Skip to content

vulnerability fixes

vulnerability fixes #2

Workflow file for this run

name: Build
on:
pull_request:
branches:
- main
- "release-[0-9].[0-9]+"
paths-ignore:
- "**.md"
push:
branches:
- main
- "release-[0-9].[0-9]+"
tags:
- "v*"
paths-ignore:
- "**.md"
env:
IMAGE_NAME: "kserve/modelmesh-runtime-adapter"
jobs:
build:
runs-on: ubuntu-latest
env:
CI: true
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: github.event_name == 'push'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Export docker build args
run: |
# see: scripts/build_docker.sh
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Generate PR tag from github.ref == "refs/pull/123/merge"
[ "$VERSION" == "merge" ] && VERSION=$(echo "${{ github.ref }}" | sed -e 's,refs/pull/\(.*\)/merge,pr-\1,')
# Use Docker `latest` tag convention
[ "$VERSION" == "main" ] && VERSION=latest
git_commit_sha="$(git rev-parse HEAD)"
DOCKER_TAG="$(git rev-parse --abbrev-ref HEAD)-$(date -u +"%Y%m%dT%H%M%S%Z")"
echo "IMAGE_TAG=$VERSION" >> $GITHUB_ENV
echo "COMMIT_SHA=$git_commit_sha" >> $GITHUB_ENV
echo "IMAGE_VERSION=$DOCKER_TAG" >> $GITHUB_ENV
# print env vars for debugging
cat "$GITHUB_ENV"
- name: Build and push runtime image
uses: docker/build-push-action@v4
with:
# tensorflow not supported on PowerPC (ppc64le) or System Z (s390x)
# https://pypi.org/project/tensorflow/2.12.0/#files
# https://github.com/tensorflow/tensorflow/issues/46181
platforms: linux/amd64,linux/arm64
context: .
target: runtime
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
build-args: |
IMAGE_VERSION=${{ env.IMAGE_VERSION }}
COMMIT_SHA=${{ env.COMMIT_SHA }}
cache-from: type=gha
cache-to: type=gha,mode=max