Migrate llm-judge detector to TrustyAI

[saichandrapandraju]

Migrate LLM judge detector to official TrustyAI registry.

Changes

- Added build-and-push-judge.yaml workflow (adapted from existing HF build & push)

• Updated build-and-push.yaml to include LLM Judge detector
• Updated build-and-push.yaml to use an intermediate environment variable with env: and then use those in run: and body: to prevent potential injections
• Updated servingruntime.yaml to use quay.io/trustyai/guardrails-detector-llm-judge:latest

Closes: #15

Summary by Sourcery

Migrate the LLM Judge detector to the official TrustyAI container registry and integrate it into the existing CI pipeline with automated build, security scanning, and container registry publishing

Enhancements:

• Extend the build-and-push GitHub Actions workflow to build, tag, push, and scan the LLM Judge detector image alongside existing detectors
• Refactor workflow to use intermediate environment variables for safer injection in run and body steps
• Update KServe servingruntime manifest to reference quay.io/trustyai/guardrails-detector-llm-judge:latest

[sourcery-ai]

Reviewer's Guide

This PR migrates the LLM Judge detector to the TrustyAI registry by refactoring and extending the existing build-and-push GitHub Actions workflow—introducing secure env handling, adding build/scan/publish steps for the LLM Judge image—and updating the KServe servingruntime manifest to reference the new TrustyAI image.

Sequence diagram for CI pipeline build and publish of LLM Judge detector image

sequenceDiagram
    participant Dev as Developer
    participant GitHub as GitHub Actions
    participant Trivy as Trivy Scanner
    participant Quay as Quay.io Registry
    participant GHSec as GitHub Security Tab
    participant PR as Pull Request

    Dev->>GitHub: Push code / open PR
    GitHub->>GitHub: Build LLM Judge Docker image
    GitHub->>Trivy: Run security scan on image
    Trivy-->>GitHub: Return scan results (SARIF)
    GitHub->>Quay: Push image (ci or latest tag)
    GitHub->>GHSec: Upload SARIF scan results
    GitHub->>PR: Post comment with image link

Loading

Class diagram for updated environment variable handling in build-and-push workflow

classDiagram
    class BuildAndPushWorkflow {
        +env PR_HEAD_SHA
        +env GITHUB_REF_NAME
        +env QUAY_RELEASE_REPO
        +env GITHUB_REF
        +env GITHUB_HEAD_REF
        +env LLM_JUDGE_IMAGE_NAME
        +env TAG
        +env EXPIRY_LABEL
        +step Build LLM Judge image
        +step Push LLM Judge image
        +step Trivy scan LLM Judge image
        +step Upload SARIF for LLM Judge
    }

Loading

File-Level Changes

Change	Details	Files
Extend and refactor GitHub Actions workflow to include the LLM Judge detector and enhance security	Introduce job-level env vars (PR_HEAD_SHA, GITHUB_REF_NAME, QUAY_RELEASE_REPO, etc.) and use them in debug and assignment steps Consolidate expiry label logic into EXPIRY_LABEL and quote env variables in docker build/push to prevent injections Add LLM_JUDGE_IMAGE_NAME in CI, main, and tag contexts and include build & push steps for the Dockerfile.judge image Update PR comment action to list the LLM Judge CI image and add dedicated Trivy scan and SARIF upload steps for it	.github/workflows/build-and-push.yaml
Update KServe servingruntime manifest to use the official TrustyAI LLM Judge image	Change image reference to quay.io/trustyai/guardrails-detector-llm-judge:latest	detectors/llm_judge/deploy/servingruntime.yaml

Possibly linked issues

• Migrate llm-judge image to TrustyAI registry and add image build automation #15: The PR updates the image to TrustyAI registry and adds a CI pipeline for building and pushing the LLM judge image, addressing the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @saichandrapandraju - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR". (link)
• Trivy scan is configured to always succeed, potentially masking critical vulnerabilities. (link)

General comments:

• Instead of echoing an expiry label directly into the Dockerfile, use Docker’s --label flag in the build command to avoid mutating the source file.
• Consider adding caching for Docker layers (e.g., via actions/cache or buildkit cache) to speed up build times for consecutive runs.
• Using pull_request_target exposes the workflow to untrusted PR code; consider switching to a pull_request trigger to avoid running malicious changes with elevated permissions.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- Instead of echoing an expiry label directly into the Dockerfile, use Docker’s `--label` flag in the build command to avoid mutating the source file.
- Consider adding caching for Docker layers (e.g., via `actions/cache` or buildkit cache) to speed up build times for consecutive runs.
- Using `pull_request_target` exposes the workflow to untrusted PR code; consider switching to a `pull_request` trigger to avoid running malicious changes with elevated permissions.

## Individual Comments

### Comment 1
<location> `.github/workflows/build-and-push-judge.yaml:107` </location>
<code_context>
+            PR image build completed successfully!
+            
+            📦 [PR image](https://quay.io/repository/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:${{ github.event.pull_request.head.sha }}`
+      - name: Trivy scan
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'image'
+          image-ref: "${{ env.IMAGE_NAME }}:${{ env.TAG }}"
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'MEDIUM,HIGH,CRITICAL'
+          exit-code: '0'
+          ignore-unfixed: false
+          vuln-type: 'os,library'
</code_context>

<issue_to_address>
Trivy scan is configured to always succeed, potentially masking critical vulnerabilities.

With 'exit-code: 0', the workflow will not fail for HIGH or CRITICAL vulnerabilities, which may result in publishing insecure images. To enforce blocking on these severities, set 'exit-code: 1' or handle scan results explicitly.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
          exit-code: '0'
=======
          exit-code: '1'
>>>>>>> REPLACE

</suggested_fix>

## Security Issues

### Issue 1
<location> `.github/workflows/build-and-push-judge.yaml:51` </location>

<issue_to_address>
**security (opengrep-rules.yaml.github-actions.security.run-shell-injection):** Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with `env:` to store the data and use the environment variable in the `run:` script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

*Source: opengrep*
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[saichandrapandraju]

@sourcery-ai review

[sourcery-ai]

Hey @saichandrapandraju - I've reviewed your changes - here's some feedback:

• The build-and-push workflow has a lot of repeated steps for each detector; consider using a matrix job to DRY up the Docker build, push, and Trivy scan steps.
• You’re echoing common vars like PR_HEAD_SHA and QUAY_RELEASE_REPO in multiple steps; moving them to the job-level env block would reduce repetition and make updates easier.
• Instead of echoing ‘quay.expires-after’ into each Dockerfile in a separate step, you could pass --label to docker build to set the expiry label in one go.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- The build-and-push workflow has a lot of repeated steps for each detector; consider using a matrix job to DRY up the Docker build, push, and Trivy scan steps.
- You’re echoing common vars like PR_HEAD_SHA and QUAY_RELEASE_REPO in multiple steps; moving them to the job-level env block would reduce repetition and make updates easier.
- Instead of echoing ‘quay.expires-after’ into each Dockerfile in a separate step, you could pass --label to docker build to set the expiry label in one go.

## Individual Comments

### Comment 1
<location> `.github/workflows/build-and-push.yaml:142` </location>
<code_context>
-            📦 [PR image](https://quay.io/trustyai/guardrails-detector-built-in-ci?tab=tags): `quay.io/trustyai/guardrails-detector-built-in-ci:${{ github.event.pull_request.head.sha }}`
+            📦 [PR image](https://quay.io/repository/trustyai/guardrails-detector-huggingface-runtime-ci?tab=tags): `quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:$PR_HEAD_SHA`
+            📦 [PR image](https://quay.io/trustyai/guardrails-detector-built-in-ci?tab=tags): `quay.io/trustyai/guardrails-detector-built-in-ci:$PR_HEAD_SHA`
+            📦 [PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA`
       - name: Trivy scan
         uses: aquasecurity/[email protected]
</code_context>

<issue_to_address>
Clarify the label for the new PR image to distinguish it from others.

Specify a unique label such as 'LLM Judge PR image' for this entry to help users differentiate between the images.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
            📦 [PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA`
=======
            📦 [LLM Judge PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA`
>>>>>>> REPLACE

</suggested_fix>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[saichandrapandraju]

@sourcery-ai review

[sourcery-ai]

Hey @saichandrapandraju - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}