Build and Push - Detectors #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push - Detectors | |
| on: | |
| # Trigger on successful test completion | |
| workflow_run: | |
| workflows: | |
| - "Tier 1 - Built-in detectors unit tests" | |
| - "Tier 1 - Hugging Face Runtime unit tests" | |
| - "Tier 1 - LLM Judge unit tests" | |
| types: | |
| - completed | |
| # Direct triggers (tests will run in parallel) | |
| push: | |
| branches: | |
| - main | |
| - incubation | |
| - stable | |
| tags: | |
| - v* | |
| paths: | |
| - 'detectors/*' | |
| - '.github/workflows/*' | |
| pull_request: | |
| paths: | |
| - 'detectors/*' | |
| types: [labeled, opened, synchronize, reopened] | |
| jobs: | |
| # Ensure that tests pass before publishing a new image. | |
| build-and-push-ci: | |
| # Only run if: | |
| # 1. Running in the trustyai-explainability/guardrails-detectors repository, AND | |
| # 2. Tests completed successfully on target branches (from workflow_run trigger), OR | |
| # 3. Direct push/PR trigger (tests will run in parallel) | |
| if: | | |
| github.repository == 'trustyai-explainability/guardrails-detectors' && | |
| ((github.event_name == 'workflow_run' && | |
| github.event.workflow_run.conclusion == 'success' && | |
| contains(fromJSON('["main", "incubation", "stable"]'), github.event.workflow_run.head_branch)) || | |
| (github.event_name != 'workflow_run')) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
| GITHUB_REF_NAME: ${{ github.ref_name }} | |
| QUAY_RELEASE_REPO: ${{ vars.QUAY_RELEASE_REPO }} | |
| GITHUB_REF: ${{ github.ref }} | |
| GITHUB_HEAD_REF: ${{ github.head_ref }} | |
| steps: # Assign context variable for various action contexts (tag, main, CI) | |
| - name: Assigning CI context | |
| if: github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v') | |
| run: echo "BUILD_CONTEXT=ci" >> $GITHUB_ENV | |
| - name: Assigning tag context | |
| if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v') | |
| run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV | |
| - name: Assigning main context | |
| if: github.head_ref == '' && github.ref == 'refs/heads/main' | |
| run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV | |
| # | |
| # Run checkouts | |
| - uses: mheap/github-action-required-labels@v4 | |
| if: env.BUILD_CONTEXT == 'ci' | |
| with: | |
| mode: minimum | |
| count: 1 | |
| labels: "ok-to-test, lgtm, approved" | |
| - uses: actions/checkout@v4 | |
| if: env.BUILD_CONTEXT == 'ci' | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| persist-credentials: false | |
| - uses: actions/checkout@v4 | |
| if: env.BUILD_CONTEXT == 'main' || env.BUILD_CONTEXT == 'tag' | |
| with: | |
| persist-credentials: false | |
| # | |
| # Print variables for debugging | |
| - name: Log reference variables | |
| run: | | |
| echo "CONTEXT: $BUILD_CONTEXT" | |
| echo "GITHUB.REF: $GITHUB_REF" | |
| echo "GITHUB.HEAD_REF: $GITHUB_HEAD_REF" | |
| echo "SHA: $PR_HEAD_SHA" | |
| echo "MAIN IMAGE AT: $QUAY_RELEASE_REPO:latest" | |
| echo "CI IMAGE AT: quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:$PR_HEAD_SHA" | |
| echo "Built-In Detector CI IMAGE AT: quay.io/trustyai/guardrails-detector-built-in-ci:$PR_HEAD_SHA" | |
| echo "LLM Judge CI IMAGE AT: quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA" | |
| # Set environments depending on context | |
| - name: Set CI environment | |
| if: env.BUILD_CONTEXT == 'ci' | |
| run: | | |
| echo "TAG=$PR_HEAD_SHA" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=quay.io/trustyai/guardrails-detector-huggingface-runtime-ci" >> $GITHUB_ENV | |
| echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in-ci" >> $GITHUB_ENV | |
| echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge-ci" >> $GITHUB_ENV | |
| echo "EXPIRY_LABEL=--label quay.expires-after=7d" >> $GITHUB_ENV | |
| - name: Set main-branch environment | |
| if: env.BUILD_CONTEXT == 'main' | |
| run: | | |
| echo "TAG=latest" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=$QUAY_RELEASE_REPO" >> $GITHUB_ENV | |
| echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in" >> $GITHUB_ENV | |
| echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge" >> $GITHUB_ENV | |
| echo "EXPIRY_LABEL=" >> $GITHUB_ENV | |
| - name: Set tag environment | |
| if: env.BUILD_CONTEXT == 'tag' | |
| run: | | |
| echo "TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=$QUAY_RELEASE_REPO" >> $GITHUB_ENV | |
| echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/guardrails-detector-built-in" >> $GITHUB_ENV | |
| echo "LLM_JUDGE_IMAGE_NAME=quay.io/trustyai/guardrails-detector-llm-judge" >> $GITHUB_ENV | |
| echo "EXPIRY_LABEL=" >> $GITHUB_ENV | |
| # | |
| # Run docker commands | |
| - name: Build image | |
| run: docker build -t "$IMAGE_NAME:$TAG" $EXPIRY_LABEL -f detectors/Dockerfile.hf detectors | |
| - name: Log in to Quay | |
| env: | |
| QUAY_ROBOT_USERNAME: ${{ secrets.QUAY_ROBOT_USERNAME }} | |
| QUAY_ROBOT_SECRET: ${{ secrets.QUAY_ROBOT_SECRET }} | |
| run: docker login -u "$QUAY_ROBOT_USERNAME" -p "$QUAY_ROBOT_SECRET" quay.io | |
| - name: Push to Quay CI repo | |
| run: docker push "$IMAGE_NAME:$TAG" | |
| - name: Build built-in detector image | |
| run: docker build -t "$BUILTIN_IMAGE_NAME:$TAG" $EXPIRY_LABEL -f detectors/Dockerfile.builtIn detectors | |
| - name: Push to Quay CI repo | |
| run: docker push "$BUILTIN_IMAGE_NAME:$TAG" | |
| - name: Build LLM Judge detector image | |
| run: docker build -t "$LLM_JUDGE_IMAGE_NAME:$TAG" $EXPIRY_LABEL -f detectors/Dockerfile.judge detectors | |
| - name: Push LLM Judge image to Quay CI repo | |
| run: docker push "$LLM_JUDGE_IMAGE_NAME:$TAG" | |
| # Leave comment | |
| - uses: peter-evans/find-comment@v3 | |
| name: Find Comment | |
| if: env.BUILD_CONTEXT == 'ci' | |
| id: fc | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| comment-author: 'github-actions[bot]' | |
| body-includes: PR image build completed successfully | |
| - uses: peter-evans/create-or-update-comment@v4 | |
| if: env.BUILD_CONTEXT == 'ci' | |
| name: Generate/update success message comment | |
| with: | |
| comment-id: ${{ steps.fc.outputs.comment-id }} | |
| issue-number: ${{ github.event.pull_request.number }} | |
| edit-mode: replace | |
| body: | | |
| PR image build completed successfully! | |
| 📦 [Huggingface PR image](https://quay.io/repository/trustyai/guardrails-detector-huggingface-runtime-ci?tab=tags): `quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:$PR_HEAD_SHA` | |
| 📦 [Built-in PR image](https://quay.io/trustyai/guardrails-detector-built-in-ci?tab=tags): `quay.io/trustyai/guardrails-detector-built-in-ci:$PR_HEAD_SHA` | |
| 📦 [LLM Judge PR image](https://quay.io/trustyai/guardrails-detector-llm-judge-ci?tab=tags): `quay.io/trustyai/guardrails-detector-llm-judge-ci:$PR_HEAD_SHA` |