BAI-1503 add modelscan build to github workflow

.github/workflows/build.js.yml

@@ -63,6 +63,34 @@ jobs:
           name: bailo_frontend
           path: /tmp/bailo_frontend.tar
 
+  build_modelscan:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+
+    steps:
+      # Clone repository
+      - uses: actions/checkout@v3
+
+      # Setup BuildX
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build modelscan image
+        uses: docker/build-push-action@v3
+        with:
+          context: modelscan
+          file: lib/modelscan_api/Dockerfile
+          tags: bailo_modelscan:latest
+          cache-from: type=gha,scope=modelscan
+          cache-to: type=gha,mode=max,scope=modelscan
+          outputs: type=docker,dest=/tmp/bailo_modelscan.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp/bailo_modelscan.tar
+
   unit_testing:
     runs-on: ubuntu-latest
 
@@ -134,6 +162,11 @@ jobs:
         with:
           name: bailo_frontend
           path: /tmp
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp
 
       - name: Start minikube
         uses: medyagh/setup-minikube@master
@@ -146,6 +179,7 @@ jobs:
           eval $(minikube -p minikube docker-env)
           docker load -i /tmp/bailo_backend.tar
           docker load -i /tmp/bailo_frontend.tar
+          docker load -i /tmp/bailo_modelscan.tar
 
       # Install dependencies
       - run: npm ci
@@ -193,6 +227,8 @@ jobs:
             frontendTag: latest
             backendRepository: "bailo_backend"
             backendTag: latest
+            modelscanRepository: "bailo_modelscan"
+            modelscanTag: latest
           # Used for k8s not openshift
           ingress:
             enabled: false
@@ -287,14 +323,20 @@ jobs:
         with:
           name: bailo_frontend
           path: /tmp
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp
 
       - name: Load image
         run: |
           docker load --input /tmp/bailo_frontend.tar
           docker load --input /tmp/bailo_backend.tar
+          docker load --input /tmp/bailo_modelscan.tar
           docker image ls -a
 
-          rm -rf /tmp/bailo_frontend.tar /tmp/bailo_backend.tar
+          rm -rf /tmp/bailo_frontend.tar /tmp/bailo_backend.tar /tmp/bailo_modelscan.tar
 
       # Create logs directory
       - run: mkdir logs
@@ -407,11 +449,17 @@ jobs:
         with:
           name: bailo_frontend
           path: /tmp
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp
 
       - name: Load image
         run: |
           docker load --input /tmp/bailo_frontend.tar
           docker load --input /tmp/bailo_backend.tar
+          docker load --input /tmp/bailo_modelscan.tar
           docker image ls -a
 
       # Create logs directory

frontend/pages/docs/administration/helm/configuration.mdx

@@ -34,6 +34,8 @@ image:
   frontendTag: 'v2.1.2'
   backendRepository: '<docker registry>'
   backendTag: 'v2.1.2'
+  modelscanRepository: '<docker registry>'
+  modelscanTag: 'v1.0.0'
 ```
 
 To create these images, follow the instructions in [Building Bailo Images](../building-the-bailo-image).

frontend/pages/docs/v1/administration/getting-started/building-the-bailo-image.mdx

@@ -9,6 +9,7 @@ frontend and one for the backend.
 # Bailo uses a monorepo, so images should be built from the root directory
 $ docker build -t "bailo-backend" -f ./backend/Dockerfile .
 $ docker build -t "bailo-frontend" -f ./frontend/Dockerfile .
+$ docker build -t "bailo-modelscan" -f ./lib/modelscan_api/Dockerfile .
 ```
 
 Ensure you do not use the development Dockerfiles (called `Dockerfile.dev`) as they expect the application to be mounted

infrastructure/helm/bailo/templates/modelscan/modelscan.deployment.yaml

@@ -28,7 +28,8 @@ spec:
           - name: modelscanport
             containerPort: 3311
             protocol: TCP
-        image: {{ .Values.modelscan.image }}
+        image: "{{ .Values.image.modelscanRepository }}:{{ .Values.image.modelscanTag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
         resources:
           requests:
             memory: "100Mi"

infrastructure/helm/bailo/templates/modelscan/modelscan.service.yaml

@@ -11,7 +11,7 @@ spec:
     - port: {{ .Values.modelscan.port }}
       targetPort: {{ .Values.modelscan.port }}
       protocol: TCP
-      name: http
+      name: {{ .Values.modelscan.protocol }}
   selector:
     name: modelscan
 {{- end }}

infrastructure/helm/bailo/values.yaml

@@ -8,6 +8,8 @@ image:
   frontendTag: imageTag
   backendRepository: "backend-image-registry.location"
   backendTag: imageTag
+  modelscanRepository: "modelscan-image-registry.location"
+  modelscanTag: imageTag
   pullPolicy: IfNotPresent
 imagePullSecrets: []
 
@@ -299,7 +301,7 @@ clamav:
 
 modelscan:
   enabled: false
-  image: bailo-modelscan
+  protocol: http
   port: 3311
   accessModes:
     - ReadWriteOnce

lib/modelscan_api/bailo_modelscan_api/config.py

@@ -24,6 +24,7 @@ class Settings(BaseSettings):
     Bailo ModelScan API allows for easy programmatic interfacing with ProtectAI's ModelScan package to scan and detect potential threats within files stored in Bailo.
 
     You can upload files and view modelscan's result."""
+    # Update frontend/pages/docs/administration/helm/configuration.mdx if bumping this.
     app_version: str = "1.0.0"
     # download_dir is used if it evaluates, otherwise a temporary directory is used.
     download_dir: Optional[str] = None