feat(ci): add zizmor to pre-commit checks
#403
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pr | ||
| concurrency: | ||
| group: ci-on-${{ github.event_name }}-from-${{ github.ref_name }} | ||
| cancel-in-progress: true | ||
| on: | ||
| # run on pushes to certain branches | ||
| push: | ||
| branches: | ||
| - "pull-request/[0-9]+" | ||
| permissions: {} | ||
| env: | ||
| # CUDA architectures to build for | ||
| CUDAARCHS: "RAPIDS" | ||
| # where jobs that download conda packages store the local channel | ||
| RAPIDS_LOCAL_CONDA_CHANNEL: /tmp/local-conda-packages | ||
| jobs: | ||
| # group together all jobs that must pass for a PR to be merged | ||
| # (for use by branch protections) | ||
| pr-builder: | ||
| needs: | ||
| - pre-commit | ||
| - conda-python-build | ||
| - conda-python-tests-cpu | ||
| - conda-python-tests-gpu | ||
| - docs-build | ||
| permissions: {} | ||
| uses: rapidsai/shared-workflows/.github/workflows/pr-builder.yaml@branch-24.10 # zizmor: ignore[unpinned-uses] | ||
| pre-commit: | ||
| permissions: | ||
| contents: read | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| with: | ||
| persist-credentials: false | ||
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | ||
| conda-python-build: | ||
| needs: | ||
| - pre-commit | ||
| permissions: | ||
| id-token: write # for configure-aws-credentials in callee | ||
| uses: ./.github/workflows/conda-python-build.yaml | ||
| with: | ||
| script: "ci/build_python.sh" | ||
| conda-python-tests-cpu: | ||
| needs: | ||
| - pre-commit | ||
| - conda-python-build | ||
| permissions: | ||
| contents: read # for checkout | ||
| actions: read # for download-artifact | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - ARCH: "amd64" | ||
| CUDA_VER: "12.5.1" | ||
| PY_VER: "3.12" | ||
| runs-on: linux-${{ matrix.ARCH }}-cpu16 | ||
| container: | ||
| image: "rapidsai/ci-conda:cuda${{ matrix.CUDA_VER }}-ubuntu22.04-py${{ matrix.PY_VER }}" | ||
| steps: | ||
| - name: install git-lfs | ||
| run: | | ||
| conda install --yes \ | ||
| -c conda-forge \ | ||
| git-lfs | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| persist-credentials: false | ||
| lfs: true | ||
| - name: download conda packages | ||
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 | ||
| with: | ||
| name: legate-boost-conda-cuda${{ matrix.CUDA_VER }}-${{ matrix.ARCH }}-py${{ matrix.PY_VER }} | ||
| path: ${{ env.RAPIDS_LOCAL_CONDA_CHANNEL }} | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| repository: ${{ github.repository }} | ||
| run-id: ${{ github.run_id }} | ||
| - name: test | ||
| run: | | ||
| ci/test_python_cpu.sh | ||
| conda-python-tests-gpu: | ||
| needs: | ||
| - pre-commit | ||
| - conda-python-build | ||
| permissions: | ||
| contents: read # for checkout | ||
| actions: read # for download-artifact | ||
| strategy: | ||
| fail-fast: false | ||
| # As of the last time this was updated, legate / cupynumeric packages were published for only: | ||
| # | ||
| # * architectures: amd64 only | ||
| # * CUDA: >=12.2 | ||
| # * Python: 3.11, 3.12, 3.13 | ||
| # | ||
| # Valid set of RAPIDS ci-conda image tags: https://hub.docker.com/r/rapidsai/ci-conda/tags | ||
| matrix: | ||
| include: | ||
| - ARCH: "amd64" | ||
| CUDA_VER: "12.5.1" | ||
| PY_VER: "3.11" | ||
| runs-on: linux-${{ matrix.ARCH }}-gpu-v100-latest-1 | ||
| container: | ||
| image: "rapidsai/ci-conda:cuda${{ matrix.CUDA_VER }}-ubuntu22.04-py${{ matrix.PY_VER }}" | ||
| env: | ||
| NVIDIA_VISIBLE_DEVICES: ${{ env.NVIDIA_VISIBLE_DEVICES }} | ||
| steps: | ||
| - name: install git-lfs | ||
| run: | | ||
| conda install --yes \ | ||
| -c conda-forge \ | ||
| git-lfs | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| persist-credentials: false | ||
| lfs: true | ||
| - name: download conda packages | ||
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 | ||
| with: | ||
| name: legate-boost-conda-cuda${{ matrix.CUDA_VER }}-${{ matrix.ARCH }}-py${{ matrix.PY_VER }} | ||
| path: ${{ env.RAPIDS_LOCAL_CONDA_CHANNEL }} | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| repository: ${{ github.repository }} | ||
| run-id: ${{ github.run_id }} | ||
| - name: test | ||
| run: | | ||
| ci/test_python_gpu.sh | ||
| docs-build: | ||
|
Check failure on line 144 in .github/workflows/pr.yaml
|
||
| needs: | ||
| - conda-python-build | ||
| permissions: | ||
| contents: read # for checkout in callee | ||
| actions: read # for download-artifact in callee | ||
| uses: ./.github/workflows/docs-build.yaml | ||
| with: | ||
| script: "ci/build_docs.sh" | ||
| deploy: false | ||
