From afdc71fd3236f46b7d2109baaf9b0b6f1c733f4e Mon Sep 17 00:00:00 2001 From: Mihai Maruseac Date: Wed, 10 Jan 2024 16:57:28 -0800 Subject: [PATCH] Use real person Signed-off-by: Mihai Maruseac --- .github/workflows/pin_deps.yml | 196 ++++++++++++++++----------------- 1 file changed, 98 insertions(+), 98 deletions(-) diff --git a/.github/workflows/pin_deps.yml b/.github/workflows/pin_deps.yml index d9cb72de..ef2dcd20 100644 --- a/.github/workflows/pin_deps.yml +++ b/.github/workflows/pin_deps.yml @@ -1,98 +1,98 @@ -name: Pin dependencies -on: - workflow_dispatch: - schedule: - - cron: '0 0 * * TUE' # run every Tuesday at midnight - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - pin: - name: Generate dependency lock - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false # Don't cancel other jobs if one fails - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 - with: - python-version: 3.11 - cache: pip - cache-dependency-path: | - model_signing/install/requirements_${{ runner.os }}.txt - model_signing/install/requirements_test_${{ runner.os }}.txt - slsa_for_models/install/requirements_${{ runner.os }}.txt - - name: Create an empty virtualenv and install `pip-tools` - run: | - set -exuo pipefail - python -m venv venv - .github/workflows/scripts/venv_activate.sh - pip install pip-tools - pip list # For debugging - - name: Use `pip-compile` to generate all freeze files - run: | - set -exuo pipefail - .github/workflows/scripts/venv_activate.sh - pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ runner.os }}.txt model_signing/install/requirements.in - pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ runner.os }}.txt model_signing/install/requirements_test.in - pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ runner.os }}.txt slsa_for_models/install/requirements.in - - name: Test freeze file (for model signing) - run: | - set -exuo pipefail - rm -rf venv # Need clean sandbox - python -m venv venv - .github/workflows/scripts/venv_activate.sh - pip install -r model_signing/install/requirements_${{ runner.os }}.txt - pip list # For debugging - - name: Test freeze file (for testing model signing) - run: | - set -exuo pipefail - rm -rf venv # Need clean sandbox - python -m venv venv - .github/workflows/scripts/venv_activate.sh - pip install -r model_signing/install/requirements_test_${{ runner.os }}.txt - pip list # For debugging - - name: Test freeze file (for SLSA for models) - run: | - set -exuo pipefail - rm -rf venv # Need clean sandbox - python -m venv venv - .github/workflows/scripts/venv_activate.sh - pip install -r slsa_for_models/install/requirements_${{ runner.os }}.txt - pip list # For debugging - - name: Upload freeze files - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 - with: - name: freeze-files-${{ matrix.os }} - path: ./*/install/requirements*${{ runner.os }}*txt - - # Separate PR creation job to make sure it creates only one single PR with - # all changed files, eliminate race-conditions and restrict permissions only - # to this specific job. - create-pr: - needs: [pin] - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 - with: - path: . - merge-multiple: true - - name: Create dependent PR with dependency changes - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 - with: - title: "Update frozen python dependencies" - commit-message: "Bump frozen dependencies" - committer: "GitHub " - author: "GitHub " - signoff: true - delete-branch: true +name: Pin dependencies +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * TUE' # run every Tuesday at midnight + +permissions: {} + +defaults: + run: + shell: bash + +jobs: + pin: + name: Generate dependency lock + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false # Don't cancel other jobs if one fails + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + with: + python-version: 3.11 + cache: pip + cache-dependency-path: | + model_signing/install/requirements_${{ runner.os }}.txt + model_signing/install/requirements_test_${{ runner.os }}.txt + slsa_for_models/install/requirements_${{ runner.os }}.txt + - name: Create an empty virtualenv and install `pip-tools` + run: | + set -exuo pipefail + python -m venv venv + .github/workflows/scripts/venv_activate.sh + pip install pip-tools + pip list # For debugging + - name: Use `pip-compile` to generate all freeze files + run: | + set -exuo pipefail + .github/workflows/scripts/venv_activate.sh + pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ runner.os }}.txt model_signing/install/requirements.in + pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ runner.os }}.txt model_signing/install/requirements_test.in + pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ runner.os }}.txt slsa_for_models/install/requirements.in + - name: Test freeze file (for model signing) + run: | + set -exuo pipefail + rm -rf venv # Need clean sandbox + python -m venv venv + .github/workflows/scripts/venv_activate.sh + pip install -r model_signing/install/requirements_${{ runner.os }}.txt + pip list # For debugging + - name: Test freeze file (for testing model signing) + run: | + set -exuo pipefail + rm -rf venv # Need clean sandbox + python -m venv venv + .github/workflows/scripts/venv_activate.sh + pip install -r model_signing/install/requirements_test_${{ runner.os }}.txt + pip list # For debugging + - name: Test freeze file (for SLSA for models) + run: | + set -exuo pipefail + rm -rf venv # Need clean sandbox + python -m venv venv + .github/workflows/scripts/venv_activate.sh + pip install -r slsa_for_models/install/requirements_${{ runner.os }}.txt + pip list # For debugging + - name: Upload freeze files + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + with: + name: freeze-files-${{ matrix.os }} + path: ./*/install/requirements*${{ runner.os }}*txt + + # Separate PR creation job to make sure it creates only one single PR with + # all changed files, eliminate race-conditions and restrict permissions only + # to this specific job. + create-pr: + needs: [pin] + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + with: + path: . + merge-multiple: true + - name: Create dependent PR with dependency changes + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + with: + title: "Update frozen python dependencies" + commit-message: "Bump frozen dependencies" + committer: "Mihai Maruseac (automated) " + author: "Mihai Maruseac (automated) " + signoff: true + delete-branch: true