diff --git a/.github/workflows/environments-ci.yaml b/.github/workflows/environments-ci.yaml index 338e27434f..811e35e7c6 100644 --- a/.github/workflows/environments-ci.yaml +++ b/.github/workflows/environments-ci.yaml @@ -84,6 +84,10 @@ jobs: id: build-changed-images run: python -u $scripts_environment_dir/build.py -i "${{ github.event.inputs.asset_dirs || env.default_asset_dirs }}" -a $asset_config_filename -o '${{ runner.temp }}'/$built_dir -l '${{ runner.temp }}'/$build_logs_artifact_name -P -g $resource_group -r $container_registry -T 'python -V' -c "${{ needs.check-directory-file-changes.outputs.files-changed }}" -U 'https://github.com/aquasecurity/trivy/releases/download/v0.42.1/trivy_0.42.1_Linux-64bit.deb' + - name: Validate build logs for additional deprecated dependencies + id: validate-build-logs + run: python -u $scripts_environment_dir/validate_build_logs.py -l '${{ runner.temp }}'/$build_logs_artifact_name + - name: Upload build logs uses: actions/upload-artifact@v3 if: always() diff --git a/scripts/azureml-assets/CHANGELOG.md b/scripts/azureml-assets/CHANGELOG.md index fc6e7fa46c..0a21516221 100644 --- a/scripts/azureml-assets/CHANGELOG.md +++ b/scripts/azureml-assets/CHANGELOG.md @@ -3,6 +3,10 @@ ### 🐛 Bugs Fixed +## 1.16.62 (2024-10-29) +### 🚀 New Features +- [#3536](https://github.com/Azure/azureml-assets/pull/3536) Validate build logs for deprecated dependencies (Python 3.8) + ## 1.16.61 (2024-10-21) ### 🚀 New Features - [#3514](https://github.com/Azure/azureml-assets/pull/3514) Support publishing Triton models diff --git a/scripts/azureml-assets/azureml/assets/environment/validate_build_logs.py b/scripts/azureml-assets/azureml/assets/environment/validate_build_logs.py new file mode 100644 index 0000000000..aef301aca7 --- /dev/null +++ b/scripts/azureml-assets/azureml/assets/environment/validate_build_logs.py @@ -0,0 +1,70 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +"""Validate build log for additional vulnerabilities.""" + +import os +import argparse +import re +import sys +from pathlib import Path +from azureml.assets.util import logger + + +def validate_py_version(build_log_file_name, build_log_content): + """Validate Python version. + + Args: + build_log_file_name (str): Build log file name. + build_log_content (str): Build log content + + Returns: + int: Number of errors. + """ + py38_match = re.search("python=3.8", build_log_content) + + if py38_match: + logger.log_error(f"{build_log_file_name}: python=3.8 found in build log." + f"Python 3.8 is now deprecated. Please use a newer Python version.") + return 1 + + return 0 + + +def validate_build_logs(build_logs_dir): + """Validate environment build logs. + + Args: + build_logs_dir (Path): Directory of environment build logs. + + Returns: + bool: True if build logs were successfully validated, otherwise False. + """ + error_count = 0 + + for build_log_file_name in os.listdir(build_logs_dir): + + build_log_file_path = os.path.join(build_logs_dir, build_log_file_name) + print(f"Validating {build_log_file_name} for additional vulnerabilities") + + with open(build_log_file_path, "r") as f: + build_log_content = f.read() + error_count += validate_py_version(build_log_file_name, build_log_content) + + return error_count == 0 + + +if __name__ == '__main__': + # Handle command-line args + parser = argparse.ArgumentParser() + parser.add_argument("-l", "--build-logs-dir", required=True, type=Path, + help="Directory of build logs") + args = parser.parse_args() + + # Validate build logs + success = validate_build_logs(build_logs_dir=args.build_logs_dir) + + if success: + print("No additional vulnerabilities found in build logs") + else: + sys.exit(1) diff --git a/scripts/azureml-assets/setup.py b/scripts/azureml-assets/setup.py index ce4c12e17a..175165c718 100644 --- a/scripts/azureml-assets/setup.py +++ b/scripts/azureml-assets/setup.py @@ -7,7 +7,7 @@ from setuptools import setup, find_packages setup( name="azureml-assets", - version="1.16.61", + version="1.16.62", description="Utilities for publishing assets to Azure Machine Learning system registries.", author="Microsoft Corp", packages=find_packages(),