Main -> Release

.github/workflows/build_util.yml

@@ -15,13 +15,13 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.10.0
+        uses: aquasecurity/trivy-action@v2
         with:
           format: "sarif"
           output: "trivy-results.sarif"
           ignore-unfixed: true
           scan-type: "fs"
-          scanners: "vuln,secret,config"
+          scanners: "vuln,secret"
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
@@ -38,8 +38,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      # - name: Set up QEMU
-      #   uses: docker/setup-qemu-action@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -56,13 +56,15 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: ghcr.io/${{ github.actor }}/util
+          tags: release
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v3
         with:
           context: ./utility-pod
           file: ./utility-pod/Dockerfile
           push: true
+          platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
@@ -72,4 +74,5 @@ jobs:
         run: |
           docker images
           curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
-          grype ghcr.io/${{ github.actor }}/util:release
+          grype ghcr.io/${{ github.actor }}/util:release --platform linux/amd64
+          grype ghcr.io/${{ github.actor }}/util:release --platform linux/arm64

.gitignore

@@ -0,0 +1 @@
+*.secret

pytorch-experiments/.devcontainer/devcontainer.json

@@ -0,0 +1,41 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-docker-compose
+{
+	"name": "Existing Docker Compose (Extend)",
+
+	// Update the 'dockerComposeFile' list if you have more compose files or use different names.
+	// The .devcontainer/docker-compose.yml file contains any overrides you need/want to make.
+	"dockerComposeFile": [
+		"../docker-compose.yaml",
+		"docker-compose.yml"
+	],
+
+	// The 'service' property is the name of the service for the container that VS Code should
+	// use. Update this value and .devcontainer/docker-compose.yml to the real service name.
+	"service": "pytorch",
+
+	// The optional 'workspaceFolder' property is the path VS Code should open by default when
+	// connected. This is typically a file mount in .devcontainer/docker-compose.yml
+	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}"
+
+	// Features to add to the dev container. More info: https://containers.dev/features.
+	// "features": {},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Uncomment the next line if you want start specific services in your Docker Compose config.
+	// "runServices": [],
+
+	// Uncomment the next line if you want to keep your containers running after VS Code shuts down.
+	// "shutdownAction": "none",
+
+	// Uncomment the next line to run commands after the container is created.
+	// "postCreateCommand": "cat /etc/os-release",
+
+	// Configure tool-specific properties.
+	// "customizations": {},
+
+	// Uncomment to connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "devcontainer"
+}

pytorch-experiments/.devcontainer/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3.8'
+services:
+  # Update this to the name of the service you want to work with in your docker-compose.yml file
+  pytorch:
+    # Uncomment if you want to override the service's Dockerfile to one in the .devcontainer 
+    # folder. Note that the path of the Dockerfile and context is relative to the *primary* 
+    # docker-compose.yml file (the first in the devcontainer.json "dockerComposeFile"
+    # array). The sample below assumes your primary file is in the root of your project.
+    #
+    # build:
+    #   context: .
+    #   dockerfile: .devcontainer/Dockerfile
+
+    volumes:
+      # Update this to wherever you want VS Code to mount the folder of your project
+      - ..:/workspaces:cached
+
+    # Uncomment the next four lines if you will use a ptrace-based debugger like C++, Go, and Rust.
+    # cap_add:
+    #   - SYS_PTRACE
+    # security_opt:
+    #   - seccomp:unconfined
+
+    # Overrides default command so things don't shut down after the process ends.
+    command: /bin/sh -c "while sleep 1000; do :; done"
+

pytorch-experiments/.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+ - package-ecosystem: "devcontainers"
+   directory: "/"
+   schedule:
+     interval: weekly

pytorch-experiments/helloworld.py

@@ -1,15 +1,14 @@
 #!/opt/conda/bin/python
 
 import torch
+import numpy
 
 def main():
     # Define a tensor with "Hello, World!" string
-    hello_tensor = torch.tensor([72, 101, 108, 108, 111, 44, 32, 87, 111, 114, 108, 100, 33])
+    helloworld_array = numpy.array([72, 101, 108, 108, 111, 44, 32, 87, 111, 114, 108, 100, 33])
+    tensor_array = torch.from_numpy(helloworld_array)
 
-    # Convert tensor to string
-    hello_string = ''.join([chr(char) for char in hello_tensor])
-
-    print(hello_string)
+    print(tensor_array)
 
 if __name__ == "__main__":
     main()

pytorch-experiments/requirements.txt

@@ -1 +1,2 @@
-torch==2.2.2
+torch==2.2.1
+numpy==1.26.3

tf-sysdig/alerts.tf

@@ -28,8 +28,7 @@ resource "sysdig_monitor_alert_v2_metric" "pod_metrics" {
   }
 
   notification_channels {
-    # TODO: hard coded id for now. This shold be generated and referenced.
-    id                     = 238924
+    id                     = sysdig_monitor_notification_channel_email.tf_sre.id
     renotify_every_minutes = 60
   }
 

tf-sysdig/notification_channel.tf

@@ -1,9 +1,10 @@
-# # Define a notification channel
-# resource "sysdig_monitor_notification_channel_email" "tf_sre" {
-#     name                    = "TF SRE"
-#     recipients              = ["chris@bashbang.com"]
-#     enabled                 = true
-#     notify_when_ok          = true
-#     notify_when_resolved    = true
-#     send_test_notification  = true
-# }
+# Define a notification channel
+resource "sysdig_monitor_notification_channel_email" "tf_sre" {
+    name                    = "TF SRE"
+    enabled                 = true
+    recipients              = ["chris@bashbang.com"]
+    notify_when_ok          = true
+    notify_when_resolved    = true
+    send_test_notification  = true
+    share_with_current_team = true  # IMPORTANT - Needed to share with the current team only. Default would be all teams which results in a 403 error
+}

utility-pod/Dockerfile

@@ -6,6 +6,10 @@ RUN apt-get -y update && \
     apt-get -y upgrade
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG TARGETPLATFORM
+
+GH_VERSION="2.82.1"; \
+
 RUN apt-get -y install \
         build-essential \
         curl \
@@ -46,17 +50,46 @@ RUN mkdir /test2 && \
     chgrp 0 /test2 && \
     chmod g=u /test2
 
-
-RUN curl -sfL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && unzip awscliv2.zip -d awscliv2 && ./awscliv2/aws/install && rm awscliv2.zip
+RUN set -eux; \
+    if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
+        AWS_ARCH=x86_64; \
+    elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
+        AWS_ARCH=aarch64; \
+    else \
+        echo "Unsupported platform: $TARGETPLATFORM"; exit 1; \
+    fi; \
+    curl -sfL https://awscli.amazonaws.com/awscli-exe-linux-${AWS_ARCH}.zip -o awscliv2.zip; \
+    unzip awscliv2.zip; \
+    ./aws/install; \
+    rm -rf awscliv2.zip aws
 
 RUN curl https://rclone.org/install.sh | bash
 # manually run 'rclone config' to setup the environment for each remote.
 
 # install Openshift CLI tool oc
-RUN curl -sfL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz | tar -zxvf - -C /usr/local/bin/
+RUN set -eux; \
+    if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
+        OCP_ARCH=""; \
+    elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
+        OCP_ARCH="-arm64"; \
+    else \
+        echo "Unsupported platform: $TARGETPLATFORM"; exit 1; \
+    fi; \
+    curl -sfL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux${OCP_ARCH}.tar.gz | tar -zxvf - -C /usr/local/bin/
 
 # install Github CLI tool gh
-RUN curl -sfL https://github.com/cli/cli/releases/download/v2.60.0/gh_2.60.0_linux_amd64.tar.gz | tar -zxvf - gh_2.60.0_linux_amd64/bin/gh --strip-components=1
+RUN set -eux; \
+    if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
+        GH_ARCH=amd64; \
+    elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
+        GH_ARCH=arm64; \
+    else \
+        echo "Unsupported platform: $TARGETPLATFORM"; exit 1; \
+    fi; \
+    curl -sfL https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${GH_ARCH}.tar.gz -o gh.tar.gz; \
+    tar -xzf gh.tar.gz; \
+    cp gh_${GH_VERSION}_linux_${GH_ARCH}/bin/gh /usr/local/bin/gh; \
+    rm -rf gh.tar.gz gh_${GH_VERSION}_linux_${GH_ARCH}
 
 # Set the default shell on openshift to use bash rather than sh
 RUN /bin/sed -i 's/SHELL=\/bin\/sh/SHELL=\/bin\/bash/g' /etc/default/useradd