Merge branch 'main' into add-tf-flwr-new

.github/CODEOWNERS

@@ -17,3 +17,7 @@ README.md @jafermarq @tanertopal @danieljanes
 
 # Changelog
 /doc/source/ref-changelog.md @jafermarq @tanertopal @danieljanes
+
+# GitHub Actions and Workflows
+/.github/workflows @Robert-Steiner @tanertopal @danieljanes
+/.github/actions @Robert-Steiner @tanertopal @danieljanes

.github/CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at [email protected]. All
+reported by contacting the project team at [email protected]. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

.github/workflows/_docker-build.yml

@@ -57,7 +57,9 @@ jobs:
           import hashlib
           import os
 
-          hash = hashlib.sha256('''${{ inputs.build-args }}'''.encode())
+          hash = hashlib.sha256('''${{ inputs.namespace-repository }}
+          ${{ inputs.file-dir }}
+          ${{ inputs.build-args }}'''.encode())
           with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
               print(f"id={hash.hexdigest()}", file=fh)
 
@@ -69,22 +71,22 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: ${{ inputs.namespace-repository }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
       - name: Login to Docker Hub
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
         with:
           username: ${{ secrets.dockerhub-user }}
           password: ${{ secrets.dockerhub-token }}
 
       - name: Build and push
         id: build
-        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
         with:
           platforms: ${{ matrix.platform.docker }}
           context: "{{defaultContext}}:${{ inputs.file-dir }}"
@@ -98,7 +100,7 @@ jobs:
           touch "/tmp/digests/${digest#sha256:}"
 
       - name: Upload digest
-        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: digests-${{ steps.build-id.outputs.id }}-${{ matrix.platform.name }}
           path: /tmp/digests/*
@@ -114,24 +116,24 @@ jobs:
       metadata: ${{ steps.meta.outputs.json }}
     steps:
       - name: Download digests
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
           pattern: digests-${{ needs.build.outputs.build-id }}-*
           path: /tmp/digests
           merge-multiple: true
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: ${{ inputs.namespace-repository }}
           tags: ${{ inputs.tags }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
       - name: Login to Docker Hub
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
         with:
           username: ${{ secrets.dockerhub-user }}
           password: ${{ secrets.dockerhub-token }}

.github/workflows/cpp.yml

@@ -68,16 +68,18 @@ jobs:
         cmake -DUSE_LOCAL_FLWR=ON -S . -B build
         cmake --build build
         pip install ../..
-        timeout 2m python server.py &
-        pid=$!
+        timeout 3m flower-superlink --insecure &
+        sleep 10
+        timeout 2m build/flwr_client 0 127.0.0.1:9092 &
         sleep 3
-        build/flwr_client 0 127.0.0.1:8080 &
+        timeout 2m build/flwr_client 1 127.0.0.1:9092 &
         sleep 3
-        build/flwr_client 1 127.0.0.1:8080 &
+        flower-server-app server:app --insecure &
+        pid=$!
         wait $pid
         res=$?
         if [[ "$res" = "0" ]];
-          then echo "Training worked correctly";
+          then echo "Training worked correctly" && exit 0;
           else echo "Training had an issue" && exit 1;
         fi
 

.github/workflows/deprecated_baselines.yml

@@ -2,12 +2,12 @@ name: Deprecated-Baselines
 
 on:
   push:
-    branches:
-      - main
+    branches: ['main']
+    paths: ['baselines/flwr_baselines/**']
   pull_request:
-    branches:
-      - main
-
+    branches: ['main']
+    paths: ['baselines/flwr_baselines/**']
+    
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && github.run_id || github.event.pull_request.number || github.ref }}
   cancel-in-progress: true

.github/workflows/docker-server.yml → .github/workflows/docker-superlink.yml

@@ -1,50 +1,45 @@
-name: Build docker server image
+name: Build docker SuperLink image
 
 on:
   workflow_dispatch:
     inputs:
       flwr-version:
-        description: "Version of Flower e.g. (1.7.0)."
+        description: "Version of Flower."
         required: true
         type: string
-      base-image-tag:
-        description: "The tag of the Flower base image."
-        required: false
-        type: string
-        default: "py3.11-ubuntu22.04"
 
 permissions:
   contents: read
 
 jobs:
-  build-server-images:
+  build-superlink-images:
     name: Build images
     uses: ./.github/workflows/_docker-build.yml
     # run only on default branch when using it with workflow_dispatch
     if: github.ref_name == github.event.repository.default_branch
     with:
-      namespace-repository: flwr/server
-      file-dir: src/docker/server
+      namespace-repository: flwr/superlink
+      file-dir: src/docker/superlink
       build-args: |
         FLWR_VERSION=${{ github.event.inputs.flwr-version }}
-        BASE_IMAGE_TAG=${{ github.event.inputs.base-image-tag }}
+        PYTHON_VERSION=3.11
+        UBUNTU_VERSION=ubuntu22.04
       tags: |
-        ${{ github.event.inputs.flwr-version }}-${{ github.event.inputs.base-image-tag }}
+        ${{ github.event.inputs.flwr-version }}-py3.11-ubuntu22.04
         ${{ github.event.inputs.flwr-version }}
-        latest
     secrets:
       dockerhub-user: ${{ secrets.DOCKERHUB_USERNAME }}
       dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
 
   summary:
-    name: Build images
+    name: Summary
     runs-on: ubuntu-22.04
-    needs: build-server-images
+    needs: build-superlink-images
     timeout-minutes: 10
     steps:
       - run: |
           echo "### Images" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          for IMAGE in $(echo ${{ toJson(needs.build-server-images.outputs.metadata) }} | jq -r '.tags[]' ); do
+          for IMAGE in $(echo ${{ toJson(needs.build-superlink-images.outputs.metadata) }} | jq -r '.tags[]' ); do
             echo "- $IMAGE" >> $GITHUB_STEP_SUMMARY
           done

.github/workflows/docker-supernode.yml

@@ -0,0 +1,52 @@
+name: Build docker SuperNode image
+
+on:
+  workflow_dispatch:
+    inputs:
+      flwr-version:
+        description: "Version of Flower."
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  build-supernode-images:
+    name: Build images
+    uses: ./.github/workflows/_docker-build.yml
+    # run only on default branch when using it with workflow_dispatch
+    if: github.ref_name == github.event.repository.default_branch
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [
+          {
+            py-version: "3.8",
+            tags: "${{ github.event.inputs.flwr-version }}-py3.8-ubuntu22.04"
+          },
+          {
+            py-version: "3.9",
+            tags: "${{ github.event.inputs.flwr-version }}-py3.9-ubuntu22.04"
+          },
+          {
+            py-version: "3.10",
+            tags: "${{ github.event.inputs.flwr-version }}-py3.10-ubuntu22.04"
+          },
+          {
+            py-version: "3.11",
+            # those are two tags <version>-py3.11-py3.11-ubuntu22.04 and <version> separated by a \n
+            tags: "${{ github.event.inputs.flwr-version }}-py3.11-ubuntu22.04\n${{ github.event.inputs.flwr-version }}"
+          },
+        ]
+    with:
+      namespace-repository: flwr/supernode
+      file-dir: src/docker/supernode
+      build-args: |
+        FLWR_VERSION=${{ github.event.inputs.flwr-version }}
+        PYTHON_VERSION=${{ matrix.image.py-version }}
+        UBUNTU_VERSION=ubuntu22.04
+      tags: ${{ matrix.image.tags }}
+    secrets:
+      dockerhub-user: ${{ secrets.DOCKERHUB_USERNAME }}
+      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/docs.yml

@@ -36,7 +36,7 @@ jobs:
           cd datasets
           python -m poetry install
       - name: Build docs
-        run: ./dev/build-docs.sh
+        run: ./dev/build-docs.sh ${{ github.ref == 'refs/heads/main' && github.repository == 'adap/flower' && !github.event.pull_request.head.repo.fork }}
       - name: Deploy docs
         if: ${{ github.ref == 'refs/heads/main' && github.repository == 'adap/flower' && !github.event.pull_request.head.repo.fork }}
         env:

.github/workflows/e2e.yml

@@ -64,6 +64,8 @@ jobs:
 
           - directory: bare-https
 
+          - directory: bare-client-auth
+
           - directory: jax
 
           - directory: pytorch
@@ -130,17 +132,23 @@ jobs:
         if: ${{ matrix.dataset }}
         run: python -c "${{ matrix.dataset }}"
       - name: Run edge client test
+        if: ${{ matrix.directory != 'bare-client-auth' }}
         run: ./../test.sh "${{ matrix.directory }}"
       - name: Run virtual client test
+        if: ${{ matrix.directory != 'bare-client-auth' }}
         run: python simulation.py
       - name: Run driver test
+        if: ${{ matrix.directory != 'bare-client-auth' }}
         run: ./../test_driver.sh "${{ matrix.directory }}"
       - name: Run driver test with REST
         if: ${{ matrix.directory == 'bare' }}
         run: ./../test_driver.sh bare rest
       - name: Run driver test with SQLite database
         if: ${{ matrix.directory == 'bare' }}
         run: ./../test_driver.sh bare sqlite
+      - name: Run driver test with client authentication
+        if: ${{ matrix.directory == 'bare-client-auth' }}
+        run: ./../test_driver.sh bare client-auth
 
   strategies:
     runs-on: ubuntu-22.04

.github/workflows/framework-release.yml

@@ -42,4 +42,4 @@ jobs:
         curl $wheel_url --output dist/$wheel_name
         curl $tar_url --output dist/$tar_name
 
-        python -m poetry publish -u __token__ -p ${{ secrets.PYPI_TOKEN }}
+        python -m poetry publish -u __token__ -p ${{ secrets.PYPI_TOKEN_RELEASE_FLWR }}