diff --git a/.github/workflows/monkeyplug-build-push-vosk-ghcr.yml b/.github/workflows/monkeyplug-build-push-vosk-ghcr.yml index bc7180d..1da1caf 100644 --- a/.github/workflows/monkeyplug-build-push-vosk-ghcr.yml +++ b/.github/workflows/monkeyplug-build-push-vosk-ghcr.yml @@ -63,15 +63,14 @@ jobs: - name: Set up QEMU id: setup-qemu - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - - name: Log in to registry - id: registry-login - uses: redhat-actions/podman-login@v1 + name: Set up Docker Buildx + id: setup-docker-buildx + uses: docker/setup-buildx-action@v3 with: - registry: ${{ env.REGISTRY }} - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + driver-opts: | + image=moby/buildkit:master - name: Extract tag name shell: bash @@ -93,43 +92,24 @@ jobs: /usr/local/share/boost \ "$AGENT_TOOLSDIRECTORY" || true - - name: Build (VOSK) - id: build-vosk-image - uses: redhat-actions/buildah-build@v2 + name: ghcr.io login + id: ghcr-io-login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Build and push Monkeyplug (VOSK) image + id: build-and-push + uses: docker/build-push-action@v5 with: - image: ${{ env.IMAGE_NAME }} - tags: vosk-${{ steps.extract_tag.outputs.tag }} + context: ./malcolm-iso + push: true + tags: ${{ env.IMAGE_NAME }}:vosk-${{ steps.extract_tag.outputs.tag }} context: ${{ env.REPO_CONTEXT }} - containerfiles: ${{ env.REPO_CONTAINERFILE }} - archs: ${{ env.IMAGE_ARCH }} + file: ${{ env.REPO_CONTAINERFILE }} + platforms: ${{ env.IMAGE_ARCH }} target: vosk build-args: | VOSK_MODEL_URL=${{ steps.extract_url.outputs.url }} - - - name: Run Trivy vulnerability scanner (VOSK) - id: trivy-scan - uses: aquasecurity/trivy-action@master - with: - scan-type: 'image' - image-ref: ${{ steps.build-vosk-image.outputs.image }}:${{ steps.build-vosk-image.outputs.tags }} - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - vuln-type: 'os,library' - hide-progress: true - ignore-unfixed: true - exit-code: '0' - - - name: Upload Trivy scan results to GitHub Security tab (VOSK) - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' - - - name: Push (VOSK) - id: push-vosk-image - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-vosk-image.outputs.image }} - tags: ${{ steps.build-vosk-image.outputs.tags }} - registry: ${{ env.REGISTRY }} diff --git a/.github/workflows/monkeyplug-build-push-whisper-ghcr.yml b/.github/workflows/monkeyplug-build-push-whisper-ghcr.yml index 4fb1910..2912657 100644 --- a/.github/workflows/monkeyplug-build-push-whisper-ghcr.yml +++ b/.github/workflows/monkeyplug-build-push-whisper-ghcr.yml @@ -63,15 +63,14 @@ jobs: - name: Set up QEMU id: setup-qemu - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - - name: Log in to registry - id: registry-login - uses: redhat-actions/podman-login@v1 + name: Set up Docker Buildx + id: setup-docker-buildx + uses: docker/setup-buildx-action@v3 with: - registry: ${{ env.REGISTRY }} - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + driver-opts: | + image=moby/buildkit:master - name: Free up space shell: bash @@ -83,43 +82,24 @@ jobs: /usr/local/share/boost \ "$AGENT_TOOLSDIRECTORY" || true - - name: Build (Whisper) - id: build-whisper-image - uses: redhat-actions/buildah-build@v2 + name: ghcr.io login + id: ghcr-io-login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Build and push Monkeyplug (Whisper) image + id: build-and-push + uses: docker/build-push-action@v5 with: - image: ${{ env.IMAGE_NAME }} - tags: whisper-${{ matrix.value }} + context: ./malcolm-iso + push: true + tags: ${{ env.IMAGE_NAME }}:whisper-${{ matrix.value }} context: ${{ env.REPO_CONTEXT }} - containerfiles: ${{ env.REPO_CONTAINERFILE }} - archs: ${{ env.IMAGE_ARCH }} + file: ${{ env.REPO_CONTAINERFILE }} + platforms: ${{ env.IMAGE_ARCH }} target: whisper build-args: | - WHISPER_MODEL_NAME=${{ matrix.value }} - - - name: Run Trivy vulnerability scanner (Whisper) - id: trivy-scan - uses: aquasecurity/trivy-action@master - with: - scan-type: 'image' - image-ref: ${{ steps.build-whisper-image.outputs.image }}:${{ steps.build-whisper-image.outputs.tags }} - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - vuln-type: 'os,library' - hide-progress: true - ignore-unfixed: true - exit-code: '0' - - - name: Upload Trivy scan results to GitHub Security tab (Whisper) - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' - - - name: Push (Whisper) - id: push-whisper-image - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-whisper-image.outputs.image }} - tags: ${{ steps.build-whisper-image.outputs.tags }} - registry: ${{ env.REGISTRY }} + WHISPER_MODEL_NAME=${{ matrix.value }} \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index d0e0696..94a6476 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -70,4 +70,4 @@ RUN python3 -m pip install --no-cache openai-whisper && \ cd "$WHISPER_MODEL_DIR" && \ echo "Downloading Whisper model \"$WHISPER_MODEL_NAME\"..." && \ curl -fsSL -o ./"$WHISPER_MODEL_NAME" "$(curl -fsSL https://raw.githubusercontent.com/openai/whisper/main/whisper/__init__.py | grep -P "\"$WHISPER_MODEL_NAME\"\s*:\s*\"https://" | cut -d: -f2- | sed 's/^[[:space:]]*"//' | sed 's/",*$//')" && \ - echo "Finished" \ No newline at end of file + echo "Finished"