Skip to content

Refactor approach

Refactor approach #17

name: Train and Inference with SLSA
on:
workflow_dispatch:
inputs:
model_type:
description: Name of the model (implies framework)
required: true
type: choice
options:
- model.pth
push:
branches:
- main
paths-ignore:
- '**/*.md'
- '*.md'
permissions: read-all
defaults:
run:
shell: bash
jobs:
train:
name: Train model
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.12.2
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Generate Dataset
run: |
python generate_dataset.py
tar -czvf dataset.tgz dataset.npz
- name: Train Model
run: python train_model.py
- name: Generate SLSA Attestation for Dataset
run: |
checksum=$(sha256sum dataset.tgz | cut -d ' ' -f 1)
echo "Dataset checksum: $checksum"
# Use the checksum to generate SLSA attestation
- name: Generate SLSA Attestation for Model
run: |
checksum=$(sha256sum model.pth | cut -d ' ' -f 1)
echo "Model checksum: $checksum"
# Use the checksum to generate SLSA attestation
- id: hash
env:
MODEL: ${{ github.event.inputs.model_type }}
run: |
set -euo pipefail
(sha256sum -t "$MODEL" || shasum -a 256 "$MODEL") > checksum
echo "hash-${{ matrix.os }}=$(base64 -w0 checksum || base64 checksum)" >> "${GITHUB_OUTPUT}"
provenance:
if: ${{ github.event_name != 'pull_request' }}
needs: [train]
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ubuntu-latest
permissions:
actions: read
id-token: write
contents: write
steps:
- name: Run SLSA Generator
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: ${{ needs.train.outputs.hash }}