-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
- Loading branch information
1 parent
8186651
commit afdc71f
Showing
1 changed file
with
98 additions
and
98 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,98 +1,98 @@ | ||
name: Pin dependencies | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '0 0 * * TUE' # run every Tuesday at midnight | ||
|
||
permissions: {} | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
pin: | ||
name: Generate dependency lock | ||
runs-on: ${{ matrix.os }} | ||
strategy: | ||
fail-fast: false # Don't cancel other jobs if one fails | ||
matrix: | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | ||
with: | ||
python-version: 3.11 | ||
cache: pip | ||
cache-dependency-path: | | ||
model_signing/install/requirements_${{ runner.os }}.txt | ||
model_signing/install/requirements_test_${{ runner.os }}.txt | ||
slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
- name: Create an empty virtualenv and install `pip-tools` | ||
run: | | ||
set -exuo pipefail | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install pip-tools | ||
pip list # For debugging | ||
- name: Use `pip-compile` to generate all freeze files | ||
run: | | ||
set -exuo pipefail | ||
.github/workflows/scripts/venv_activate.sh | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ runner.os }}.txt model_signing/install/requirements.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ runner.os }}.txt model_signing/install/requirements_test.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ runner.os }}.txt slsa_for_models/install/requirements.in | ||
- name: Test freeze file (for model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for testing model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_test_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for SLSA for models) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Upload freeze files | ||
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 | ||
with: | ||
name: freeze-files-${{ matrix.os }} | ||
path: ./*/install/requirements*${{ runner.os }}*txt | ||
|
||
# Separate PR creation job to make sure it creates only one single PR with | ||
# all changed files, eliminate race-conditions and restrict permissions only | ||
# to this specific job. | ||
create-pr: | ||
needs: [pin] | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 | ||
with: | ||
path: . | ||
merge-multiple: true | ||
- name: Create dependent PR with dependency changes | ||
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 | ||
with: | ||
title: "Update frozen python dependencies" | ||
commit-message: "Bump frozen dependencies" | ||
committer: "GitHub <noreply@github.com>" | ||
author: "GitHub <noreply@github.com>" | ||
signoff: true | ||
delete-branch: true | ||
name: Pin dependencies | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '0 0 * * TUE' # run every Tuesday at midnight | ||
|
||
permissions: {} | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
pin: | ||
name: Generate dependency lock | ||
runs-on: ${{ matrix.os }} | ||
strategy: | ||
fail-fast: false # Don't cancel other jobs if one fails | ||
matrix: | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | ||
with: | ||
python-version: 3.11 | ||
cache: pip | ||
cache-dependency-path: | | ||
model_signing/install/requirements_${{ runner.os }}.txt | ||
model_signing/install/requirements_test_${{ runner.os }}.txt | ||
slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
- name: Create an empty virtualenv and install `pip-tools` | ||
run: | | ||
set -exuo pipefail | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install pip-tools | ||
pip list # For debugging | ||
- name: Use `pip-compile` to generate all freeze files | ||
run: | | ||
set -exuo pipefail | ||
.github/workflows/scripts/venv_activate.sh | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ runner.os }}.txt model_signing/install/requirements.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ runner.os }}.txt model_signing/install/requirements_test.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ runner.os }}.txt slsa_for_models/install/requirements.in | ||
- name: Test freeze file (for model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for testing model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_test_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for SLSA for models) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Upload freeze files | ||
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 | ||
with: | ||
name: freeze-files-${{ matrix.os }} | ||
path: ./*/install/requirements*${{ runner.os }}*txt | ||
|
||
# Separate PR creation job to make sure it creates only one single PR with | ||
# all changed files, eliminate race-conditions and restrict permissions only | ||
# to this specific job. | ||
create-pr: | ||
needs: [pin] | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 | ||
with: | ||
path: . | ||
merge-multiple: true | ||
- name: Create dependent PR with dependency changes | ||
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 | ||
with: | ||
title: "Update frozen python dependencies" | ||
commit-message: "Bump frozen dependencies" | ||
committer: "Mihai Maruseac (automated) <mihaimaruseac@google.com>" | ||
author: "Mihai Maruseac (automated) <mihaimaruseac@google.com>" | ||
signoff: true | ||
delete-branch: true |