kserve.yaml

package:
  name: kserve
  version: 0.14.1
  epoch: 7
  description: "Standardized Serverless ML Inference Platform on Kubernetes"
  copyright:
    - license: Apache-2.0

environment:
  contents:
    packages:
      - go
      - py3.11-pip
      - py3.11-poetry
      - py3.11-poetry-bin
      - python-3.11-dev # Upstream https://github.com/kserve/kserve/blob/master/python/storage-initializer.Dockerfile uses python-3.11

pipeline:
  - uses: git-checkout
    with:
      repository: https://github.com/kserve/kserve
      tag: v${{package.version}}
      expected-commit: 564cc2d760b7f47e883a4001876cd98815cfc07d

  - uses: go/bump
    with:
      deps: |-
        golang.org/x/crypto@v0.35.0
        golang.org/x/oauth2@v0.27.0
        golang.org/x/net@v0.36.0

  - uses: go/bump
    with:
      deps: |-
        golang.org/x/oauth2@v0.27.0
        golang.org/x/net@v0.36.0
      modroot: qpext

  - uses: patch
    with:
      patches: bump-python-version.patch

data:
  - name: go-components
    items:
      agent: "."
      router: "."
      manager: "."
      qpext: "qpext"

subpackages:
  - range: go-components
    name: kserve-${{range.key}}
    pipeline:
      - uses: go/build
        working-directory: ${{range.value}}
        with:
          modroot: .
          packages: ./cmd/${{range.key}}
          output: ${{range.key}}

  - range: go-components
    name: kserve-${{range.key}}-compat
    dependencies:
      runtime:
        - kserve-${{range.key}}
    pipeline:
      - runs: |
          mkdir -p "${{targets.contextdir}}/"
          ln -s ../usr/bin/${{range.key}} "${{targets.contextdir}}/${{range.key}}"
    test:
      environment:
        contents:
          packages:
            - busybox
      pipeline:
        - name: "check paths"
          runs: |
            [ -x /${{range.key}} -a -f /${{range.key}} ]

  - name: kserve-storage-controller
    options:
      no-commands: true
    pipeline:
      - name: poetry-build-storage-controller
        working-directory: ./python/kserve
        runs: |
          # Due to bump-python-version.patch, we need to re-lock dependencies
          poetry lock

          # Install dependencies and build the package using poetry
          poetry install --no-interaction --no-root --extras "storage ray"

          # ray: CVE-2024-47554 GHSA-78wr-2p64-hpwj
          # aiohttp: CVE-2024-52304 GHSA-8495-4g3g-x7pr
          # setuptools: CVE-2024-6345 GHSA-cx63-2mw6-8hw5
          # jinja: CVE-2024-56201 CVE-2024-56326
          # cryptography: CVE-2024-12797 GHSA-79v4-65xg-pq4g
          poetry add \
            "ray=^2.24.0" \
            "aiohttp=^3.10.11" \
            "setuptools=^70.0.0" \
            "certifi" \
            "idna" \
            "packaging" \
            "google.cloud" \
            "typing-extensions" \
            "starlette=^0.40.0" \
            "jinja2=3.1.6" \
            "cryptography@^44.0.1"

          poetry run pip freeze | grep -v kserve > requirements.txt

          poetry build
          # Install the wheel file with the root directory set to ${{targets.contextdir}}
          pip install --root ${{targets.contextdir}} -I -r requirements.txt --no-compile
          python3 -m pip install --verbose --prefix=/usr --root=${{targets.contextdir}} dist/*.whl
      - name: install storage-initializer entrypoint
        working-directory: ./python/storage-initializer
        runs: |
          mkdir -p ${{targets.contextdir}}/storage-initializer/scripts/

          cp ./scripts/initializer-entrypoint ${{targets.contextdir}}/storage-initializer/scripts/
          chmod 755 ${{targets.contextdir}}/storage-initializer/scripts/initializer-entrypoint

          cd ${{targets.contextdir}}/storage-initializer/scripts/
          # update shbang to point to the python used rather than '/usr/bin/env python'
          sed -i.dist "1s,#!/usr/bin/env python[^ ]*,#!$(which python3.11)," initializer-entrypoint
          # exit fail if it did not change anything
          diff -u initializer-entrypoint.dist initializer-entrypoint && exit 1
          rm initializer-entrypoint.dist
      - uses: strip
    test:
      environment:
        contents:
          packages:
            - busybox
      pipeline:
        - name: "test entrypoint usage"
          runs: |
            /storage-initializer/scripts/initializer-entrypoint --help
        - uses: test/ldd-check
          with:
            packages: ${{subpkg.name}}

test:
  pipeline:
    - uses: test/tw/ldd-check

update:
  enabled: true
  github:
    identifier: kserve/kserve
    strip-prefix: v