forked from opendatahub-io/modelmesh
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'odh-release' into rhods-main
Signed-off-by: heyselbi <[email protected]>
- Loading branch information
Showing
16 changed files
with
353 additions
and
158 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,14 @@ | ||
| **/*.class | ||
| *.jar | ||
| *.md | ||
| .DS_Store | ||
| .cache | ||
| .dockerignore | ||
| .env | ||
| .github | ||
| .gitignore | ||
| .idea | ||
| .vscode | ||
| default.etcd | ||
| target | ||
| temp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,36 +1,48 @@ | ||
| name: Build and Push | ||
| name: Build | ||
|
|
||
| on: | ||
| pull_request: | ||
| branches: | ||
| - "release-[0-9].[0-9]+" | ||
| paths-ignore: | ||
| - "**.md" | ||
| push: | ||
| branches: [ main ] | ||
| branches: | ||
| - main | ||
| - "release-[0-9].[0-9]+" | ||
| tags: | ||
| - v* | ||
| pull_request: | ||
| - "v*" | ||
| paths-ignore: | ||
| - "**.md" | ||
|
|
||
| env: | ||
| IMAGE_NAME: "kserve/modelmesh" | ||
|
|
||
| jobs: | ||
| test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set up JDK 17 | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up Java 17 | ||
| uses: actions/[email protected] | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'temurin' | ||
|
|
||
| - name: Install etcd | ||
| run: sudo ./.github/install-etcd.sh | ||
| - name: Build with Maven | ||
|
|
||
| - name: Build and Test with Maven | ||
| run: mvn -B package --file pom.xml | ||
|
|
||
| build: | ||
| needs: test | ||
| runs-on: ubuntu-latest | ||
|
|
||
| env: | ||
| IMAGE_NAME: kserve/modelmesh | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Setup QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
|
|
@@ -45,32 +57,38 @@ jobs: | |
| username: ${{ secrets.DOCKER_USER }} | ||
| password: ${{ secrets.DOCKER_ACCESS_TOKEN }} | ||
|
|
||
| - name: Export version variables | ||
| - name: Export docker build args | ||
| run: | | ||
| GIT_COMMIT=$(git rev-parse HEAD) | ||
| BUILD_ID=$(date '+%Y%m%d')-$(git rev-parse HEAD | cut -c -5) | ||
| # Strip git ref prefix from version | ||
| VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | ||
| # Generate PR tag from github.ref == "refs/pull/123/merge" | ||
| [ "$VERSION" == "merge" ] && VERSION=$(echo "${{ github.ref }}" | sed -e 's,refs/pull/\(.*\)/merge,pr-\1,') | ||
| # Use Docker `latest` tag convention | ||
| [ "$VERSION" == "main" ] && VERSION=latest | ||
| echo "GIT_COMMIT=$GIT_COMMIT" >> $GITHUB_ENV | ||
| echo "BUILD_ID=$BUILD_ID" >> $GITHUB_ENV | ||
| echo "VERSION=$VERSION" >> $GITHUB_ENV | ||
| echo "BUILD_ID=$BUILD_ID" >> $GITHUB_ENV | ||
| echo "VERSION=$VERSION" >> $GITHUB_ENV | ||
| - name: Build and push | ||
| uses: docker/build-push-action@v3 | ||
| # print env vars for debugging | ||
| cat "$GITHUB_ENV" | ||
| - name: Build and push runtime image | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| # for linux/s390x, maven errors due to missing io.grpc:protoc-gen-grpc-java:exe:linux-s390_64:1.51.1 | ||
| platforms: linux/amd64,linux/arm64/v8,linux/ppc64le | ||
| pull: true | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
| target: runtime | ||
| push: ${{ github.event_name == 'push' }} | ||
| tags: ${{ env.IMAGE_NAME }}:${{ env.VERSION }} | ||
| build-args: | | ||
| imageVersion=${{ env.VERSION }} | ||
| buildId=${{ env.BUILD_ID }} | ||
| commitSha=${{ env.GIT_COMMIT }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,40 +14,55 @@ | |
|
|
||
| FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6 as build_base | ||
|
|
||
| # https://blog.thesparktree.com/docker-multi-arch-github-actions#architecture-specific-dockerfile-instructions | ||
| ARG TARGETARCH=amd64 | ||
| # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope | ||
| # don't provide "default" values (e.g. 'ARG TARGETARCH=amd64') for non-buildx environments, | ||
| # see https://github.com/docker/buildx/issues/510 | ||
| ARG TARGETOS | ||
| ARG TARGETARCH | ||
|
|
||
| ARG ETCD_VERSION=v3.5.4 | ||
|
|
||
| LABEL image="build_base" | ||
|
|
||
| USER root | ||
|
|
||
| RUN true \ | ||
| && microdnf --nodocs install java-17-openjdk-devel nss \ | ||
| ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk | ||
|
|
||
| RUN --mount=type=cache,target=/root/.cache/microdnf:rw \ | ||
| microdnf --setopt=cachedir=/root/.cache/microdnf --nodocs install \ | ||
| java-17-openjdk-devel \ | ||
| nss \ | ||
| && microdnf update --nodocs \ | ||
| && microdnf clean all \ | ||
| && sed -i 's:security.provider.12=SunPKCS11:#security.provider.12=SunPKCS11:g' /usr/lib/jvm/java-17-openjdk-*/conf/security/java.security \ | ||
| && sed -i 's:#security.provider.1=SunPKCS11 ${java.home}/lib/security/nss.cfg:security.provider.12=SunPKCS11 ${java.home}/lib/security/nss.cfg:g' /usr/lib/jvm/java-17-openjdk-*/conf/security/java.security \ | ||
| && java -version \ | ||
| && true | ||
|
|
||
| RUN microdnf install wget tar gzip maven | ||
|
|
||
| ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk | ||
| RUN --mount=type=cache,target=/root/.cache/microdnf:rw \ | ||
| microdnf --setopt=cachedir=/root/.cache/microdnf --nodocs install \ | ||
| wget \ | ||
| tar \ | ||
| gzip \ | ||
| maven \ | ||
| git \ | ||
| && true | ||
|
|
||
| # Install etcd -- used for CI tests | ||
| RUN wget -q https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz && \ | ||
| mkdir -p /usr/lib/etcd && \ | ||
| tar xzf etcd-*-linux-${TARGETARCH}.tar.gz -C /usr/lib/etcd --strip-components=1 --no-same-owner && \ | ||
| rm -rf etcd*.gz | ||
|
|
||
| ENV PATH="/usr/lib/etcd:$PATH" | ||
| RUN true \ | ||
| && wget -q https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz \ | ||
| && mkdir -p /usr/lib/etcd \ | ||
| && tar xzf etcd-*-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz -C /usr/lib/etcd --strip-components=1 --no-same-owner \ | ||
| && rm -rf etcd*.gz \ | ||
| && etcd -version \ | ||
| && true | ||
|
|
||
| # Copy in code | ||
| RUN mkdir /build | ||
|
|
||
| WORKDIR /build | ||
|
|
||
|
|
||
| ############################################################################### | ||
| FROM build_base AS build | ||
|
|
||
|
|
@@ -57,58 +72,78 @@ COPY / /build | |
|
|
||
| ENV MAVEN_OPTS="-Dfile.encoding=UTF8" | ||
|
|
||
| RUN mvn -B package -DskipTests=true --file pom.xml | ||
| RUN --mount=type=cache,target=/root/.m2 \ | ||
| mvn -B package -DskipTests=true --file pom.xml | ||
|
|
||
| # Assume that source code comes from a Git repository | ||
| RUN echo "$(date '+%Y%m%d')-$(git rev-parse HEAD | cut -c -5)" > target/dockerhome/build-version && \ | ||
| echo "$(git rev-parse HEAD)" > target/dockerhome/release && \ | ||
| echo "$(git branch --show-current|sed 's/^release-//g')-$(git branch --show-current)_$(date '+%Y%m%d')-$(git rev-parse HEAD | cut -c -5)" > target/dockerhome/version | ||
|
|
||
|
|
||
| ############################################################################### | ||
| FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6 | ||
| FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6 AS runtime | ||
|
|
||
| ARG imageVersion | ||
| ARG buildId | ||
| ARG commitSha | ||
| ARG USER=2000 | ||
| # TODO: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.15 | ||
|
|
||
| LABEL name="model-mesh" \ | ||
| vendor="KServe" \ | ||
| version="${imageVersion}" \ | ||
| summary="Core model-mesh sidecar image" \ | ||
| description="Model-mesh is a distributed LRU cache for serving runtime models" \ | ||
| release="${commitSha}" | ||
| LABEL [email protected] | ||
| ARG USER=2000 | ||
|
|
||
| USER root | ||
|
|
||
| RUN true \ | ||
| && microdnf --nodocs install java-17-openjdk-headless nss \ | ||
| ENV JAVA_HOME=/usr/lib/jvm/jre-17-openjdk | ||
|
|
||
| RUN --mount=type=cache,target=/root/.cache/microdnf:rw \ | ||
| microdnf --setopt=cachedir=/root/.cache/microdnf --nodocs install \ | ||
| java-17-openjdk-headless \ | ||
| nss \ | ||
| && microdnf update --nodocs \ | ||
| && microdnf clean all \ | ||
| && sed -i 's:security.provider.12=SunPKCS11:#security.provider.12=SunPKCS11:g' /usr/lib/jvm/java-17-openjdk-*/conf/security/java.security \ | ||
| && sed -i 's:#security.provider.1=SunPKCS11 ${java.home}/lib/security/nss.cfg:security.provider.12=SunPKCS11 ${java.home}/lib/security/nss.cfg:g' /usr/lib/jvm/java-17-openjdk-*/conf/security/java.security \ | ||
| && java -version \ | ||
| && true | ||
|
|
||
| ENV JAVA_HOME=/usr/lib/jvm/jre-17-openjdk | ||
|
|
||
| COPY --from=build /build/target/dockerhome/ /opt/kserve/mmesh/ | ||
| COPY version /etc/modelmesh-version | ||
|
|
||
| # Make this the current directory when starting the container | ||
| WORKDIR /opt/kserve/mmesh | ||
|
|
||
| RUN microdnf install shadow-utils hostname && \ | ||
| RUN --mount=type=cache,target=/root/.cache/microdnf:rw \ | ||
| microdnf --setopt=cachedir=/root/.cache/microdnf --nodocs install \ | ||
| shadow-utils \ | ||
| hostname \ | ||
| # Create app user | ||
| useradd -c "Application User" -U -u ${USER} -m app && \ | ||
| chown -R app:0 /home/app && \ | ||
| && useradd -c "Application User" -U -u ${USER} -m app \ | ||
| && chown -R app:0 /home/app \ | ||
| # Adjust permissions on /etc/passwd to be writable by group root. | ||
| # The user app is replaced by the assigned UID on OpenShift. | ||
| chmod g+w /etc/passwd && \ | ||
| && chmod g+w /etc/passwd \ | ||
| # In newer Docker there is a --chown option for the COPY command | ||
| ln -s /opt/kserve/mmesh /opt/kserve/tas && \ | ||
| mkdir -p log && \ | ||
| chown -R app:0 . && \ | ||
| chmod -R 771 . && chmod 775 *.sh *.py && \ | ||
| echo "${buildId}" > /opt/kserve/mmesh/build-version && \ | ||
| \ | ||
| && ln -s /opt/kserve/mmesh /opt/kserve/tas \ | ||
| && mkdir -p log \ | ||
| && chown -R app:0 . \ | ||
| && chmod -R 771 . \ | ||
| && chmod 775 *.sh *.py \ | ||
| # Disable java FIPS - see https://access.redhat.com/documentation/en-us/openjdk/17/html-single/configuring_openjdk_17_on_rhel_with_fips/index#config-fips-in-openjdk | ||
| sed -i 's/security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g' $JAVA_HOME/conf/security/java.security | ||
| && sed -i 's/security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g' $JAVA_HOME/conf/security/java.security \ | ||
| && true | ||
|
|
||
| # wait to create commit-specific LABEL until end of the build to not unnecessarily | ||
| # invalidate the cached image layers | ||
| # ARG imageVersion | ||
| # ARG buildId | ||
| # ARG commitSha | ||
|
|
||
| # Generated at build stage | ||
| # RUN echo "${buildId}" > /opt/kserve/mmesh/build-version | ||
|
|
||
| LABEL name="model-mesh" \ | ||
| vendor="KServe" \ | ||
| # version="${imageVersion}" \ | ||
| summary="Core model-mesh sidecar image" \ | ||
| description="Model-mesh is a distributed LRU cache for serving runtime models" \ | ||
| # release="${commitSha}" \ | ||
| maintainer="[email protected]" | ||
|
|
||
| EXPOSE 8080 | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,18 @@ | ||
| approvers: | ||
| - anishasthana | ||
| - danielezonca | ||
| - heyselbi | ||
| - israel-hdez | ||
| - Jooho | ||
| - vaibhavjainwiz | ||
| - VedantMahabaleshwarkar | ||
| - Xaenalt | ||
| reviewers: | ||
| - anishasthana | ||
| - danielezonca | ||
| - heyselbi | ||
| - israel-hdez | ||
| - Jooho | ||
| - vaibhavjainwiz | ||
| - VedantMahabaleshwarkar | ||
| - Xaenalt | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.