eliott/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm synced 2026-04-26 01:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Docker base image upgrade to Ubuntu 24 (#4754)

Browse Source 
* test base image bump

* patch frontend compilation due to Vite QEMU exception

* migrate all runners to arm64 to avoid QEMU slowdown

* add back layer cleanup

* remove layer cache fix
This commit is contained in:
Timothy Carambat
2025-12-10 13:50:24 -08:00
committed by GitHub
parent 8e0186f9ac
commit 3800a68402
4 changed files with 55 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
.github/workflows/dev-build.yaml vendored
View File

@@ -6,7 +6,7 @@ concurrency:
on:
push:
branches: ['mcp-improvements'] # put your current branch to create a build. Core team only.
branches: ['maint/upgrade-docker-base-image'] # put your current branch to create a build. Core team only.
paths-ignore:
- '**.md'
- 'cloud-deployments/*'
@@ -44,10 +44,6 @@ jobs:
fi
id: dockerhub
# Uncomment this + add linux/arm64 to platforms if you want to build for arm64 as well
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
@@ -78,8 +74,7 @@ jobs:
push: true
sbom: true
provenance: mode=max
# platforms: linux/amd64
platforms: linux/arm64
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
@@ -88,37 +83,37 @@ jobs:
# For Docker scout there are some intermediary reported CVEs which exists outside
# of execution content or are unreachable by an attacker but exist in image.
# We create VEX files for these so they don't show in scout summary.
# - name: Collect known and verified CVE exceptions
# id: cve-list
# run: |
# # Collect CVEs from filenames in vex folder
# CVE_NAMES=""
# for file in ./docker/vex/*.vex.json; do
# [ -e "$file" ] || continue
# filename=$(basename "$file")
# stripped_filename=${filename%.vex.json}
# CVE_NAMES+=" $stripped_filename"
# done
# echo "CVE_EXCEPTIONS=$CVE_NAMES" >> $GITHUB_OUTPUT
# shell: bash
- name: Collect known and verified CVE exceptions
id: cve-list
run: |
# Collect CVEs from filenames in vex folder
CVE_NAMES=""
for file in ./docker/vex/*.vex.json; do
[ -e "$file" ] || continue
filename=$(basename "$file")
stripped_filename=${filename%.vex.json}
CVE_NAMES+=" $stripped_filename"
done
echo "CVE_EXCEPTIONS=$CVE_NAMES" >> $GITHUB_OUTPUT
shell: bash
# About VEX attestations https://docs.docker.com/scout/explore/exceptions/
# Justifications https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#status-justifications
# Fixed to use v1.15.1 of scout-cli as v1.16.0 install script is broken
# https://github.com/docker/scout-cli
# - name: Add VEX attestations
# env:
# CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
# run: |
# echo $CVE_EXCEPTIONS
# curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
# for cve in $CVE_EXCEPTIONS; do
# for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
# echo "Attaching VEX exception $cve to $tag"
# docker scout attestation add \
# --file "./docker/vex/$cve.vex.json" \
# --predicate-type https://openvex.dev/ns/v0.2.0 \
# $tag
# done
# done
# shell: bash
- name: Add VEX attestations
env:
CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
run: |
echo $CVE_EXCEPTIONS
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
for cve in $CVE_EXCEPTIONS; do
for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
echo "Attaching VEX exception $cve to $tag"
docker scout attestation add \
--file "./docker/vex/$cve.vex.json" \
--predicate-type https://openvex.dev/ns/v0.2.0 \
$tag
done
done
shell: bash