Skip to content
This repository has been archived by the owner on Nov 29, 2024. It is now read-only.

chore: Switch to wolfi to fix critical vulnerability #129

chore: Switch to wolfi to fix critical vulnerability

chore: Switch to wolfi to fix critical vulnerability #129

Workflow file for this run

name: CI Pipeline
on:
pull_request:
branches:
- 'main'
- 'release/[0-9]+.[0-9]+'
push:
branches:
- 'main'
- 'release/[0-9]+.[0-9]+'
tags: [ 'v[0-9]+.[0-9]+.[0-9]+' ]
jobs:
changed_files:
runs-on: ubuntu-latest
outputs:
modified: ${{ steps.changes.outputs.src }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
src:
- .github/workflows/**
- aws-lambda-scorer/**
- aws-sagemaker-hosted-scorer/**
- aws-sagemaker-hosted-scorer-cpp/**
- common/**
- config/**
- gcp-cloud-run/**
- gcp-vertex-ai-mojo-scorer/**
- gradle/**
- hive-mojo-scorer/**
- kdb-mojo-scorer/**
- local-rest-scorer/**
- sql-jdbc-scorer/**
- build.gradle
- gradlew
setup_env:
uses: ./.github/workflows/setup-environment.yml
code_quality_check:
needs:
- changed_files
- setup_env
uses: ./.github/workflows/code-quality-check.yml
secrets: inherit
with:
if: ${{ needs.setup_env.outputs.bypass_changed_files == 'true' || needs.changed_files.outputs.modified == 'true' }}
build_image:
uses: ./.github/workflows/image-build.yml
needs:
- changed_files
- setup_env
- code_quality_check
secrets: inherit
with:
component_version: ${{ needs.setup_env.outputs.component_version }}
if: ${{ needs.setup_env.outputs.bypass_changed_files == 'true' || needs.changed_files.outputs.modified == 'true' }}
# The `! failure()` condition runs when the parent jobs completed successfully or were skipped.
if: ${{ ! failure() }}
security_scan:
name: Security Scan
uses: ./.github/workflows/component-scan.yml
needs: build_image
secrets: inherit
publish_latest_from_dev_branch:
if: ${{ startsWith(github.ref, 'refs/heads/main') }}
uses: ./.github/workflows/image-publish.yml
needs:
- setup_env
- build_image
secrets: inherit
with:
gar_push_enabled: true
ecr_push_enabled: false
gar_image_name: us-docker.pkg.dev/vorvan/dev/h2oai-modelscoring-restscorer
image_tags: "${{ needs.setup_env.outputs.commit_hash }},latest"
publish_latest_from_release_branch:
if: startsWith(github.ref, 'refs/heads/release/')
uses: ./.github/workflows/image-publish.yml
needs:
- setup_env
- build_image
secrets: inherit
with:
gar_push_enabled: true
ecr_push_enabled: false
gar_image_name: us-docker.pkg.dev/vorvan/dev/h2oai-modelscoring-restscorer
image_tags: "${{ needs.setup_env.outputs.commit_hash }},latest-${{ needs.setup_env.outputs.release_base_version }}"
publish_release:
if: startsWith(github.ref, 'refs/tags/v')
uses: ./.github/workflows/image-publish.yml
needs:
- setup_env
- build_image
secrets: inherit
with:
gar_push_enabled: true
ecr_push_enabled: true
gar_image_name: us-docker.pkg.dev/vorvan/dev/h2oai-modelscoring-restscorer
ecr_image_name: 926522735405.dkr.ecr.us-east-1.amazonaws.com/h2oai-modelscoring-restscorer
image_tags: "v${{ needs.setup_env.outputs.release_version }}"
release:
needs:
- setup_env
- publish_release
name: Prepare Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate changelogs
id: changelog
uses: requarks/[email protected]
with:
token: ${{ github.token }}
tag: "v${{ needs.setup_env.outputs.release_version }}"
writeToFile: false
- name: Release action
uses: ncipollo/[email protected]
with:
allowUpdates: false
draft: false
tag: "v${{ needs.setup_env.outputs.release_version }}"
body: ${{ steps.changelog.outputs.changes }}
prerelease: false