Skip to content

Update dependency elixir-lang/elixir to v1.17.3 #2574

Update dependency elixir-lang/elixir to v1.17.3

Update dependency elixir-lang/elixir to v1.17.3 #2574

Workflow file for this run

name: Build Notebook Images
on:
push:
branches: [ master ]
tags:
- 'v*.*.*'
pull_request:
branches:
- 'master'
jobs:
build-matrix:
name: Create Build Matrix
runs-on: ubuntu-latest
steps:
-
name: Checkout
id: set-matrix
uses: actions/checkout@v3
with:
fetch-depth: 0 # No shallow clone, we need all history
-
name: Bump version and push tag
if: github.event_name != 'pull_request'
id: tag_version
uses: mathieudutour/github-tag-action@v6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Create a GitHub release
if: github.event_name != 'pull_request'
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: generate matrix
id: generate-matrix
env:
RELEASE: ${{ steps.tag_version.outputs.new_tag }}
# run: echo "::set-output name=matrix::{\"include\":[$(for changed_folder in $(dirname $(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}) | sort -u); do find $changed_folder -name "*Dockerfile"; done | sed 's/^\|$/"/g'|paste -sd, -)]}"
run: |
if [ -z "${RELEASE}" ];
then
RELEASE="pr"
CHANGED_DIRS=$(git diff-tree --no-commit-id --name-only -r ${{ github.event.pull_request.head.sha }} | xargs -I {} dirname {})
else
CHANGED_DIRS=$(git diff-tree --no-commit-id --name-only -r ${{ github.sha }} | xargs -I {} dirname {})
fi
if [ -z "${CHANGED_DIRS}" ];
then
CHANGED_DIRS=$(dirname $(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}))
if [ "${CHANGED_DIRS}" == "." ];
then
CHANGED_DIRS=
fi
fi
echo "${CHANGED_DIRS}"
DOCKERFILES=$(for CHANGED_DIR in ${CHANGED_DIRS}; do find ${CHANGED_DIR} -name "*Dockerfile"; done | sort -u)
echo "${DOCKERFILES}"
MATRIX_PROJECTS_JSON="["
MATRIX_INCLUDE_JSON="["
for DOCKERFILE in ${DOCKERFILES}; do
DIR=$(dirname ${DOCKERFILE})
if [[ "$(basename ${DOCKERFILE})" == *"cuda"* ]]
then
MATRIX_PROJECTS_JSON+=$(sed 's/^/"/;s/$/"/' <<< "${DIR}"-cuda)
PROJECT="${DIR}"-cuda
else
MATRIX_PROJECTS_JSON+=$(sed 's/^/"/;s/$/"/' <<< "${DIR}")
PROJECT="${DIR}"
fi
echo "{$MATRIX_PROJECTS_JSON}"
MATRIX_INCLUDE_JSON+="{\"path\": \"${DIR}\", \"project\": \"${PROJECT}\", \"dockerfile\": \"${DOCKERFILE}\", \"version\": \"${RELEASE}\"}"
echo "${MATRIC_INCLUDE_JSON}"
done
echo "{$MATRIX_PROJECTS_JSON}"
echo "${MATRIC_INCLUDE_JSON}"
MATRIX_INCLUDE_JSON="${MATRIX_INCLUDE_JSON//\}\{/\}, \{}"
MATRIX_INCLUDE_JSON+="]"
MATRIX_PROJECTS_JSON="${MATRIX_PROJECTS_JSON//\"\"/\", \"}"
MATRIX_PROJECTS_JSON+="]"
MATRIX_JSON="{\"include\": ${MATRIX_INCLUDE_JSON}}"
echo "${MATRIX_JSON}"
CONTINUE_DOCKER_JOB="no"
if [[ "${MATRIX_PROJECTS_JSON}" != "[]" ]]; then
CONTINUE_DOCKER_JOB="yes"
fi
echo "${CONTINUE_DOCKER_JOB}"
echo "::set-output name=continue::${CONTINUE_DOCKER_JOB}"
echo "::set-output name=matrix::${MATRIX_JSON}"
outputs:
matrix: ${{ steps.generate-matrix.outputs.matrix }}
continue: ${{ steps.generate-matrix.outputs.continue }}
build-images:
if: needs.build-matrix.outputs.continue == 'yes'
name: Build and push notebook images
runs-on: ubuntu-latest
needs: build-matrix
strategy:
matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Get latest tag
id: latest_tag
uses: DavidSpek/gha-get-docker-hub-tags@0.1.16
with:
img: 'ghcr.io/davidspek/kubeflownotebook-${{ matrix.project }}'
-
name: Docker meta
id: meta
uses: crazy-max/ghaction-docker-meta@v4
with:
# list of Docker images to use as base name for tags
images: |
kubeflownotebooks/${{ matrix.project }}
ghcr.io/davidspek/kubeflownotebook-${{ matrix.project }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{raw}},value=${{ steps.latest_tag.outputs.new_v_minor }}
type=sha
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.MY_GITHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v3
with:
context: ${{ matrix.path }}
file: ${{ matrix.dockerfile }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Run Snyk to check Docker image for vulnerabilities
if: ${{ github.event_name != 'pull_request' }}
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/docker@master
env:
# In order to use the Snyk Action you will need to have a Snyk API token.
# More details in https://github.com/snyk/actions#getting-your-snyk-token
# or you can signup for free at https://snyk.io/login
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ghcr.io/davidspek/kubeflownotebook-${{ matrix.project }}:${{ steps.latest_tag.outputs.new_v_minor }}
args: --file=${{ matrix.dockerfile }} --exclude-base-image-vulns
- name: Upload result to GitHub Code Scanning
continue-on-error: true
if: ${{ github.event_name != 'pull_request' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif