | ||
| # Example images will use standard images as base | ||
| # Common images must be built at the end as they will consume respective standard and example images |
There was a problem hiding this comment.
This needs to be reworded
| standard_images = [image for image in PRE_PUSH_STAGE_IMAGES if "example" not in image.name.lower()] | ||
| example_images = [image for image in PRE_PUSH_STAGE_IMAGES if "example" in image.name.lower()] | ||
| ALL_IMAGES = PRE_PUSH_STAGE_IMAGES + COMMON_STAGE_IMAGES | ||
| IMAGES_TO_PUSH = [image for image in ALL_IMAGES if image.to_push and image.to_build] |
There was a problem hiding this comment.
Can the IMAGES_TO_PUSH be COMMON_STAGE_IMAGES ?
| LOGGER.info(f"Completed Push for {self.name}") | ||
| return self.build_status | ||
|
|
||
| def push_image_with_additional_tags(self): |
There was a problem hiding this comment.
Why do we need at separate function to push a additional tag? Why cant be this done in push_image
There was a problem hiding this comment.
Seems that we need to tag the docker image first and push to ECR later.
src/image_builder.py
Outdated
| pushed and pushes them accordingly. | ||
|
|
||
| Note that the common stage images should always be built after the pre-push images of a | ||
| particular kind. This is because the Common stage images use are built on respctive |
There was a problem hiding this comment.
nit: respctive spell
|
Changes looks good. The ECR images are tagged as expected. Let's comment the safety functionality as discussed. |
|
Soft Approved! |
|
PR is good to merge. Thanks for adding the functionality to our build system @shantanutrip ! |
Issue #, if available:
PR Checklist
Pytest Marker Checklist
@pytest.mark.model("<model-type>")to the new tests which I have added, to specify the Deep Learning model that is used in the test (use"N/A"if the test doesn't use a model)@pytest.mark.integration("<feature-being-tested>")to the new tests which I have added, to specify the feature that will be tested@pytest.mark.multinode(<integer-num-nodes>)to the new tests which I have added, to specify the number of nodes used on a multi-node test@pytest.mark.processor(<"cpu"/"gpu"/"eia"/"neuron">)to the new tests which I have added, if a test is specifically applicable to only one processor typeEIA/NEURON Checklist
src/config/build_config.pyin my PR branch by settingENABLE_EI_MODE = TrueorENABLE_NEURON_MODE = TrueBenchmark Checklist
src/config/test_config.pyin my PR branch by settingENABLE_BENCHMARK_DEV_MODE = TrueReviewer Checklist
Description:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.