Skip to content

Fixes CVE-2024-7254 #195

Fixes CVE-2024-7254

Fixes CVE-2024-7254 #195

Workflow file for this run

name: Build
on:
workflow_dispatch:
schedule:
- cron: '0 8 * * 1,4' # midnight US/Pacific on Sundays and Wednesdays
pull_request:
branches:
- main
- "release-[0-9].[0-9]+"
paths-ignore:
- "**.md"
push:
branches:
- main
- "release-[0-9].[0-9]+"
tags:
- "v*"
paths-ignore:
- "**.md"
env:
IMAGE_NAME: "kserve/modelmesh"
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Java 17
uses: actions/[email protected]
with:
java-version: '17'
distribution: 'temurin'
- name: Install etcd
run: sudo ./.github/install-etcd.sh
- name: Build and Test with Maven
run: mvn -B package --file pom.xml
build:
needs: test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: github.event_name == 'push'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Export docker build args
run: |
GIT_COMMIT=$(git rev-parse HEAD)
BUILD_ID=$(date '+%Y%m%d')-$(git rev-parse HEAD | cut -c -5)
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Generate PR tag from github.ref == "refs/pull/123/merge"
[ "$VERSION" == "merge" ] && VERSION=$(echo "${{ github.ref }}" | sed -e 's,refs/pull/\(.*\)/merge,pr-\1,')
# Use Docker `latest` tag convention
[ "$VERSION" == "main" ] && VERSION=latest
echo "GIT_COMMIT=$GIT_COMMIT" >> $GITHUB_ENV
echo "BUILD_ID=$BUILD_ID" >> $GITHUB_ENV
echo "VERSION=$VERSION" >> $GITHUB_ENV
# print env vars for debugging
cat "$GITHUB_ENV"
- name: Build and push runtime image
uses: docker/build-push-action@v4
with:
platforms: linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x
target: runtime
push: ${{ github.event_name == 'push' }}
tags: ${{ env.IMAGE_NAME }}:${{ env.VERSION }}
build-args: |
imageVersion=${{ env.VERSION }}
buildId=${{ env.BUILD_ID }}
commitSha=${{ env.GIT_COMMIT }}
cache-from: type=gha
cache-to: type=gha,mode=max