From 137a75671af384155714ad78b4047cf3c1427ad1 Mon Sep 17 00:00:00 2001
From: PE39806 <185931318+PE39806@users.noreply.github.com>
Date: Thu, 28 Nov 2024 15:16:32 +0000
Subject: [PATCH] BAI-1503 add modelscan build to github workflow

---
 .github/workflows/build.js.yml                | 50 ++++++++++++++++++-
 .../administration/helm/configuration.mdx     |  2 +
 .../building-the-bailo-image.mdx              |  1 +
 .../modelscan/modelscan.deployment.yaml       |  3 +-
 .../modelscan/modelscan.service.yaml          |  2 +-
 infrastructure/helm/bailo/values.yaml         |  4 +-
 .../bailo_modelscan_api/config.py             |  1 +
 7 files changed, 59 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.js.yml b/.github/workflows/build.js.yml
index ed0053156..61da19230 100644
--- a/.github/workflows/build.js.yml
+++ b/.github/workflows/build.js.yml
@@ -63,6 +63,34 @@ jobs:
           name: bailo_frontend
           path: /tmp/bailo_frontend.tar
 
+  build_modelscan:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+
+    steps:
+      # Clone repository
+      - uses: actions/checkout@v3
+
+      # Setup BuildX
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build modelscan image
+        uses: docker/build-push-action@v3
+        with:
+          context: modelscan
+          file: lib/modelscan_api/Dockerfile
+          tags: bailo_modelscan:latest
+          cache-from: type=gha,scope=modelscan
+          cache-to: type=gha,mode=max,scope=modelscan
+          outputs: type=docker,dest=/tmp/bailo_modelscan.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp/bailo_modelscan.tar
+
   unit_testing:
     runs-on: ubuntu-latest
 
@@ -134,6 +162,11 @@ jobs:
         with:
           name: bailo_frontend
           path: /tmp
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp
 
       - name: Start minikube
         uses: medyagh/setup-minikube@master
@@ -146,6 +179,7 @@ jobs:
           eval $(minikube -p minikube docker-env)
           docker load -i /tmp/bailo_backend.tar
           docker load -i /tmp/bailo_frontend.tar
+          docker load -i /tmp/bailo_modelscan.tar
 
       # Install dependencies
       - run: npm ci
@@ -193,6 +227,8 @@ jobs:
             frontendTag: latest
             backendRepository: "bailo_backend"
             backendTag: latest
+            modelscanRepository: "bailo_modelscan"
+            modelscanTag: latest
           # Used for k8s not openshift
           ingress:
             enabled: false
@@ -287,14 +323,20 @@ jobs:
         with:
           name: bailo_frontend
           path: /tmp
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp
 
       - name: Load image
         run: |
           docker load --input /tmp/bailo_frontend.tar
           docker load --input /tmp/bailo_backend.tar
+          docker load --input /tmp/bailo_modelscan.tar
           docker image ls -a
 
-          rm -rf /tmp/bailo_frontend.tar /tmp/bailo_backend.tar
+          rm -rf /tmp/bailo_frontend.tar /tmp/bailo_backend.tar /tmp/bailo_modelscan.tar
 
       # Create logs directory
       - run: mkdir logs
@@ -407,11 +449,17 @@ jobs:
         with:
           name: bailo_frontend
           path: /tmp
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bailo_modelscan
+          path: /tmp
 
       - name: Load image
         run: |
           docker load --input /tmp/bailo_frontend.tar
           docker load --input /tmp/bailo_backend.tar
+          docker load --input /tmp/bailo_modelscan.tar
           docker image ls -a
 
       # Create logs directory
diff --git a/frontend/pages/docs/administration/helm/configuration.mdx b/frontend/pages/docs/administration/helm/configuration.mdx
index 2c24f7ff0..f4becc52b 100644
--- a/frontend/pages/docs/administration/helm/configuration.mdx
+++ b/frontend/pages/docs/administration/helm/configuration.mdx
@@ -34,6 +34,8 @@ image:
   frontendTag: 'v2.1.2'
   backendRepository: '<docker registry>'
   backendTag: 'v2.1.2'
+  modelscanRepository: '<docker registry>'
+  modelscanTag: 'v1.0.0'
 ```
 
 To create these images, follow the instructions in [Building Bailo Images](../building-the-bailo-image).
diff --git a/frontend/pages/docs/v1/administration/getting-started/building-the-bailo-image.mdx b/frontend/pages/docs/v1/administration/getting-started/building-the-bailo-image.mdx
index 63d60b677..23e4a470d 100644
--- a/frontend/pages/docs/v1/administration/getting-started/building-the-bailo-image.mdx
+++ b/frontend/pages/docs/v1/administration/getting-started/building-the-bailo-image.mdx
@@ -9,6 +9,7 @@ frontend and one for the backend.
 # Bailo uses a monorepo, so images should be built from the root directory
 $ docker build -t "bailo-backend" -f ./backend/Dockerfile .
 $ docker build -t "bailo-frontend" -f ./frontend/Dockerfile .
+$ docker build -t "bailo-modelscan" -f ./lib/modelscan_api/Dockerfile .
 ```
 
 Ensure you do not use the development Dockerfiles (called `Dockerfile.dev`) as they expect the application to be mounted
diff --git a/infrastructure/helm/bailo/templates/modelscan/modelscan.deployment.yaml b/infrastructure/helm/bailo/templates/modelscan/modelscan.deployment.yaml
index afe3e2c33..6f44a5335 100644
--- a/infrastructure/helm/bailo/templates/modelscan/modelscan.deployment.yaml
+++ b/infrastructure/helm/bailo/templates/modelscan/modelscan.deployment.yaml
@@ -28,7 +28,8 @@ spec:
           - name: modelscanport
             containerPort: 3311
             protocol: TCP
-        image: {{ .Values.modelscan.image }}
+        image: "{{ .Values.image.modelscanRepository }}:{{ .Values.image.modelscanTag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
         resources:
           requests:
             memory: "100Mi"
diff --git a/infrastructure/helm/bailo/templates/modelscan/modelscan.service.yaml b/infrastructure/helm/bailo/templates/modelscan/modelscan.service.yaml
index b1e1b3cfd..10efebb44 100644
--- a/infrastructure/helm/bailo/templates/modelscan/modelscan.service.yaml
+++ b/infrastructure/helm/bailo/templates/modelscan/modelscan.service.yaml
@@ -11,7 +11,7 @@ spec:
     - port: {{ .Values.modelscan.port }}
       targetPort: {{ .Values.modelscan.port }}
       protocol: TCP
-      name: http
+      name: {{ .Values.modelscan.protocol }}
   selector:
     name: modelscan
 {{- end }}
diff --git a/infrastructure/helm/bailo/values.yaml b/infrastructure/helm/bailo/values.yaml
index 2b5adf80f..a652fa553 100644
--- a/infrastructure/helm/bailo/values.yaml
+++ b/infrastructure/helm/bailo/values.yaml
@@ -8,6 +8,8 @@ image:
   frontendTag: imageTag
   backendRepository: "backend-image-registry.location"
   backendTag: imageTag
+  modelscanRepository: "modelscan-image-registry.location"
+  modelscanTag: imageTag
   pullPolicy: IfNotPresent
 imagePullSecrets: []
 
@@ -299,7 +301,7 @@ clamav:
 
 modelscan:
   enabled: false
-  image: bailo-modelscan
+  protocol: http
   port: 3311
   accessModes:
     - ReadWriteOnce
diff --git a/lib/modelscan_api/bailo_modelscan_api/config.py b/lib/modelscan_api/bailo_modelscan_api/config.py
index ee1d75e6b..b6f6435e6 100644
--- a/lib/modelscan_api/bailo_modelscan_api/config.py
+++ b/lib/modelscan_api/bailo_modelscan_api/config.py
@@ -24,6 +24,7 @@ class Settings(BaseSettings):
     Bailo ModelScan API allows for easy programmatic interfacing with ProtectAI's ModelScan package to scan and detect potential threats within files stored in Bailo.
 
     You can upload files and view modelscan's result."""
+    # Update frontend/pages/docs/administration/helm/configuration.mdx if bumping this.
     app_version: str = "1.0.0"
     # download_dir is used if it evaluates, otherwise a temporary directory is used.
     download_dir: Optional[str] = None