2020 contents : read
2121 pull-requests : write
2222 security-events : write
23+ env :
24+ PR_HEAD_SHA : ${{ github.event.pull_request.head.sha }}
25+ GITHUB_REF_NAME : ${{ github.ref_name }}
26+ QUAY_RELEASE_REPO : ${{ vars.QUAY_RELEASE_REPO }}
27+ GITHUB_REF : ${{ github.ref }}
28+ GITHUB_HEAD_REF : ${{ github.head_ref }}
2329 steps : # Assign context variable for various action contexts (tag, main, CI)
2430 - name : Assigning CI context
2531 if : github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v')
4753 #
4854 # Print variables for debugging
4955 - name : Log reference variables
50- env :
51- GITHUB_REF : ${{ github.ref }}
52- GITHUB_HEAD_REF : ${{ github.head_ref }}
53- PR_HEAD_SHA : ${{ github.event.pull_request.head.sha }}
54- QUAY_RELEASE_REPO : ${{ vars.QUAY_RELEASE_REPO }}
5556 run : |
5657 echo "CONTEXT: $BUILD_CONTEXT"
5758 echo "GITHUB.REF: $GITHUB_REF"
@@ -65,42 +66,32 @@ jobs:
6566# Set environments depending on context
6667 - name : Set CI environment
6768 if : env.BUILD_CONTEXT == 'ci'
68- env :
69- PR_HEAD_SHA : ${{ github.event.pull_request.head.sha }}
7069 run : |
7170 echo "TAG=$PR_HEAD_SHA" >> $GITHUB_ENV
7271 echo "IMAGE_NAME=quay.io/trustyai/guardrails-detector-huggingface-runtime-ci" >> $GITHUB_ENV
7372 echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in-ci" >> $GITHUB_ENV
7473 echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge-ci" >> $GITHUB_ENV
74+ echo "EXPIRY_LABEL=--label quay.expires-after=7d" >> $GITHUB_ENV
7575name : Set main-branch environment
7676 if : env.BUILD_CONTEXT == 'main'
77- env :
78- QUAY_RELEASE_REPO : ${{ vars.QUAY_RELEASE_REPO }}
7977 run : |
8078 echo "TAG=latest" >> $GITHUB_ENV
8179 echo "IMAGE_NAME=$QUAY_RELEASE_REPO" >> $GITHUB_ENV
8280 echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in" >> $GITHUB_ENV
8381 echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge" >> $GITHUB_ENV
82+ echo "EXPIRY_LABEL=" >> $GITHUB_ENV
8483name : Set tag environment
8584 if : env.BUILD_CONTEXT == 'tag'
86- env :
87- GITHUB_REF_NAME : ${{ github.ref_name }}
88- QUAY_RELEASE_REPO : ${{ vars.QUAY_RELEASE_REPO }}
8985 run : |
9086 echo "TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
9187 echo "IMAGE_NAME=$QUAY_RELEASE_REPO" >> $GITHUB_ENV
9288 echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in" >> $GITHUB_ENV
9389 echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge" >> $GITHUB_ENV
90+ echo "EXPIRY_LABEL=" >> $GITHUB_ENV
9491#
9592 # Run docker commands
96- - name : Put expiry date on CI-tagged image
97- if : env.BUILD_CONTEXT == 'ci'
98- run : |
99- echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.hf
100- echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.builtIn
101- echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.judge
10293 - name : Build image
103- run : docker build -t "$IMAGE_NAME:$TAG" -f detectors/Dockerfile.hf detectors
94+ run : docker build -t "$IMAGE_NAME:$TAG" $EXPIRY_LABEL -f detectors/Dockerfile.hf detectors
10495 - name : Log in to Quay
10596 env :
10697 QUAY_ROBOT_USERNAME : ${{ secrets.QUAY_ROBOT_USERNAME }}
@@ -109,11 +100,11 @@ jobs:
109100 - name : Push to Quay CI repo
110101 run : docker push "$IMAGE_NAME:$TAG"
111102 - name : Build built-in detector image
112- run : docker build -t "$BUILTIN_IMAGE_NAME:$TAG" -f detectors/Dockerfile.builtIn detectors
103+ run : docker build -t "$BUILTIN_IMAGE_NAME:$TAG" $EXPIRY_LABEL -f detectors/Dockerfile.builtIn detectors
113104 - name : Push to Quay CI repo
114105 run : docker push "$BUILTIN_IMAGE_NAME:$TAG"
115106 - name : Build LLM Judge detector image
116- run : docker build -t "$LLM_JUDGE_IMAGE_NAME:$TAG" -f detectors/Dockerfile.judge detectors
107+ run : docker build -t "$LLM_JUDGE_IMAGE_NAME:$TAG" $EXPIRY_LABEL -f detectors/Dockerfile.judge detectors
117108 - name : Push LLM Judge image to Quay CI repo
118109 run : docker push "$LLM_JUDGE_IMAGE_NAME:$TAG"
119110 # Leave comment
@@ -128,18 +119,16 @@ jobs:
128119 - uses : peter-evans/create-or-update-comment@v4
129120 if : env.BUILD_CONTEXT == 'ci'
130121 name : Generate/update success message comment
131- env :
132- PR_HEAD_SHA : ${{ github.event.pull_request.head.sha }}
133122 with :
134123 comment-id : ${{ steps.fc.outputs.comment-id }}
135124 issue-number : ${{ github.event.pull_request.number }}
136125 edit-mode : replace
137126 body : |
138127 PR image build completed successfully!
139128
140- 📦 [PR image](https://quay.io/repository/trustyai/guardrails-detector-huggingface-runtime-ci?tab=tags): `quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:$PR_HEAD_SHA`
141- 📦 [PR image](https://quay.io/trustyai/guardrails-detector-built-in-ci?tab=tags): `quay.io/trustyai/guardrails-detector-built-in-ci:$PR_HEAD_SHA`
142- 📦 [PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA`
129+ 📦 [Huggingface PR image](https://quay.io/repository/trustyai/guardrails-detector-huggingface-runtime-ci?tab=tags): `quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:$PR_HEAD_SHA`
130+ 📦 [Built-in PR image](https://quay.io/trustyai/guardrails-detector-built-in-ci?tab=tags): `quay.io/trustyai/guardrails-detector-built-in-ci:$PR_HEAD_SHA`
131+ 📦 [LLM Judge PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA`
143132name : Trivy scan
144133 uses :
aquasecurity/[email protected] 145134 with :
0 commit comments