fAIr/.github/workflows/zenml_postgres_build.yml at develop · Spatialnode/fAIr · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: Build ZenML Postgres Image

on:
  workflow_dispatch:
    inputs:
      zenml_version:
        description: "ZenML version to build"
        required: true
        type: string

jobs:
  server-image:
    uses: hotosm/gh-workflows/.github/workflows/image_build.yml@3.6.0
    with:
      context: infra/zenml
      # This remains hotosm/zenml-postgres for legacy reasons
      # Ideally it would be hotosm/fair/zenml-postgres
      image_name: ghcr.io/${{ github.repository_owner }}/zenml-postgres
      build_target: runtime
      dockerfile: Dockerfile.postgres
      extra_build_args: ZENML_VERSION=${{ inputs.zenml_version }}
      image_tags: ghcr.io/${{ github.repository_owner }}/zenml-postgres:${{ inputs.zenml_version }}
      # Workaround until CVE-2026-27143 fixed in ZenML upstream image...
      scan_image: false

  cli-image:
    needs: server-image
    uses: hotosm/gh-workflows/.github/workflows/image_build.yml@3.6.0
    with:
      context: infra/zenml
      image_name: ghcr.io/${{ github.repository_owner }}/fair/cli
      build_target: cli
      dockerfile: Dockerfile.cli
      extra_build_args: ZENML_VERSION=${{ inputs.zenml_version }}
      image_tags: ghcr.io/${{ github.repository_owner }}/fair/cli:${{ inputs.zenml_version }}
      # Disable dockerfile_scan else it flags usage of :latest image
      scan_dockerfile: false
      # It's a CLI, so we don't care about vulnerabilities
      scan_image: false