Skip to content

Commit

Permalink
Update code-scan workflow (#3044)
Browse files Browse the repository at this point in the history 
* update code-scan workflow

* pin actions
  • Loading branch information
@yunchu
yunchu authored Mar 7, 2024
1 parent 7403263 commit ac4c2c6
Show file tree
Hide file tree
Showing 7 changed files with 41 additions and 34 deletions.
16 changes: 10 additions & 6 deletions .github/workflows/code_scan.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ name: Code Scanning

on:
workflow_dispatch: # run on request (no need for PR)
push:
branches:
- "releases/*"
- "v2"
schedule:
# every UTC 6PM from Mon to Fri
- cron: "0 18 * * 1-5"
Expand All @@ -11,9 +15,9 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install dependencies
Expand All @@ -23,7 +27,7 @@ jobs:
TRIVY_DOWNLOAD_URL: ${{ vars.TRIVY_DOWNLOAD_URL }}
run: tox -vv -e trivy-scan
- name: Upload Trivy results artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: trivy-results
path: |
Expand All @@ -34,17 +38,17 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install dependencies
run: python -m pip install tox
- name: Bandit Scanning
run: tox -e bandit-scan
- name: Upload Bandit artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: bandit-report
path: .tox/bandit-report.txt
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docs_stable.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ jobs:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install tox
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/labeler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ jobs:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4 # Uploads repository content to the runner
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Uploads repository content to the runner
name: Checkout repository
with:
sparse-checkout: |
.github
- uses: actions/labeler@v4
- uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
6 changes: 3 additions & 3 deletions .github/workflows/perf_accuracy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,9 @@ jobs:
timeout-minutes: 8640
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install tox
Expand All @@ -88,7 +88,7 @@ jobs:
--mlflow-tracking-uri ${{ vars.MLFLOW_TRACKING_SERVER_URI }}
--user-name ${{ github.triggering_actor }}
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: perf-accuracy-benchmark-${{ matrix.task-short }}
path: .tox/perf-*.csv
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/perf_efficiency.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,9 @@ jobs:
timeout-minutes: 8640
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install tox
Expand All @@ -72,7 +72,7 @@ jobs:
--mlflow-tracking-uri ${{ vars.MLFLOW_TRACKING_SERVER_URI }}
--user-name ${{ github.triggering_actor }}
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: perf-efficiency-benchmark-all
path: .tox/perf-*.csv
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/pre_merge.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install tox
Expand All @@ -50,9 +50,9 @@ jobs:
cancel-in-progress: true
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: ${{ matrix.python-version }}
- name: Install tox
Expand Down Expand Up @@ -98,9 +98,9 @@ jobs:
cancel-in-progress: true
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install tox
Expand Down
27 changes: 15 additions & 12 deletions .github/workflows/publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,29 +11,31 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build wheels
uses: pypa/cibuildwheel@v2.13.1
- uses: actions/upload-artifact@v3
uses: pypa/cibuildwheel@0ecddd92b62987d7a2ae8911f4bb8ec9e2e4496a # v2.13.1
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: artifact-wheels
path: ./wheelhouse/*.whl

build_sdist:
name: Build source distribution
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python 3.10
uses: actions/setup-python@v3
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: "3.10"
- name: Install pypa/build
run: python -m pip install build
- name: Build sdist
run: python -m build --sdist
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: artifact-sdist
path: dist/*.tar.gz

publish_package:
Expand All @@ -44,22 +46,23 @@ jobs:
permissions: write-all
steps:
- name: Download artifacts
uses: actions/download-artifact@v3
uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3
with:
# unpacks default artifact into dist/
# if `name: artifact` is omitted, the action will create extra parent dir
name: artifact
path: dist
pattern: artifact-*
merge-multiple: true
# to determine where to publish the source distribution to PyPI or TestPyPI
- name: Check tag
id: check-tag
uses: actions-ecosystem/action-regex-match@v2
uses: actions-ecosystem/action-regex-match@9e6c4fb3d5e898f505be7a1fb6e7b0a278f6665b # v2.0.2
with:
text: ${{ github.ref }}
regex: '^refs/tags/[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+rc[0-9]+|rc[0-9]+)?$'
- name: Upload package distributions to github
if: ${{ steps.check-tag.outputs.match != '' }}
uses: svenstaro/upload-release-action@v2
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: dist/*
Expand All @@ -68,12 +71,12 @@ jobs:
file_glob: true
- name: Publish package distributions to PyPI
if: ${{ steps.check-tag.outputs.match != '' }}
uses: pypa/gh-action-pypi-publish@v1.7.1
uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06 # v1.8.12
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Publish package distributions to TestPyPI
if: ${{ steps.check-tag.outputs.match == '' }}
uses: pypa/gh-action-pypi-publish@v1.7.1
uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06 # v1.8.12
with:
password: ${{ secrets.TESTPYPI_API_TOKEN }}
repository-url: https://test.pypi.org/legacy/
Expand Down

0 comments on commit ac4c2c6

Please # to comment.