Merge branch 'main' into features/1097-Provide_Fast_Fourier_Transform…

…_FFT

.github/ISSUE_TEMPLATE/vulnerability.yml

@@ -0,0 +1,98 @@
+name: "Vulnerability Report"
+description: Report a security vulnerability in our project.
+title: "[VULNERABILITY]:  "
+labels: ["security, High Priority"]
+assignees: ["mtar, bhagemeier, ClaudiaComito"]
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report a security vulnerability! Your assistance helps us keep our library secure.
+  - type: textarea
+    id: affected-versions
+    attributes:
+      label: Affected Version(s)
+      description: List the affected versions of the library.
+      validations:
+        required: true
+  - type: textarea
+    id: severity
+    attributes:
+      label: Severity
+      description: Specify the severity of the vulnerability (e.g., Low/Medium/High/Critical).
+      validations:
+        required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Provide a clear and concise description of the security vulnerability.
+      validations:
+        required: true
+  - type: textarea
+    id: steps-to-reproduce
+    attributes:
+      label: Steps to Reproduce
+      description: Outline the steps to reproduce the vulnerability, including any relevant code snippets or configuration settings.
+      validations:
+        required: true
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: Expected Behavior
+      description: Explain what you expected to happen when following the steps above.
+      validations:
+        required: true
+  - type: textarea
+    id: actual-behavior
+    attributes:
+      label: Actual Behavior
+      description: Describe what actually happened when you followed the steps above, highlighting the security issue.
+      validations:
+        required: true
+  - type: textarea
+    id: impact
+    attributes:
+      label: Impact
+      description: Discuss the potential impact of this vulnerability, including any possible consequences or risks associated with its exploitation.
+      validations:
+        required: true
+  - type: textarea
+    id: proof-of-concept
+    attributes:
+      label: Proof of Concept (Optional)
+      description: If applicable, provide a proof of concept (POC) or exploit code to demonstrate the vulnerability. Do not disclose sensitive information.
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: Additional Information
+      description: Include any additional information or context that you believe is relevant to this vulnerability report.
+  - type: textarea
+    id: proposed-fix
+    attributes:
+      label: Proposed Fix (Optional)
+      description: If you have a suggested fix or mitigation for this vulnerability, please provide details here. Your input is valuable.
+  - type: textarea
+    id: attachments
+    attributes:
+      label: Attachments (Optional)
+      description: If you have any relevant files or screenshots, please attach them here.
+  - type: textarea
+    id: disclosure-timeline
+    attributes:
+      label: Disclosure Timeline (Optional)
+      description: If you have a preferred timeline for the disclosure of this vulnerability, please specify it here. We typically follow responsible disclosure practices and will coordinate with you on the disclosure process.
+  - type: textarea
+    id: additional-contact-info
+    attributes:
+      label: Additional Contact Information (Optional)
+      description: If you prefer to be contacted through an alternate method or have other contact preferences, please specify them here.
+  - type: markdown
+    attributes:
+      value: |
+        ---
+
+        **Note**: By submitting this report, you agree to follow responsible disclosure practices and to work with the maintainers to coordinate the resolution and disclosure of this vulnerability.
+
+        Thank you for helping us improve the security of our library!

.github/workflows/bench_report.yml

@@ -3,6 +3,11 @@ on:
   workflow_dispatch:
     inputs:
       job_id:
+        description: "Gitlab job id"
+        required: true
+        type: string
+      author:
+        description: "Commit author"
         required: true
         type: string
 
@@ -12,44 +17,46 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - name: "Download artifact"
+        uses: actions/checkout@v4
+      - name: "Collect Gitlab Benchmarks"
         run: |
           curl --location \
-          --header "PRIVATE-TOKEN: ${{ secrets.GITLAB_TOKEN }}" \
-          --output perun_benchmarks.json \
-          "https://codebase.helmholtz.cloud/api/v4/projects/7930/jobs/${{ inputs.job_id }}/artifacts/heat/bench_data/perun_benchmarks.json"
-      - name: Save benchmark result and update gh-pages-chart
-        if: ${{github.ref == 'refs/heads/main'}}
+          --header "PRIVATE-TOKEN: ${{ secrets.GITLAB_CB_API_TOKEN }}" \
+          --output benchmarks.json \
+          "https://codebase.helmholtz.cloud/api/v4/projects/7930/jobs/${{ inputs.job_id }}/artifacts/heat/bench_data/benchmarks.json"
+          cat benchmarks.json
+          curl --location \
+          --header "PRIVATE-TOKEN: ${{ secrets.GITLAB_CB_API_TOKEN }}" \
+          --output report.txt \
+          "https://codebase.helmholtz.cloud/api/v4/projects/7930/jobs/${{ inputs.job_id }}/artifacts/heat/bench_data/report.txt"
+          echo "Pipeline URL: https://codebase.helmholtz.cloud/helmholtz-analytics/cb/-/jobs/${{ inputs.job_id}}" >> $GITHUB_STEP_SUMMARY
+          cat report.txt >> $GITHUB_STEP_SUMMARY
+      - name: Compare and Save Benchmark Results
+        id: action_bench
         uses: benchmark-action/github-action-benchmark@v1
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           # Benchmark action input and output
           tool: "customSmallerIsBetter"
-          output-file-path: perun_benchmarks.json
+          output-file-path: benchmarks.json
           # Alert configuration
-          fail-on-alert: false # Don't fail on main branch
+          fail-on-alert: true # Don't fail on main branch
           comment-on-alert: true
+          alert-comment-cc-users: ${{ format('@{0}', inputs.author) }}
           # Save benchmarks from the main branch
-          save-data-file: true
+          save-data-file: ${{ github.ref == 'refs/heads/main' }}
           # Pages configuration
-          auto-push: true
-          gh-pages-branch: gh-pages
-          benchmark-data-dir-path: dev/bench
-      - name: Compare benchmark result
-        if: ${{github.ref != 'refs/heads/main'}}
-        uses: benchmark-action/github-action-benchmark@v1
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          # Benchmark action input and output
-          tool: 'customSmallerIsBetter'
-          output-file-path: perun_benchmarks.json
-          # Alert configuration
-          fail-on-alert: true
-          comment-on-alert: true
-          # Ignore results from non main branches.
-          save-data-file: false
-          # Pages configuration
-          auto-push: false
+          auto-push: ${{ github.ref == 'refs/heads/main' }}
           gh-pages-branch: gh-pages
           benchmark-data-dir-path: dev/bench
+      - name: Update commit status
+        if: always()
+        run: |
+          if [[ "${{ steps.action_bench.outcome }}" =~ success|failure ]]; then export STEP_STATE="${{ steps.action_bench.outcome }}" && echo "then $STEP_STATE"; else export STEP_STATE=error && echo "else $STEP_STATE"; fi
+          echo "$STEP_STATE"
+          curl -L -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }} \
+            -d "{ \"state\":\"$STEP_STATE\", \"target_url\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\", \"description\":\"The results are here!\", \"context\":\"cb/report\" }"

.github/workflows/bench_trigger.yml

@@ -3,26 +3,53 @@ on:
   push:
     branches:
       - main
-  pull_request_target:
-    types: [opened, synchronize, reopened, labeled]
+  pull_request:
+    types: [synchronize]
 
 jobs:
   trigger-benchmark:
-    name: Trigger Benchmark
+    name: Trigger Benchmarks
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
       - name: Trigger benchmarks (PR)
         id: setup_pr
         if: contains(github.event.pull_request.labels.*.name, 'benchmark PR')
         run: |
-          curl -s -X POST --fail -F token=${{ secrets.BENCH_PIPE_TRIGGER }} -F "ref=main" -F "variables[PR]=${{ github.event.pull_request.number }}" https://codebase.helmholtz.cloud/api/v4/projects/7930/trigger/pipeline -o /dev/null
+          SHORT_SHA=$(git rev-parse --short ${{ github.event.pull_request.head.sha }})
+          curl -s -X POST \
+            --fail \
+            -F token=${{ secrets.BENCH_PIPE_TRIGGER }} \
+            -F "ref=main" \
+            -F "variables[SHA]=${{ github.event.pull_request.head.sha }}" \
+            -F "variables[SHORT_SHA]=${SHORT_SHA}" \
+            -F "variables[BRANCH]=${{ github.head_ref }}" \
+            -F "variables[PR]=${{ github.event.pull_request.number }}" \
+            -F "variables[AUTHOR]=${{ github.event.pull_request.assignee.login }}" \
+            https://codebase.helmholtz.cloud/api/v4/projects/7930/trigger/pipeline
+          echo sha
       - name: Trigger benchmarks (Push main)
         id: setup_push
         if: ${{ github.event_name == 'push' }}
         run: |
+          SHORT_SHA=$(git rev-parse --short $GITHUB_SHA)
           curl -s -X POST \
             --fail \
             -F "token=${{ secrets.BENCH_PIPE_TRIGGER }}" \
             -F "ref=main" \
             -F "variables[SHA]=$GITHUB_SHA" \
-            https://codebase.helmholtz.cloud/api/v4/projects/7930/trigger/pipeline -o /dev/null
+            -F "variables[SHORT_SHA]=${SHORT_SHA}" \
+            -F "variables[AUTHOR]=${{ github.event.head_commit.committer.username }}" \
+            https://codebase.helmholtz.cloud/api/v4/projects/7930/trigger/pipeline
+      - name: Create status
+        run: |
+          curl -L -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/$REPO/statuses/$SHA \
+            -d '{ "state":"pending", "target_url":"https://codebase.helmholtz.cloud/helmholtz-analytics/cb/-/pipelines", "description":"Waiting for benchmarks to execute.", "context":"cb/report" }'
+        env:
+          REPO: ${{ github.repository }}
+          SHA: ${{ github.event.pull_request.head.sha }}

.pre-commit-config.yaml

@@ -10,7 +10,7 @@ repos:
     -   id: check-added-large-files
     -   id: flake8
 -   repo: https://github.com/psf/black
-    rev: 23.7.0
+    rev: 23.9.1
     hooks:
     -   id: black
 -   repo: https://github.com/pycqa/pydocstyle

SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+<!-- Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                | -->
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.3.x   | :white_check_mark: |
+| 1.2.x   | :white_check_mark: |
+| 1.1.x   |  :x:               |
+| < 1.1   | :x:                |
+
+## Reporting a Vulnerability
+
+<!-- Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc. -->
+
+If you find a security vulnerability, please create a [new issue](https://github.com/helmholtz-analytics/heat/issues/new/choose) using the Vulnerability template.
+
+We will review the issue and respond as soon as possible.

benchmarks/cb/linalg.py

@@ -1,7 +1,5 @@
 # flake8: noqa
 import heat as ht
-import itertools
-import torchvision.datasets as datasets
 from mpi4py import MPI
 from perun import monitor