Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Use github environment for update-commit-hash workflow #107060

Closed
wants to merge 8 commits into from
Closed

[Security] Use github environment for update-commit-hash workflow #107060

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
14c4606
Use github environment for updtae-commit-hash
atalman Aug 11, 2023
3441a87
Remove screts passing
atalman Aug 11, 2023
a6ae5e3
Add update-commit-hash as action
atalman Aug 12, 2023
b42a30f
remove update commit hash workfow
atalman Aug 12, 2023
8a8b644
Fix lintrunner
atalman Aug 14, 2023
156111f
Add checkout step
atalman Aug 14, 2023
f3c91a3
add new branch env
atalman Aug 14, 2023
e23a0f0
Add checkout step to nightly
atalman Aug 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
59 changes: 59 additions & 0 deletions .github/actions/update-commit-hash/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Update commit hash

inputs:
repo-owner:
required: false
type: string
description: Name of repository's owner.
default: pytorch
repo-name:
required: true
type: string
description: Name of the repository we're updating commit hash for.
branch:
required: true
type: string
description: Branch to fetch commit of
pin-folder:
type: string
description: Path to folder with commit pin
required: false
default: .github/ci_commit_pins
updatebot-token:
required: true
type: string
description: update bot token
pytorchbot-token:
required: true
type: string
description: update bot token

description: update commit hash

runs:
using: composite
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: false
token: ${{ inputs.updatebot-token }}
- name: Checkout
shell: bash
run: |
git clone https://github.com/${{ inputs.repo-owner }}/${{ inputs.repo-name }}.git --quiet
- name: Check if there already exists a PR
shell: bash
env:
REPO_NAME: ${{ inputs.repo-name }}
BRANCH: ${{ inputs.branch }}
PIN_FOLDER: ${{ inputs.pin-folder }}
UPDATEBOT_TOKEN: ${{ inputs.updatebot-token }}
PYTORCHBOT_TOKEN: ${{ inputs.pytorchbot-token }}
NEW_BRANCH_NAME: update-${{ inputs.repo-name }}-commit-hash/${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}
run: |
# put this here instead of the script to prevent accidentally changing the config when running the script locally
git config --global user.name "PyTorch UpdateBot"
git config --global user.email "pytorchupdatebot@users.noreply.github.com"
python .github/scripts/update_commit_hashes.py --repo-name "${REPO_NAME}" --branch "${BRANCH}" --pin-folder "${PIN_FOLDER}"
64 changes: 0 additions & 64 deletions .github/workflows/_update-commit-hash.yml
View file
Open in desktop

This file was deleted.

23 changes: 15 additions & 8 deletions .github/workflows/nightly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,18 @@ jobs:
GH_PYTORCHBOT_TOKEN: ${{ secrets.GH_PYTORCHBOT_TOKEN }}

update-vision-commit-hash:
uses: ./.github/workflows/_update-commit-hash.yml
if: ${{ github.event_name == 'schedule' }}
with:
repo-name: vision
branch: main
secrets:
UPDATEBOT_TOKEN: ${{ secrets.UPDATEBOT_TOKEN }}
PYTORCHBOT_TOKEN: ${{ secrets.GH_PYTORCHBOT_TOKEN }}
runs-on: ubuntu-latest
environment: update-commit-hash
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: update-vision-commit-hash
uses: ./.github/actions/update-commit-hash
if: ${{ github.event_name == 'schedule' }}
with:
repo-name: vision
branch: main
updatebot-token: ${{ secrets.UPDATEBOT_TOKEN }}
pytorchbot-token: ${{ secrets.GH_PYTORCHBOT_TOKEN }}
44 changes: 25 additions & 19 deletions .github/workflows/weekly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,28 @@ on:
workflow_dispatch:

jobs:
update-xla-commit-hash:
uses: ./.github/workflows/_update-commit-hash.yml
with:
repo-name: xla
branch: master
secrets:
UPDATEBOT_TOKEN: ${{ secrets.UPDATEBOT_TOKEN }}
PYTORCHBOT_TOKEN: ${{ secrets.GH_PYTORCHBOT_TOKEN }}

update-triton-commit-hash:
uses: ./.github/workflows/_update-commit-hash.yml
with:
repo-owner: openai
repo-name: triton
branch: main
pin-folder: .ci/docker/ci_commit_pins
secrets:
UPDATEBOT_TOKEN: ${{ secrets.UPDATEBOT_TOKEN }}
PYTORCHBOT_TOKEN: ${{ secrets.GH_PYTORCHBOT_TOKEN }}
update-commit-hash:
runs-on: ubuntu-latest
environment: update-commit-hash
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: update-xla-commit-hash
continue-on-error: true
uses: ./.github/actions/update-commit-hash
with:
repo-name: xla
branch: master
updatebot-token: ${{ secrets.UPDATEBOT_TOKEN }}
pytorchbot-token: ${{ secrets.GH_PYTORCHBOT_TOKEN }}
- name: update-triton-commit-hash
uses: ./.github/actions/update-commit-hash
with:
repo-owner: openai
repo-name: triton
branch: main
pin-folder: .ci/docker/ci_commit_pins
updatebot-token: ${{ secrets.UPDATEBOT_TOKEN }}
pytorchbot-token: ${{ secrets.GH_PYTORCHBOT_TOKEN }}