Add necessary commands to attach SBOM for mlflowserver, sklearnserver… #1012
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push Docker Images | |
| on: | |
| push: | |
| branches: [ master, ci-add-sbom-to-images-part-1 ] | |
| workflow_dispatch: | |
| inputs: | |
| docker-tag: | |
| description: 'Docker tag for push (e.g. 2.0.0)' | |
| default: 'latest' | |
| required: false | |
| env: | |
| GOLANG_VERSION: 1.24.11 | |
| jobs: | |
| operator: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| cleanup: true | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set default docker tag for builds from master | |
| id: docker-tag | |
| run: | | |
| USER_INPUT="${{ github.event.inputs.docker-tag }}" | |
| echo "value=${USER_INPUT:-latest}" >> $GITHUB_OUTPUT | |
| - name: Build and push | |
| working-directory: ./operator/ | |
| env: | |
| VERSION: ${{ steps.docker-tag.outputs.value }} | |
| run: | | |
| make docker-build-and-push-prod | |
| executor: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| cleanup: true | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set default docker tag for builds from master | |
| id: docker-tag | |
| run: | | |
| USER_INPUT="${{ github.event.inputs.docker-tag }}" | |
| echo "value=${USER_INPUT:-latest}" >> $GITHUB_OUTPUT | |
| - name: Build and push | |
| working-directory: ./executor/ | |
| env: | |
| VERSION: ${{ steps.docker-tag.outputs.value }} | |
| run: | | |
| make docker-build-and-push-prod | |
| rclone-storage-initializer: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Git Commit | |
| uses: actions/checkout@v4 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set default docker tag for builds from master | |
| id: docker-tag | |
| run: | | |
| USER_INPUT="${{ github.event.inputs.docker-tag }}" | |
| echo "value=${USER_INPUT:-latest}" >> $GITHUB_OUTPUT | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| cleanup: true | |
| - name: Build and push (Rclone Storage Initializer) | |
| working-directory: ./components/rclone-storage-initializer | |
| env: | |
| VERSION: ${{ steps.docker-tag.outputs.value }} | |
| run: | | |
| make docker-build-and-push-prod | |
| s2i-wrapper: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Git Commit | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| cleanup: true | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set default docker tag for builds from master | |
| id: docker-tag | |
| run: | | |
| USER_INPUT="${{ github.event.inputs.docker-tag }}" | |
| echo "value=${USER_INPUT:-latest}" >> $GITHUB_OUTPUT | |
| - name: Build and push (Conda Base Image) | |
| working-directory: ./wrappers/s2i/python | |
| env: | |
| VERSION: ${{ steps.docker-tag.outputs.value }} | |
| run: | | |
| make docker-build-and-push-prod-conda-base | |
| - name: Build and push (Base Wrapper) | |
| working-directory: ./wrappers/s2i/python | |
| env: | |
| VERSION: ${{ steps.docker-tag.outputs.value }} | |
| run: | | |
| make docker-build-and-push-prod PYTHON_VERSION=3.12.12 | |
| make docker-tag-and-push-prod-default | |
| docker buildx imagetools inspect \ | |
| seldonio/seldon-core-s2i-python312:${VERSION} \ | |
| --format '{{json .}}' > /tmp/base-wrapper.json | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: base-wrapper | |
| path: /tmp/base-wrapper.json | |
| prepackaged-components: | |
| runs-on: ubuntu-latest | |
| needs: s2i-wrapper | |
| strategy: | |
| matrix: | |
| server: | |
| - servers/sklearnserver | |
| - servers/xgboostserver | |
| - servers/mlflowserver | |
| - servers/tfserving_proxy | |
| - components/alibi-explain-server | |
| - components/alibi-detect-server | |
| # - components/routers/epsilon-greedy | |
| # - examples/models/mean_classifier | |
| # - testing/docker/echo-model | |
| steps: | |
| - name: Checkout Git Commit | |
| uses: actions/checkout@v4 | |
| - name: Free up disk space (android, haskell, dotnet, toolchains, caches) | |
| run: | | |
| sudo rm -rf /usr/local/lib/android || true | |
| sudo rm -rf /opt/ghc || true | |
| sudo rm -rf /usr/share/dotnet || true | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true | |
| sudo rm -rf /opt/hostedtoolcache || true | |
| sudo rm -rf /home/runner/.cache/pip || true | |
| df -h | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set default docker tag for builds from master | |
| id: docker-tag | |
| run: | | |
| USER_INPUT="${{ github.event.inputs.docker-tag }}" | |
| echo "value=${USER_INPUT:-latest}" >> $GITHUB_OUTPUT | |
| - name: Install CLI tools from OpenShift Mirror | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| github_pat: ${{ github.token }} | |
| source: "github" | |
| s2i: "latest" | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: base-wrapper | |
| path: /tmp | |
| - name: Extract image digest and pull | |
| run: | | |
| DIGEST=$(jq -r '.manifest.digest' /tmp/base-wrapper.json) | |
| IMAGE_REF="seldonio/seldon-core-s2i-python312@${DIGEST}" | |
| docker pull "${IMAGE_REF}" | |
| - name: Remove tarball | |
| run: rm -f /tmp/base-wrapper.json | |
| - name: Remove base-wrapper artifact directory | |
| run: rm -rf /tmp/base-wrapper || true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| cleanup: true | |
| - name: Build and push (Prepackaged Server Image) | |
| working-directory: ./${{ matrix.server }}/ | |
| env: | |
| VERSION: ${{ steps.docker-tag.outputs.value }} | |
| run: | | |
| make docker-build-and-push-prod |