MLServer changes from internal fork - deps and CI updates (#1588)

* dependency updates (internal) * update CI * update licenses * regenerate poetry lock * Add lockfile for catboost * fix lint
SeldonIO · Feb 28, 2024 · a2ed772 · a2ed772
1 parent c85b1d0
commit a2ed772
Show file tree

Hide file tree

Showing 107 changed files with 19,744 additions and 18,390 deletions.
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
@@ -14,9 +14,9 @@ jobs:
       matrix:
         scenario: ["inference-rest.js", "inference-grpc.js"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
       - name: Install Poetry

diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml
@@ -11,9 +11,9 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'SeldonIO/MLServer' # Do not run this on forks.
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
       - name: Install Poetry

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'release' }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: rhysd/changelog-from-release/action@v3
         with:
           file: CHANGELOG.md
@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # TODO: Open a PR instead of pushing straight to `master`?
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: master
       - uses: rhysd/changelog-from-release/action@v3

diff --git a/.github/workflows/release-sc.yml b/.github/workflows/release-sc.yml
@@ -10,7 +10,7 @@ jobs:
   draft-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Update Version
         run: |
           ./hack/update-version.sh ${{ github.event.inputs.version }}
@@ -33,11 +33,14 @@ jobs:
       - name: Maximize build space
         uses: easimon/maximize-build-space@master
         with:
-          remove-dotnet: "true"
-          remove-haskell: "true"
-          remove-android: "true"
-          root-reserve-mb: "30720"
-      - uses: actions/checkout@v3
+          remove-dotnet: 'true'
+          remove-haskell: 'true'
+          remove-android: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+          root-reserve-mb: 30720
+          swap-size-mb: 1024
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Build Docker Image
@@ -107,7 +110,7 @@ jobs:
     needs: draft-release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Build Docker Image

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -6,11 +6,16 @@ on:
       version:
         description: "MLServer Version to Release"
         required: true
+
+env:
+  MLSERVER_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}
+  QUAY_MLSERVER_IMAGE: quay.io/redhat-isv-containers/63566bb9822ce8cef9ba27fc:${{ github.event.inputs.version }}
+
 jobs:
   draft-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Update Version
         run: |
           ./hack/update-version.sh ${{ github.event.inputs.version }}
@@ -25,23 +30,25 @@ jobs:
           generate_release_notes: true
           draft: true
           tag_name: ${{ github.event.inputs.version }}
-
   mlserver:
     needs: draft-release
     runs-on: ubuntu-latest
     steps:
       - name: Maximize build space
         uses: easimon/maximize-build-space@master
         with:
-          remove-dotnet: "true"
-          remove-haskell: "true"
-          remove-android: "true"
-          root-reserve-mb: "30720"
-      - uses: actions/checkout@v3
+          remove-dotnet: 'true'
+          remove-haskell: 'true'
+          remove-android: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+          root-reserve-mb: 30720
+          swap-size-mb: 1024
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
       - name: Install Poetry
@@ -63,14 +70,12 @@ jobs:
           DOCKER_BUILDKIT=1 docker build . \
             --build-arg RUNTIMES=all \
             -t $MLSERVER_IMAGE
-        env:
-          MLSERVER_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}
       - name: Scan Docker Image
         uses: snyk/actions/docker@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          image: seldonio/mlserver:${{ github.event.inputs.version }}
+          image: $MLSERVER_IMAGE
           args: --fail-on=upgradable
             --app-vulns
             --severity-threshold=high
@@ -81,25 +86,23 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          image: seldonio/mlserver:${{ github.event.inputs.version }}-slim
+          image: $MLSERVER_IMAGE-slim
           args: --fail-on=upgradable
             --app-vulns
             --severity-threshold=high
             --file=Dockerfile
             --policy-path=.snyk
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push to DockerHub
         run: |
           docker push $MLSERVER_IMAGE-slim
           docker push $MLSERVER_IMAGE
-        env:
-          MLSERVER_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}
       - name: Login to Quay.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
@@ -110,9 +113,6 @@ jobs:
           docker push $QUAY_MLSERVER_IMAGE-slim
           docker tag $MLSERVER_IMAGE $QUAY_MLSERVER_IMAGE
           docker push $QUAY_MLSERVER_IMAGE
-        env:
-          MLSERVER_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}
-          QUAY_MLSERVER_IMAGE: quay.io/redhat-isv-containers/63566bb9822ce8cef9ba27fc:${{ github.event.inputs.version }}
       - name: Install preflight
         run: |
           wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$PREFLIGHT_VERSION/preflight-linux-amd64
@@ -140,7 +140,6 @@ jobs:
         env:
           PYXIS_API_TOKEN: ${{ secrets.PYXIS_API_TOKEN }}
           PROJECT_ID: 63566bb9822ce8cef9ba27fc
-          QUAY_MLSERVER_IMAGE: quay.io/redhat-isv-containers/63566bb9822ce8cef9ba27fc:${{ github.event.inputs.version }}
 
   runtimes:
     needs: draft-release
@@ -161,15 +160,18 @@ jobs:
       - name: Maximize build space
         uses: easimon/maximize-build-space@master
         with:
-          remove-dotnet: "true"
-          remove-haskell: "true"
-          remove-android: "true"
-          root-reserve-mb: "30720"
-      - uses: actions/checkout@v3
+          remove-dotnet: 'true'
+          remove-haskell: 'true'
+          remove-android: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+          root-reserve-mb: 30720
+          swap-size-mb: 1024
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
       - name: Install Poetry
@@ -188,15 +190,13 @@ jobs:
         run: |
           DOCKER_BUILDKIT=1 docker build . \
             --build-arg RUNTIMES=mlserver-${{ matrix.runtime }} \
-            -t $RUNTIME_IMAGE
-        env:
-          RUNTIME_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}-${{ matrix.runtime }}
+            -t $MLSERVER_IMAGE-${{ matrix.runtime }}
       - name: Scan Docker Image
         uses: snyk/actions/docker@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          image: seldonio/mlserver:${{ github.event.inputs.version }}-${{ matrix.runtime }}
+          image: $MLSERVER_IMAGE-${{ matrix.runtime }}
           args: --fail-on=upgradable
             --app-vulns
             --severity-threshold=high
@@ -209,9 +209,7 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push to DockerHub
         run: |
-          docker push $RUNTIME_IMAGE
-        env:
-          RUNTIME_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}-${{ matrix.runtime }}
+          docker push $MLSERVER_IMAGE-${{ matrix.runtime }}
       - name: Login to Quay.io
         uses: docker/login-action@v2
         with:
@@ -220,11 +218,8 @@ jobs:
           password: ${{ secrets.QUAY_PASSWORD }}
       - name: Push to Quay.io
         run: |
-          docker tag $RUNTIME_IMAGE $QUAY_RUNTIME_IMAGE
-          docker push $QUAY_RUNTIME_IMAGE
-        env:
-          RUNTIME_IMAGE: seldonio/mlserver:${{ github.event.inputs.version }}-${{ matrix.runtime }}
-          QUAY_RUNTIME_IMAGE: quay.io/redhat-isv-containers/63566bb9822ce8cef9ba27fc:${{ github.event.inputs.version }}-${{ matrix.runtime }}
+          docker tag $MLSERVER_IMAGE-${{ matrix.runtime }} $QUAY_MLSERVER_IMAGE-${{ matrix.runtime }}
+          docker push $QUAY_MLSERVER_IMAGE-${{ matrix.runtime }}
       - name: Install preflight
         run: |
           wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$PREFLIGHT_VERSION/preflight-linux-amd64
@@ -236,7 +231,7 @@ jobs:
       - name: Submit preflight results
         run: |
           preflight check container \
-            $QUAY_RUNTIME_IMAGE \
+            $QUAY_MLSERVER_IMAGE-${{ matrix.runtime }} \
             --docker-config=${HOME}/.docker/config.json \
             --certification-project-id=$PROJECT_ID \
             --pyxis-api-token=$PYXIS_API_TOKEN \
@@ -245,4 +240,4 @@ jobs:
         env:
           PYXIS_API_TOKEN: ${{ secrets.PYXIS_API_TOKEN }}
           PROJECT_ID: 63566bb9822ce8cef9ba27fc
-          QUAY_RUNTIME_IMAGE: quay.io/redhat-isv-containers/63566bb9822ce8cef9ba27fc:${{ github.event.inputs.version }}-${{ matrix.runtime }}
+
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -13,10 +13,9 @@ jobs:
   scan-code:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Security Scan
         uses: snyk/actions/python-3.10@master
-        continue-on-error: true
         with:
           args: --fail-on=upgradable
             --severity-threshold=high
@@ -26,7 +25,27 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk-code.sarif
+
+  static-code-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Static Code Analysis Scan
+        uses: snyk/actions/python-3.10@master
+        with:
+          command: code test
+          args: --fail-on=upgradable
+            --severity-threshold=high
+            --all-projects
+            --exclude=tests,docs
+            --sarif-file-output=snyk-sat.sarif
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: snyk-code.sarif
 
@@ -36,11 +55,14 @@ jobs:
       - name: Maximize build space
         uses: easimon/maximize-build-space@master
         with:
-          remove-dotnet: "true"
-          remove-haskell: "true"
-          remove-android: "true"
-          root-reserve-mb: "30720"
-      - uses: actions/checkout@v3
+          remove-dotnet: 'true'
+          remove-haskell: 'true'
+          remove-android: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+          root-reserve-mb: 30720
+          swap-size-mb: 1024
+      - uses: actions/checkout@v4
       - name: Build Docker Image
         run: |
           DOCKER_BUILDKIT=1 docker build . \
@@ -50,7 +72,6 @@ jobs:
           MLSERVER_IMAGE: seldonio/mlserver:${{ github.sha }}
       - name: Scan Docker Image
         uses: snyk/actions/docker@master
-        continue-on-error: true
         with:
           image: seldonio/mlserver:${{ github.sha }}
           args: --fail-on=upgradable
@@ -61,6 +82,6 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: snyk.sarif