fix: return 404 in artifact creation on non existing model version (#… #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Container image build and tag | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| tags: | |
| - 'v*' | |
| paths-ignore: | |
| - 'LICENSE*' | |
| - '**.gitignore' | |
| - '**.md' | |
| - '**.txt' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - '.github/dependabot.yml' | |
| - 'docs/**' | |
| env: | |
| IMG_REGISTRY: ghcr.io | |
| IMG_ORG: kubeflow | |
| IMG_REPO: model-registry/server | |
| PUSH_IMAGE: true | |
| DOCKER_USER: ${{ github.actor }} | |
| DOCKER_PWD: ${{ secrets.GITHUB_TOKEN }} | |
| permissions: # set contents: read at top-level, per OpenSSF ScoreCard rule TokenPermissionsID | |
| contents: read | |
| jobs: | |
| prepare: | |
| uses: ./.github/workflows/prepare.yml | |
| build-image: | |
| permissions: | |
| actions: read # anchore/sbom-action for syft | |
| contents: write # anchore/sbom-action for syft | |
| packages: write | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| steps: | |
| # Assign context variable for various action contexts (tag, main, CI) | |
| - name: Assigning tag context | |
| if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v') | |
| run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV | |
| - name: Assigning main context | |
| if: github.head_ref == '' && github.ref == 'refs/heads/main' | |
| run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV | |
| # checkout branch | |
| - uses: actions/[email protected] | |
| # set image version | |
| - name: Set main-branch environment | |
| if: env.BUILD_CONTEXT == 'main' | |
| run: | | |
| commit_sha=${{ github.event.after }} | |
| tag=main-${commit_sha:0:7} | |
| echo "VERSION=${tag}" >> $GITHUB_ENV | |
| - name: Set tag environment | |
| if: env.BUILD_CONTEXT == 'tag' | |
| run: | | |
| echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: Build and Push Image | |
| shell: bash | |
| run: ./scripts/build_deploy.sh | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_REPO }}:${{ env.VERSION }}" | |
| format: spdx-json # default, but making sure of the format | |
| artifact-name: "model-registry-server-${{ env.VERSION }}-sbom.spdx.json" | |
| output-file: "model-registry-server-${{ env.VERSION }}-sbom.spdx.json" # pin the file to use it later below | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Attach SBOM to Image | |
| run: | | |
| cosign attach sbom --sbom model-registry-server-${{ env.VERSION }}-sbom.spdx.json "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_REPO }}:${{ env.VERSION }}" | |
| - name: Tag Latest | |
| if: env.BUILD_CONTEXT == 'main' | |
| shell: bash | |
| env: | |
| IMG: "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_REPO }}" | |
| BUILD_IMAGE: false # image is already built in "Build and Push Image" step | |
| run: | | |
| docker tag ${{ env.IMG }}:$VERSION ${{ env.IMG }}:latest | |
| # BUILD_IMAGE=false skip the build, just push the tag made above | |
| VERSION=latest ./scripts/build_deploy.sh | |
| - name: Tag Main | |
| if: env.BUILD_CONTEXT == 'main' | |
| shell: bash | |
| env: | |
| IMG: "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_REPO }}" | |
| BUILD_IMAGE: false # image is already built in "Build and Push Image" step | |
| run: | | |
| docker tag ${{ env.IMG }}:$VERSION ${{ env.IMG }}:main | |
| # BUILD_IMAGE=false skip the build, just push the tag made above | |
| VERSION=main ./scripts/build_deploy.sh |