build(deps): bump lodash-es from 4.17.21 to 4.17.23 in /clients/ui/fr… #277
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push UI Standalone Image | |
| # this workflow builds an image to support local testing | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| tags: | |
| - 'v*' | |
| paths: | |
| - 'clients/ui/**' | |
| - '!LICENSE*' | |
| - '!DOCKERFILE*' | |
| - '!**.gitignore' | |
| - '!**.md' | |
| - '!**.txt' | |
| permissions: # set contents: read at top-level, per OpenSSF ScoreCard rule TokenPermissionsID | |
| contents: read | |
| env: | |
| IMG_REGISTRY: ghcr.io | |
| IMG_ORG: kubeflow | |
| IMG_UI_REPO: model-registry/ui-standalone # this image is intended for local development, not production | |
| DOCKER_USER: ${{ github.actor }} | |
| DOCKER_PWD: ${{ secrets.GITHUB_TOKEN }} | |
| PLATFORMS: linux/arm64,linux/amd64 | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read # anchore/sbom-action for syft | |
| contents: write # anchore/sbom-action for syft | |
| packages: write | |
| id-token: write # cosign | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.IMG_REGISTRY }} | |
| username: ${{ env.DOCKER_USER }} | |
| password: ${{ env.DOCKER_PWD }} | |
| - name: Set main-branch environment | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| commit_sha=${{ github.sha }} | |
| tag=main-${commit_sha:0:7} | |
| echo "VERSION=${tag}" >> $GITHUB_ENV | |
| - name: Set tag environment | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_UI_REPO }}" | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| type=raw,value=${{ env.VERSION }},enable=${{ env.VERSION != '' }} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and push Docker image | |
| id: build-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./clients/ui | |
| file: ./clients/ui/Dockerfile.standalone | |
| platforms: ${{ env.PLATFORMS }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| DEPLOYMENT_MODE=standalone | |
| STYLE_THEME=mui-theme | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: mode=max | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Sign image with cosign | |
| run: | | |
| cosign sign --yes "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_UI_REPO }}@${{ steps.build-push.outputs.digest }}" | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_UI_REPO }}@${{ steps.build-push.outputs.digest }}" | |
| format: spdx-json # default, but making sure of the format | |
| artifact-name: "ui-standalone-${{ env.VERSION }}-sbom.spdx.json" | |
| output-file: "ui-standalone-${{ env.VERSION }}-sbom.spdx.json" # pin the file to use it later below | |
| - name: Attest SBOM to image | |
| run: | | |
| cosign attest --yes --predicate ui-standalone-${{ env.VERSION }}-sbom.spdx.json --type spdxjson "${{ env.IMG_REGISTRY }}/${{ env.IMG_ORG }}/${{ env.IMG_UI_REPO }}@${{ steps.build-push.outputs.digest }}" |