test(evidence): signed recipe-evidence pointers for h100 GKE + EKS inference#1164
test(evidence): signed recipe-evidence pointers for h100 GKE + EKS inference#1164yuanchen8911 wants to merge 1 commit into
Conversation
📝 WalkthroughWalkthroughAdds two new evidence attestation recipe YAMLs under recipes/evidence: h100-eks-ubuntu-inference-dynamo.yaml and h100-gke-cos-inference-dynamo.yaml. Each file declares schemaVersion and recipe name and contains a single attestations entry recording an OCI bundle reference with sha256 digest, a predicateType URL, signer identity and issuer, a rekorLogIndex, and an attestedAt timestamp. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@recipes/evidence/h100-eks-ubuntu-inference-dynamo.yaml`:
- Line 5: Replace the tag-based OCI reference under the oci field with the
provided digest-pinned reference: change "ghcr.io/nvidia/aicr-evidence:v1" to
"ghcr.io/nvidia/aicr-evidence@sha256:da9d8838e1ce4032256b04d75e27dc7248a3fd230bd7fd0f112bd306bc367317"
so the recipe uses an immutable, content-addressable OCI reference that will
pass the aicr evidence verify check (avoid relying on --allow-unpinned-tag).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: 61b4da68-c576-412d-a13c-2516cdcd6788
📒 Files selected for processing (2)
recipes/evidence/h100-eks-ubuntu-inference-dynamo.yamlrecipes/evidence/h100-gke-cos-inference-dynamo.yaml
| recipe: h100-eks-ubuntu-inference-dynamo | ||
| attestations: | ||
| - bundle: | ||
| oci: ghcr.io/nvidia/aicr-evidence:v1 |
There was a problem hiding this comment.
OCI reference must be digest-pinned, not tag-based.
The OCI reference uses tag notation (:v1) instead of digest-pinned notation (@sha256:...). Per the PR objectives, this bundle should reference ghcr.io/nvidia/aicr-evidence@sha256:da9d8838e1ce4032256b04d75e27dc7248a3fd230bd7fd0f112bd306bc367317. The aicr evidence verify CLI refuses unpinned tags by default, so verification will fail unless --allow-unpinned-tag is passed. Digest-pinning ensures immutability and content-addressable verification. As per the relevant code snippet from pkg/cli/evidence_verify.go (lines 118-123), the --allow-unpinned-tag flag is described as "Accept tag-only OCI references (default: refuse)."
🔒 Proposed fix to use digest-pinned OCI reference
- oci: ghcr.io/nvidia/aicr-evidence:v1
+ oci: ghcr.io/nvidia/aicr-evidence@sha256:da9d8838e1ce4032256b04d75e27dc7248a3fd230bd7fd0f112bd306bc367317📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| oci: ghcr.io/nvidia/aicr-evidence:v1 | |
| oci: ghcr.io/nvidia/aicr-evidence@sha256:da9d8838e1ce4032256b04d75e27dc7248a3fd230bd7fd0f112bd306bc367317 |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@recipes/evidence/h100-eks-ubuntu-inference-dynamo.yaml` at line 5, Replace
the tag-based OCI reference under the oci field with the provided digest-pinned
reference: change "ghcr.io/nvidia/aicr-evidence:v1" to
"ghcr.io/nvidia/aicr-evidence@sha256:da9d8838e1ce4032256b04d75e27dc7248a3fd230bd7fd0f112bd306bc367317"
so the recipe uses an immutable, content-addressable OCI reference that will
pass the aicr evidence verify check (avoid relying on --allow-unpinned-tag).
…S inference Commit signed recipe-evidence v1 pointers generated from live conformance validation on two H100 inference clusters, to exercise the warning-only recipe-evidence drift gate (NVIDIA#1065). - h100-gke-cos-inference-dynamo → ghcr.io/nvidia/aicr-evidence@sha256:6a59465f… (Rekor 1706764289) - h100-eks-ubuntu-inference-dynamo → ghcr.io/nvidia/aicr-evidence@sha256:da9d8838… (Rekor 1706788485) Both bundles built via 'aicr validate --phase conformance --emit-attestation' on aicr-demo5 (GKE/COS) and aicr3 (EKS/Ubuntu), signed + pushed via 'aicr evidence publish' (Sigstore keyless). Refs NVIDIA#1160
9062a04 to
de5edd6
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@recipes/evidence/h100-gke-cos-inference-dynamo.yaml`:
- Line 5: Replace the tag-based OCI reference used in bundle.oci (the line
containing "oci: ghcr.io/nvidia/aicr-evidence:v1") with a digest-pinned
reference (ghcr...@sha256:<digest>) so the bundle is verifiably pinned; obtain
the canonical image digest (e.g., via docker/skopeo inspect or your registry UI)
and update the value to the `@sha256`:<digest> form to satisfy the default
verification flow that refuses unpinned tags.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: f061ad77-8614-4a2c-bc42-4f320f025fbc
📒 Files selected for processing (2)
recipes/evidence/h100-eks-ubuntu-inference-dynamo.yamlrecipes/evidence/h100-gke-cos-inference-dynamo.yaml
| recipe: h100-gke-cos-inference-dynamo | ||
| attestations: | ||
| - bundle: | ||
| oci: ghcr.io/nvidia/aicr-evidence:v1 |
There was a problem hiding this comment.
Use a digest-pinned OCI reference on Line 5.
bundle.oci is tag-based (:v1), which is refused by default verification flow unless --allow-unpinned-tag is set.
🔒 Proposed fix
- oci: ghcr.io/nvidia/aicr-evidence:v1
+ oci: ghcr.io/nvidia/aicr-evidence@sha256:6a59465f829489b5bf30eb56904817a573864f28afcce5022f2425f022ddb74d📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| oci: ghcr.io/nvidia/aicr-evidence:v1 | |
| oci: ghcr.io/nvidia/aicr-evidence@sha256:6a59465f829489b5bf30eb56904817a573864f28afcce5022f2425f022ddb74d |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@recipes/evidence/h100-gke-cos-inference-dynamo.yaml` at line 5, Replace the
tag-based OCI reference used in bundle.oci (the line containing "oci:
ghcr.io/nvidia/aicr-evidence:v1") with a digest-pinned reference
(ghcr...@sha256:<digest>) so the bundle is verifiably pinned; obtain the
canonical image digest (e.g., via docker/skopeo inspect or your registry UI) and
update the value to the `@sha256`:<digest> form to satisfy the default
verification flow that refuses unpinned tags.
|
Closing — this was a test PR to exercise the recipe-evidence gate (#1065), not intended for merge. It did its job and surfaced three findings:
The evidence here was also generated from recipes carrying a local |
MarshalPointer used yaml.v3's default 4-space sequence indentation, so the committed recipes/evidence/<recipe>.yaml pointer failed the repo's yamllint (.yamllint spaces: 2), breaking the documented publish -> commit -> PR flow (make lint failed on every generated pointer). Switch to a yaml.v3 encoder with SetIndent(2). Affects both 'aicr validate --emit-attestation' and 'aicr evidence publish' (both call WritePointer -> MarshalPointer). Adds TestMarshalPointer_TwoSpaceIndent regression guard. Refs NVIDIA#1164
Summary
Adds two signed recipe-evidence v1 pointers generated from live conformance validation on H100 inference clusters, to exercise the warning-only recipe-evidence drift gate (#1065, "Recipe Evidence: Verify").
h100-gke-cos-inference-dynamosha256:6a59465f…h100-eks-ubuntu-inference-dynamosha256:da9d8838…Both bundles were built with
aicr validate --phase conformance --emit-attestationagainst the live clusters (11/11 conformance checks passed on each), then signed + pushed toghcr.io/nvidia/aicr-evidenceviaaicr evidence publish(Sigstore keyless OIDC).Motivation / Context
Validates the recipe-evidence verify pipeline end-to-end on real evidence: the gate should fetch each signed OCI artifact, verify its Sigstore signature, and compare the signed recipe digest against the current recipe.
Refs #1160
Type of Change
Testing