yindo/rocm-automated
1
0
Fork 0
mirror of https://github.com/BillyOutlast/rocm-automated.git synced 2026-02-04 03:51:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

automated buolds

Browse Source
This commit is contained in:
John Doe
2026-01-30 19:32:03 -05:00
parent d7b7fecdcd
commit 74b5416655
5 changed files with 761 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
.github/workflows/README.md vendored Normal file
View File

@@ -0,0 +1,175 @@
# GitHub Actions CI/CD
This directory contains GitHub Actions workflows for automated building, testing, and releasing of the ROCm 7.1 container environment.
## 🔧 Workflows
### 1. Daily Build (`daily-build.yml`)
- **Schedule**: Runs daily at 02:00 UTC
- **Purpose**: Automated builds of all container images
- **Triggers**:
- Daily schedule
- Manual dispatch with options
- **What it builds**:
- Base images (ComfyUI, Stable Diffusion.cpp)
- GPU-specific variants for different AMD architectures
- Tests Docker Compose configuration
### 2. Release Build (`release.yml`)
- **Triggers**:
- Git tags matching `v*.*.*`
- Manual dispatch with version input
- **Purpose**: Production releases with proper versioning
- **Features**:
- Semantic versioning
- GitHub releases with changelogs
- Multi-architecture GPU support
- Docker Hub image publishing
### 3. Security Scan (`security-scan.yml`)
- **Schedule**: Weekly on Sundays at 03:00 UTC
- **Purpose**: Security and vulnerability scanning
- **Includes**:
- Dockerfile linting with Hadolint
- Vulnerability scanning with Trivy
- Base image update checking
- Security advisory monitoring
## 🔑 Required Secrets
Add these secrets in your GitHub repository settings:
| Secret | Description | Required For |
|--------|-------------|--------------|
| `DOCKER_PASSWORD` | Docker Hub password/token | All workflows that push images |
## 🚀 Setup Instructions
1. **Configure Docker Hub Access**:
```bash
# Create a Docker Hub access token
# Go to: https://hub.docker.com/settings/security
# Add it as DOCKER_PASSWORD secret in GitHub
```
2. **Update Registry Settings**:
- Edit the `REGISTRY_USER` environment variable in workflow files
- Change from `getterup` to your Docker Hub username
3. **Enable Workflows**:
- Workflows are automatically enabled when you push them to your repository
- Manual workflows can be triggered from the Actions tab
## 📊 Build Matrix
### Base Images
- `comfyui-rocm7.1` - ComfyUI with ROCm 7.1 support
- `stable-diffusion.cpp-rocm7.1` - Stable Diffusion with ROCm 7.1
### GPU Architecture Variants
| GFX Architecture | GPU Series | Build Target |
|-----------------|-------------|--------------|
| `gfx1150` | RDNA 3.5 (Ryzen AI 9 HX 370) | `stable-diffusion-cpp-gfx1150` |
| `gfx1151` | RDNA 3.5 (Strix Point) | `stable-diffusion-cpp-gfx1151` |
| `gfx1200` | RDNA 4 (RX 9070 XT) | `stable-diffusion-cpp-gfx1200` |
| `gfx1100` | RDNA 3 (RX 7900 XTX/XT) | `stable-diffusion-cpp-gfx1100` |
| `gfx1101` | RDNA 3 (RX 7800/7700 XT) | `stable-diffusion-cpp-gfx1101` |
| `gfx1030` | RDNA 2 (RX 6000 series) | `stable-diffusion-cpp-gfx1030` |
| `gfx1201` | RDNA 4 (RX 9060/9070 XT) | `stable-diffusion-cpp-gfx1201` |
## 🏷️ Image Tags
### Daily Builds
- `latest` - Latest daily build
- `YYYY-MM-DD` - Date-specific builds
- `<commit-sha>` - Commit-specific builds
### Releases
- `latest` - Latest stable release
- `v1.2.3` - Specific version
- `v1.2` - Minor version
- `v1` - Major version (for stable releases only)
## 🛠️ Manual Triggers
### Daily Build Manual Run
```bash
# Via GitHub CLI
gh workflow run daily-build.yml \
-f push_images=true \
-f build_all=true
# Via GitHub UI
# Go to Actions > Daily ROCm Container Build > Run workflow
```
### Release Manual Run
```bash
# Create a release
gh workflow run release.yml \
-f version=v1.0.0 \
-f create_release=true
```
### Security Scan Manual Run
```bash
# Run security scan
gh workflow run security-scan.yml
```
## 📈 Monitoring
### Build Status
- Check the Actions tab for workflow status
- Failed builds will show detailed logs
- Security scan results appear in the Security tab
### Docker Hub
- Images are automatically pushed to Docker Hub
- Check pull counts and popularity metrics
- Monitor for automated security scans
## 🔍 Troubleshooting
### Common Issues
1. **Docker Hub Authentication Failed**
- Verify `DOCKER_PASSWORD` secret is set
- Check that the token has push permissions
- Ensure `REGISTRY_USER` matches your Docker Hub username
2. **Build Failures**
- Check Dockerfile syntax
- Verify base image availability
- Review build logs for specific errors
3. **Security Scan Failures**
- Review Trivy scan results
- Update base images if vulnerabilities found
- Fix Hadolint warnings in Dockerfiles
### Debug Commands
```bash
# Test workflows locally with act
act schedule -j build-base-images
# Validate Docker Compose
docker-compose config
# Test Dockerfile syntax
hadolint Dockerfiles/Dockerfile.comfyui-rocm7.1
```
## 📋 Maintenance
### Regular Tasks
- Monitor workflow success rates
- Update base images when security patches are available
- Review and update GPU architecture matrix as new GPUs are released
- Update dependencies in Dockerfiles
### Quarterly Reviews
- Assess build times and optimize if needed
- Review security scan results and trends
- Update workflow actions to latest versions
- Check for new GitHub Actions features that could improve the pipeline

216
.github/workflows/daily-build.yml vendored Normal file
View File

@@ -0,0 +1,216 @@
name: Daily ROCm Container Build
on:
schedule:
# Run daily at 02:00 UTC
- cron: '0 2 * * *'
workflow_dispatch: # Allow manual triggering
inputs:
push_images:
description: 'Push images to registry'
required: true
default: 'true'
type: boolean
build_all:
description: 'Build all variants'
required: true
default: 'true'
type: boolean
env:
REGISTRY: docker.io
REGISTRY_USER: getterup
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
date: ${{ steps.date.outputs.date }}
sha_short: ${{ steps.vars.outputs.sha_short }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Set variables
id: vars
run: echo "sha_short=$(echo ${GITHUB_SHA} | cut -c1-7)" >> $GITHUB_OUTPUT
build-base-images:
runs-on: ubuntu-latest
needs: prepare
strategy:
matrix:
image:
- name: comfyui-rocm7.1
dockerfile: Dockerfile.comfyui-rocm7.1
context: .
- name: stable-diffusion.cpp-rocm7.1
dockerfile: Dockerfile.stable-diffusion.cpp-rocm7.1
context: .
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Docker Hub
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_images == 'true')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_USER }}/${{ matrix.image.name }}
tags: |
type=raw,value=latest
type=raw,value=${{ needs.prepare.outputs.date }}
type=raw,value=${{ needs.prepare.outputs.sha_short }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.image.context }}
file: Dockerfiles/${{ matrix.image.dockerfile }}
push: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_images == 'true') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILD_DATE=${{ needs.prepare.outputs.date }}
VCS_REF=${{ needs.prepare.outputs.sha_short }}
build-stable-diffusion-variants:
runs-on: ubuntu-latest
needs: prepare
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.build_all == 'true')
strategy:
matrix:
gfx_arch:
- gfx1150 # RDNA 3.5 (Ryzen AI 9 HX 370)
- gfx1151 # RDNA 3.5 (Strix Point/Ryzen AI Max+ 365)
- gfx1200 # RDNA 4 (RX 9070 XT)
- gfx1100 # RDNA 3 (RX 7900 XTX/XT)
- gfx1101 # RDNA 3 (RX 7800 XT/7700 XT)
- gfx1030 # RDNA 2 (RX 6000 series)
- gfx1201 # RDNA 4 (RX 9060 XT/ RX 9070/XT)
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Docker Hub
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_images == 'true')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_USER }}/stable-diffusion-cpp-${{ matrix.gfx_arch }}
tags: |
type=raw,value=latest
type=raw,value=${{ needs.prepare.outputs.date }}
type=raw,value=${{ needs.prepare.outputs.sha_short }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfiles/Dockerfile.stable-diffusion.cpp-rocm7.1
push: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_images == 'true') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
cache-from: type=gha,scope=${{ matrix.gfx_arch }}
cache-to: type=gha,mode=max,scope=${{ matrix.gfx_arch }}
build-args: |
GFX_ARCH=${{ matrix.gfx_arch }}
BUILD_DATE=${{ needs.prepare.outputs.date }}
VCS_REF=${{ needs.prepare.outputs.sha_short }}
test-compose:
runs-on: ubuntu-latest
needs: [prepare, build-base-images]
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Compose
run: |
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
- name: Create test directories
run: |
mkdir -p User-Directories/open-webui
mkdir -p User-Directories/ollama
mkdir -p User-Directories/comfyui
- name: Test docker-compose configuration
run: |
docker-compose config --quiet
echo "✅ Docker Compose configuration is valid"
- name: Test image pulls (dry-run)
run: |
# Test if images can be pulled (without actually starting services)
docker-compose pull --quiet || echo "⚠️ Some images may not be available yet"
notify:
runs-on: ubuntu-latest
needs: [prepare, build-base-images, build-stable-diffusion-variants, test-compose]
if: always() && (github.event_name == 'schedule')
steps:
- name: Notify on success
if: needs.build-base-images.result == 'success' && needs.build-stable-diffusion-variants.result == 'success'
run: |
echo "✅ Daily build completed successfully on ${{ needs.prepare.outputs.date }}"
echo "🐳 Base images built and pushed"
echo "🎯 GPU-specific variants built and pushed"
echo "📋 Docker Compose configuration validated"
- name: Notify on failure
if: needs.build-base-images.result == 'failure' || needs.build-stable-diffusion-variants.result == 'failure'
run: |
echo "❌ Daily build failed on ${{ needs.prepare.outputs.date }}"
echo "Please check the workflow logs for details"
exit 1
cleanup:
runs-on: ubuntu-latest
needs: [build-base-images, build-stable-diffusion-variants]
if: always()
steps:
- name: Clean up Docker cache
run: |
docker system prune -f --volumes
echo "🧹 Docker cache cleaned up"

237
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,237 @@
name: Release Build
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
inputs:
version:
description: 'Release version (e.g., v1.0.0)'
required: true
type: string
create_release:
description: 'Create GitHub release'
required: true
default: true
type: boolean
env:
REGISTRY: docker.io
REGISTRY_USER: getterup
jobs:
validate-release:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
is_prerelease: ${{ steps.version.outputs.is_prerelease }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Validate and extract version
id: version
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
VERSION="${{ github.event.inputs.version }}"
else
VERSION="${{ github.ref_name }}"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
# Check if this is a pre-release (contains alpha, beta, rc)
if [[ "$VERSION" =~ (alpha|beta|rc) ]]; then
echo "is_prerelease=true" >> $GITHUB_OUTPUT
else
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
echo "📋 Release version: $VERSION"
echo "🚀 Pre-release: $([ "${{ steps.version.outputs.is_prerelease }}" == "true" ] && echo "Yes" || echo "No")"
build-release-images:
runs-on: ubuntu-latest
needs: validate-release
strategy:
matrix:
image:
- name: comfyui-rocm7.1
dockerfile: Dockerfile.comfyui-rocm7.1
- name: stable-diffusion.cpp-rocm7.1
dockerfile: Dockerfile.stable-diffusion.cpp-rocm7.1
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_USER }}/${{ matrix.image.name }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=${{ needs.validate-release.outputs.version }}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !needs.validate-release.outputs.is_prerelease }}
- name: Build and push release image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfiles/${{ matrix.image.dockerfile }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION=${{ needs.validate-release.outputs.version }}
BUILD_DATE=${{ github.run_id }}
VCS_REF=${{ github.sha }}
build-gpu-variants:
runs-on: ubuntu-latest
needs: validate-release
strategy:
matrix:
gfx_arch: [gfx1150, gfx1151, gfx1200, gfx1100, gfx1101, gfx1030, gfx1201]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_USER }}/stable-diffusion-cpp-${{ matrix.gfx_arch }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=${{ needs.validate-release.outputs.version }}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push GPU variant
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfiles/Dockerfile.stable-diffusion.cpp-rocm7.1
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
build-args: |
GFX_ARCH=${{ matrix.gfx_arch }}
VERSION=${{ needs.validate-release.outputs.version }}
BUILD_DATE=${{ github.run_id }}
VCS_REF=${{ github.sha }}
create-release:
runs-on: ubuntu-latest
needs: [validate-release, build-release-images, build-gpu-variants]
if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.create_release == 'true')
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Generate release notes
id: release_notes
run: |
cat > release_notes.md << 'EOF'
## 🚀 ROCm 7.1 Container Release ${{ needs.validate-release.outputs.version }}
### 📦 Container Images Built
**Base Images:**
- `getterup/comfyui-rocm7.1:${{ needs.validate-release.outputs.version }}`
- `getterup/stable-diffusion.cpp-rocm7.1:${{ needs.validate-release.outputs.version }}`
**GPU-Specific Variants:**
- `getterup/stable-diffusion-cpp-gfx1150:${{ needs.validate-release.outputs.version }}` (RDNA 3.5 - Ryzen AI 9 HX 370)
- `getterup/stable-diffusion-cpp-gfx1151:${{ needs.validate-release.outputs.version }}` (RDNA 3.5 - Strix Point)
- `getterup/stable-diffusion-cpp-gfx1200:${{ needs.validate-release.outputs.version }}` (RDNA 4 - RX 9070 XT)
- `getterup/stable-diffusion-cpp-gfx1100:${{ needs.validate-release.outputs.version }}` (RDNA 3 - RX 7900 XTX/XT)
- `getterup/stable-diffusion-cpp-gfx1101:${{ needs.validate-release.outputs.version }}` (RDNA 3 - RX 7800/7700 XT)
- `getterup/stable-diffusion-cpp-gfx1030:${{ needs.validate-release.outputs.version }}` (RDNA 2 - RX 6000 series)
- `getterup/stable-diffusion-cpp-gfx1201:${{ needs.validate-release.outputs.version }}` (RDNA 4 - RX 9060/9070 XT)
### 🔧 Usage
```bash
# Quick start with docker-compose
git clone https://github.com/yourusername/rocm-automated.git
cd rocm-automated
docker-compose up -d
```
### 🛠️ What's Included
- ROCm 7.1 support for AMD GPUs
- Optimized ComfyUI for AI image generation
- Stable Diffusion.cpp with GPU acceleration
- Multi-GPU architecture support
- Docker Compose configuration for easy deployment
### 📋 System Requirements
- AMD GPU with ROCm support (RDNA 2/3/4)
- 16GB+ system RAM
- 8GB+ GPU VRAM for large models
- Linux with Docker 24.0+
### 🔗 Links
- [Docker Hub Repository](https://hub.docker.com/u/getterup)
- [Documentation](README.md)
- [Issues & Support](https://github.com/yourusername/rocm-automated/issues)
EOF
echo "📝 Release notes generated"
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.validate-release.outputs.version }}
name: ROCm 7.1 Container Release ${{ needs.validate-release.outputs.version }}
body_path: release_notes.md
draft: false
prerelease: ${{ needs.validate-release.outputs.is_prerelease }}
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update Docker Hub descriptions
run: |
echo "🐳 Consider updating Docker Hub repository descriptions with:"
echo "- Release version: ${{ needs.validate-release.outputs.version }}"
echo "- Build date: $(date -u +'%Y-%m-%d')"
echo "- Commit SHA: $(echo ${{ github.sha }} | cut -c1-7)"

129
.github/workflows/security-scan.yml vendored Normal file
View File

@@ -0,0 +1,129 @@
name: Security Scan
on:
schedule:
# Run security scans weekly on Sundays at 03:00 UTC
- cron: '0 3 * * 0'
workflow_dispatch:
pull_request:
paths:
- 'Dockerfiles/**'
- '.github/workflows/**'
env:
REGISTRY: docker.io
REGISTRY_USER: getterup
jobs:
dockerfile-security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Hadolint (Dockerfile linter)
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfiles/Dockerfile.comfyui-rocm7.1
failure-threshold: warning
- name: Run Hadolint on Stable Diffusion Dockerfile
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfiles/Dockerfile.stable-diffusion.cpp-rocm7.1
failure-threshold: warning
vulnerability-scan:
runs-on: ubuntu-latest
strategy:
matrix:
image:
- name: comfyui-rocm7.1
dockerfile: Dockerfile.comfyui-rocm7.1
- name: stable-diffusion.cpp-rocm7.1
dockerfile: Dockerfile.stable-diffusion.cpp-rocm7.1
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build test image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfiles/${{ matrix.image.dockerfile }}
push: false
tags: test-${{ matrix.image.name }}:latest
load: true
cache-from: type=gha
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: test-${{ matrix.image.name }}:latest
format: 'sarif'
output: 'trivy-results-${{ matrix.image.name }}.sarif'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results-${{ matrix.image.name }}.sarif'
dependency-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Check for outdated base images
run: |
echo "🔍 Checking base images for updates..."
# Check ROCm base images
echo "Checking ROCm images..."
docker pull rocm/rocm-terminal:latest
# Check Python images (commonly used in AI containers)
echo "Checking Python base images..."
docker pull python:3.11-slim
docker pull python:3.12-slim
echo "✅ Base image check completed"
- name: Check for security advisories
run: |
echo "🛡️ Checking for relevant security advisories..."
echo "Please review:"
echo "- ROCm security advisories: https://github.com/RadeonOpenCompute/ROCm/security"
echo "- Docker security best practices: https://docs.docker.com/engine/security/"
echo "- NVIDIA CVE database (for GPU-related issues): https://nvidia.com/security"
notify-security:
runs-on: ubuntu-latest
needs: [dockerfile-security-scan, vulnerability-scan, dependency-check]
if: always() && github.event_name == 'schedule'
steps:
- name: Security scan summary
run: |
echo "🔒 Weekly security scan completed"
echo "📊 Results:"
echo "- Dockerfile lint: ${{ needs.dockerfile-security-scan.result }}"
echo "- Vulnerability scan: ${{ needs.vulnerability-scan.result }}"
echo "- Dependency check: ${{ needs.dependency-check.result }}"
if [ "${{ needs.dockerfile-security-scan.result }}" == "failure" ] || \
[ "${{ needs.vulnerability-scan.result }}" == "failure" ] || \
[ "${{ needs.dependency-check.result }}" == "failure" ]; then
echo "⚠️ Security issues detected - please review the logs"
exit 1
else
echo "✅ No critical security issues found"
fi

4
README.md
View File

@@ -4,6 +4,10 @@
[![Docker](https://img.shields.io/badge/Docker-supported-blue.svg)](https://www.docker.com/)
[![AMD GPU](https://img.shields.io/badge/AMD-GPU-green.svg)](https://www.amd.com/en/graphics)
[![Daily Build](https://github.com/yourusername/rocm-automated/actions/workflows/daily-build.yml/badge.svg)](https://github.com/yourusername/rocm-automated/actions/workflows/daily-build.yml)
[![Security Scan](https://github.com/yourusername/rocm-automated/actions/workflows/security-scan.yml/badge.svg)](https://github.com/yourusername/rocm-automated/actions/workflows/security-scan.yml)
[![Release](https://github.com/yourusername/rocm-automated/actions/workflows/release.yml/badge.svg)](https://github.com/yourusername/rocm-automated/actions/workflows/release.yml)
A comprehensive Docker-based environment for running AI workloads on AMD GPUs with ROCm 7.1 support. This project provides optimized containers for Ollama LLM inference and Stable Diffusion image generation.
Sponsored by https://shad-base.com