-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make the dependency pinning action create a PR and update all depende…
…ncies (#99) * Try updating dependencies Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> * Use real person Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> --------- Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
- Loading branch information
1 parent
b39b675
commit c074ee6
Showing
2 changed files
with
99 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,72 +1,98 @@ | ||
name: Pin dependencies | ||
on: | ||
workflow_dispatch | ||
|
||
permissions: {} | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
pin: | ||
name: Generate dependency lock | ||
runs-on: ${{ matrix.os }} | ||
strategy: | ||
fail-fast: false # Don't cancel other jobs if one fails | ||
matrix: | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | ||
with: | ||
python-version: 3.11 | ||
cache: pip | ||
cache-dependency-path: | | ||
model_signing/install/requirements_${{ runner.os }}.txt | ||
model_signing/install/requirements_test_${{ runner.os }}.txt | ||
slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
- name: Create an empty virtualenv and install `pip-tools` | ||
run: | | ||
set -exuo pipefail | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install pip-tools | ||
pip list # For debugging | ||
- name: Use `pip-compile` to generate all freeze files | ||
run: | | ||
set -exuo pipefail | ||
.github/workflows/scripts/venv_activate.sh | ||
# TODO(mihaimaruseac): Should we separate these into separate steps? | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ runner.os }}.txt model_signing/install/requirements.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ runner.os }}.txt model_signing/install/requirements_test.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ runner.os }}.txt slsa_for_models/install/requirements.in | ||
- name: Test freeze file (for model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for testing model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_test_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for SLSA for models) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Upload freeze files | ||
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 | ||
with: | ||
name: freeze-files-${{ matrix.os }} | ||
path: ./*/install/requirements*txt | ||
name: Pin dependencies | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '0 0 * * TUE' # run every Tuesday at midnight | ||
|
||
permissions: {} | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
pin: | ||
name: Generate dependency lock | ||
runs-on: ${{ matrix.os }} | ||
strategy: | ||
fail-fast: false # Don't cancel other jobs if one fails | ||
matrix: | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | ||
with: | ||
python-version: 3.11 | ||
cache: pip | ||
cache-dependency-path: | | ||
model_signing/install/requirements_${{ runner.os }}.txt | ||
model_signing/install/requirements_test_${{ runner.os }}.txt | ||
slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
- name: Create an empty virtualenv and install `pip-tools` | ||
run: | | ||
set -exuo pipefail | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install pip-tools | ||
pip list # For debugging | ||
- name: Use `pip-compile` to generate all freeze files | ||
run: | | ||
set -exuo pipefail | ||
.github/workflows/scripts/venv_activate.sh | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_${{ runner.os }}.txt model_signing/install/requirements.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=model_signing/install/requirements_test_${{ runner.os }}.txt model_signing/install/requirements_test.in | ||
pip-compile --upgrade --generate-hashes --strip-extras --output-file=slsa_for_models/install/requirements_${{ runner.os }}.txt slsa_for_models/install/requirements.in | ||
- name: Test freeze file (for model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for testing model signing) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r model_signing/install/requirements_test_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Test freeze file (for SLSA for models) | ||
run: | | ||
set -exuo pipefail | ||
rm -rf venv # Need clean sandbox | ||
python -m venv venv | ||
.github/workflows/scripts/venv_activate.sh | ||
pip install -r slsa_for_models/install/requirements_${{ runner.os }}.txt | ||
pip list # For debugging | ||
- name: Upload freeze files | ||
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 | ||
with: | ||
name: freeze-files-${{ matrix.os }} | ||
path: ./*/install/requirements*${{ runner.os }}*txt | ||
|
||
# Separate PR creation job to make sure it creates only one single PR with | ||
# all changed files, eliminate race-conditions and restrict permissions only | ||
# to this specific job. | ||
create-pr: | ||
needs: [pin] | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
steps: | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 | ||
with: | ||
path: . | ||
merge-multiple: true | ||
- name: Create dependent PR with dependency changes | ||
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 | ||
with: | ||
title: "Update frozen python dependencies" | ||
commit-message: "Bump frozen dependencies" | ||
committer: "Mihai Maruseac (automated) <mihaimaruseac@google.com>" | ||
author: "Mihai Maruseac (automated) <mihaimaruseac@google.com>" | ||
signoff: true | ||
delete-branch: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
tensorflow | ||
torch | ||
torchvision |