From dbf9b213787937ddf43f8c3eb00dbde7d9d73dc2 Mon Sep 17 00:00:00 2001 From: Yih-Dar <2521628+ydshieh@users.noreply.github.com> Date: Sat, 8 Nov 2025 16:11:12 +0100 Subject: [PATCH] Revert "permissions worflows fix (#42080)" This reverts commit 08f52e2178a0bada437da02ed7c1395ae54b3309. --- .../workflows/check-workflow-permissions.yml | 2 +- .github/workflows/get-pr-info.yml | 3 --- .github/workflows/get-pr-number.yml | 3 --- .../new_model_pr_merged_notification.yml | 3 --- .../workflows/pr_build_doc_with_comment.yml | 12 --------- .github/workflows/pr_slow_ci_suggestion.yml | 8 ------ .github/workflows/push-important-models.yml | 4 --- .github/workflows/release-conda.yml | 4 --- .github/workflows/self-comment-ci.yml | 24 ----------------- .github/workflows/self-nightly-caller.yml | 4 --- .../workflows/self-nightly-past-ci-caller.yml | 3 --- .../workflows/self-scheduled-amd-caller.yml | 4 --- .github/workflows/self-scheduled-caller.yml | 3 --- .../self-scheduled-flash-attn-caller.yml | 4 --- .../workflows/self-scheduled-intel-gaudi.yml | 16 ----------- .github/workflows/self-scheduled.yml | 21 --------------- .github/workflows/slack-report.yml | 4 --- .github/workflows/ssh-runner.yml | 8 ------ .github/workflows/stale.yml | 27 ++++++++----------- .github/workflows/trufflehog.yml | 4 --- .github/workflows/update_metdata.yml | 4 --- 21 files changed, 12 insertions(+), 153 deletions(-) diff --git a/.github/workflows/check-workflow-permissions.yml b/.github/workflows/check-workflow-permissions.yml index 4569f81ca136..5e2fb916312e 100644 --- a/.github/workflows/check-workflow-permissions.yml +++ b/.github/workflows/check-workflow-permissions.yml @@ -20,4 +20,4 @@ jobs: contents: read with: workflow_name: ${{ inputs.workflow_name }} - run_count: ${{ fromJSON(inputs.run_count) }} + run_count: ${{ fromJSON(inputs.run_count) }} \ No newline at end of file diff --git a/.github/workflows/get-pr-info.yml b/.github/workflows/get-pr-info.yml index 46d6725b6ff2..749459ce7825 100644 --- a/.github/workflows/get-pr-info.yml +++ b/.github/workflows/get-pr-info.yml @@ -87,9 +87,6 @@ jobs: PR_FILES: ${{ steps.pr_info.outputs.files }} if: ${{ inputs.pr_number != '' }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Extract PR details id: pr_info uses: actions/github-script@v6 diff --git a/.github/workflows/get-pr-number.yml b/.github/workflows/get-pr-number.yml index f8ebe42bdd42..f9962925b7e1 100644 --- a/.github/workflows/get-pr-number.yml +++ b/.github/workflows/get-pr-number.yml @@ -13,9 +13,6 @@ jobs: outputs: PR_NUMBER: ${{ steps.set_pr_number.outputs.PR_NUMBER }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Get PR number shell: bash env: diff --git a/.github/workflows/new_model_pr_merged_notification.yml b/.github/workflows/new_model_pr_merged_notification.yml index da6ed2c396eb..d63ab3ad49e8 100644 --- a/.github/workflows/new_model_pr_merged_notification.yml +++ b/.github/workflows/new_model_pr_merged_notification.yml @@ -13,9 +13,6 @@ jobs: name: Notify new model runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/pr_build_doc_with_comment.yml b/.github/workflows/pr_build_doc_with_comment.yml index 9a356e6c53d5..271fef06f1a2 100644 --- a/.github/workflows/pr_build_doc_with_comment.yml +++ b/.github/workflows/pr_build_doc_with_comment.yml @@ -35,9 +35,6 @@ jobs: PR_MERGE_COMMIT_DATE: ${{ needs.get-pr-info.outputs.PR_MERGE_COMMIT_DATE }} PR_MERGE_COMMIT_TIMESTAMP: ${{ needs.get-pr-info.outputs.PR_MERGE_COMMIT_TIMESTAMP }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - run: | COMMENT_TIMESTAMP=$(date -d "${COMMENT_DATE}" +"%s") echo "COMMENT_DATE: $COMMENT_DATE" @@ -57,9 +54,6 @@ jobs: statuses: write runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Create Run id: create_run env: @@ -83,9 +77,6 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Reply to the comment env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -121,9 +112,6 @@ jobs: GITHUB_RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} STATUS_OK: ${{ contains(fromJSON('["skipped", "success"]'), needs.create_run.result) }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Get `build-doc` job status run: | echo "${{ needs.build-doc.result }}" diff --git a/.github/workflows/pr_slow_ci_suggestion.yml b/.github/workflows/pr_slow_ci_suggestion.yml index 0de2b7409b74..765a242550b2 100644 --- a/.github/workflows/pr_slow_ci_suggestion.yml +++ b/.github/workflows/pr_slow_ci_suggestion.yml @@ -23,10 +23,6 @@ jobs: outputs: jobs: ${{ steps.get_jobs.outputs.jobs_to_run }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - # This checkout to the main branch - uses: actions/checkout@v4 with: @@ -93,10 +89,6 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Check and update comment if needed uses: actions/github-script@v7 env: diff --git a/.github/workflows/push-important-models.yml b/.github/workflows/push-important-models.yml index 4ac9ae1745f2..60d63851da18 100644 --- a/.github/workflows/push-important-models.yml +++ b/.github/workflows/push-important-models.yml @@ -11,10 +11,6 @@ jobs: outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Check out code uses: actions/checkout@v4 diff --git a/.github/workflows/release-conda.yml b/.github/workflows/release-conda.yml index cba873c112e6..c0e28d7a510d 100644 --- a/.github/workflows/release-conda.yml +++ b/.github/workflows/release-conda.yml @@ -18,10 +18,6 @@ jobs: shell: bash -l {0} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/self-comment-ci.yml b/.github/workflows/self-comment-ci.yml index 99785c16fc71..ae31d2956f1e 100644 --- a/.github/workflows/self-comment-ci.yml +++ b/.github/workflows/self-comment-ci.yml @@ -46,10 +46,6 @@ jobs: PR_HEAD_SHA: ${{ needs.get-pr-info.outputs.PR_HEAD_SHA }} PR_MERGE_SHA: ${{ needs.get-pr-info.outputs.PR_MERGE_COMMIT_SHA }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Verify `merge_commit` timestamp is older than the issue comment timestamp env: COMMENT_DATE: ${{ github.event.comment.created_at }} @@ -71,10 +67,6 @@ jobs: models: ${{ steps.models_to_run.outputs.models }} quantizations: ${{ steps.models_to_run.outputs.quantizations }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - uses: actions/checkout@v4 with: fetch-depth: "0" @@ -117,10 +109,6 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Reply to the comment env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -143,10 +131,6 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Reply to the comment env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -168,10 +152,6 @@ jobs: statuses: write runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Create Run id: create_run env: @@ -230,10 +210,6 @@ jobs: if: ${{ always() && needs.create_run.result == 'success' }} runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Show reports from jobs env: MODEL_REPORT: ${{ needs.model-ci.outputs.report }} diff --git a/.github/workflows/self-nightly-caller.yml b/.github/workflows/self-nightly-caller.yml index 0ac81b782fc0..d58d927bb59b 100644 --- a/.github/workflows/self-nightly-caller.yml +++ b/.github/workflows/self-nightly-caller.yml @@ -30,10 +30,6 @@ jobs: name: Setup runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Setup run: | mkdir "setup_values" diff --git a/.github/workflows/self-nightly-past-ci-caller.yml b/.github/workflows/self-nightly-past-ci-caller.yml index 5b2664cdfd69..46d811d4a433 100644 --- a/.github/workflows/self-nightly-past-ci-caller.yml +++ b/.github/workflows/self-nightly-past-ci-caller.yml @@ -14,9 +14,6 @@ jobs: outputs: run_number: ${{ steps.get_number.outputs.run_number }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Get number id: get_number run: | diff --git a/.github/workflows/self-scheduled-amd-caller.yml b/.github/workflows/self-scheduled-amd-caller.yml index 271fb7d6bd7b..c8a756711623 100644 --- a/.github/workflows/self-scheduled-amd-caller.yml +++ b/.github/workflows/self-scheduled-amd-caller.yml @@ -10,9 +10,5 @@ jobs: runs-on: ubuntu-22.04 if: ${{ always() }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Trigger scheduled AMD CI via workflow_run run: echo "Trigger scheduled AMD CI via workflow_run" diff --git a/.github/workflows/self-scheduled-caller.yml b/.github/workflows/self-scheduled-caller.yml index 3a17c60a504b..4d1bb593a4fe 100644 --- a/.github/workflows/self-scheduled-caller.yml +++ b/.github/workflows/self-scheduled-caller.yml @@ -32,9 +32,6 @@ jobs: name: Setup runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Setup env: prev_workflow_run_id: ${{ inputs.prev_workflow_run_id || env.prev_workflow_run_id }} diff --git a/.github/workflows/self-scheduled-flash-attn-caller.yml b/.github/workflows/self-scheduled-flash-attn-caller.yml index 35e83de86060..ff990f2808b7 100644 --- a/.github/workflows/self-scheduled-flash-attn-caller.yml +++ b/.github/workflows/self-scheduled-flash-attn-caller.yml @@ -32,10 +32,6 @@ jobs: name: Setup runs-on: ubuntu-22.04 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Setup run: | mkdir "setup_values" diff --git a/.github/workflows/self-scheduled-intel-gaudi.yml b/.github/workflows/self-scheduled-intel-gaudi.yml index 668f5a8cd391..aa7787609765 100644 --- a/.github/workflows/self-scheduled-intel-gaudi.yml +++ b/.github/workflows/self-scheduled-intel-gaudi.yml @@ -38,10 +38,6 @@ jobs: folder_slices: ${{ steps.set-matrix.outputs.folder_slices }} quantization_matrix: ${{ steps.set-matrix.outputs.quantization_matrix }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout uses: actions/checkout@v4 with: @@ -126,10 +122,6 @@ jobs: --cap-add=sys_nice --shm-size=64G steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout uses: actions/checkout@v4 with: @@ -199,10 +191,6 @@ jobs: --cap-add=sys_nice --shm-size=64G steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout uses: actions/checkout@v4 with: @@ -275,10 +263,6 @@ jobs: --cap-add=sys_nice --shm-size=64G steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout uses: actions/checkout@v4 with: diff --git a/.github/workflows/self-scheduled.yml b/.github/workflows/self-scheduled.yml index 219e570469f1..14d38b94eb3d 100644 --- a/.github/workflows/self-scheduled.yml +++ b/.github/workflows/self-scheduled.yml @@ -78,9 +78,6 @@ jobs: slice_ids: ${{ steps.set-matrix.outputs.slice_ids }} quantization_matrix: ${{ steps.set-matrix-quantization.outputs.quantization_matrix }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Update clone working-directory: /transformers env: @@ -187,9 +184,6 @@ jobs: image: huggingface/transformers-all-latest-gpu options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/ steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Update clone working-directory: /transformers env: @@ -262,9 +256,6 @@ jobs: image: huggingface/transformers-all-latest-gpu options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/ steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Update clone working-directory: /transformers env: @@ -338,9 +329,6 @@ jobs: image: ${{ inputs.docker }} options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/ steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Update clone working-directory: ${{ inputs.working-directory-prefix }}/transformers env: @@ -446,9 +434,6 @@ jobs: image: huggingface/transformers-quantization-latest-gpu options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/ steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Echo folder ${{ matrix.folders }} shell: bash env: @@ -533,9 +518,6 @@ jobs: image: ${{ inputs.docker }} options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/ steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Update clone working-directory: /transformers env: @@ -606,9 +588,6 @@ jobs: steps: # Checkout in order to run `utils/extract_warnings.py`. Avoid **explicit** checkout (i.e. don't specify `ref`) for # security reason. - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - name: Checkout transformers uses: actions/checkout@v4 diff --git a/.github/workflows/slack-report.yml b/.github/workflows/slack-report.yml index 51c745fe07c9..1c393893e930 100644 --- a/.github/workflows/slack-report.yml +++ b/.github/workflows/slack-report.yml @@ -38,10 +38,6 @@ jobs: runs-on: ubuntu-22.04 if: always() && !cancelled() steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Preliminary job status shell: bash # For the meaning of these environment variables, see the job `Setup` diff --git a/.github/workflows/ssh-runner.yml b/.github/workflows/ssh-runner.yml index fe4251d4d709..c109370a178c 100644 --- a/.github/workflows/ssh-runner.yml +++ b/.github/workflows/ssh-runner.yml @@ -30,10 +30,6 @@ jobs: outputs: RUNNER: ${{ steps.set_runner.outputs.RUNNER }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Get runner to use shell: bash env: @@ -62,10 +58,6 @@ jobs: container: image: ${{ github.event.inputs.docker_image }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Update clone working-directory: /transformers env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8af31c60c977..65eaf755ab3a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,21 +14,16 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} + - uses: actions/checkout@v4 - - name: Checkout - uses: actions/checkout@v4 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.8 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: 3.8 - - - name: Install requirements - run: | - pip install PyGithub - - name: Close stale issues - run: | - python scripts/stale.py + - name: Install requirements + run: | + pip install PyGithub + - name: Close stale issues + run: | + python scripts/stale.py diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index c8fc6da03bc0..7f6646e114d8 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -10,10 +10,6 @@ jobs: trufflehog: runs-on: ubuntu-latest steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout code uses: actions/checkout@v4 with: diff --git a/.github/workflows/update_metdata.yml b/.github/workflows/update_metdata.yml index ca31b49acd6a..d55b6e336c09 100644 --- a/.github/workflows/update_metdata.yml +++ b/.github/workflows/update_metdata.yml @@ -14,10 +14,6 @@ jobs: shell: bash -l {0} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - - uses: actions/checkout@v4 - name: Setup environment