Validate build logs for deprecated dependencies (Python 3.8) (#3536)

* Validate build logs for deprecated dependencies (Python 3.8)

* add test envs

* fix syntax

* change env to test and syntax

* use -l not -i

* Bump version and remove test env files

---------

Co-authored-by: Kelly <kellyly@microsoft.com>

.github/workflows/environments-ci.yaml

@@ -84,6 +84,10 @@ jobs:
         id: build-changed-images
         run: python -u $scripts_environment_dir/build.py -i "${{ github.event.inputs.asset_dirs || env.default_asset_dirs }}" -a $asset_config_filename -o '${{ runner.temp }}'/$built_dir -l '${{ runner.temp }}'/$build_logs_artifact_name -P -g $resource_group -r $container_registry -T 'python -V' -c "${{ needs.check-directory-file-changes.outputs.files-changed }}" -U 'https://github.com/aquasecurity/trivy/releases/download/v0.42.1/trivy_0.42.1_Linux-64bit.deb'
 
+      - name: Validate build logs for additional deprecated dependencies
+        id: validate-build-logs
+        run: python -u $scripts_environment_dir/validate_build_logs.py -l '${{ runner.temp }}'/$build_logs_artifact_name
+
       - name: Upload build logs
         uses: actions/upload-artifact@v3
         if: always()

scripts/azureml-assets/CHANGELOG.md

@@ -3,6 +3,10 @@
 
 ### 🐛 Bugs Fixed
 
+## 1.16.62 (2024-10-29)
+### 🚀 New Features
+- [#3536](https://github.com/Azure/azureml-assets/pull/3536) Validate build logs for deprecated dependencies (Python 3.8)
+
 ## 1.16.61 (2024-10-21)
 ### 🚀 New Features
 - [#3514](https://github.com/Azure/azureml-assets/pull/3514) Support publishing Triton models

scripts/azureml-assets/azureml/assets/environment/validate_build_logs.py

@@ -0,0 +1,70 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+"""Validate build log for additional vulnerabilities."""
+
+import os
+import argparse
+import re
+import sys
+from pathlib import Path
+from azureml.assets.util import logger
+
+
+def validate_py_version(build_log_file_name, build_log_content):
+    """Validate Python version.
+
+    Args:
+        build_log_file_name (str): Build log file name.
+        build_log_content (str): Build log content
+
+    Returns:
+        int: Number of errors.
+    """
+    py38_match = re.search("python=3.8", build_log_content)
+
+    if py38_match:
+        logger.log_error(f"{build_log_file_name}: python=3.8 found in build log."
+                         f"Python 3.8 is now deprecated. Please use a newer Python version.")
+        return 1
+
+    return 0
+
+
+def validate_build_logs(build_logs_dir):
+    """Validate environment build logs.
+
+    Args:
+        build_logs_dir (Path): Directory of environment build logs.
+
+    Returns:
+        bool: True if build logs were successfully validated, otherwise False.
+    """
+    error_count = 0
+
+    for build_log_file_name in os.listdir(build_logs_dir):
+
+        build_log_file_path = os.path.join(build_logs_dir, build_log_file_name)
+        print(f"Validating {build_log_file_name} for additional vulnerabilities")
+
+        with open(build_log_file_path, "r") as f:
+            build_log_content = f.read()
+            error_count += validate_py_version(build_log_file_name, build_log_content)
+
+    return error_count == 0
+
+
+if __name__ == '__main__':
+    # Handle command-line args
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-l", "--build-logs-dir", required=True, type=Path,
+                        help="Directory of build logs")
+    args = parser.parse_args()
+
+    # Validate build logs
+    success = validate_build_logs(build_logs_dir=args.build_logs_dir)
+
+    if success:
+        print("No additional vulnerabilities found in build logs")
+    else:
+        sys.exit(1)

scripts/azureml-assets/setup.py

@@ -7,7 +7,7 @@ from setuptools import setup, find_packages
 
 setup(
    name="azureml-assets",
-   version="1.16.61",
+   version="1.16.62",
    description="Utilities for publishing assets to Azure Machine Learning system registries.",
    author="Microsoft Corp",
    packages=find_packages(),