236 langchain mcp export #71
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow for validating container image builds | |
| name: Validate Container Images | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| paths: | |
| - "src/**" | |
| - ".github/workflows/image_smoke.yml" | |
| # Allows running this workflow manually | |
| workflow_dispatch: | |
| jobs: | |
| image-build-test: | |
| if: github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| # Block merging if the job fails | |
| permissions: | |
| pull-requests: write | |
| strategy: | |
| matrix: | |
| build: | |
| - name: aio | |
| dockerfile: Dockerfile | |
| context: src | |
| - name: client | |
| dockerfile: client/Dockerfile | |
| context: src | |
| - name: server | |
| dockerfile: server/Dockerfile | |
| context: src | |
| name: ${{ matrix.build.name }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Restore Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ matrix.build.name }}-${{ github.ref_name }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx-${{ matrix.build.name }}- | |
| ${{ runner.os }}-buildx- | |
| - name: Create Buildx builder | |
| run: docker buildx create --use --name mybuilder || docker buildx use mybuilder | |
| - name: Build Container Image with Cache | |
| run: | | |
| if [ "${{ matrix.build.name }}" = "aio" ]; then | |
| docker buildx build \ | |
| --cache-from=type=local,src=/tmp/.buildx-cache \ | |
| --cache-to=type=local,dest=/tmp/.buildx-cache-new \ | |
| --file ${{ matrix.build.context }}/${{ matrix.build.dockerfile }} \ | |
| --tag ${{ matrix.build.name }}:${{ github.sha }} \ | |
| --load \ | |
| ${{ matrix.build.context }} | |
| else | |
| docker buildx build \ | |
| --cache-from=type=local,src=/tmp/.buildx-cache \ | |
| --cache-to=type=local,dest=/tmp/.buildx-cache-new \ | |
| --file ${{ matrix.build.context }}/${{ matrix.build.dockerfile }} \ | |
| --output=type=cacheonly \ | |
| ${{ matrix.build.context }} | |
| fi | |
| - name: Move Cache for Reuse | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Save Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ matrix.build.name }}-${{ github.ref_name }} | |
| - name: Scan with Trivy | |
| if: matrix.build.name == 'aio' | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: image | |
| image-ref: "aio:${{ github.sha }}" | |
| severity: HIGH,CRITICAL | |
| format: json | |
| output: trivy-report.json | |
| cache: true | |
| ignore-unfixed: true | |
| exit-code: 1 | |
| - name: Upload Trivy Report on Failure | |
| if: failure() && matrix.build.name == 'aio' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: trivy-report-${{ matrix.build.name }} | |
| path: trivy-report.json |