get kserve up to date

.github/workflows/e2e-test.yml

@@ -23,6 +23,7 @@ env:
   BASE_ARTIFACT_PREFIX: "base"
   # Controller images
   CONTROLLER_IMG: "kserve-controller"
+  LOCALMODEL_CONTROLLER_IMG: "kserve-localmodel-controller"
   STORAGE_INIT_IMG: "storage-initializer"
   AGENT_IMG: "agent"
   ROUTER_IMG: "router"
@@ -33,6 +34,7 @@ env:
   PMML_IMG: "pmmlserver"
   PADDLE_IMG: "paddleserver"
   CUSTOM_MODEL_GRPC_IMG: "custom-model-grpc"
+  CUSTOM_MODEL_GRPC_IMG_TAG: "kserve/custom-model-grpc:${{ github.sha }}"
   HUGGINGFACE_IMG: "huggingfaceserver"
   # Explainer images
   ART_IMG: "art-explainer"
@@ -55,6 +57,9 @@ jobs:
       - name: Checkout source
         uses: actions/checkout@v4
 
+      - name: Free-up disk space
+        uses: ./.github/actions/free-up-disk-space
+
       - name: Setup Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -73,6 +78,14 @@ jobs:
           path: ${{ env.DOCKER_IMAGES_PATH }}/${{ env.CONTROLLER_IMG }}-${{ github.sha }}
           compression-level: 0
           if-no-files-found: error
+
+      - name: Upload localmodel controller image
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.BASE_ARTIFACT_PREFIX }}-${{ env.LOCALMODEL_CONTROLLER_IMG }}-${{ github.sha }}
+          path: ${{ env.DOCKER_IMAGES_PATH }}/${{ env.LOCALMODEL_CONTROLLER_IMG }}-${{ github.sha }}
+          compression-level: 0
+          if-no-files-found: error
 
       - name: Upload agent image
         uses: actions/upload-artifact@v4
@@ -272,7 +285,7 @@ jobs:
           if-no-files-found: error
 
   test-predictor:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [
         kserve-image-build,
@@ -337,7 +350,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh
 
   test-transformer-explainer-mms:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [kserve-image-build, predictor-runtime-build, explainer-runtime-build]
     steps:
@@ -417,7 +430,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh
 
   test-graph:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [
         kserve-image-build,
@@ -496,7 +509,7 @@ jobs:
 
 
   test-path-based-routing:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [
         kserve-image-build,
@@ -589,7 +602,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh
 
   test-qpext:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs: [kserve-image-build, predictor-runtime-build]
     steps:
       - name: Checkout source
@@ -654,7 +667,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh
 
   test-with-helm:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [kserve-image-build]
     steps:
@@ -705,7 +718,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh
 
   test-raw:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [kserve-image-build, predictor-runtime-build]
     steps:
@@ -785,7 +798,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh
 
   test-kourier:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [kserve-image-build, predictor-runtime-build, graph-tests-images-build]
     steps:
@@ -870,7 +883,7 @@ jobs:
           ./test/scripts/gh-actions/status-check.sh "kourier"
 
   test-llm:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       [ kserve-image-build, predictor-runtime-build]
     steps:

.github/workflows/kserve-localmodel-controller-docker-publish.yml

@@ -0,0 +1,95 @@
+name: Kserve localmodel controller Docker Publisher
+
+on:
+  push:
+    # Publish `master` as Docker `latest` image.
+    branches:
+      - master
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+  # Run tests for any PRs.
+  pull_request:
+
+env:
+  IMAGE_NAME: kserve-localmodel-controller
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # Run tests.
+  # See also https://docs.docker.com/docker-hub/builds/automated-testing/
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+
+      - name: Run tests
+        run: |
+          if [ -f docker-compose.test.yml ]; then
+            docker-compose --file docker-compose.test.yml build
+            docker-compose --file docker-compose.test.yml run sut
+          else
+            docker buildx build . --file localmodel.Dockerfile
+          fi
+
+  # Push image to GitHub Packages.
+  # See also https://docs.docker.com/docker-hub/builds/
+  push:
+    # Ensure test job passes before pushing image.
+    needs: test
+
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: export version variable
+        run: |
+          IMAGE_ID=kserve/$IMAGE_NAME
+
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+          # Strip "v" prefix from tag name
+          # [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "master" ] && VERSION=latest
+
+          echo VERSION=$VERSION >> $GITHUB_ENV
+          echo IMAGE_ID=$IMAGE_ID >> $GITHUB_ENV
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          platforms: linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
+          context: .
+          file: localmodel.Dockerfile
+          push: true
+          tags: ${{ env.IMAGE_ID }}:${{ env.VERSION }}
+          # https://github.com/docker/buildx/issues/1533
+          provenance: false

.github/workflows/python-test.yml

@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
     steps:
       - name: Checkout source
         uses: actions/checkout@v4
@@ -98,29 +98,33 @@ jobs:
 
       # ----------------------------------------Kserve Pydantic V1 Unit Tests--------------------------------------------
       - name: Setup kserve pydantic v1 directory
+        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.12') }}
         run: |
           mkdir -p python/kserve-pydantic-v1
           cp -r python/kserve/* python/kserve-pydantic-v1
           cd python/kserve-pydantic-v1
           # update the lock file without installing dependencies
           poetry update "pydantic<2.0" --lock
       - name: Load cached kserve pydantic v1 venv
+        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.12') }}
         id: cached-kserve-pydantic-v1-dependencies
         uses: actions/cache@v3
         with:
           path: python/kserve-pydantic-v1/.venv
           key: kserve-pydantic-v1-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve-pydantic-v1/poetry.lock') }}
       # install kserve pydantic v1 dependencies if cache does not exist
       - name: Install kserve pydantic v1 dependencies
-        if: steps.cached-kserve-pydantic-v1-dependencies.outputs.cache-hit != 'true'
+        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.12') && steps.cached-kserve-pydantic-v1-dependencies.outputs.cache-hit != 'true' }}
         run: |
           cd python/kserve-pydantic-v1
           make install_dependencies
       - name: Install kserve pydantic v1
+        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.12') }}
         run: |
           cd python/kserve-pydantic-v1
           make dev_install
       - name: Test kserve pydantic v1
+        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.12') }}
         run: |
           cd python
           source kserve-pydantic-v1/.venv/bin/activate
@@ -250,37 +254,32 @@ jobs:
       # ----------------------------------------Huggingface Server Unit Tests------------------------------------------------
       # load cached huggingface venv if cache exists
       - name: Load cached huggingface venv
-        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
         id: huggingface-dependencies
         uses: actions/cache@v4
         with:
           path: /mnt/python/huggingfaceserver-venv
           key: huggingface-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/huggingfaceserver/poetry.lock') }}
         # install huggingface server dependencies if cache does not exist
       - name: Configure poetry for huggingface server
-        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
         run: |
           poetry config virtualenvs.path /mnt/python/huggingfaceserver-venv
           poetry config virtualenvs.in-project false
       - name: Install huggingface dependencies
-        if: ${{ steps.cached-huggingface-dependencies.outputs.cache-hit != 'true' && !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
         run: |
           sudo mkdir -p /mnt/python/huggingfaceserver-venv
           # change permission so that poetry can install without sudo
           sudo chown -R $USER /mnt/python/huggingfaceserver-venv
           cd python/huggingfaceserver
           make install_dependencies
       - name: Install huggingface server
-        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
         run: |
           cd python/huggingfaceserver
           make dev_install
       - name: Test huggingfaceserver
-        if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
         run: |
           cd python/huggingfaceserver
           poetry run -- pytest --cov=huggingfaceserver -vv
 
       - name: Free space after tests
         run: |
-          df -hT
+          df -hT

.github/workflows/scheduled-image-scan.yml

@@ -24,6 +24,7 @@ jobs:
               file: python/storage-initializer.Dockerfile,
             },
             { name: router, file: router.Dockerfile },
+            { name: kserve-localmodel-controller, file: localmodel.Dockerfile },
           ]
 
     steps:
@@ -43,13 +44,14 @@ jobs:
             --sarif-file-output=./application/${{ matrix.image.name }}/docker.snyk.sarif
           sarif: false
 
-      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # Replace any "undefined" or "null" security severity values with 0. The undefined value is used in the case
       # of license-related findings, which do not indicate a security vulnerability.
       # See https://github.com/github/codeql-action/issues/2187 for more context.
       # This can be removed once https://github.com/snyk/cli/pull/5409 is merged.
       - name: Replace security-severity undefined for license-related findings
         run: |
           sudo sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' ./application/${{ matrix.image.name }}/docker.snyk.sarif
+          sudo sed -i 's/"security-severity": "null"/"security-severity": "0"/g' ./application/${{ matrix.image.name }}/docker.snyk.sarif
 
       - name: Upload sarif file to Github Code Scanning
         if: always()
@@ -69,6 +71,8 @@ jobs:
             { name: xgbserver, file: python/xgb.Dockerfile },
             { name: pmmlserver, file: python/pmml.Dockerfile },
             { name: paddleserver, file: python/paddle.Dockerfile },
+            { name: lgbserver, file: python/lgb.Dockerfile },
+            { name: huggingfaceserver, file: python/huggingface_server.Dockerfile },
           ]
 
     steps:
@@ -88,13 +92,14 @@ jobs:
             --sarif-file-output=./application/${{ matrix.image.name }}/docker.snyk.sarif
           sarif: false
 
-      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # Replace any "undefined" or "null" security severity values with 0. The undefined value is used in the case
       # of license-related findings, which do not indicate a security vulnerability.
       # See https://github.com/github/codeql-action/issues/2187 for more context.
       # This can be removed once https://github.com/snyk/cli/pull/5409 is merged.
       - name: Replace security-severity undefined for license-related findings
         run: |
           sudo sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' ./application/${{ matrix.image.name }}/docker.snyk.sarif
+          sudo sed -i 's/"security-severity": "null"/"security-severity": "0"/g' ./application/${{ matrix.image.name }}/docker.snyk.sarif
 
       - name: Upload sarif file to Github Code Scanning
         if: always()
@@ -129,13 +134,14 @@ jobs:
             --sarif-file-output=./application/${{ matrix.image.name }}/docker.snyk.sarif
           sarif: false
 
-      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # Replace any "undefined" or "null" security severity values with 0. The undefined value is used in the case
       # of license-related findings, which do not indicate a security vulnerability.
       # See https://github.com/github/codeql-action/issues/2187 for more context.
       # This can be removed once https://github.com/snyk/cli/pull/5409 is merged.
       - name: Replace security-severity undefined for license-related findings
         run: |
           sudo sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' ./application/${{ matrix.image.name }}/docker.snyk.sarif
+          sudo sed -i 's/"security-severity": "null"/"security-severity": "0"/g' ./application/${{ matrix.image.name }}/docker.snyk.sarif
 
       - name: Upload sarif file to Github Code Scanning
         if: always()

.gitignore

@@ -46,6 +46,7 @@ venv/
 config/overlays/development/manager_image_patch.yaml
 config/overlays/development/configmap/inferenceservice_patch.yaml
 config/overlays/development/manager_auth_proxy_patch.yaml
+config/overlays/development/localmodel_image_patch.yaml
 config/overlays/dev-image-config/inferenceservice_patch.yaml
 
 .ko.yaml