Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix zizmor security issues in GA #73

Merged
merged 4 commits into from
Dec 15, 2024
Merged

Fix zizmor security issues in GA #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
64d0e4e
Fix zizmor security issues in GA
marvinfriede Dec 15, 2024
1591628
Fix typing
marvinfriede Dec 15, 2024
0d9fde3
Remove unused import
marvinfriede Dec 15, 2024
9ab3028
Fix import
marvinfriede Dec 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: "CodeQL"

on:
push:
branches: [ "main" ]
branches: ["main"]
pull_request:
branches: [ "main" ]
branches: ["main"]
schedule:
- cron: "25 21 * * 5"

Expand All @@ -20,11 +20,13 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ python ]
language: [python]

steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/macos-arm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
Expand All @@ -88,7 +90,11 @@ jobs:
run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')" >> $GITHUB_ENV

- name: Print TOXENV
run: echo "TOXENV is set to '${{ env.TOXENV }}'."
run: echo "TOXENV is set to '${TOXENV}'."
env:
TOXENV: ${{ env.TOXENV }}

- name: Unittests with tox
run: tox -e ${{ env.TOXENV }}
run: tox -e $TOXENV
env:
TOXENV: ${{ env.TOXENV }}
10 changes: 8 additions & 2 deletions .github/workflows/macos-x86.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
Expand All @@ -99,7 +101,11 @@ jobs:
run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')" >> $GITHUB_ENV

- name: Print TOXENV
run: echo "TOXENV is set to '${{ env.TOXENV }}'."
run: echo "TOXENV is set to '${TOXENV}'."
env:
TOXENV: ${{ env.TOXENV }}

- name: Unittests with tox
run: tox -e ${{ env.TOXENV }}
run: tox -e $TOXENV
env:
TOXENV: ${{ env.TOXENV }}
4 changes: 4 additions & 0 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
persist-credentials: false

- name: Build wheel (bdist)
run: pipx run build --wheel
Expand All @@ -47,6 +49,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
persist-credentials: false

- name: Build source distribution (sdist)
run: pipx run build --sdist
Expand Down
12 changes: 9 additions & 3 deletions .github/workflows/ubuntu.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
Expand All @@ -105,13 +107,17 @@ jobs:
run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')" >> $GITHUB_ENV

- name: Print TOXENV
run: echo "TOXENV is set to '${{ env.TOXENV }}'."
run: echo "TOXENV is set to '${TOXENV}'."
env:
TOXENV: ${{ env.TOXENV }}

- name: Unittests with tox
run: tox -e ${{ env.TOXENV }}
run: tox -e $TOXENV
env:
TOXENV: ${{ env.TOXENV }}

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # 5.1.1
if: >
matrix.python-version == '3.11' &&
matrix.torch-version == '2.2.2' &&
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
Expand All @@ -97,7 +99,11 @@ jobs:
run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')" >> $GITHUB_ENV

- name: Print TOXENV
run: echo "TOXENV is set to '${{ env.TOXENV }}'."
run: echo "TOXENV is set to '${TOXENV}'."
env:
TOXENV: ${{ env.TOXENV }}

- name: Unittests with tox
run: tox -e ${{ env.TOXENV }}
run: tox -e $TOXENV
env:
TOXENV: ${{ env.TOXENV }}
8 changes: 6 additions & 2 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ repos:
--min-py-version,
"3.8",
--max-py-version,
"3.11",
"3.12",
]

- repo: https://github.com/asottile/pyupgrade
Expand All @@ -60,10 +60,14 @@ repos:
- id: black
stages: [pre-commit]

- repo: https://github.com/woodruffw/zizmor-pre-commit
rev: v0.9.2
hooks:
- id: zizmor

- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.13.0
hooks:
- id: mypy
additional_dependencies: [types-all]
pass_filenames: false
args: [--config-file=pyproject.toml, --ignore-missing-imports, src]
4 changes: 2 additions & 2 deletions src/tad_dftd3/data/radii.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
from tad_mctc._version import __tversion__
from tad_mctc.data.radii import COV_D3

from ..typing import Tensor
from ..typing import Any, Tensor

__all__ = ["COV_D3", "VDW_D3"]

Expand All @@ -52,7 +52,7 @@ def _load_vdw_rad_d3(
Tensor
VDW radii.
"""
kwargs: dict = {"map_location": device}
kwargs: dict[str, Any] = {"map_location": device}
if __tversion__ > (1, 12, 1): # pragma: no cover
kwargs["weights_only"] = True

Expand Down
4 changes: 3 additions & 1 deletion src/tad_dftd3/reference.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ def _load_cn(
Tensor
Reference coordination numbers.
"""
# fmt: off
return torch.tensor(
[
[-1.0000, -1.0000, -1.0000, -1.0000, -1.0000, -1.0000, -1.0000], # None
Expand Down Expand Up @@ -158,6 +159,7 @@ def _load_cn(
device=device,
dtype=dtype,
)
# fmt: on


def _load_c6(
Expand All @@ -178,7 +180,7 @@ def _load_c6(
Tensor
Reference C6 coefficients.
"""
kwargs: dict = {"map_location": device}
kwargs: dict[str, Any] = {"map_location": device}
if __tversion__ > (1, 12, 1): # pragma: no cover
kwargs["weights_only"] = True

Expand Down
2 changes: 1 addition & 1 deletion test/test_model/test_reference.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"""
Test the reference.
"""
from typing import Optional
from typing import Optional, Union
from unittest.mock import patch

import pytest
Expand Down
Loading