Skip to content

Commit

Permalink
feat: init
Browse files Browse the repository at this point in the history
  • Loading branch information
natesales committed Nov 20, 2024
0 parents commit 9657edf
Show file tree
Hide file tree
Showing 5 changed files with 125 additions and 0 deletions.
87 changes: 87 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: Release

on:
push:
tags:
- 'v*'

jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
id-token: write
attestations: write

steps:
- uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build nginx-nitro image
uses: docker/build-push-action@v5
with:
context: .
push: false
load: true
tags: ollama-nitro:latest
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Build eif-builder image
uses: docker/build-push-action@v5
with:
context: eif-builder
push: false
load: true
tags: eif-builder:latest
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Build EIF image
run: |
docker run \
--rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd):/output \
-e DOCKER_IMAGE=ollama-nitro:latest \
-e EIF_FILE=tinfoil-enclave-${{ github.ref_name }}.eif \
-e INFO_FILE=tinfoil-enclave-${{ github.ref_name }}-info.json \
eif-builder:latest
- name: Create measurements predicate
run: jq -r ".Measurements" tinfoil-enclave-${{ github.ref_name }}-info.json > predicate.json

- name: Attest
uses: actions/attest@v1
id: attest
with:
subject-path: tinfoil-enclave-${{ github.ref_name }}.eif
predicate-type: https://tinfoil.sh/predicate/nitro-enclave-measurements/v1
predicate-path: predicate.json

- name: Generate release notes
id: generate-release-notes
run: |
RELEASE_NOTES=$(cat << EOF
Measurements:
\`\`\`
$(cat predicate.json)
\`\`\`
Log: https://search.sigstore.dev?logIndex=$(jq -r ".verificationMaterial.tlogEntries[0].logIndex" ${{ steps.attest.outputs.bundle-path }})
EOF
)
echo "release-notes<<EOF" >> "$GITHUB_OUTPUT"
echo "${RELEASE_NOTES}" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
- name: Create release
uses: softprops/action-gh-release@v2
with:
files: |
tinfoil-enclave-${{ github.ref_name }}.eif
tinfoil-enclave-${{ github.ref_name }}-info.json
body: ${{ steps.generate-release-notes.outputs.release-notes }}
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
.idea/
*.eif
*.tar
*-info.json
.secrets
*.jsonl
17 changes: 17 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM ghcr.io/tinfoilanalytics/nitro-attestation-shim:v0.0.8 AS shim

FROM ollama/ollama

COPY --from=shim /nitro-attestation-shim /nitro-attestation-shim

ENV NITRO_SHIM_PORT=6000
ENV NITRO_SHIM_UPSTREAM_PORT=11434

RUN apt update -y
RUN apt install -y iproute2

ENV HOME=/

RUN nohup bash -c "ollama serve &" && sleep 5 && ollama pull llama3.2:1b

ENTRYPOINT ["sh", "-c", "echo Running && sleep 5 && /nitro-attestation-shim /bin/ollama serve"]
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Nitro Private Inference

```bash
docker run \
--rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd):/output \
-e DOCKER_IMAGE=ollama-nitro:latest \
-e EIF_FILE=tinfoil-enclave.eif \
-e INFO_FILE=tinfoil-enclave-info.json \
eif-builder:latest
```
3 changes: 3 additions & 0 deletions eif-builder/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
FROM amazonlinux@sha256:ade8904b6915ab42d0c6ef10d9686921b4ac022b20d9a4c448446fbf02db9f9d
RUN dnf install aws-nitro-enclaves-cli aws-nitro-enclaves-cli-devel -y
ENTRYPOINT ["/bin/bash", "-c", "nitro-cli build-enclave --output-file /output/${EIF_FILE} --docker-uri ${DOCKER_IMAGE} && nitro-cli describe-eif --eif-path /output/${EIF_FILE} > /output/${INFO_FILE}"]

0 comments on commit 9657edf

Please sign in to comment.