Skip to content

Commit 7292ede

Browse files
saichandrapandrajusaichandrapandraju
committed
Integrate LLM Judge CI workflow to main build-and-push & reemove old workflow
1 parent b020e2f commit 7292ede

File tree

2 files changed

+26
-123
lines changed

2 files changed

+26
-123
lines changed

.github/workflows/build-and-push-judge.yaml

Lines changed: 0 additions & 122 deletions
This file was deleted.

.github/workflows/build-and-push.yaml

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ jobs:
5555
echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest"
5656
echo "CI IMAGE AT: quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:${{ github.event.pull_request.head.sha }}"
5757
echo "Built-In Detector CI IMAGE AT: quay.io/trustyai/guardrails-detector-built-in-ci:${{ github.event.pull_request.head.sha }}"
58+
echo "LLM Judge CI IMAGE AT: quay.io/trustyai/guardrails-detector-llm-judge-ci:${{ github.event.pull_request.head.sha }}"
5859
5960
# Set environments depending on context
6061
- name: Set CI environment
@@ -63,25 +64,29 @@ jobs:
6364
echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
6465
echo "IMAGE_NAME=quay.io/trustyai/guardrails-detector-huggingface-runtime-ci" >> $GITHUB_ENV
6566
echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in-ci" >> $GITHUB_ENV
67+
echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge-ci" >> $GITHUB_ENV
6668
- name: Set main-branch environment
6769
if: env.BUILD_CONTEXT == 'main'
6870
run: |
6971
echo "TAG=latest" >> $GITHUB_ENV
7072
echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
7173
echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in" >> $GITHUB_ENV
74+
echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge" >> $GITHUB_ENV
7275
- name: Set tag environment
7376
if: env.BUILD_CONTEXT == 'tag'
7477
run: |
7578
echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
7679
echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
7780
echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in" >> $GITHUB_ENV
81+
echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge" >> $GITHUB_ENV
7882
#
7983
# Run docker commands
8084
- name: Put expiry date on CI-tagged image
8185
if: env.BUILD_CONTEXT == 'ci'
8286
run: |
8387
echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.hf
8488
echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.builtIn
89+
echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.judge
8590
- name: Build image
8691
run: docker build -t ${{ env.IMAGE_NAME }}:$TAG -f detectors/Dockerfile.hf detectors
8792
- name: Log in to Quay
@@ -92,7 +97,10 @@ jobs:
9297
run: docker build -t ${{ env.BUILTIN_IMAGE_NAME }}:$TAG -f detectors/Dockerfile.builtIn detectors
9398
- name: Push to Quay CI repo
9499
run: docker push ${{ env.BUILTIN_IMAGE_NAME }}:$TAG
95-
100+
- name: Build LLM Judge detector image
101+
run: docker build -t ${{ env.LLM_JUDGE_IMAGE_NAME }}:$TAG -f detectors/Dockerfile.judge detectors
102+
- name: Push LLM Judge image to Quay CI repo
103+
run: docker push ${{ env.LLM_JUDGE_IMAGE_NAME }}:$TAG
96104
# Leave comment
97105
- uses: peter-evans/find-comment@v3
98106
name: Find Comment
@@ -114,6 +122,7 @@ jobs:
114122
115123
📦 [PR image](https://quay.io/repository/trustyai/guardrails-detector-huggingface-runtime-ci?tab=tags): `quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:${{ github.event.pull_request.head.sha }}`
116124
📦 [PR image](https://quay.io/trustyai/guardrails-detector-built-in-ci?tab=tags): `quay.io/trustyai/guardrails-detector-built-in-ci:${{ github.event.pull_request.head.sha }}`
125+
📦 [PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:${{ github.event.pull_request.head.sha }}`
117126
- name: Trivy scan
118127
uses: aquasecurity/[email protected]
119128
with:
@@ -136,6 +145,17 @@ jobs:
136145
exit-code: '0'
137146
ignore-unfixed: false
138147
vuln-type: 'os,library'
148+
- name: Trivy scan, LLM Judge image
149+
uses: aquasecurity/[email protected]
150+
with:
151+
scan-type: 'image'
152+
image-ref: "${{ env.LLM_JUDGE_IMAGE_NAME }}:${{ env.TAG }}"
153+
format: 'sarif'
154+
output: 'trivy-results-llm-judge.sarif'
155+
severity: 'MEDIUM,HIGH,CRITICAL'
156+
exit-code: '0'
157+
ignore-unfixed: false
158+
vuln-type: 'os,library'
139159
- name: Update Security tab - Huggingface
140160
uses: github/codeql-action/upload-sarif@v3
141161
with:
@@ -146,3 +166,8 @@ jobs:
146166
with:
147167
sarif_file: 'trivy-results-built-in.sarif'
148168
category: built-in
169+
- name: Update Security tab - LLM Judge
170+
uses: github/codeql-action/upload-sarif@v3
171+
with:
172+
sarif_file: 'trivy-results-llm-judge.sarif'
173+
category: llm-judge

0 commit comments

Comments
 (0)