Skip to content

fix: r vulnerabilities in designer-r image #23970

fix: r vulnerabilities in designer-r image

fix: r vulnerabilities in designer-r image #23970

name: environments-ci
on:
pull_request:
branches:
- main
pull_request_target:
branches:
- main
types:
- opened
- labeled
- synchronize
- reopened
workflow_dispatch:
inputs:
asset_dirs:
description: Asset directories
default: assets
required: true
defaults:
run:
shell: bash
jobs:
check-execution-context:
uses: Azure/azureml-assets/.github/workflows/check-execution-context.yaml@main
check-directory-file-changes:
needs: check-execution-context
if: fromJSON(needs.check-execution-context.outputs.continue)
uses: Azure/azureml-assets/.github/workflows/check-changed-files.yaml@main
with:
folder_path: "assets/**"
forked_pr_input: ${{ needs.check-execution-context.outputs.forked_pr }}
build-images:
name: Build and test images
if: needs.check-directory-file-changes.outputs.files-changed != ''
runs-on: ubuntu-latest
needs: [check-execution-context, check-directory-file-changes]
environment: Testing
permissions:
# Required to clone repo
contents: read
# Required for OIDC login to Azure
id-token: write
env:
default_asset_dirs: assets
scripts_azureml_assets_dir: scripts/azureml-assets
scripts_environment_dir: scripts/azureml-assets/azureml/assets/environment
scripts_setup_dir: scripts/setup
asset_config_filename: asset.yaml
build_logs_artifact_name: build-logs
built_dir: built-environments
steps:
- name: Clone branch
uses: Azure/azureml-assets/.github/actions/clone-repo@main
with:
forked-pr: ${{ needs.check-execution-context.outputs.forked_pr }}
fetch-depth: 2
- name: Use Python 3.10 or newer
uses: actions/setup-python@v4
with:
python-version: '>=3.10'
- name: Install dependencies
run: pip install -e $scripts_azureml_assets_dir
- name: Log in to Azure and create resources
uses: ./.github/actions/create-azure-resources
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
scripts-setup-dir: ${{ env.scripts_setup_dir }}
- name: Build and test changed images
id: build-changed-images
run: python -u $scripts_environment_dir/build.py -i "${{ github.event.inputs.asset_dirs || env.default_asset_dirs }}" -a $asset_config_filename -o '${{ runner.temp }}'/$built_dir -l '${{ runner.temp }}'/$build_logs_artifact_name -P -g $resource_group -r $container_registry -T 'python -V' -c "${{ needs.check-directory-file-changes.outputs.files-changed }}" -U 'https://github.com/aquasecurity/trivy/releases/download/v0.42.1/trivy_0.42.1_Linux-64bit.deb'
- name: Validate build logs for additional deprecated dependencies
id: validate-build-logs
run: python -u $scripts_environment_dir/validate_build_logs.py -l '${{ runner.temp }}'/$build_logs_artifact_name
- name: Upload build logs
uses: actions/upload-artifact@v3
if: always()
with:
name: ${{ env.build_logs_artifact_name }}
path: ${{ runner.temp }}/${{ env.build_logs_artifact_name }}