Skip to content

[Snyk] Security upgrade python from 3.9-slim to 3.13-slim #455

[Snyk] Security upgrade python from 3.9-slim to 3.13-slim

[Snyk] Security upgrade python from 3.9-slim to 3.13-slim #455

Workflow file for this run

name: Python package
on:
push:
branches: [master, release*]
pull_request:
branches: []
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11"]
name: Lint
steps:
- name: Check out source repository
uses: actions/checkout@v4
- name: Set up Python environment ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Lint with flake8
uses: py-actions/flake8@v2
with:
args: "--config .flake8"
path: "."
- name: Check formatting with black
uses: psf/black@stable
with:
options: "--check --diff --config python/pyproject.toml"
src: "."
version: "~= 24.3"
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11"]
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Free-up disk space
uses: ./.github/actions/free-up-disk-space
- name: Set up Python ${{ matrix.python-version }}
id: setup-python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install Poetry and version plugin
run: ./test/scripts/gh-actions/setup-poetry.sh
- name: Configure Poetry cache
run: |
sudo mkdir -p /mnt/poetry
# change permission so that poetry can install without sudo
sudo chown -R $USER /mnt/poetry
poetry config cache-dir /mnt/poetry
# load poetry cache if cache exists
- name: Load poetry cache
id: cached-poetry-dependencies
uses: actions/cache@v4
with:
path: /mnt/poetry
key: poetry-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
# ----------------------------------------Kserve Unit Tests--------------------------------------------------------
# load cached kserve venv if cache exists
- name: Load cached kserve venv
id: cached-kserve-dependencies
uses: actions/cache@v4
with:
path: python/kserve/.venv
key: kserve-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock') }}
# install kserve dependencies if cache does not exist
- name: Install kserve dependencies
if: steps.cached-kserve-dependencies.outputs.cache-hit != 'true'
run: |
cd python/kserve
make install_dependencies
- name: Install kserve
run: |
cd python/kserve
make dev_install
- name: Test kserve
run: |
cd python
source kserve/.venv/bin/activate
pytest --cov=kserve ./kserve
# ----------------------------------------Kserve Pydantic V1 Unit Tests--------------------------------------------
- name: Setup kserve pydantic v1 directory
run: |
mkdir -p python/kserve-pydantic-v1
cp -r python/kserve/* python/kserve-pydantic-v1
cd python/kserve-pydantic-v1
# update the lock file without installing dependencies
poetry update "pydantic<2.0" --lock
- name: Load cached kserve pydantic v1 venv
id: cached-kserve-pydantic-v1-dependencies
uses: actions/cache@v3
with:
path: python/kserve-pydantic-v1/.venv
key: kserve-pydantic-v1-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve-pydantic-v1/poetry.lock') }}
# install kserve pydantic v1 dependencies if cache does not exist
- name: Install kserve pydantic v1 dependencies
if: steps.cached-kserve-pydantic-v1-dependencies.outputs.cache-hit != 'true'
run: |
cd python/kserve-pydantic-v1
make install_dependencies
- name: Install kserve pydantic v1
run: |
cd python/kserve-pydantic-v1
make dev_install
- name: Test kserve pydantic v1
run: |
cd python
source kserve-pydantic-v1/.venv/bin/activate
pytest --cov=kserve ./kserve-pydantic-v1
# ----------------------------------------Sklearn Server Unit Tests------------------------------------------------
# load cached sklearn venv if cache exists
- name: Load cached sklearn venv
id: cached-sklearn-dependencies
uses: actions/cache@v4
with:
path: python/sklearnserver/.venv
key: sklearn-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/sklearnserver/poetry.lock') }}
# install sklearn server dependencies if cache does not exist
- name: Install sklearn dependencies
if: steps.cached-sklearn-dependencies.outputs.cache-hit != 'true'
run: |
cd python/sklearnserver
make install_dependencies
- name: Install sklearnserver
run: |
cd python/sklearnserver
make dev_install
- name: Test sklearnserver
run: |
cd python
source sklearnserver/.venv/bin/activate
pytest --cov=sklearnserver ./sklearnserver
# ----------------------------------------Xgb Server Unit Tests------------------------------------------------
# load cached xgb venv if cache exists
- name: Load cached xgb venv
id: cached-xgb-dependencies
uses: actions/cache@v4
with:
path: python/xgbserver/.venv
key: xgb-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/xgbserver/poetry.lock') }}
# install xgb server dependencies if cache does not exist
- name: Install xgb dependencies
if: steps.cached-xgb-dependencies.outputs.cache-hit != 'true'
run: |
cd python/xgbserver
make install_dependencies
- name: Install xgbserver
run: |
cd python/xgbserver
make dev_install
- name: Test xgbserver
run: |
cd python
source xgbserver/.venv/bin/activate
pytest --cov=xgbserver ./xgbserver
# ----------------------------------------Pmml Server Unit Tests------------------------------------------------
# load cached pmml venv if cache exists
- name: Load cached pmml venv
id: cached-pmml-dependencies
uses: actions/cache@v4
with:
path: python/pmmlserver/.venv
key: pmml-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/pmmlserver/poetry.lock') }}
# install pmml server dependencies if cache does not exist
- name: Install pmml dependencies
if: steps.cached-pmml-dependencies.outputs.cache-hit != 'true'
run: |
cd python/pmmlserver
make install_dependencies
- name: Install pmmlserver
run: |
cd python/pmmlserver
make dev_install
- name: Test pmmlserver
run: |
cd python
source pmmlserver/.venv/bin/activate
pytest --cov=pmmlserver ./pmmlserver
# ----------------------------------------Lgb Server Unit Tests------------------------------------------------
# load cached lgb venv if cache exists
- name: Load cached lgb venv
id: cached-lgb-dependencies
uses: actions/cache@v4
with:
path: python/lgbserver/.venv
key: lgb-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/lgbserver/poetry.lock') }}
# install lgb server dependencies if cache does not exist
- name: Install lgb dependencies
if: steps.cached-lgb-dependencies.outputs.cache-hit != 'true'
run: |
cd python/lgbserver
make install_dependencies
- name: Install lgbserver
run: |
cd python/lgbserver
make dev_install
- name: Test lgbserver
run: |
cd python
source lgbserver/.venv/bin/activate
pytest --cov=lgbserver ./lgbserver
# ----------------------------------------Paddle Server Unit Tests------------------------------------------------
# load cached paddle venv if cache exists
- name: Load cached paddle venv
id: cached-paddle-dependencies
uses: actions/cache@v4
with:
path: python/paddleserver/.venv
key: paddle-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/paddleserver/poetry.lock') }}
# install paddle server dependencies if cache does not exist
- name: Install paddle dependencies
if: steps.cached-paddle-dependencies.outputs.cache-hit != 'true'
run: |
echo "python version ${{ steps.setup-python.outputs.python-version }}"
cd python/paddleserver
make install_dependencies
- name: Install paddleserver
run: |
cd python/paddleserver
make dev_install
- name: Test paddleserver
run: |
cd python
source paddleserver/.venv/bin/activate
pytest --cov=paddleserver ./paddleserver
# ----------------------------------------Huggingface Server Unit Tests------------------------------------------------
# load cached huggingface venv if cache exists
- name: Load cached huggingface venv
if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
id: huggingface-dependencies
uses: actions/cache@v4
with:
path: /mnt/python/huggingfaceserver-venv
key: huggingface-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/huggingfaceserver/poetry.lock') }}
# install huggingface server dependencies if cache does not exist
- name: Configure poetry for huggingface server
if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
run: |
poetry config virtualenvs.path /mnt/python/huggingfaceserver-venv
poetry config virtualenvs.in-project false
- name: Install huggingface dependencies
if: ${{ steps.cached-huggingface-dependencies.outputs.cache-hit != 'true' && !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
run: |
sudo mkdir -p /mnt/python/huggingfaceserver-venv
# change permission so that poetry can install without sudo
sudo chown -R $USER /mnt/python/huggingfaceserver-venv
cd python/huggingfaceserver
make install_dependencies
- name: Install huggingface server
if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
run: |
cd python/huggingfaceserver
make dev_install
- name: Test huggingfaceserver
if: ${{ !startsWith(steps.setup-python.outputs.python-version, '3.8') }}
run: |
cd python/huggingfaceserver
poetry run -- pytest --cov=huggingfaceserver -vv
- name: Free space after tests
run: |
df -hT