From 7bda86652979ad46580d961f6e6d29a942cbc2c1 Mon Sep 17 00:00:00 2001
From: baiyli <105086653+baiyli@users.noreply.github.com>
Date: Wed, 11 Sep 2024 10:40:05 -0700
Subject: [PATCH 1/4] Create pull_request_template.md (#24)

* Create pull-request-template.md

* Rename pull-request-template.md to pull_request_template.md

* Update pull_request_template.md
---
 .github/pull_request_template.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..1a42d3d
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,32 @@
+# PR Approval Steps
+
+## For Requester
+
+1. Description
+    - [ ] Check the PR title and description for clarity. It should describe the changes made and the reason behind them.
+    - [ ] Ensure that the PR follows the contribution guidelines, if applicable.
+2. Security requirements
+    - [ ] Ensure that a Pull Request (PR) does not expose passwords and other sensitive information by using git-secrets and upload relevant evidence: https://github.com/awslabs/git-secrets
+    - [ ] Ensure commit has GitHub Commit Signature
+3. Manual review
+    1. Click on the Files changed tab to see the code changes. Review the changes thoroughly:
+        - [ ] Code Quality: Check for coding standards, naming conventions, and readability.
+        - [ ] Functionality: Ensure that the changes meet the requirements and that all necessary code paths are tested.
+        - [ ] Security: Check for any security issues or vulnerabilities.
+        - [ ] Documentation: Confirm that any necessary documentation (code comments, README updates, etc.) has been updated.
+4. Check for Merge Conflicts:
+    - [ ] Verify if there are any merge conflicts with the base branch. GitHub will usually highlight this. If there are conflicts, you should resolve them.
+      
+## For Reviewer
+
+1. Go through `For Requester` section to double check each item.
+2. Request Changes or Approve the PR:
+    1. If the PR is ready to be merged, click Review changes and select Approve.
+    2. If changes are required, select Request changes and provide feedback. Be constructive and clear in your feedback.
+3. Merging the PR
+    1. Check the Merge Method:
+        1. Decide on the appropriate merge method based on your repository's guidelines (e.g., Squash and merge, Rebase and merge, or Merge).
+    2. Merge the PR:
+        1. Click the Merge pull request button.
+        2. Confirm the merge by clicking Confirm merge.
+

From 404439a8c99c0426fa232e04e37d84024224afc1 Mon Sep 17 00:00:00 2001
From: baiyli <105086653+baiyli@users.noreply.github.com>
Date: Wed, 11 Sep 2024 13:09:15 -0700
Subject: [PATCH 2/4] Update security-monitoring.yml for codeql (#26)

* Update security-monitoring.yml for codeql

* Update security-monitoring.yml
---
 .github/workflows/security-monitoring.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security-monitoring.yml b/.github/workflows/security-monitoring.yml
index 6b7abbf..3c8661d 100644
--- a/.github/workflows/security-monitoring.yml
+++ b/.github/workflows/security-monitoring.yml
@@ -2,7 +2,7 @@ name: Security Monitoring
  
 on:
   schedule:
-    - cron: '0 16 * * *'
+    - cron: '*/15 * * * *'
  
 concurrency:
   group: ${{ github.workflow }}-${{ github.run_id }}
@@ -67,7 +67,7 @@ jobs:
 
   put-metric-data:
     runs-on: ubuntu-latest
-    needs: [check-dependabot-alerts]
+    needs: [check-dependabot-alerts, check-code-scanning-alerts]
     steps:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@12e3392609eaaceb7ae6191b3f54bbcb85b5002b

From 41ac8cc99ee3d1024bc078944e7aaa8f71691939 Mon Sep 17 00:00:00 2001
From: Adhesh Garg <adheshgarg@gmail.com>
Date: Wed, 11 Sep 2024 13:34:42 -0700
Subject: [PATCH 3/4] Fix integration test setup to use helm charts as public
 doc.
 https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites.html
 (#27)

* Added helm chart step

* remove training operator step included in helm charts
---
 helm_chart/readme.md                          |  4 +-
 .../abstract_integration_tests.py             | 57 +++++++------------
 2 files changed, 21 insertions(+), 40 deletions(-)

diff --git a/helm_chart/readme.md b/helm_chart/readme.md
index 13c9553..3559a92 100644
--- a/helm_chart/readme.md
+++ b/helm_chart/readme.md
@@ -60,7 +60,7 @@ Notes:
 * Update helm chart dependencies. It ensures that all the sub-charts required by the main chart are fetched and properly set up before deploying the main chart. It doesn’t actually deploy the chart itself but prepares it by ensuring all dependencies are resolved.
 
   ```
-  helm dependencies update src/hyperpod_cli/helm_chart/HyperPodHelmChart
+  helm dependencies update helm_chart/HyperPodHelmChart
   ```
 
 ### Step Two:
@@ -84,7 +84,7 @@ Notes:
 
 * Deploy a Helm Chart to Your Kubernetes Cluster. This command deploys the Helm chart to your cluster with custom configurations applied, as specified in the values.yaml file. Please note that only certain versions of dependencies will be deployed based on the configuration specified in the values.yaml.
   ```
-  helm install dependencies src/hyperpod_cli/helm_chart/HyperPodHelmChart --namespace kube-system
+  helm install dependencies helm_chart/HyperPodHelmChart --namespace kube-system
   ```
 
 ### Step Four (only required for installing Kueue):
diff --git a/test/integration_tests/abstract_integration_tests.py b/test/integration_tests/abstract_integration_tests.py
index 4d9942b..e0685c1 100644
--- a/test/integration_tests/abstract_integration_tests.py
+++ b/test/integration_tests/abstract_integration_tests.py
@@ -223,36 +223,16 @@ def describe_vpc_stack_and_set_values(self, cfn_client):
                         "OutputValue"
                     )
 
-    def update_cluster_auth(self):
-        with open(
-            "test/integration_tests/charts/hp-node-auth.yaml",
-            "r",
-        ) as hyperpod_current_context:
-            template = hyperpod_current_context.read()
-
-        template = re.sub(
-            "SAGEMAKER_EXECUTION_ROLE",
-            self.cfn_output_map.get("ExecutionRole"),
-            template,
-        )
-        template = re.sub(
-            "SAGEMAKER_SERVICE_ROLE",
-            self.cfn_output_map.get("ServiceRole"),
-            template,
-        )
-
-        with open("/tmp/hp-node-auth.yaml", "w") as hyperpod_current_context:
-            hyperpod_current_context.write(template)
-
+    def apply_helm_charts(self):
         command = [
-            "kubectl",
-            "apply",
-            "-f",
-            "/tmp/hp-node-auth.yaml",
+            "helm",
+            "dependencies",
+            "update",
+            "helm_chart/HyperPodHelmChart"
         ]
 
         try:
-            # Execute the command to update kubeconfig
+            # Execute the command to update helm charts
             logger.info(
                 subprocess.run(
                     command,
@@ -262,36 +242,37 @@ def update_cluster_auth(self):
                 )
             )
         except subprocess.CalledProcessError as e:
-            raise RuntimeError(f"Failed to apply auth charts: {e}")
+            raise RuntimeError(f"Failed to update helm charts: {e}")
 
-    def install_training_operator(self):
-        command = [
-            "kubectl",
-            "apply",
-            "-k",
-            "github.com/kubeflow/training-operator/manifests/overlays/standalone?ref=v1.7.0",
+        apply_commanmd = [
+            "helm",
+            "install",
+            "dependencies",
+            "helm_chart/HyperPodHelmChart",
+            "--namespace",
+            "kube-system"
         ]
 
         try:
-            # Execute the command to update kubeconfig
+            # Execute the command to apply helm charts
             logger.info(
                 subprocess.run(
-                    command,
+                    apply_commanmd,
                     check=True,
                     capture_output=True,
                     text=True,
                 )
             )
         except subprocess.CalledProcessError as e:
-            raise RuntimeError(f"Failed to install training operator: {e}")
+            raise RuntimeError(f"Failed to apply helm charts: {e}")
+
 
     def setup(self):
         self.new_session = self._create_session()
         self.create_test_resorces(self.new_session)
         self.create_kube_context()
-        self.update_cluster_auth()
+        self.apply_helm_charts()
         self.create_hyperpod_cluster(self.new_session)
-        self.install_training_operator()
 
     def tearDown(self):
         self.delete_hyperpod_cluster(self.new_session)

From a7bd475b2806b3676df5e87335451b3900f6886a Mon Sep 17 00:00:00 2001
From: baiyli <105086653+baiyli@users.noreply.github.com>
Date: Wed, 11 Sep 2024 14:20:36 -0700
Subject: [PATCH 4/4] Update security-monitoring.yml for schedule (#28)

---
 .github/workflows/security-monitoring.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security-monitoring.yml b/.github/workflows/security-monitoring.yml
index 3c8661d..bc80e24 100644
--- a/.github/workflows/security-monitoring.yml
+++ b/.github/workflows/security-monitoring.yml
@@ -2,7 +2,7 @@ name: Security Monitoring
  
 on:
   schedule:
-    - cron: '*/15 * * * *'
+    - cron: '0 16 * * *'
  
 concurrency:
   group: ${{ github.workflow }}-${{ github.run_id }}