kserve · ckadner · May 5, 2023 · Jan 16, 2023 · Jan 16, 2023 · Jan 16, 2023
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -2,40 +2,74 @@ name: Build and Push
 
 on:
   push:
-    branches: [main]
-    tags:
-      - v*
+    branches: [main, "release-[0-9].[0-9]+"]
+    paths-ignore: ["**.md"]
+    tags: ["v*"]
+  pull_request:
+    branches: [main, "release-[0-9].[0-9]+"]
+    paths-ignore: ["**.md"]
+
+env:
+  IMAGE_NAME: "kserve/modelmesh-runtime-adapter"
 
 jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Build develop image
-        run: make build.develop
-      - name: Run lint
-        run: ./scripts/develop.sh make fmt
-      - name: Run unit test
-        run: ./scripts/develop.sh make test
   build:
-    needs: test
     runs-on: ubuntu-latest
     env:
-      IMAGE_NAME: kserve/modelmesh-runtime-adapter
+      CI: true
     steps:
-      - uses: actions/checkout@v2
-      - name: Build runtime image
-        run: make build
-      - name: Log in to Docker Hub
-        run: docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_ACCESS_TOKEN }}
-      - name: Push to Docker Hub
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        if: github.event_name == 'push'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      - name: Export docker build args
         run: |
+          # see: scripts/build_docker.sh
+
           # Strip git ref prefix from version
           VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-          echo $VERSION
+
+          # Generate PR tag from github.ref == "refs/pull/123/merge"
+          [ "$VERSION" == "merge" ] && VERSION=$(echo "${{ github.ref }}" | sed -e 's,refs/pull/\(.*\)/merge,pr-\1,')
 
           # Use Docker `latest` tag convention
           [ "$VERSION" == "main" ] && VERSION=latest
 
-          docker tag ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:$VERSION
-          docker push ${{ env.IMAGE_NAME }}:$VERSION
+          git_commit_sha="$(git rev-parse HEAD)"
+          DOCKER_TAG="$(git rev-parse --abbrev-ref HEAD)-$(date -u +"%Y%m%dT%H%M%S%Z")"
+
+          echo "IMAGE_TAG=$VERSION"           >> $GITHUB_ENV
+          echo "COMMIT_SHA=$git_commit_sha"   >> $GITHUB_ENV
+          echo "IMAGE_VERSION=$DOCKER_TAG"    >> $GITHUB_ENV
+
+          # print env vars for debugging
+          cat "$GITHUB_ENV"
+
+      - name: Build and push runtime image
+        uses: docker/build-push-action@v4
+        with:
+          # tensorflow not supported on PowerPC (ppc64le) or System Z (s390x)
+          # https://pypi.org/project/tensorflow/2.12.0/#files
+          # https://github.com/tensorflow/tensorflow/issues/46181
+          platforms: linux/amd64,linux/arm64
+          context: .
+          target: runtime
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          build-args: |
+            IMAGE_VERSION=${{ env.IMAGE_VERSION }}
+            COMMIT_SHA=${{ env.COMMIT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -2,14 +2,22 @@ name: Unit Test
 
 on:
   pull_request:
-    branches: [main]
+    branches:
+      - "main"
+      - "release-*"
 
 jobs:
   test:
     runs-on: ubuntu-latest
+    env:
+      CI: true
+      DOCKER_BUILDKIT: 1
     steps:
-      - uses: actions/checkout@v2
-      - name: Build develop image
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Build dev image
         run: make build.develop
       - name: Run lint
         run: ./scripts/develop.sh make fmt

diff --git a/Dockerfile b/Dockerfile
@@ -13,105 +13,148 @@
 # limitations under the License.
 
 ###############################################################################
-# Stage 1: Create the develop, test, and build environment
+# Stage 1: Create the developer image for the BUILDPLATFORM only
 ###############################################################################
-FROM  registry.access.redhat.com/ubi8/ubi-minimal:8.4 AS develop
+ARG GOLANG_VERSION=1.17
+FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:$GOLANG_VERSION AS develop
 
-ARG GOLANG_VERSION=1.17.13
 ARG PROTOC_VERSION=21.5
 
 USER root
 
 # Install build and dev tools
-RUN microdnf install \
-    gcc \
-    gcc-c++ \
-    make \
-    vim \
-    findutils \
-    diffutils \
-    git \
-    wget \
-    tar \
-    unzip \
-    python3 \
-    nodejs && \
-    pip3 install pre-commit
-
-# Install go
-ENV PATH /usr/local/go/bin:$PATH
-RUN set -eux; \
-    wget -qO go.tgz "https://golang.org/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz"; \
-    sha256sum *go.tgz; \
-    tar -C /usr/local -xzf go.tgz; \
-    go version
+RUN --mount=type=cache,target=/root/.cache/dnf:rw \
+    dnf install -y --nodocs --setopt=cachedir=/root/.cache/dnf \
+        python3 \
+        python3-pip \
+        nodejs \
+    && true
+
+# Install pre-commit
+ARG PIP_CACHE_DIR=/root/.cache/pip
+RUN --mount=type=cache,target=$PIP_CACHE_DIR \
+    pip3 install pre-commit && \
+    pip3 list
+
+# When using the BuildKit backend, Docker predefines a set of ARG variables with
+# information on the platform of the node performing the build (build platform)
+# These arguments are defined in the global scope but are not automatically available
+# inside build stages. We need to expose the BUILDOS and BUILDARCH inside the build
+# stage and redefine it without a value
+# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+ARG BUILDOS
+ARG BUILDARCH
 
 # Install protoc
+# The protoc download files use a different variation of architecture identifiers
+# from the Docker BUILDARCH forms amd64, arm64, ppc64le, s390x
+#   protoc-22.2-linux-aarch_64.zip  <- arm64
+#   protoc-22.2-linux-ppcle_64.zip  <- ppc64le
+#   protoc-22.2-linux-s390_64.zip   <- s390x
+#   protoc-22.2-linux-x86_64.zip    <- amd64
+# so we need to map the arch identifiers before downloading the protoc.zip using
+# shell parameter expansion: with the first character of a parameter being an
+# exclamation point (!) it introduces a level of indirection where the value
+# of the parameter is used as the name of another variable and the value of that
+# other variable is the result of the expansion, e.g. the echo statement in the
+# following three lines of shell script print "x86_64"
+#   BUILDARCH=amd64
+#   amd64=x86_64
+#   echo ${!BUILDARCH}
 RUN set -eux; \
-    wget -qO protoc.zip "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip"; \
-    sha256sum protoc.zip; \
-    unzip protoc.zip -x readme.txt -d /usr/local; \
-    protoc --version
+    amd64=x86_64; \
+    arm64=aarch_64; \
+    ppc64le=ppcle_64; \
+    s390x=s390_64; \
+    wget -qO protoc.zip "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-${BUILDOS}-${!BUILDARCH}.zip" \
+    && sha256sum protoc.zip \
+    && unzip protoc.zip -x readme.txt -d /usr/local \
+    && protoc --version \
+    && true
+
+WORKDIR /opt/app
+
+COPY go.mod go.sum ./
 
 # Install go protoc plugins
-ENV PATH /root/go/bin:$PATH
 RUN go get google.golang.org/protobuf/cmd/protoc-gen-go \
            google.golang.org/grpc/cmd/protoc-gen-go-grpc
 
-WORKDIR /opt/app
-
 # Download and initialize the pre-commit environments before copying the source so they will be cached
 COPY .pre-commit-config.yaml ./
 RUN git init && \
     pre-commit install-hooks && \
     rm -rf .git
 
-# Download dependiencies before copying the source so they will be cached
-COPY go.mod go.sum ./
+# Download dependencies before copying the source so they will be cached
 RUN go mod download
 
+# the ubi/go-toolset image doesn't define ENTRYPOINT or CMD, but we need it to run 'make develop'
+CMD /bin/bash
+
 
 ###############################################################################
-# Stage 2: Run the build
+# Stage 2: Run the go build with BUILDPLATFORM's native go compiler
 ###############################################################################
-FROM develop AS build
+FROM --platform=$BUILDPLATFORM develop AS build
 
 LABEL image="build"
 
 # Copy the source
 COPY . ./
 
-# Build the binaries
-RUN go build -o puller model-serving-puller/main.go
-RUN go build -o triton-adapter model-mesh-triton-adapter/main.go
-RUN go build -o mlserver-adapter model-mesh-mlserver-adapter/main.go
-RUN go build -o ovms-adapter model-mesh-ovms-adapter/main.go
-RUN go build -o torchserve-adapter model-mesh-torchserve-adapter/main.go
+# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+# don't provide "default" values (e.g. 'ARG TARGETARCH=amd64') for non-buildx environments,
+# see https://github.com/docker/buildx/issues/510
+ARG TARGETOS
+ARG TARGETARCH
+
+ARG GOOS=${TARGETOS:-linux}
+ARG GOARCH=${TARGETARCH:-amd64}
+
+# Build the binaries using native go compiler from BUILDPLATFORM but compiled output for TARGETPLATFORM
+# https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    go build -o puller model-serving-puller/main.go && \
+    go build -o puller model-serving-puller/main.go && \
+    go build -o triton-adapter model-mesh-triton-adapter/main.go && \
+    go build -o mlserver-adapter model-mesh-mlserver-adapter/main.go && \
+    go build -o ovms-adapter model-mesh-ovms-adapter/main.go && \
+    go build -o torchserve-adapter model-mesh-torchserve-adapter/main.go
+
 
 ###############################################################################
 # Stage 3: Copy build assets to create the smallest final runtime image
 ###############################################################################
-FROM  registry.access.redhat.com/ubi8/ubi-minimal:8.4 as runtime
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 as runtime
 
-ARG IMAGE_VERSION
-ARG COMMIT_SHA
 ARG USER=2000
 
-LABEL name="model-serving-runtime-adapter" \
-      version="${IMAGE_VERSION}" \
-      release="${COMMIT_SHA}" \
-      summary="Sidecar container which runs in the Model-Mesh Serving model server pods" \
-      description="Container which runs in each model serving pod and act as an intermediary between model-mesh and third-party model-server containers"
-
 USER root
+
 # install python to convert keras to tf
-RUN microdnf install \
-    gcc \
-    gcc-c++ \
-    python38 && \
-    ln -sf /usr/bin/python3 /usr/bin/python && \
-    ln -sf /usr/bin/pip3 /usr/bin/pip && \
-    pip install tensorflow
+# NOTE: tensorflow not supported on PowerPC (ppc64le) or System Z (s390x) https://github.com/tensorflow/tensorflow/issues/46181
+RUN --mount=type=cache,target=/root/.cache/microdnf:rw \
+    microdnf install --setopt=cachedir=/root/.cache/microdnf \
+       gcc \
+       gcc-c++ \
+       python38-devel \
+       python38 \
+    && ln -sf /usr/bin/python3 /usr/bin/python \
+    && ln -sf /usr/bin/pip3 /usr/bin/pip \
+    && true
+
+# need to upgrade pip and install wheel before installing grpcio, before installing tensorflow on aarch64
+# use caching to speed up multi-platform builds
+ARG PIP_CACHE_DIR=/root/.cache/pip
+RUN --mount=type=cache,target=$PIP_CACHE_DIR \
+    pip install --upgrade pip && \
+    pip install wheel && \
+    pip install grpcio && \
+    pip install tensorflow && \
+    pip list && \
+    pip cache info
 
 USER ${USER}
 
@@ -123,6 +166,16 @@ COPY --from=build /opt/app/model-mesh-triton-adapter/scripts/tf_pb.py /opt/scrip
 COPY --from=build /opt/app/ovms-adapter /opt/app/
 COPY --from=build /opt/app/torchserve-adapter /opt/app/
 
+# wait to create commit-specific LABEL until end of the build to not unnecessarily
+# invalidate the cached image layers
+ARG IMAGE_VERSION
+ARG COMMIT_SHA
+
+LABEL name="model-serving-runtime-adapter" \
+      version="${IMAGE_VERSION}" \
+      release="${COMMIT_SHA}" \
+      summary="Sidecar container which runs in the ModelMesh Serving model server pods" \
+      description="Container which runs in each model serving pod acting as an intermediary between ModelMesh and third-party model-server containers"
 
 # Don't define an entrypoint. This is a multi-purpose image so the user should specify which binary they want to run (e.g. /opt/app/puller or /opt/app/triton-adapter)
 # ENTRYPOINT ["/opt/app/puller"]
diff --git a/Makefile b/Makefile
@@ -11,9 +11,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 # collect args from `make run` so that they don't run twice
 ifeq (run,$(firstword $(MAKECMDGOALS)))
   RUN_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  ifneq ("$(wildcard /.dockerenv)","")
+    $(error Inside docker container, run 'make $(RUN_ARGS)')
+  endif
 endif
 
 all: build
@@ -27,12 +31,6 @@ build.develop:
 develop: build.develop
 	./scripts/develop.sh
 
-docs:
-	./scripts/docs.sh
-
-docs.dev:
-	./scripts/docs.sh --dev
-
 run: build.develop
 	./scripts/develop.sh make $(RUN_ARGS)
 
@@ -49,4 +47,4 @@ proto.compile:
 $(eval $(RUN_ARGS):;@:)
 
 # Remove $(MAKECMDGOALS) if you don't intend make to just be a taskrunner
-.PHONY: all $(MAKECMDGOALS)
+.PHONY: all build build.develop develop run test fmt proto.compile $(MAKECMDGOALS)