Build and Publish Workflow

​

Overview

• PR Merged: Pull request is merged to main, develop, or release branches
• Manual Trigger: Via workflow_dispatch

​

Reusable Components Used

• build-publish.yaml: Main reusable workflow that orchestrates the entire build and publish process
• setup-project: Sets up Python environment and resolves project metadata
• code-quality: Runs pylint, pytest, and hadolint checks
• sonar-check: Performs SonarCloud code analysis (conditional)
• promptfoo-evaluation: Runs prompt evaluation tests (conditional)
• promptfoo-redteaming: Runs security and adversarial tests (conditional)
• build-docker: Builds Docker images
• security-check: Scans Docker images with Trivy
• push-docker: Pushes images to Azure Container Registry

​

Workflow Flowchart

​

Build Process

​

1. Build and Test

• Code Compilation: Build agent code
• Dependency Resolution: Install and verify dependencies
• Testing: Run automated tests

​

2. Quality Checks

• SonarQube: Enabled for main and develop branches
• Promptfoo: Enabled for main and develop branches
• Redteam: Enabled for main and develop branches

​

3. Artifact Publishing

• Packages: Agent packages published to registry
• Docker Images: Container images built and pushed
• Documentation: Auto-generated documentation

​

Workflow Configuration

name: Build and publish

on:
    pull_request:
        branches:
            - main
            - develop
            - release/*
        types:
            - closed
    workflow_dispatch:

jobs:
    build-and-publish:
        name: Build and publish artifact
        if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
        uses: backbase-common/gc-ai-workflows/.github/workflows/build-publish.yaml@main
        secrets: inherit
        with:
            timeout: 600
            enableSonar: ${{ endsWith(github.ref, 'main') || endsWith(github.ref, 'develop') }}
            sourcePath: "src/"
            enablePromptfoo: ${{ endsWith(github.ref, 'main') || endsWith(github.ref, 'develop') }}
            promptfooConfig: "promptfoo_config/*.yaml"
            enableRedteam: ${{ endsWith(github.ref, 'main') || endsWith(github.ref, 'develop') }}
            redteamConfig: "redteam.yaml"
            redteamNumTests: "5"

​

Configuration Options

​

Timeout

timeout: 600  # 10 hours

​

SonarQube

enableSonar: ${{ endsWith(github.ref, 'main') || endsWith(github.ref, 'develop') }}
sourcePath: "src/"

​

Promptfoo Testing

enablePromptfoo: ${{ endsWith(github.ref, 'main') || endsWith(github.ref, 'develop') }}
promptfooConfig: "promptfoo_config/*.yaml"

​

Redteam Testing

enableRedteam: ${{ endsWith(github.ref, 'main') || endsWith(github.ref, 'develop') }}
redteamConfig: "redteam.yaml"
redteamNumTests: "5"

​

Branch-Specific Behavior

​

Main and Develop Branches

• SonarQube analysis
• Promptfoo testing
• Redteam security testing

​

Release Branches

• Build and test
• Artifact publishing
• Quality gates disabled for faster releases

​

Build Artifacts

• Agent Packages: Published to package registry
• Docker Images: Container images tagged and pushed
• Test Reports: Test execution results
• Coverage Reports: Code coverage metrics
• Build Logs: Complete build execution logs

​

Troubleshooting

​

Build Failures

1. Compilation Errors: Fix syntax or type errors
2. Test Failures: Address failing tests
3. Dependency Issues: Resolve missing or incompatible dependencies
4. Quality Gate Failures: Improve code quality metrics (SonarQube)
5. Security Issues: Address Redteam findings

​

Performance Optimization

• Quality gates are disabled for release branches to speed up builds
• Use caching for dependencies
• Optimize test execution

​

Best Practices

• Keep builds fast and efficient
• Monitor build times and optimize
• Address quality gate failures promptly
• Test locally before pushing changes
• Review build logs for detailed error information

​

Next Steps

• Learn about PR workflows
• Understand release processes