devops-final-project/.github/workflows/mlflow-commit.yml at main · evelonche/devops-final-project · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
name: MLflow commit pipeline
run-name: ${{ github.actor }} made a commit to MLflow files

on:
  push:
    branches: [ ftr/* ]
    paths:
      - 'requirements.txt'
      - 'mlflow.Dockerfile'
jobs:
  mlflow-build-push:
    name: "Build MLflow Docker image, check for vulneratibilities and push"
    runs-on: ubuntu-latest
    steps:
    - name: "Checkout"
      uses: actions/checkout@v4
    - name: "Set up QEMU"
      uses: docker/setup-qemu-action@v3
    - name: "Set up BuildX"
      uses: docker/setup-buildx-action@v3
    - name: "Login to Docker Hub"
      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN}}
    - name: "Build Docker image"
      run: docker build -f mlflow.Dockerfile -t mlflow:${{ github.sha }} .
    - name: "Scan with Trivy"
      run: |
        docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/root/ aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 --no-progress /
    - name: "Push to Docker Hub"
      run: |
        docker tag mlflow:${{ github.sha }} ${{ secrets.DOCKERHUB_USERNAME }}/mlflow:${{ github.sha }}
        docker tag mlflow:${{ github.sha }} ${{ secrets.DOCKERHUB_USERNAME }}/mlflow:latest
        docker push ${{ secrets.DOCKERHUB_USERNAME }}/mlflow:${{ github.sha }}
        docker push ${{ secrets.DOCKERHUB_USERNAME }}/mlflow:latest