Add BoM collect workflow and image publish workflow (opea-project#600)

Signed-off-by: chensuyue <suyue.chen@intel.com>

Author: chensuyue

.github/workflows/_example-workflow.yml

@@ -32,14 +32,6 @@ on:
         default: false
         required: false
         type: boolean
-      publish:
-        default: false
-        required: false
-        type: boolean
-      publish_tags:
-        default: "latest"
-        required: false
-        type: string
       GenAIComps_branch:
         default: "main"
         required: false
@@ -83,7 +75,7 @@ jobs:
 ####################################################################################################
 # Trivy Scan
 ####################################################################################################
-  image-list:
+  get-image-list:
     needs: [build-images]
     if: ${{ fromJSON(inputs.scan) && inputs.node == 'gaudi' }}
     runs-on: ubuntu-latest
@@ -97,16 +89,16 @@ jobs:
         id: scan-matrix
         run: |
           pip install yq
-          compose_path=${{ github.workspace }}/.github/workflows/docker/compose/${{ inputs.example }}-compose.yaml
+          compose_path=${{ github.workspace }}/${{ inputs.example }}/docker/docker_build_compose.yaml
           echo "matrix=$(cat ${compose_path} | yq -r '.[]' | jq 'keys' | jq -c '.')" >> $GITHUB_OUTPUT
 
   scan-images:
-    needs: [image-list, build-images]
+    needs: [get-image-list, build-images]
     if: ${{ fromJSON(inputs.scan) && inputs.node == 'gaudi'}}
     runs-on: "docker-build-${{ inputs.node }}"
     strategy:
       matrix:
-        image: ${{ fromJSON(needs.image-list.outputs.matrix) }}
+        image: ${{ fromJSON(needs.get-image-list.outputs.matrix) }}
       fail-fast: false
     steps:
       - name: Pull Image
@@ -118,16 +110,16 @@ jobs:
         uses: opea-project/validation/actions/trivy-scan@main
         with:
           image-ref: ${{ env.OPEA_IMAGE_REPO }}opea/${{ matrix.image }}:${{ inputs.tag }}
-          output: ${{ inputs.example }}-${{ matrix.image }}-scan.txt
+          output: ${{ matrix.image }}-scan.txt
 
       - name: Cleanup
         if: always()
         run: docker rmi -f ${OPEA_IMAGE_REPO}opea/${{ matrix.image }}:${{ inputs.tag }}
 
       - uses: actions/upload-artifact@v4.3.4
         with:
-          name: ${{ inputs.example }}-${{ matrix.image }}-scan
-          path: ${{ inputs.example }}-${{ matrix.image }}-scan.txt
+          name: ${{ matrix.image }}-scan
+          path: ${{ matrix.image }}-scan.txt
           overwrite: true
 
 ####################################################################################################
@@ -156,22 +148,3 @@ jobs:
       hardware: ${{ inputs.node }}
       tag: ${{ inputs.tag }}
     secrets: inherit
-
-
-####################################################################################################
-# Publish
-####################################################################################################
-  publish:
-    needs: [image-list, build-images, scan-images, test-example-compose]
-    if: ${{ fromJSON(inputs.publish) && inputs.node == 'gaudi' }}
-    strategy:
-      matrix:
-        image: ${{ fromJSON(needs.image-list.outputs.matrix) }}
-    runs-on: "docker-build-gaudi"
-    steps:
-      - name: Image Publish
-        uses: opea-project/validation/actions/image-publish@main
-        with:
-          local_image_ref: ${OPEA_IMAGE_REPO}opea/${{ matrix.image }}:${{ inputs.tag }}
-          image_name: opea/${{ matrix.image }}
-          publish_tags: ${{ inputs.publish_tags }}

.github/workflows/manual-bom-scan.yml

@@ -0,0 +1,74 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: Examples docker images BoM scan
+on:
+  workflow_dispatch:
+    inputs:
+      node:
+        default: "gaudi"
+        description: "Hardware to run test"
+        required: true
+        type: string
+      examples:
+        default: "ChatQnA"
+        description: 'List of examples to test [AudioQnA,ChatQnA,CodeGen,CodeTrans,DocSum,FaqGen,SearchQnA,Translation]'
+        required: true
+        type: string
+      tag:
+        default: "latest"
+        description: "Tag to apply to images"
+        required: true
+        type: string
+
+permissions: read-all
+jobs:
+  get-image-list:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.scan-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout out Repo
+        uses: actions/checkout@v4
+
+      - name: Set Matrix
+        id: scan-matrix
+        run: |
+          pip install yq
+          examples=($(echo ${{ inputs.examples }} | tr ',' ' '))
+          image_list=[]
+          for example in ${examples[@]}
+          do
+              images=$(cat ${{ github.workspace }}/${example}/docker/docker_build_compose.yaml | yq -r '.[]' | jq 'keys' | jq -c '.')
+              image_list=$(echo ${image_list} | jq -s '.[0] + .[1] | unique' - <(echo ${images}))
+          done
+          echo "matrix=$(echo ${image_list} | jq -c '.')" >> $GITHUB_OUTPUT
+
+  scan-license:
+    needs: get-image-list
+    runs-on: "docker-build-${{ inputs.node }}"
+    strategy:
+      matrix:
+        image: ${{ fromJson(needs.get-image-list.outputs.matrix) }}
+      fail-fast: false
+    steps:
+      - name: Pull Image
+        run: |
+          docker pull ${OPEA_IMAGE_REPO}opea/${{ matrix.image }}:${{ inputs.tag }}
+          echo "OPEA_IMAGE_REPO=${OPEA_IMAGE_REPO}" >> $GITHUB_ENV
+
+      - name: Scan Container
+        uses: opea-project/validation/actions/license-scan@main # TODO
+        with:
+          image-ref: ${{ env.OPEA_IMAGE_REPO }}opea/${{ matrix.image }}:${{ inputs.tag }}
+          output: ${{ matrix.image }}-scan.txt
+
+      - name: Cleanup
+        if: always()
+        run: docker rmi -f ${OPEA_IMAGE_REPO}opea/${{ matrix.image }}:${{ inputs.tag }}
+
+      - uses: actions/upload-artifact@v4.3.4
+        with:
+          name: ${{ matrix.image }}-scan
+          path: ${{ matrix.image }}-scan.txt
+          overwrite: true

.github/workflows/manual-docker-publish.yml

@@ -0,0 +1,68 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: Examples CD workflow on manual event
+on:
+  workflow_dispatch:
+    inputs:
+      nodes:
+        default: "gaudi"
+        description: "Hardware to run test"
+        required: true
+        type: string
+      examples:
+        default: "ChatQnA"
+        description: 'List of examples to test [AudioQnA,ChatQnA,CodeGen,CodeTrans,DocSum,FaqGen,SearchQnA,Translation]'
+        required: true
+        type: string
+      tag:
+        default: "latest"
+        description: "Tag to apply to images"
+        required: true
+        type: string
+      publish:
+        default: false
+        description: 'Publish images to docker hub'
+        required: false
+        type: boolean
+      publish_tags:
+        default: "latest,v1.0"
+        description: 'Tag list apply to publish images'
+        required: false
+        type: string
+
+permissions: read-all
+jobs:
+  get-image-list:
+    runs-on: ${{ inputs.node }}
+    outputs:
+      matrix: ${{ steps.scan-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout out Repo
+        uses: actions/checkout@v4
+
+      - name: Set Matrix
+        id: scan-matrix
+        run: |
+          examples=($(echo ${{ inputs.examples }} | tr ',' ' '))
+          image_list=[]
+          for example in ${examples[@]}
+          do
+              images=$(cat ${{ github.workspace }}/${example}/docker/docker_build_compose.yaml | yq -r '.[]' | jq 'keys' | jq -c '.')
+              image_list=$(echo ${image_list} | jq -s '.[0] + .[1] | unique' - <(echo ${images}))
+          done
+          echo "matrix=$(echo ${image_list} | jq -c '.')" >> $GITHUB_OUTPUT
+
+  publish:
+    needs: [get-image-list]
+    strategy:
+      matrix:
+        image: ${{ fromJSON(needs.get-image-list.outputs.matrix) }}
+    runs-on: "docker-build-${{ inputs.node }}"
+    steps:
+      - name: Image Publish
+        uses: opea-project/validation/actions/image-publish@main
+        with:
+          local_image_ref: ${OPEA_IMAGE_REPO}opea/${{ matrix.image }}:${{ inputs.tag }}
+          image_name: opea/${{ matrix.image }}
+          publish_tags: ${{ inputs.publish_tags }}

.github/workflows/manual-cd-workflow.yml renamed to .github/workflows/manual-example-workflow.yml

@@ -40,16 +40,6 @@ on:
         description: 'Test examples with k8s'
         required: false
         type: boolean
-      publish:
-        default: false
-        description: 'Publish images to docker hub'
-        required: false
-        type: boolean
-      publish_tags:
-        default: "latest,v1.0"
-        description: 'Tag list apply to publish images'
-        required: false
-        type: string
       GenAIComps_branch:
         default: "main"
         description: 'GenAIComps branch for image build'
@@ -67,10 +57,10 @@ jobs:
     - name: Create Matrix
       id: get-matrix
       run: |
-        examples=($(echo ${{ github.event.inputs.examples }} | tr ',' ' '))
+        examples=($(echo ${{ inputs.examples }} | tr ',' ' '))
         examples_json=$(printf '%s\n' "${examples[@]}" | sort -u | jq -R '.' | jq -sc '.')
         echo "examples=$examples_json" >> $GITHUB_OUTPUT
-        nodes=($(echo ${{ github.event.inputs.nodes }} | tr ',' ' '))
+        nodes=($(echo ${{ inputs.nodes }} | tr ',' ' '))
         nodes_json=$(printf '%s\n' "${nodes[@]}" | sort -u | jq -R '.' | jq -sc '.')
         echo "nodes=$nodes_json" >> $GITHUB_OUTPUT
 
@@ -90,7 +80,5 @@ jobs:
       scan: ${{ fromJSON(inputs.scan) }}
       test_compose: ${{ fromJSON(inputs.test_compose) }}
       test_k8s: ${{ fromJSON(inputs.test_k8s) }}
-      publish: ${{ fromJSON(inputs.publish) }}
-      publish_tags: ${{ inputs.publish_tags }}
       GenAIComps_branch: ${{ inputs.GenAIComps_branch }}
     secrets: inherit