bentoml/BentoML
5 workflows · maturity 50% · 3 patterns · GitHub ↗
Practices
✓ Matrix○ Permissions✓ Security scan○ AI review○ Cache✓ Concurrency○ Reusable workflows
Detected patterns
Security dimensions
Tools: github/codeql-action/analyze, github/codeql-action/autobuild, github/codeql-action/init
Workflows (5)
ci matrix .github/workflows/ci.yml
View raw YAML
name: CI
on:
push:
branches: [main]
paths-ignore:
- 'docs/**'
- 'bazel/**'
- 'typings/**'
pull_request:
paths-ignore:
- 'docs/**'
- 'bazel/**'
- 'typings/**'
schedule:
- cron: '0 0 * * 1/2'
env:
LINES: 120
COLUMNS: 120
BENTOML_DO_NOT_TRACK: True
PYTEST_PLUGINS: bentoml.testing.pytest.plugin
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrun
defaults:
run:
shell: bash --noprofile --norc -exo pipefail {0}
jobs:
unit:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: [3.9, 3.11, 3.12]
name: unit-tests (python${{ matrix.python-version }}.${{ matrix.os }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # fetch all tags and branches
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
cache: pip
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: pipx install pdm && pipx install nox
- name: Unit tests
run: nox --session unit-${{ matrix.python-version }}
- name: Disambiguate coverage filename
run: mv .coverage ".coverage.unit.${{ matrix.os }}.${{ matrix.python-version }}"
- name: Upload coverage data
uses: actions/upload-artifact@v7
with:
name: coverage-unit-data-${{ matrix.os }}-${{ matrix.python-version }}
path: .coverage.*
include-hidden-files: true
integrations:
name: framework-integration-tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
framework:
- catboost
- detectron
- diffusers
- easyocr
- fastai
- flax
- keras
- lightgbm
- onnx
- picklable_model
- pytorch
- pytorch_lightning
- sklearn
- tensorflow
- torchscript
- transformers
- xgboost
exclude:
- framework: transformers # NOTE: CI runners doesn't have enough space to run all transformers jobs
- framework: detectron # NOTE: tested locally and the latest PyPI are to obsolete.
timeout-minutes: 90
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # fetch all tags and branches
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.9'
cache: pip
- name: Install dependencies
run: pipx install pdm && pipx install nox
- name: Run framework integration tests
run: nox --session "framework-integration(framework='${{ matrix.framework }}')"
- name: Disambiguate coverage filename
run: mv .coverage ".coverage.integrations.ubuntu-latest.3.9.${{ matrix.framework }}"
- name: Upload coverage data
uses: actions/upload-artifact@v7
with:
name: coverage-integrations-data-${{ matrix.framework }}
path: .coverage.*
include-hidden-files: true
e2e-monitoring:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: [3.9, 3.11, 3.12]
name: monitoring-e2e-tests (python${{ matrix.python-version }}.${{ matrix.os }})
runs-on: ${{ matrix.os }}
timeout-minutes: 90
env:
BENTOML_BUNDLE_LOCAL_BUILD: True
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # fetch all tags and branches
- name: Set up QEMU
uses: docker/setup-qemu-action@v4
if: ${{ matrix.os == 'ubuntu-latest' }}
- name: Set up Docker Buildx
if: ${{ matrix.os == 'ubuntu-latest' }}
id: buildx
uses: docker/setup-buildx-action@v4
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
cache: pip
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: pipx install pdm && pipx install nox
- name: Run the monitoring tests
run: nox -s e2e-monitoring-${{ matrix.python-version }}
- name: Disambiguate coverage filename
run: mv .coverage ".coverage.monitoring.${{ matrix.os }}.${{ matrix.python-version }}"
- name: Upload coverage data
uses: actions/upload-artifact@v7
with:
name: coverage-monitoring-data-${{ matrix.os }}-${{ matrix.python-version }}
path: .coverage.*
include-hidden-files: true
e2e-test:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
python-version: [3.9, 3.11, 3.12]
suite: ['bento_server_http', 'bento_new_sdk']
exclude:
- os: macos-latest
suite: bento_server_http
python-version: 3.12
- os: ubuntu-latest
suite: bento_server_http
python-version: 3.12
name: ${{ matrix.suite }}-e2e-tests (python${{ matrix.python-version }}.${{ matrix.os }})
runs-on: ${{ matrix.os }}
timeout-minutes: 90
env:
BENTOML_BUNDLE_LOCAL_BUILD: True
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # fetch all tags and branches
- name: Set up QEMU
uses: docker/setup-qemu-action@v4
if: ${{ matrix.os == 'ubuntu-latest' }}
- name: Set up Docker Buildx
if: ${{ matrix.os == 'ubuntu-latest' }}
id: buildx
uses: docker/setup-buildx-action@v4
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
cache: pip
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: pipx install pdm && pipx install nox
- name: Run ${{ matrix.suite }} tests
run: nox -s "e2e-testing-${{ matrix.python-version }}(suite='${{ matrix.suite }}')"
- name: Disambiguate coverage filename
run: mv .coverage ".coverage.e2e.${{ matrix.os }}.${{ matrix.python-version }}.${{ matrix.suite }}"
- name: Upload coverage data
uses: actions/upload-artifact@v7
with:
name: coverage-e2e-data-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.suite }}
path: .coverage.*
include-hidden-files: true
coverage:
name: report-coverage
runs-on: ubuntu-latest
needs:
- e2e-test
- e2e-monitoring
- unit
- integrations
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v6
with:
cache: pip
python-version: '3.11'
- name: Download e2e coverage
uses: actions/download-artifact@v8
with:
pattern: coverage-e2e-data-*
merge-multiple: true
- name: Download monitoring coverage
uses: actions/download-artifact@v8
with:
pattern: coverage-monitoring-data-*
merge-multiple: true
- name: Download integrations coverage
uses: actions/download-artifact@v8
with:
pattern: coverage-integrations-data-*
merge-multiple: true
- name: Download unit coverage
uses: actions/download-artifact@v8
with:
pattern: coverage-unit-data-*
merge-multiple: true
- name: Install dependencies
run: pipx install pdm && pipx install nox
- name: Export coverage reports and generate summary
run: nox -s coverage
- name: Upload uncovered HTML report
uses: actions/upload-artifact@v7
with:
name: uncovered-html-report
path: htmlcov
- name: Update coverage pull request comment
if: github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork
uses: marocchino/sticky-pull-request-comment@v3
with:
path: coverage-report.md
evergreen: # https://github.com/marketplace/actions/alls-green#why
if: github.event_name == 'pull_request'
needs:
- coverage
- e2e-test
- e2e-monitoring
- unit
- integrations
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
concurrency:
group: ci-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
cleanup .github/workflows/cleanup.yml
View raw YAML
name: cleanup-gh-cache
on:
pull_request:
types:
- closed
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Cleanup
run: "gh extension install actions/gh-actions-cache\n\nREPO=${{ github.repository }}\nBRANCH=\"refs/pull/${{ github.event.pull_request.number }}/merge\"\n\necho \"Fetching list of cache key\"\ncacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )\n\n## Setting this to not fail the workflow while deleting cache keys. \nset +e\necho \"Deleting caches...\"\nfor cacheKey in $cacheKeysForPR\ndo\n gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm\ndone\necho \"Done\"\n"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
codeql-analysis matrix security .github/workflows/codeql-analysis.yml
View raw YAML
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '37 15 * * 2'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'python' ]
steps:
- name: Checkout repository
uses: actions/checkout@v6
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
cqa .github/workflows/cqa.yml
View raw YAML
name: code-quality
on:
push:
branches: [main]
paths-ignore:
- 'docs/**'
- 'bazel/**'
- 'typings/**'
pull_request:
paths-ignore:
- 'docs/**'
- 'bazel/**'
- 'typings/**'
schedule:
- cron: '0 0 * * 1/2'
env:
LINES: 200
COLUMNS: 200
BENTOML_DO_NOT_TRACK: True
concurrency:
group: cqa-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrun
defaults:
run:
shell: bash --noprofile --norc -exo pipefail {0}
jobs:
spelling:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up PDM
uses: pdm-project/setup-pdm@v4
with:
cache: true
python-version: '3.11'
enable-pep582: false
- name: Install libenchant
run: sudo apt-get update && sudo apt-get install -y libenchant-2-dev
- name: Install dependencies
run: pdm sync -dG docs
- name: Run spellcheck script
run: |
pdm run -v sphinx-build -b spelling ./docs/source ./docs/build || (echo "Failed to run spellcheck. Refer to logs for more details"; exit 1)
release .github/workflows/release.yml
View raw YAML
name: Release
on:
push:
tags:
- "*"
workflow_dispatch:
inputs:
ref:
description: "Git ref to release, such as a tag name"
required: false
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
ref: ${{ inputs.ref || github.ref }}
- name: Setup Python
uses: actions/setup-python@v6
with:
python-version: '3.11'
- name: Build
run: pipx run build
- name: Archive
uses: actions/upload-artifact@v7
with:
name: dist
path: dist/*
release:
runs-on: ubuntu-latest
needs: build
permissions:
id-token: write
steps:
- uses: actions/download-artifact@v8
with:
name: dist
path: dist
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1