Skip to content

fix(CVE-2024-45338): Update golang.org/x/net to 0.33.0 #1121

fix(CVE-2024-45338): Update golang.org/x/net to 0.33.0

fix(CVE-2024-45338): Update golang.org/x/net to 0.33.0 #1121

Workflow file for this run

name: Build and Push
on:
push:
branches:
- main
tags:
- v*
paths-ignore:
- 'LICENSE'
- '**/.gitignore'
- '**.md'
- '**.adoc'
- '*.txt'
pull_request_target:
paths-ignore:
- 'LICENSE'
- '**/.gitignore'
- '**.md'
- '**.adoc'
- '*.txt'
types: [labeled, opened, synchronize, reopened]
jobs:
# Ensure that tests pass before publishing a new image.
build-and-push-ci:
runs-on: ubuntu-latest
steps: # Assign context variable for various action contexts (tag, main, CI)
- name: Assigning CI context
if: github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v')
run: echo "BUILD_CONTEXT=ci" >> $GITHUB_ENV
- name: Assigning tag context
if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v')
run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV
- name: Assigning main context
if: github.head_ref == '' && github.ref == 'refs/heads/main'
run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV
#
# Run checkouts
- uses: mheap/github-action-required-labels@v4
if: env.BUILD_CONTEXT == 'ci'
with:
mode: minimum
count: 1
labels: "ok-to-test, lgtm, approved"
- uses: actions/checkout@v3
if: env.BUILD_CONTEXT == 'ci'
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/checkout@v3
if: env.BUILD_CONTEXT == 'main' || env.BUILD_CONTEXT == 'tag'
#
# Print variables for debugging
- name: Log reference variables
run: |
echo "CONTEXT: ${{ env.BUILD_CONTEXT }}"
echo "GITHUB.REF: ${{ github.ref }}"
echo "GITHUB.HEAD_REF: ${{ github.head_ref }}"
echo "SHA: ${{ github.event.pull_request.head.sha }}"
echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest"
echo "LMES DRIVER IMAGE AT: ${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}:latest"
echo "LMES JOB IMAGE AT: ${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}:latest"
echo "CI IMAGE AT: quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}"
#
# Set environments depending on context
- name: Set CI environment
if: env.BUILD_CONTEXT == 'ci'
run: |
echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
echo "IMAGE_NAME=quay.io/trustyai/trustyai-service-operator-ci" >> $GITHUB_ENV
echo "DRIVER_IMAGE_NAME=quay.io/trustyai/ta-lmes-driver-ci" >> $GITHUB_ENV
echo "JOB_IMAGE_NAME=quay.io/trustyai/ta-lmes-job-ci" >> $GITHUB_ENV
- name: Set main-branch environment
if: env.BUILD_CONTEXT == 'main'
run: |
echo "TAG=latest" >> $GITHUB_ENV
echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
echo "DRIVER_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}" >> $GITHUB_ENV
echo "JOB_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}" >> $GITHUB_ENV
- name: Set tag environment
if: env.BUILD_CONTEXT == 'tag'
run: |
echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
echo "DRIVER_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}" >> $GITHUB_ENV
echo "JOB_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}" >> $GITHUB_ENV
# Run docker commands
- name: Put expiry date on CI-tagged image
if: env.BUILD_CONTEXT == 'ci'
run: sed -i 's#summary="odh-trustyai-service-operator\"#summary="odh-trustyai-service-operator" \\ \n quay.expires-after=7d#' Dockerfile
- name: Log in to Quay
run: docker login -u ${{ secrets.QUAY_ROBOT_USERNAME }} -p ${{ secrets.QUAY_ROBOT_SECRET }} quay.io
- name: Build main image
run: docker build -t ${{ env.IMAGE_NAME }}:$TAG .
- name: Push main image to Quay
run: docker push ${{ env.IMAGE_NAME }}:$TAG
- name: Build LMES driver image
run: docker build -f Dockerfile.driver -t ${{ env.DRIVER_IMAGE_NAME }}:$TAG .
- name: Push LMES driver image to Quay
run: docker push ${{ env.DRIVER_IMAGE_NAME }}:$TAG
- name: Build LMES job image
run: docker build -f Dockerfile.lmes-job -t ${{ env.JOB_IMAGE_NAME }}:$TAG .
- name: Push LMES job image to Quay
run: docker push ${{ env.JOB_IMAGE_NAME }}:$TAG
# Create CI Manifests
- name: Set up manifests for CI
if: env.BUILD_CONTEXT == 'ci'
run: |
sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/base/params.env
sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/overlays/odh/params.env
sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/overlays/rhoai/params.env
rm -Rf $(ls . | grep -v config)
rm -Rf .gitignore .dockerignore .github .git .yamllint.yaml
# pysh to ci-manifest repo
- uses: cpina/github-action-push-to-another-repository@main
if: env.BUILD_CONTEXT == 'ci'
env:
SSH_DEPLOY_KEY: ${{ secrets.TRUSTYAI_CI_BOT_SSH_KEY}}
with:
source-directory: '.'
destination-github-username: 'trustyai-ci-bot'
destination-repository-username: 'trustyai-explainability'
destination-repository-name: 'trustyai-service-operator-ci'
target-branch: operator-${{ env.TAG }}
create-target-branch-if-needed: 'true'
# Leave comment
- uses: peter-evans/find-comment@v3
name: Find Comment
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: PR image build and manifest generation completed successfully
- uses: peter-evans/create-or-update-comment@v4
name: Generate/update success message comment
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
PR image build and manifest generation completed successfully!
📦 [PR image](https://quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}`
📦 [LMES driver image](https://quay.io/trustyai/ta-lmes-driver:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-lmes-driver:${{ github.event.pull_request.head.sha }}`
📦 [LMES job image](https://quay.io/trustyai/ta-lmes-job:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-lmes-job:${{ github.event.pull_request.head.sha }}`
🗂️ [CI manifests](https://github.com/trustyai-explainability/trustyai-service-operator-ci/tree/operator-${{ env.TAG }})
```
devFlags:
manifests:
- contextDir: config
sourcePath: ''
uri: https://api.github.com/repos/trustyai-explainability/trustyai-service-operator-ci/tarball/operator-${{ env.TAG }}
```