Comments (6)
For post submit workflow, we need to build and push two images with nightly and commit hash tags. they are still same image.
from kuberay.
https://kevsoft.net/2020/06/10/running-github-action-steps-and-jobs-only-on-push-to-master.html
This is a good article to talk about conditional step in a job workflow for multiple events (pull_request, push)
from kuberay.
Currently, there're few challenges to build automation.
-
seems there's no way to create robot or service account for
KubeRay
docker hub organization? Only member belong to team can operate it. The challenge is I have admin access of several organizations and I can not use my personal token in CI. -
https://github.com/docker/login-action This action helps to authenticate with docker registry.
- The problem is if bad guy update GitHub workflow and echo credential, I assume credential might be leaked?
- hacker still can update workflow to publish image with malicious code to official registry?
I am not an expert on GitHub Actions, I assume these kind of issues should not be there? /cc @akanso
from kuberay.
/cc @wilsonwang371
from kuberay.
seems there's no way to create robot or service account for KubeRay docker hub organization? Only member belong to team can operate it. The challenge is I have admin access of several organizations and I can not use my personal token in CI.
We register a separate account with kubeRay write permission only as the robot account.
https://github.com/docker/login-action This action helps to authenticate with docker registry.
The problem is if bad guy update GitHub workflow and echo credential, I assume credential might be leaked?
hacker still can update workflow to publish image with malicious code to official registry?
Maintainers has to carefully review the code before they approve to run the workflow.
for the presubmit change, we build local image and load into kind cluster for testing.
for the merge change, we build image and push to registry so we can avoid malicious code pushing to registry.
#141 resolve this issue and it can be closed
from kuberay.
Thanks @wilsonwang371 for the help!
from kuberay.
Related Issues (20)
- [Feature] Add default volumes and volumeMounts for `/tmp/ray` to Ray Pods HOT 7
- [Feature] serve run and serve deploy question HOT 2
- [CI] [Bug] e2e sample YAML test pipeline is broken with Docker image hash mismatch HOT 15
- [RayJob] Add tests for #1855 HOT 1
- [Docs] Add docs for structured config and default sidecar containers HOT 1
- [Feature] GPU Support Allow setting runtimeClass in template.spec HOT 1
- [Bug] Long Route names and namespaces auto-generate invalid host
- [Feature] Support AWS IAM for Redis Auth HOT 1
- [Feature] What is kuberay's roadmap for 2024 ? HOT 2
- [Docs] Add example docs of using RayJob and Kueue HOT 4
- [Doc] RayJob `suspend`
- [Feature] Make RayJob recover automatically from K8S submitter job and Ray cluster head node failures HOT 2
- test
- [Feature] Test
- [Bug] Test
- Refactor Current e2e Test to Use Server-Side Apply
- [Core] Metric unintentional_worker_failures_total is not accurate HOT 1
- [Doc] Create a doc for external Redis with TLS HOT 1
- [Feature] Associate RayService and its K8s service HOT 2
- [Feature] Should we stop publishing images on DockerHub? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kuberay.