Skip to content
[DLSPS] PR workflow

[DLSPS] PR workflow (by @hteeyeoh via push) #14

Sign in to view logs

[DLSPS] PR workflow (by @hteeyeoh via push)

[DLSPS] PR workflow (by @hteeyeoh via push) #14

Workflow file for this run

.github/workflows/dlsps-build-scans-pr-workflow.yaml at 62611ef
name: "[DLSPS] PR workflow"
run-name: "[DLSPS] PR workflow (by @${{ github.actor }} via ${{ github.event_name }})"
on:
push:
branches:
- 'main'
paths:
- 'microservices/dlstreamer-pipeline-server/**'
pull_request:
paths:
- 'microservices/dlstreamer-pipeline-server/**'
workflow_call:
permissions: {}
jobs:
build-dls-pipeline-server-image:
name: Build DLS Pipeline Server ${{ matrix.ubuntu_version }} img
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
include:
- ubuntu_version: ubuntu22
- ubuntu_version: ubuntu24
steps:
- name: Check out edge-ai-libraries repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2
with:
persist-credentials: false
path: edge-ai-libraries-repo
- name: Init submodules
run: |
cd edge-ai-libraries-repo
git submodule update --init libraries/dl-streamer/thirdparty/spdlog
- name: Log in to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set BASE_IMAGE
env:
BASE_IMAGE22: "ghcr.io/open-edge-platform/edge-ai-libraries/deb-final-img-ubuntu22:candidate1407"
BASE_IMAGE24: "ghcr.io/open-edge-platform/edge-ai-libraries/deb-final-img-ubuntu24:candidate1407"
run: |
if [ "${{ matrix.ubuntu_version }}" == "ubuntu22" ]; then
echo "BASE_IMAGE=${BASE_IMAGE22}" >> $GITHUB_ENV
elif [ "${{ matrix.ubuntu_version }}" == "ubuntu24" ]; then
echo "BASE_IMAGE=${BASE_IMAGE24}" >> $GITHUB_ENV
fi
- name: Build dls-pipeline-server-img
run: |
cd edge-ai-libraries-repo/microservices/dlstreamer-pipeline-server/docker
export DLSTREAMER_PIPELINE_SERVER_IMAGE=intel/dlstreamer-pipeline-server:3.1.0-${{ matrix.ubuntu_version }}
export DLSTREAMER_PIPELINE_SERVER_DOCKERFILE=Dockerfile
export BUILD_TARGET=dlstreamer-pipeline-server
docker compose build --no-cache --pull
- name: Build dls-pipeline-server-img-extended
run: |
cd edge-ai-libraries-repo/microservices/dlstreamer-pipeline-server/docker
export DLSTREAMER_PIPELINE_SERVER_IMAGE=intel/dlstreamer-pipeline-server:3.1.0-extended-${{ matrix.ubuntu_version }}
export DLSTREAMER_PIPELINE_SERVER_DOCKERFILE=Dockerfile
BUILD_TARGET=dlstreamer-pipeline-server-extended
docker compose build --no-cache --pull
- name: Unit Test dls-pipeline-server
if: matrix.ubuntu_version == 'ubuntu22'
run: |
cd edge-ai-libraries-repo/microservices/dlstreamer-pipeline-server/
make build
make test | tee /tmp/pytest_output.txt
exit ${PIPESTATUS[0]}
- name: Create Unit Test Summary
if: matrix.ubuntu_version == 'ubuntu22'
run: |
pytest_output=$(cat /tmp/pytest_output.txt)
summary_line=$(echo "$pytest_output" | grep -E '==+ .* in .*s ==+')
echo "### Unit Test Completed for DLSPS commit id ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
echo "### Pytest Summary" >> "$GITHUB_STEP_SUMMARY"
echo "\`\`\`" >> "$GITHUB_STEP_SUMMARY"
echo "$summary_line" >> "$GITHUB_STEP_SUMMARY"
echo "\`\`\`" >> "$GITHUB_STEP_SUMMARY"
- name: Upload unit test results to Github
if: matrix.ubuntu_version == 'ubuntu22'
uses: actions/upload-artifact@v4
with:
name: Coverage-reports
path: /tmp/htmlcov
- name: Scan Docker image with Trivy
uses: ./edge-ai-libraries-repo/.github/actions/common/trivy-image-scan
with:
image: "intel/dlstreamer-pipeline-server:3.1.0-${{ matrix.ubuntu_version }}"
severity: "CRITICAL"
# output-format: "json"
output-file: "dlsps-${{ matrix.ubuntu_version }}-trivy-image-report.txt"
- name: Scan Docker extended image with Trivy
uses: ./edge-ai-libraries-repo/.github/actions/common/trivy-image-scan
with:
image: "intel/dlstreamer-pipeline-server:3.1.0-extended-${{ matrix.ubuntu_version }}"
severity: "CRITICAL"
# output-format: "json"
output-file: "dlsps-${{ matrix.ubuntu_version }}-extended-trivy-image-report.txt"
- name: Upload Trivy report as artifact
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #4.6.2
with:
name: dlsps-${{ matrix.ubuntu_version }}-trivy-image-report
path: dlsps-${{ matrix.ubuntu_version }}*-trivy-image-report.txt
- name: Create summary
if: always()
run: |
echo "### DL Streamer Pipeline Server Docker image for ${{ matrix.ubuntu_version }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "intel/dlstreamer-pipeline-server:3.1.0-${{ matrix.ubuntu_version }}">> $GITHUB_STEP_SUMMARY
echo "intel/dlstreamer-pipeline-server:3.1.0-extended-${{ matrix.ubuntu_version }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "Built on commit id: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
- name: Clean up
if: always()
run: |
rm -rf edge-ai-libraries-repo
sudo rm -rf /tmp/htmlcov
docker rmi intel/dlstreamer-pipeline-server:3.1.0-${{ matrix.ubuntu_version }} || true
docker rmi intel/dlstreamer-pipeline-server:3.1.0-extended-${{ matrix.ubuntu_version }} || true
bandit-virus-scans:
name: Run Bandit and Virus Scan
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- ubuntu_version: ubuntu22
steps:
- name: Check out edge-ai-libraries repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2
with:
persist-credentials: false
path: edge-ai-libraries-repo
- name: Run Bandit Scan
run: |
mkdir -p reports
docker pull ghcr.io/pycqa/bandit/bandit
echo "### Bandit Scan Results" >> $GITHUB_STEP_SUMMARY
docker run --rm -v "${{ github.workspace }}:/src" ghcr.io/pycqa/bandit/bandit -r /src/edge-ai-libraries-repo/microservices/dlstreamer-pipeline-server -f txt -o /src/reports/bandit-report.txt || true >> $GITHUB_STEP_SUMMARY
echo "Please find full report in bandit-report.txt" >> $GITHUB_STEP_SUMMARY
- name: Run Virus Scan
run: |
mkdir -p reports
docker pull clamav/clamav
echo "### Virus Scan Results" >> $GITHUB_STEP_SUMMARY
docker run --rm -v "${{ github.workspace }}:/src" clamav/clamav clamscan -r /src/edge-ai-libraries/microservices/dlstreamer-pipeline-server/ > ./reports/clamav-report.txt || true
echo "Please find full report in clamav-report.txt" >> $GITHUB_STEP_SUMMARY
- name: Upload Scan Reports
uses: actions/upload-artifact@v4
with:
name: bandit-virus-reports
path: reports/
- name: Clean up
if: always()
run: |
rm -rf edge-ai-libraries-repo
if [ -n "$(docker images -aq)" ]; then
docker rmi -f $(docker images -aq) || true
fi
filter-docker-related-changes:
permissions:
contents: read
name: Detect changes in docker directory
runs-on: ubuntu-latest
outputs:
docker_changed: ${{ steps.check.outputs.docker_changed }}
steps:
- name: Check out edge-ai-libraries repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2
with:
persist-credentials: false
fetch-depth: 0
- name: Fetch main branch for comparison
run: git fetch origin main
- id: check
name: Detect changes in docker directory
run: |
echo "🔍 Checking for changes in 'microservices/dlstreamer-pipeline-server/docker'..."
CHANGED_FILES=$(git diff --name-only origin/main HEAD)
echo "📄 Changed files:"
echo "$CHANGED_FILES"
if echo "$CHANGED_FILES" | grep -q '^microservices/dlstreamer-pipeline-server/docker'; then
echo "docker_changed=true" >> "$GITHUB_OUTPUT"
echo "🟡 Docker-related changes detected."
else
echo "docker_changed=false" >> "$GITHUB_OUTPUT"
echo "✅ No docker-related changes."
fi
trivy-config-scan:
permissions:
contents: read
needs: [filter-docker-related-changes]
if: needs.filter-docker-related-changes.outputs.docker_changed == 'true'
name: Scan dlsps docker file
strategy:
fail-fast: false
uses: ./.github/workflows/trivy-config-mode.yaml
with:
dockerfile-path: microservices/dlstreamer-pipeline-server/
trivy-report-format: 'json'
severity-levels: 'HIGH,CRITICAL'
output-report-path: reports/dlsps_trivy_report.json
name: dlsps_trivy_report