diff --git a/.github/workflows/blossom-ci.yml b/.github/workflows/blossom-ci.yml deleted file mode 100644 index d5bdf0ed95..0000000000 --- a/.github/workflows/blossom-ci.yml +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright (c) 2020-2021, NVIDIA CORPORATION. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# A workflow to trigger ci on hybrid infra (github + self hosted runner) -name: Blossom-CI -on: - issue_comment: - types: [created] - workflow_dispatch: - inputs: - platform: - description: 'runs-on argument' - required: false - args: - description: 'argument' - required: false -jobs: - Authorization: - name: Authorization - runs-on: blossom - outputs: - args: ${{ env.args }} - - # This job only runs for pull request comments - if: | - contains( 'andi4191, narendasan, peri044, bowang007,', format('{0},', github.actor)) && - github.event.comment.body == '/blossom-ci' - steps: - - name: Check if comment is issued by authorized person - run: blossom-ci - env: - OPERATION: 'AUTH' - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} - REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} - - Vulnerability-scan: - name: Vulnerability scan - needs: [Authorization] - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v6 - with: - repository: ${{ fromJson(needs.Authorization.outputs.args).repo }} - ref: ${{ fromJson(needs.Authorization.outputs.args).ref }} - lfs: 'true' - - # repo specific steps - #- name: Setup java - # uses: actions/setup-java@v5 - # with: - # java-version: 1.8 - - # add blackduck properties https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631308372/Methods+for+Configuring+Analysis#Using-a-configuration-file - #- name: Setup blackduck properties - # run: | - # PROJECTS=$(mvn -am dependency:tree | grep maven-dependency-plugin | awk '{ out="com.nvidia:"$(NF-1);print out }' | grep rapids | xargs | sed -e 's/ /,/g') - # echo detect.maven.build.command="-pl=$PROJECTS -am" >> application.properties - # echo detect.maven.included.scopes=compile >> application.properties - - - name: Run blossom action - uses: NVIDIA/blossom-action@main - env: - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} - REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} - with: - args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }} - args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }} - args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }} - - Job-trigger: - name: Start ci job - needs: [Vulnerability-scan] - runs-on: blossom - steps: - - name: Start ci job - run: blossom-ci - env: - OPERATION: 'START-CI-JOB' - CI_SERVER: ${{ secrets.CI_SERVER }} - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - Upload-Log: - name: Upload log - runs-on: blossom - if : github.event_name == 'workflow_dispatch' - steps: - - name: Jenkins log for pull request ${{ fromJson(github.event.inputs.args).pr }} (click here) - run: blossom-ci - env: - OPERATION: 'POST-PROCESSING' - CI_SERVER: ${{ secrets.CI_SERVER }} - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-test-linux-aarch64-jetpack.yml b/.github/workflows/build-test-linux-aarch64-jetpack.yml index 5cda6acec5..f78e316712 100644 --- a/.github/workflows/build-test-linux-aarch64-jetpack.yml +++ b/.github/workflows/build-test-linux-aarch64-jetpack.yml @@ -13,6 +13,9 @@ on: - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+ workflow_dispatch: +permissions: + contents: read + jobs: generate-matrix: uses: pytorch/test-infra/.github/workflows/generate_binary_build_matrix.yml@main diff --git a/.github/workflows/build-test-linux-aarch64.yml b/.github/workflows/build-test-linux-aarch64.yml index eea7ec01fa..524b0f5e4a 100644 --- a/.github/workflows/build-test-linux-aarch64.yml +++ b/.github/workflows/build-test-linux-aarch64.yml @@ -13,6 +13,9 @@ on: - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+ workflow_dispatch: +permissions: + contents: read + jobs: generate-matrix: uses: pytorch/test-infra/.github/workflows/generate_binary_build_matrix.yml@main diff --git a/.github/workflows/build-test-linux-x86_64.yml b/.github/workflows/build-test-linux-x86_64.yml index 7c067709a6..55faf3ea7c 100644 --- a/.github/workflows/build-test-linux-x86_64.yml +++ b/.github/workflows/build-test-linux-x86_64.yml @@ -13,6 +13,9 @@ on: - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+ workflow_dispatch: +permissions: + contents: read + jobs: generate-matrix: uses: pytorch/test-infra/.github/workflows/generate_binary_build_matrix.yml@main diff --git a/.github/workflows/build-test-linux-x86_64_rtx.yml b/.github/workflows/build-test-linux-x86_64_rtx.yml index b7f86d1fa6..69e353d189 100644 --- a/.github/workflows/build-test-linux-x86_64_rtx.yml +++ b/.github/workflows/build-test-linux-x86_64_rtx.yml @@ -13,6 +13,9 @@ on: - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+ workflow_dispatch: +permissions: + contents: read + jobs: generate-matrix: uses: pytorch/test-infra/.github/workflows/generate_binary_build_matrix.yml@main diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml index f092e5a7d0..60401a82d9 100644 --- a/.github/workflows/build-test-windows.yml +++ b/.github/workflows/build-test-windows.yml @@ -13,6 +13,9 @@ on: - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+ workflow_dispatch: +permissions: + contents: read + jobs: generate-matrix: uses: pytorch/test-infra/.github/workflows/generate_binary_build_matrix.yml@main diff --git a/.github/workflows/build-test-windows_rtx.yml b/.github/workflows/build-test-windows_rtx.yml index 53d2bd6a35..82781df9d9 100644 --- a/.github/workflows/build-test-windows_rtx.yml +++ b/.github/workflows/build-test-windows_rtx.yml @@ -13,6 +13,9 @@ on: - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+ workflow_dispatch: +permissions: + contents: read + jobs: generate-matrix: uses: pytorch/test-infra/.github/workflows/generate_binary_build_matrix.yml@main diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index feae31c392..2f8e8c8ce2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,9 +16,7 @@ on: branches: [ "main" ] pull_request: branches: [ "main" ] - schedule: - - cron: '26 11 * * 2' - workflow_dispatch: + workflow_dispatch: jobs: analyze: diff --git a/.github/workflows/docgen.yml b/.github/workflows/docgen.yml index bf4e7619a8..26de4c6344 100644 --- a/.github/workflows/docgen.yml +++ b/.github/workflows/docgen.yml @@ -8,6 +8,9 @@ on: push: branches: [main] +permissions: + contents: read + jobs: build-docs: runs-on: linux.g5.4xlarge.nvidia.gpu diff --git a/.github/workflows/docker_builder.yml b/.github/workflows/docker_builder.yml index 24b7fe0fb2..f29a813238 100644 --- a/.github/workflows/docker_builder.yml +++ b/.github/workflows/docker_builder.yml @@ -11,6 +11,9 @@ on: - 'docs/**' workflow_dispatch: +permissions: + contents: read + # If pushes to main are made in rapid succession, # cancel existing docker builds and use newer commits concurrency: diff --git a/.github/workflows/executorch-static-linux.yml b/.github/workflows/executorch-static-linux.yml index 4273d70229..f91dee4c9c 100644 --- a/.github/workflows/executorch-static-linux.yml +++ b/.github/workflows/executorch-static-linux.yml @@ -24,6 +24,9 @@ on: default: "" type: string +permissions: + contents: read + jobs: select-matrix: runs-on: ubuntu-latest diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml index f428d6e2bc..e224848be1 100644 --- a/.github/workflows/label.yml +++ b/.github/workflows/label.yml @@ -8,6 +8,9 @@ name: Labeler on: [pull_request_target] +permissions: + contents: read + jobs: label: permissions: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index af16185129..7d99841ac7 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -4,6 +4,9 @@ on: pull_request: types: [opened, synchronize, ready_for_review, review_requested, reopened] +permissions: + contents: read + jobs: cpp-linting: name: C++ Linting diff --git a/.github/workflows/linux-test.yml b/.github/workflows/linux-test.yml index d055276143..2dac5bf90b 100644 --- a/.github/workflows/linux-test.yml +++ b/.github/workflows/linux-test.yml @@ -69,6 +69,9 @@ on: type: boolean required: false +permissions: + contents: read + jobs: test: strategy: diff --git a/.github/workflows/nightlies.yml b/.github/workflows/nightlies.yml index 1769a3abce..709efe7eca 100644 --- a/.github/workflows/nightlies.yml +++ b/.github/workflows/nightlies.yml @@ -5,6 +5,9 @@ on: - cron: '30 9 * * *' workflow_dispatch: +permissions: + contents: read + jobs: cut_nightly: runs-on: ubuntu-latest diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b67f5bfea5..db7863833a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,6 +4,11 @@ on: schedule: - cron: "0 0 * * *" +permissions: + contents: write + issues: write + pull-requests: write + jobs: stale: diff --git a/.github/workflows/windows-test.yml b/.github/workflows/windows-test.yml index 0d919ca3c3..60e768343a 100644 --- a/.github/workflows/windows-test.yml +++ b/.github/workflows/windows-test.yml @@ -47,6 +47,9 @@ on: description: "Whether to use TensorRT-RTX" default: false type: boolean +permissions: + contents: read + jobs: test: strategy: diff --git a/setup.py b/setup.py index d0f5b77afb..54cf44b1bc 100644 --- a/setup.py +++ b/setup.py @@ -339,25 +339,32 @@ def copy_libtorchtrt(multilinux=False, rt_only=False): dir_path + "/trtorch/lib/libtrtorch.so", ) elif rt_only: - os.system( - "tar -xzf " - + dir_path - + "/../bazel-bin/libtorchtrt_runtime.tar.gz --strip-components=1 -C " - + dir_path - + "/torch_tensorrt" + subprocess.run( + [ + "tar", + "-xzf", + dir_path + "/../bazel-bin/libtorchtrt_runtime.tar.gz", + "--strip-components=1", + "-C", + dir_path + "/torch_tensorrt", + ], + check=True, ) else: - os.system( - "tar -xzf " - + dir_path - + "/../bazel-bin/libtorchtrt.tar.gz " - + "--exclude='torch_tensorrt/src' " - + "--exclude='torch_tensorrt/src/*' " - + "--exclude='torch_tensorrt/examples' " - + "--exclude='torch_tensorrt/examples/*' " - + "--strip-components=1 -C " - + dir_path - + "/torch_tensorrt" + subprocess.run( + [ + "tar", + "-xzf", + dir_path + "/../bazel-bin/libtorchtrt.tar.gz", + "--exclude=torch_tensorrt/src", + "--exclude=torch_tensorrt/src/*", + "--exclude=torch_tensorrt/examples", + "--exclude=torch_tensorrt/examples/*", + "--strip-components=1", + "-C", + dir_path + "/torch_tensorrt", + ], + check=True, ) diff --git a/tests/modules/hub.py b/tests/modules/hub.py index e810df0404..6aebe214ec 100644 --- a/tests/modules/hub.py +++ b/tests/modules/hub.py @@ -102,7 +102,8 @@ def main(): manifest = {"version": torch_version} # Creating an empty manifest file for overwriting post setup - os.system("touch {}".format(MANIFEST_FILE)) + with open(MANIFEST_FILE, "a"): + pass else: manifest_exists = True diff --git a/tools/perf/hub.py b/tools/perf/hub.py index e135aa0f67..2fdfa925c0 100644 --- a/tools/perf/hub.py +++ b/tools/perf/hub.py @@ -132,7 +132,8 @@ def main(): manifest = {"version": torch_version} # Creating an empty manifest file for overwriting post setup - os.system("touch {}".format(MANIFEST_FILE)) + with open(MANIFEST_FILE, "a"): + pass else: # Load manifest if already exists with open(MANIFEST_FILE, "r") as f: