[Snyk] Security upgrade vite from 4.5.1 to 4.5.5

.dockerignore

@@ -1,6 +1,2 @@
-*
-!*.py
-!requirements.txt
-!images/*
-!front-end/*
-front-end/node_modules/*
+Dockerfile
+charts/

.github/workflows/Genstack.yaml

@@ -0,0 +1,66 @@
+name: Genstack
+"on":
+    push:
+        branches:
+            - main
+    workflow_dispatch: {}
+env:
+    ACR_RESOURCE_GROUP: kubeops_group
+    AZURE_CONTAINER_REGISTRY: acrworkflow1722973530004
+    CLUSTER_NAME: kube
+    CLUSTER_RESOURCE_GROUP: kubeops_group
+    CONTAINER_NAME: image-workflow-1722973530004
+    DEPLOYMENT_MANIFEST_PATH: |
+        ./front-end/package.json
+        ./front-end/package-lock.json
+        ./front-end/jsconfig.json
+jobs:
+    buildImage:
+        permissions:
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - name: Build and push image to ACR
+              run: az acr build --image ${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.ACR_RESOURCE_GROUP }} -f ./docker-compose.yml ./
+    deploy:
+        permissions:
+            actions: read
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        needs:
+            - buildImage
+        steps:
+            - uses: actions/checkout@v3
+            - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - uses: azure/use-kubelogin@v1
+              name: Set up kubelogin for non-interactive login
+              with:
+                kubelogin-version: v0.0.25
+            - uses: azure/aks-set-context@v3
+              name: Get K8s context
+              with:
+                admin: "false"
+                cluster-name: ${{ env.CLUSTER_NAME }}
+                resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
+                use-kubelogin: "true"
+            - uses: Azure/k8s-deploy@v4
+              name: Deploys application
+              with:
+                action: deploy
+                images: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
+                manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
+                namespace: namespace-workflow-1722973530004

.github/workflows/docker-image.yml

@@ -0,0 +1,18 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)

.github/workflows/genai-AutoDeployTrigger-08802d17-3be0-4081-89af-8ab34c2110f5.yml

@@ -0,0 +1,48 @@
+name: Trigger auto deployment for genai
+
+# When this action will be executed
+on:
+  # Automatically trigger it when detected changes in repo
+  push:
+    branches: 
+      [ main ]
+    paths:
+    - '**'
+    - '.github/workflows/genai-AutoDeployTrigger-08802d17-3be0-4081-89af-8ab34c2110f5.yml'
+
+  # Allow manual trigger 
+  workflow_dispatch:      
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    permissions: 
+      id-token: write #This is required for requesting the OIDC JWT Token
+      contents: read #Required when GH token is used to authenticate with private repo
+
+    steps:
+      - name: Checkout to the branch
+        uses: actions/checkout@v2
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.GENAI_AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.GENAI_AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.GENAI_AZURE_SUBSCRIPTION_ID }}
+
+      - name: Build and push container image to registry
+        uses: azure/container-apps-deploy-action@v2
+        with:
+          appSourcePath: ${{ github.workspace }}
+          _dockerfilePathKey_: _dockerfilePath_
+          registryUrl: hub.docker.com
+          registryUsername: ${{ secrets.GENAI_REGISTRY_USERNAME }}
+          registryPassword: ${{ secrets.GENAI_REGISTRY_PASSWORD }}
+          containerAppName: genai
+          resourceGroup: kubeops_group
+          imageToBuild: hub.docker.com/genai:${{ github.sha }}
+          _buildArgumentsKey_: |
+            _buildArgumentsValues_
+
+

.github/workflows/genstack.yaml

@@ -0,0 +1,65 @@
+name: genstack
+"on":
+    push:
+        branches:
+            - main
+    workflow_dispatch: {}
+env:
+    ACR_RESOURCE_GROUP: kubeops_group
+    AZURE_CONTAINER_REGISTRY: acrworkflow1723012492625
+    CLUSTER_NAME: kube
+    CLUSTER_RESOURCE_GROUP: kubeops_group
+    CONTAINER_NAME: image-workflow-1723012492625
+    DEPLOYMENT_MANIFEST_PATH: |
+        manifests/deployment.yaml
+        manifests/service.yaml
+jobs:
+    buildImage:
+        permissions:
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - name: Build and push image to ACR
+              run: az acr build --image ${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.ACR_RESOURCE_GROUP }} -f Dockerfile ./
+    deploy:
+        permissions:
+            actions: read
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        needs:
+            - buildImage
+        steps:
+            - uses: actions/checkout@v3
+            - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - uses: azure/use-kubelogin@v1
+              name: Set up kubelogin for non-interactive login
+              with:
+                kubelogin-version: v0.0.25
+            - uses: azure/aks-set-context@v3
+              name: Get K8s context
+              with:
+                admin: "false"
+                cluster-name: ${{ env.CLUSTER_NAME }}
+                resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
+                use-kubelogin: "true"
+            - uses: Azure/k8s-deploy@v4
+              name: Deploys application
+              with:
+                action: deploy
+                images: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
+                manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
+                namespace: aks-istio-system

.npmrc

@@ -0,0 +1 @@
+registry=https://packages.us-west-2.codecatalyst.aws/npm/Sauditech/mygit/Repository/

Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.11-slim
+ENV PORT 8000
+EXPOSE 8000
+WORKDIR /usr/src/app
+
+COPY requirements.txt ./
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+ENTRYPOINT ["python"]
+CMD ["app.py"]

front-end/package.json

@@ -9,14 +9,14 @@
     "preview": "vite preview"
   },
   "devDependencies": {
-    "@sveltejs/vite-plugin-svelte": "^2.4.2",
-    "autoprefixer": "^10.4.16",
-    "postcss": "^8.4.31",
+    "@sveltejs/vite-plugin-svelte": "^2.5.3",
+    "autoprefixer": "^10.4.19",
+    "postcss": "^8.4.41",
     "svelte": "^4.0.5",
-    "tailwindcss": "^3.3.3",
-    "vite": "^4.4.12"
+    "tailwindcss": "^3.4.8",
+    "vite": "^4.5.5"
   },
   "dependencies": {
-    "svelte-markdown": "^0.4.0"
+    "svelte-markdown": "^0.4.1"
   }
 }

manifests/deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: genstack
+  labels:
+    app: genstack
+    kubernetes.azure.com/generator: devhub
+  namespace: aks-istio-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: genstack
+  template:
+    metadata:
+      labels:
+        app: genstack
+    spec:
+      containers:
+        - name: genstack
+          image: acrworkflow1723012492625.azurecr.io/image-workflow-1723012492625:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8000

manifests/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: genstack
+  namespace: aks-istio-system
+  labels:
+    kubernetes.azure.com/generator: devhub
+spec:
+  type: LoadBalancer
+  selector:
+    app: genstack
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000

requirements.txt

@@ -8,7 +8,7 @@ sentence_transformers==2.2.2
 Pillow
 fastapi
 PyPDF2
-torch==2.0.1
+torch==2.2.0
 pydantic
 uvicorn
 sse-starlette