From c76d97352499fe0172d84baaec3dcbdd131887dc Mon Sep 17 00:00:00 2001 From: Huy Do Date: Mon, 12 Feb 2024 13:46:29 -0800 Subject: [PATCH] Cherry pick a bunch of OIDC changes for 2.2.1 release (#4945) The list includes: * https://github.com/pytorch/test-infra/pull/4870 * https://github.com/pytorch/test-infra/pull/4877 * https://github.com/pytorch/test-infra/pull/4882 * https://github.com/pytorch/test-infra/pull/4886 * https://github.com/pytorch/test-infra/pull/4891 * https://github.com/pytorch/test-infra/pull/4893 * https://github.com/pytorch/test-infra/pull/4894 * https://github.com/pytorch/test-infra/pull/4901 --------- Co-authored-by: Andrey Talman --- .../actions/setup-binary-builds/action.yml | 26 +++- .../actions/setup-binary-upload/action.yml | 81 +++++++++++++ .github/workflows/_binary_conda_upload.yml | 112 ++++++++++++++++++ .github/workflows/_binary_upload.yml | 109 +++++++++++++++++ .github/workflows/build_conda_linux.yml | 51 ++++---- .github/workflows/build_conda_macos.yml | 60 ++++------ .github/workflows/build_conda_windows.yml | 58 +++++---- .github/workflows/build_wheels_linux.yml | 60 ++++------ .github/workflows/build_wheels_macos.yml | 63 ++++------ .github/workflows/build_wheels_windows.yml | 46 ++----- .../test_build_conda_linux_with_cuda.yml | 1 + .../test_build_conda_linux_without_cuda.yml | 1 + .github/workflows/test_build_conda_m1.yml | 1 + .github/workflows/test_build_conda_macos.yml | 1 + .../test_build_conda_windows_with_cuda.yml | 1 + .../test_build_conda_windows_without_cuda.yml | 1 + ...uild_wheels_linux_aarch64_without_cuda.yml | 4 + .../test_build_wheels_linux_with_cuda.yml | 4 + .../test_build_wheels_linux_without_cuda.yml | 4 + .github/workflows/test_build_wheels_m1.yml | 4 + .github/workflows/test_build_wheels_macos.yml | 4 + .../test_build_wheels_windows_with_cuda.yml | 4 + ...test_build_wheels_windows_without_cuda.yml | 4 + 23 files changed, 479 insertions(+), 221 deletions(-) create mode 100644 .github/actions/setup-binary-upload/action.yml create mode 100644 .github/workflows/_binary_conda_upload.yml create mode 100644 .github/workflows/_binary_upload.yml diff --git a/.github/actions/setup-binary-builds/action.yml b/.github/actions/setup-binary-builds/action.yml index 1660d596f0..63426b355b 100644 --- a/.github/actions/setup-binary-builds/action.yml +++ b/.github/actions/setup-binary-builds/action.yml @@ -7,9 +7,9 @@ inputs: description: If set to any value, don't use sudo to clean the workspace required: false type: string - default: "" + default: '' ref: - description: Works as stated in actions/checkout, but the default value is recursive + description: Works as stated in actions/checkout required: false type: string default: nightly @@ -19,15 +19,27 @@ inputs: type: string default: recursive setup-miniconda: - description: Works as stated in actions/checkout, but the default value is recursive + description: Set to true if setup-miniconda is needed required: false type: boolean default: false python-version: - description: Works as stated in actions/checkout, but the default value is recursive + description: The target Python version + required: true + type: string + cuda-version: + description: The target CUDA version + required: true + type: string + arch: + description: The target ARCH + required: true + type: string + upload-to-base-bucket: + description: One of the parameter used by pkg-helpers required: false type: boolean - default: false + default: no runs: using: composite @@ -62,11 +74,13 @@ runs: shell: bash env: PYTHON_VERSION: ${{ inputs.python-version }} + CU_VERSION: ${{ inputs.cuda-version }} + ARCH: ${{ inputs.arch }} run: | set -euxo pipefail # Set artifact name here since github actions doesn't have string manipulation tools # and "/" is not allowed in artifact names - echo "ARTIFACT_NAME=${REPOSITORY/\//_}_${REF}_${PYTHON_VERSION}" >> "${GITHUB_ENV}" + echo "ARTIFACT_NAME=${REPOSITORY/\//_}_${REF}_${PYTHON_VERSION}_${CU_VERSION}_${ARCH}" >> "${GITHUB_ENV}" - name: Setup miniconda (for pytorch_pkg_helpers) if: ${{ inputs.setup-miniconda == 'true' }} uses: conda-incubator/setup-miniconda@v2.1.1 diff --git a/.github/actions/setup-binary-upload/action.yml b/.github/actions/setup-binary-upload/action.yml new file mode 100644 index 0000000000..5e24159b4c --- /dev/null +++ b/.github/actions/setup-binary-upload/action.yml @@ -0,0 +1,81 @@ +name: Set up binary upload jobs + +description: Setup a GitHub ephemeral runner to upload binary wheel and conda artifacts + +inputs: + repository: + description: The repository name, i.e. pytorch/vision + required: true + type: string + ref: + description: Part of the artifact name + required: false + type: string + default: '' + python-version: + description: Part of the artifact name + required: true + type: string + cuda-version: + description: Part of the artifact name + required: true + type: string + arch: + description: Part of the artifact name + required: true + type: string + upload-to-base-bucket: + description: One of the parameter used by pkg-helpers + required: false + type: boolean + default: no + +runs: + using: composite + steps: + - uses: actions/setup-python@v4 + with: + python-version: '3.11' + cache: pip + + - name: Set the artifact name + shell: bash + env: + REPOSITORY: ${{ inputs.repository }} + REF: ${{ inputs.ref }} + PYTHON_VERSION: ${{ inputs.python-version }} + CU_VERSION: ${{ inputs.cuda-version }} + ARCH: ${{ inputs.arch }} + run: | + set -ex + + # Set artifact name here since github actions doesn't have string manipulation tools + # and "/" is not allowed in artifact names + echo "ARTIFACT_NAME=${REPOSITORY/\//_}_${REF}_${PYTHON_VERSION}_${CU_VERSION}_${ARCH}" >> "${GITHUB_ENV}" + + # Need to checkout the target repository to run pkg-helpers + - uses: actions/checkout@v3 + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + path: ${{ inputs.repository }} + + - name: Generate env variables from pytorch_pkg_helpers + working-directory: ${{ inputs.repository }} + shell: bash + env: + REPOSITORY: ${{ inputs.repository }} + REF: ${{ inputs.ref }} + PYTHON_VERSION: ${{ inputs.python-version }} + CU_VERSION: ${{ inputs.cuda-version }} + ARCH: ${{ inputs.arch }} + run: | + set -ex + + python -m pip install ${GITHUB_WORKSPACE}/test-infra/tools/pkg-helpers + + BUILD_ENV_FILE="${RUNNER_TEMP}/build_env_${GITHUB_RUN_ID}" + python -m pytorch_pkg_helpers > "${BUILD_ENV_FILE}" + + cat "${BUILD_ENV_FILE}" + echo "BUILD_ENV_FILE=${BUILD_ENV_FILE}" >> "${GITHUB_ENV}" diff --git a/.github/workflows/_binary_conda_upload.yml b/.github/workflows/_binary_conda_upload.yml new file mode 100644 index 0000000000..ae241f108b --- /dev/null +++ b/.github/workflows/_binary_conda_upload.yml @@ -0,0 +1,112 @@ +name: upload conda + +on: + workflow_call: + inputs: + repository: + description: 'Repository to checkout, defaults to ""' + default: '' + type: string + ref: + description: 'Reference to checkout, defaults to "nightly"' + default: 'nightly' + type: string + test-infra-repository: + description: 'Test infra repository to use' + default: "pytorch/test-infra" + type: string + test-infra-ref: + description: 'Test infra reference to use' + default: "" + type: string + build-matrix: + description: 'Build matrix to utilize' + default: '' + type: string + trigger-event: + description: 'Trigger Event in caller that determines whether or not to upload' + type: string + default: '' + secrets: + CONDA_PYTORCHBOT_TOKEN: + description: 'Access Token needed to upload binaries to anaconda nightly channel' + required: false + CONDA_PYTORCHBOT_TOKEN_TEST: + description: 'Access Token needed to upload binaries to anaconda test channel' + required: false + +jobs: + upload: + runs-on: ubuntu-22.04 + environment: ${{(inputs.trigger-event == 'push' && (startsWith(github.event.ref, 'refs/heads/nightly') || startsWith(github.event.ref, 'refs/tags/v'))) && 'pytorchbot-env' || ''}} + strategy: + fail-fast: false + matrix: ${{ fromJSON(inputs.build-matrix) }} + timeout-minutes: 30 + name: ${{ matrix.build_name }} + steps: + - uses: actions/checkout@v3 + with: + repository: ${{ inputs.test-infra-repository }} + ref: ${{ inputs.test-infra-ref }} + path: test-infra + + - uses: ./test-infra/.github/actions/set-channel + + # For pytorch_pkg_helpers which we need to run to generate the artifact name and target S3 buckets + - uses: ./test-infra/.github/actions/setup-binary-upload + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + python-version: ${{ matrix.python_version }} + cuda-version: ${{ matrix.desired_cuda }} + upload-to-base-bucket: ${{ matrix.upload_to_base_bucket }} + + - name: Download the artifact + uses: actions/download-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/distr + + - name: Nightly or release RC + if: ${{ (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} + shell: bash + env: + CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} + CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} + run: | + set -ex + echo "NIGHTLY_OR_TEST=1" >> "${GITHUB_ENV}" + + if [[ "${CHANNEL}" = "nightly" ]]; then + echo "CONDA_TOKEN=${CONDA_PYTORCHBOT_TOKEN}" >> "${GITHUB_ENV}" + else + echo "CONDA_TOKEN=${CONDA_PYTORCHBOT_TOKEN_TEST}" >> "${GITHUB_ENV}" + fi + + - name: Upload package to conda + working-directory: ${{ inputs.repository }} + run: | + set -ex + + # shellcheck disable=SC1090 + source "${BUILD_ENV_FILE}" + conda install --yes --quiet anaconda-client + conda run --no-capture-output anaconda --version + + if [[ "${NIGHTLY_OR_TEST:-0}" == "1" ]]; then + for pkg in distr/**/*.tar.bz2; do + conda run --no-capture-output anaconda \ + -t "${CONDA_TOKEN}" \ + upload "${pkg}" \ + -u "pytorch-${CHANNEL}" \ + --label main \ + --no-progress \ + --force + done + else + echo "Testing the upload of the following files to pytorch-${CHANNEL} conda channel:" + for pkg in distr/**/*.tar.bz2; do + ls -lah "${pkg}" + done + fi diff --git a/.github/workflows/_binary_upload.yml b/.github/workflows/_binary_upload.yml new file mode 100644 index 0000000000..6c6f58405c --- /dev/null +++ b/.github/workflows/_binary_upload.yml @@ -0,0 +1,109 @@ +name: upload + +on: + workflow_call: + inputs: + repository: + description: 'Repository to checkout, defaults to ""' + default: '' + type: string + ref: + description: 'Reference to checkout, defaults to "nightly"' + default: 'nightly' + type: string + test-infra-repository: + description: "Test infra repository to use" + default: "pytorch/test-infra" + type: string + test-infra-ref: + description: "Test infra reference to use" + default: "" + type: string + build-matrix: + description: "Build matrix to utilize" + default: '' + type: string + architecture: + description: Architecture to build for x86_64 for default Linux, or aarch64 for Linux aarch64 builds + required: false + type: string + default: '' + trigger-event: + description: "Trigger Event in caller that determines whether or not to upload" + type: string + default: '' + +jobs: + upload: + runs-on: ubuntu-22.04 + environment: ${{(inputs.trigger-event == 'push' && (startsWith(github.event.ref, 'refs/heads/nightly') || startsWith(github.event.ref, 'refs/tags/v'))) && 'pytorchbot-env' || ''}} + strategy: + fail-fast: false + matrix: ${{ fromJSON(inputs.build-matrix) }} + timeout-minutes: 30 + name: ${{ matrix.build_name }} + steps: + - uses: actions/checkout@v3 + with: + repository: ${{ inputs.test-infra-repository }} + ref: ${{ inputs.test-infra-ref }} + path: test-infra + + - uses: ./test-infra/.github/actions/set-channel + + # For pytorch_pkg_helpers which we need to run to generate the artifact name and target S3 buckets + - uses: ./test-infra/.github/actions/setup-binary-upload + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + python-version: ${{ matrix.python_version }} + cuda-version: ${{ matrix.desired_cuda }} + arch: ${{ inputs.architecture }} + upload-to-base-bucket: ${{ matrix.upload_to_base_bucket }} + + - name: Download the artifact + uses: actions/download-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/dist/ + + - name: Configure aws credentials (pytorch account) + if: ${{ inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly') }} + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels + aws-region: us-east-1 + + - name: Configure aws credentials (pytorch account) + if: ${{ env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/v') }} + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels + aws-region: us-east-1 + + - name: Nightly or release RC + if: ${{ (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} + shell: bash + run: | + set -ex + echo "NIGHTLY_OR_TEST=1" >> "${GITHUB_ENV}" + + - name: Upload package to pytorch.org + shell: bash + working-directory: ${{ inputs.repository }} + run: | + set -ex + + # shellcheck disable=SC1090 + source "${BUILD_ENV_FILE}" + + pip install awscli==1.32.18 + + AWS_CMD="aws s3 cp --dryrun" + if [[ "${NIGHTLY_OR_TEST:-0}" == "1" ]]; then + AWS_CMD="aws s3 cp" + fi + + for pkg in dist/*; do + ${AWS_CMD} "$pkg" "${PYTORCH_S3_BUCKET_PATH}" --acl public-read + done diff --git a/.github/workflows/build_conda_linux.yml b/.github/workflows/build_conda_linux.yml index ad126ac3a7..0f40fde616 100644 --- a/.github/workflows/build_conda_linux.yml +++ b/.github/workflows/build_conda_linux.yml @@ -81,7 +81,6 @@ jobs: CU_VERSION: ${{ matrix.desired_cuda }} name: ${{ matrix.build_name }} runs-on: ${{ matrix.validation_runner }} - environment: ${{(inputs.trigger-event == 'push' || startsWith(github.event.ref, 'refs/tags/')) && 'pytorchbot-env' || ''}} container: image: ${{ matrix.container_image }} options: ${{ matrix.gpu_arch_type == 'cuda' && '--gpus all' || ' ' }} @@ -108,6 +107,7 @@ jobs: ref: ${{ inputs.ref }} setup-miniconda: true python-version: ${{ env.PYTHON_VERSION }} + cuda-version: ${{ env.CU_VERSION }} - name: Combine Env Var and Build Env Files if: ${{ inputs.env-var-script != '' }} working-directory: ${{ inputs.repository }} @@ -150,19 +150,18 @@ jobs: --python "${PYTHON_VERSION}" \ --output-folder distr/ \ "${CONDA_PACKAGE_DIRECTORY}" - - - name: Upload artifact to GitHub - continue-on-error: true - uses: actions/upload-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ inputs.repository }}/distr/ - name: Run Post-Script if: ${{ inputs.post-script != '' }} uses: ./test-infra/.github/actions/run-script-with-cache with: repository: ${{ inputs.repository }} script: ${{ inputs.post-script }} + - name: Upload artifact to GitHub + continue-on-error: true + uses: actions/upload-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/distr/ - name: Smoke Test env: PACKAGE_NAME: ${{ inputs.package-name }} @@ -218,30 +217,20 @@ jobs: ${CONDA_RUN_SMOKE} python "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT}" fi conda env remove -p "${CONDA_ENV_SMOKE}" - - name: Upload package to conda - if: ${{ (inputs.trigger-event == 'push' && env.CHANNEL != 'test') || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} - working-directory: ${{ inputs.repository }} - env: - CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} - CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} - run: | - if [[ "${CHANNEL}" = "nightly" ]]; then - export CONDA_TOKEN="${CONDA_PYTORCHBOT_TOKEN}" - else - export CONDA_TOKEN="${CONDA_PYTORCHBOT_TOKEN_TEST}" - fi - set -euxo pipefail - # shellcheck disable=SC1090 - source "${BUILD_ENV_FILE}" - ${CONDA_RUN} conda install --yes --quiet anaconda-client - ${CONDA_RUN} anaconda \ - -t "${CONDA_TOKEN}" \ - upload distr/linux-64/*.tar.bz2 \ - -u "pytorch-${CHANNEL}" \ - --label main \ - --no-progress \ - --force + upload: + needs: build + uses: ./.github/workflows/_binary_conda_upload.yml + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + test-infra-repository: ${{ inputs.test-infra-repository }} + test-infra-ref: ${{ inputs.test-infra-ref }} + build-matrix: ${{ inputs.build-matrix }} + trigger-event: ${{ inputs.trigger-event }} + secrets: + CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} + CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ inputs.repository }}-${{ github.event_name == 'workflow_dispatch' }} diff --git a/.github/workflows/build_conda_macos.yml b/.github/workflows/build_conda_macos.yml index b136668446..8ffb25395e 100644 --- a/.github/workflows/build_conda_macos.yml +++ b/.github/workflows/build_conda_macos.yml @@ -85,7 +85,6 @@ jobs: CU_VERSION: cpu name: ${{ matrix.build_name }} runs-on: ${{ inputs.runner-type }} - environment: ${{(inputs.trigger-event == 'push' || startsWith(github.event.ref, 'refs/tags/')) && 'pytorchbot-env' || ''}} # If a build is taking longer than 60 minutes on these runners we need # to have a conversation timeout-minutes: 60 @@ -118,6 +117,7 @@ jobs: ref: ${{ inputs.ref }} setup-miniconda: false python-version: ${{ env.PYTHON_VERSION }} + cuda-version: ${{ env.CU_VERSION }} - name: Combine Env Var and Build Env Files if: ${{ inputs.env-var-script != '' }} working-directory: ${{ inputs.repository }} @@ -154,19 +154,18 @@ jobs: --python "${PYTHON_VERSION}" \ --output-folder distr/ \ "${CONDA_PACKAGE_DIRECTORY}" - - - name: Upload artifact to GitHub - continue-on-error: true - uses: actions/upload-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ inputs.repository }}/distr/ - name: Run Post-Script if: ${{ inputs.post-script != '' }} uses: ./test-infra/.github/actions/run-script-with-cache with: repository: ${{ inputs.repository }} script: ${{ inputs.post-script }} + - name: Upload artifact to GitHub + continue-on-error: true + uses: actions/upload-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/distr/ - name: Smoke Test shell: bash -l {0} env: @@ -222,42 +221,25 @@ jobs: export PATH=${OLD_PATH} conda env remove -p "${CONDA_ENV_SMOKE}" - - name: Upload package to conda - if: ${{ (inputs.trigger-event == 'push' && env.CHANNEL != 'test') || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} - working-directory: ${{ inputs.repository }} - env: - CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} - CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} - run: | - if [[ "${CHANNEL}" = "nightly" ]]; then - export CONDA_TOKEN="${CONDA_PYTORCHBOT_TOKEN}" - else - export CONDA_TOKEN="${CONDA_PYTORCHBOT_TOKEN_TEST}" - fi - - set -euxo pipefail - # shellcheck disable=SC1090 - source "${BUILD_ENV_FILE}" - - ${CONDA_RUN} conda install --yes --quiet anaconda-client - arch_name="$(uname -m)" - if [ "${arch_name}" = "arm64" ]; then - export ARCH_NAME="osx-arm64" - else - export ARCH_NAME="osx-64" - fi - ${CONDA_RUN} anaconda \ - -t "${CONDA_TOKEN}" \ - upload "distr/${ARCH_NAME}"/*.tar.bz2 \ - -u "pytorch-${CHANNEL}" \ - --label main \ - --no-progress \ - --force - name: Clean up disk space if: always() continue-on-error: true uses: ./test-infra/.github/actions/check-disk-space + upload: + needs: build + uses: ./.github/workflows/_binary_conda_upload.yml + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + test-infra-repository: ${{ inputs.test-infra-repository }} + test-infra-ref: ${{ inputs.test-infra-ref }} + build-matrix: ${{ inputs.build-matrix }} + trigger-event: ${{ inputs.trigger-event }} + secrets: + CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} + CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ inputs.repository }}-${{ github.event_name == 'workflow_dispatch' }} cancel-in-progress: true diff --git a/.github/workflows/build_conda_windows.yml b/.github/workflows/build_conda_windows.yml index e6a999549e..6472bb496a 100644 --- a/.github/workflows/build_conda_windows.yml +++ b/.github/workflows/build_conda_windows.yml @@ -81,7 +81,6 @@ jobs: CU_VERSION: ${{ matrix.desired_cuda }} name: ${{ matrix.build_name }} runs-on: ${{ matrix.validation_runner }} - environment: ${{(inputs.trigger-event == 'push' || startsWith(github.event.ref, 'refs/tags/')) && 'pytorchbot-env' || ''}} defaults: run: shell: bash -l {0} @@ -117,6 +116,7 @@ jobs: ref: ${{ inputs.ref }} setup-miniconda: false python-version: ${{ env.PYTHON_VERSION }} + cuda-version: ${{ env.CU_VERSION }} - name: Run Pre-Script with Caching if: ${{ inputs.pre-script != '' }} uses: ./test-infra/.github/actions/run-script-with-cache @@ -154,6 +154,7 @@ jobs: working-directory: ${{ inputs.repository }} env: CUDATOOLKIT_CHANNEL: ${{ env.CUDATOOLKIT_CHANNEL }} + PACKAGE_NAME: ${{ inputs.package-name }} run: | set -euxo pipefail cat "${BUILD_ENV_FILE}" @@ -169,12 +170,13 @@ jobs: --no-test --python "${PYTHON_VERSION}" \ --output-folder distr/ \ "${CONDA_PACKAGE_DIRECTORY}" - - name: Upload artifact to GitHub - continue-on-error: true - uses: actions/upload-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ inputs.repository }}/distr/ + + # This is to remove the vs20xx conda package that sneaks into distr + for pkg in distr/**/*.tar.bz2; do + if [[ "${pkg}" != *"${PACKAGE_NAME}"* ]]; then + rm -f "${pkg}" + fi + done - name: Run Post-Script if: ${{ inputs.post-script != '' }} uses: ./test-infra/.github/actions/run-script-with-cache @@ -182,6 +184,12 @@ jobs: repository: ${{ inputs.repository }} script: ${{ inputs.post-script }} is_windows: 'enabled' + - name: Upload artifact to GitHub + continue-on-error: true + uses: actions/upload-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/distr/ - name: Smoke Test env: PACKAGE_NAME: ${{ inputs.package-name }} @@ -239,30 +247,20 @@ jobs: ${CONDA_RUN_SMOKE} python "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT}" fi conda env remove -p "${CONDA_ENV_SMOKE}" - - name: Upload package to conda - if: ${{ (inputs.trigger-event == 'push' && env.CHANNEL != 'test') || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} - working-directory: ${{ inputs.repository }} - env: - PACKAGE_NAME: ${{ inputs.package-name }} - CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} - CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} - run: | - if [[ "${CHANNEL}" = "nightly" ]]; then - export CONDA_TOKEN="${CONDA_PYTORCHBOT_TOKEN}" - else - export CONDA_TOKEN="${CONDA_PYTORCHBOT_TOKEN_TEST}" - fi - set -euxo pipefail - source "${BUILD_ENV_FILE}" - ${CONDA_RUN} conda install --yes --quiet anaconda-client - ${CONDA_RUN} anaconda \ - -t "${CONDA_TOKEN}" \ - upload "distr/win-64/${PACKAGE_NAME}*.tar.bz2" \ - -u "pytorch-${CHANNEL}" \ - --label main \ - --no-progress \ - --force + upload: + needs: build + uses: ./.github/workflows/_binary_conda_upload.yml + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + test-infra-repository: ${{ inputs.test-infra-repository }} + test-infra-ref: ${{ inputs.test-infra-ref }} + build-matrix: ${{ inputs.build-matrix }} + trigger-event: ${{ inputs.trigger-event }} + secrets: + CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} + CONDA_PYTORCHBOT_TOKEN_TEST: ${{ secrets.CONDA_PYTORCHBOT_TOKEN_TEST }} concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ inputs.repository }}-${{ github.event_name == 'workflow_dispatch' }} diff --git a/.github/workflows/build_wheels_linux.yml b/.github/workflows/build_wheels_linux.yml index 7498582e23..dc4e757044 100644 --- a/.github/workflows/build_wheels_linux.yml +++ b/.github/workflows/build_wheels_linux.yml @@ -65,14 +65,6 @@ on: required: false type: boolean default: true - # TODO (huydhn): Remove them once all libraries using Nova has removed them - secrets: - AWS_PYTORCH_UPLOADER_ACCESS_KEY_ID: - description: "AWS Access Key passed from caller workflow" - required: false - AWS_PYTORCH_UPLOADER_SECRET_ACCESS_KEY: - description: "AWS Secret Access Ket passed from caller workflow" - required: false permissions: id-token: write @@ -93,7 +85,6 @@ jobs: ARCH: ${{ inputs.architecture }} name: ${{ matrix.build_name }} runs-on: ${{ matrix.validation_runner }} - environment: ${{(inputs.trigger-event == 'push' || startsWith(github.event.ref, 'refs/tags/')) && 'pytorchbot-env' || ''}} container: image: ${{ matrix.container_image }} options: ${{ matrix.gpu_arch_type == 'cuda' && '--gpus all' || ' ' }} @@ -153,6 +144,8 @@ jobs: ref: ${{ inputs.ref }} setup-miniconda: ${{ inputs.setup-miniconda }} python-version: ${{ env.PYTHON_VERSION }} + cuda-version: ${{ env.CU_VERSION }} + arch: ${{ env.ARCH }} - name: Combine Env Var and Build Env Files if: ${{ inputs.env-var-script != '' }} working-directory: ${{ inputs.repository }} @@ -189,18 +182,18 @@ jobs: source "${BUILD_ENV_FILE}" export PYTORCH_VERSION="$(${CONDA_RUN} pip show torch | grep ^Version: | sed 's/Version: *//' | sed 's/+.\+//')" ${CONDA_RUN} python setup.py bdist_wheel - - name: Upload wheel to GitHub - continue-on-error: true - uses: actions/upload-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ inputs.repository }}/dist/ - name: Run Post-Script if: ${{ inputs.post-script != '' }} uses: ./test-infra/.github/actions/run-script-with-cache with: repository: ${{ inputs.repository }} script: ${{ inputs.post-script }} + - name: Upload wheel to GitHub + continue-on-error: true + uses: actions/upload-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/dist/ - name: Smoke Test shell: bash -l {0} env: @@ -235,31 +228,18 @@ jobs: echo "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT} found" ${CONDA_RUN} python "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT}" fi - # TODO (huydhn): Move the following step to a separate build job - - name: Configure aws credentials (pytorch account) - if: ${{ inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly') }} - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels - aws-region: us-east-1 - - name: Configure aws credentials (pytorch account) - if: ${{ env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/') }} - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels - aws-region: us-east-1 - - name: Upload package to pytorch.org - if: ${{ (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} - shell: bash -l {0} - working-directory: ${{ inputs.repository }} - run: | - set -euxo pipefail - source "${BUILD_ENV_FILE}" - ${CONDA_RUN} pip install awscli - for pkg in dist/*; do - # PYTORCH_S3_BUCKET_PATH derived from pkg-helpers - ${CONDA_RUN} aws s3 cp "$pkg" "${PYTORCH_S3_BUCKET_PATH}" --acl public-read - done + + upload: + needs: build + uses: ./.github/workflows/_binary_upload.yml + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + test-infra-repository: ${{ inputs.test-infra-repository }} + test-infra-ref: ${{ inputs.test-infra-ref }} + build-matrix: ${{ inputs.build-matrix }} + architecture: ${{ inputs.architecture }} + trigger-event: ${{ inputs.trigger-event }} concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ inputs.repository }}-${{ github.event_name == 'workflow_dispatch' }} diff --git a/.github/workflows/build_wheels_macos.yml b/.github/workflows/build_wheels_macos.yml index bf8a0341fa..f3dd2db55a 100644 --- a/.github/workflows/build_wheels_macos.yml +++ b/.github/workflows/build_wheels_macos.yml @@ -59,14 +59,6 @@ on: description: "The key created when saving a cache and the key used to search for a cache." default: "" type: string - # TODO (huydhn): Remove them once all libraries using Nova has removed them - secrets: - AWS_PYTORCH_UPLOADER_ACCESS_KEY_ID: - description: "AWS Access Key passed from caller workflow" - required: false - AWS_PYTORCH_UPLOADER_SECRET_ACCESS_KEY: - description: "AWS Secret Access Ket passed from caller workflow" - required: false permissions: id-token: write @@ -82,9 +74,9 @@ jobs: PACKAGE_TYPE: wheel REPOSITORY: ${{ inputs.repository }} REF: ${{ inputs.ref }} + CU_VERSION: ${{ matrix.desired_cuda }} name: ${{ matrix.build_name }} runs-on: ${{ inputs.runner-type }} - environment: ${{(inputs.trigger-event == 'push' || startsWith(github.event.ref, 'refs/tags/')) && 'pytorchbot-env' || ''}} # If a build is taking longer than 60 minutes on these runners we need # to have a conversation timeout-minutes: 60 @@ -115,6 +107,8 @@ jobs: ref: ${{ inputs.ref }} setup-miniconda: false python-version: ${{ env.PYTHON_VERSION }} + cuda-version: ${{ env.CU_VERSION }} + arch: ${{ env.ARCH }} - name: Combine Env Var and Build Env Files if: ${{ inputs.env-var-script != '' }} working-directory: ${{ inputs.repository }} @@ -123,7 +117,7 @@ jobs: - name: Install delocate-wheel run: | set -euxo pipefail - ${CONDA_RUN} python3 -m pip install delocate + ${CONDA_RUN} python3 -m pip install delocate==0.10.7 - name: Install torch dependency run: | set -euxo pipefail @@ -165,18 +159,18 @@ jobs: run: | set -euxo pipefail ${CONDA_RUN} DYLD_FALLBACK_LIBRARY_PATH="${CONDA_ENV}/lib" delocate-wheel -v --ignore-missing-dependencies dist/*.whl - - name: Upload wheel to GitHub - continue-on-error: true - uses: actions/upload-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ inputs.repository }}/dist/ - name: Run Post-Script if: ${{ inputs.post-script != '' }} uses: ./test-infra/.github/actions/run-script-with-cache with: repository: ${{ inputs.repository }} script: ${{ inputs.post-script }} + - name: Upload wheel to GitHub + continue-on-error: true + uses: actions/upload-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ inputs.repository }}/dist/ - name: Smoke Test shell: bash -l {0} env: @@ -209,37 +203,22 @@ jobs: ${CONDA_RUN} python3 "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT}" fi export PATH=${OLD_PATH} - # TODO (huydhn): Move the following step to a separate build job - - name: Configure aws credentials (pytorch account) - if: ${{ inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly') }} - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels - aws-region: us-east-1 - - name: Configure aws credentials (pytorch account) - if: ${{ env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/') }} - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels - aws-region: us-east-1 - - name: Upload package to pytorch.org - if: ${{ (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} - shell: bash -l {0} - working-directory: ${{ inputs.repository }} - run: | - set -euxo pipefail - # shellcheck disable=SC1090 - source "${BUILD_ENV_FILE}" - ${CONDA_RUN} pip install awscli - for pkg in dist/*; do - # PYTORCH_S3_BUCKET_PATH derived from pkg-helpers - ${CONDA_RUN} aws s3 cp "$pkg" "${PYTORCH_S3_BUCKET_PATH}" --acl public-read - done - name: Clean up disk space if: always() continue-on-error: true uses: ./test-infra/.github/actions/check-disk-space + upload: + needs: build + uses: ./.github/workflows/_binary_upload.yml + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + test-infra-repository: ${{ inputs.test-infra-repository }} + test-infra-ref: ${{ inputs.test-infra-ref }} + build-matrix: ${{ inputs.build-matrix }} + trigger-event: ${{ inputs.trigger-event }} + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ inputs.repository }}-${{ github.event_name == 'workflow_dispatch' }} cancel-in-progress: true diff --git a/.github/workflows/build_wheels_windows.yml b/.github/workflows/build_wheels_windows.yml index ebc6c1025b..1c4d5ecd03 100644 --- a/.github/workflows/build_wheels_windows.yml +++ b/.github/workflows/build_wheels_windows.yml @@ -59,14 +59,6 @@ on: description: "The key created when saving a cache and the key used to search for a cache." default: "" type: string - # TODO (huydhn): Remove them once all libraries using Nova has removed them - secrets: - AWS_PYTORCH_UPLOADER_ACCESS_KEY_ID: - description: "AWS Access Key passed from caller workflow" - required: false - AWS_PYTORCH_UPLOADER_SECRET_ACCESS_KEY: - description: "AWS Secret Access Ket passed from caller workflow" - required: false permissions: id-token: write @@ -86,7 +78,6 @@ jobs: UPLOAD_TO_BASE_BUCKET: ${{ matrix.upload_to_base_bucket }} name: ${{ matrix.build_name }} runs-on: ${{ matrix.validation_runner }} - environment: ${{(inputs.trigger-event == 'push' || startsWith(github.event.ref, 'refs/tags/')) && 'pytorchbot-env' || ''}} defaults: run: shell: bash -l {0} @@ -122,6 +113,8 @@ jobs: ref: ${{ inputs.ref }} setup-miniconda: false python-version: ${{ env.PYTHON_VERSION }} + cuda-version: ${{ env.CU_VERSION }} + arch: ${{ env.ARCH }} - name: Install torch dependency run: | source "${BUILD_ENV_FILE}" @@ -199,34 +192,21 @@ jobs: echo "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT} found" ${CONDA_RUN} python "${{ inputs.repository }}/${SMOKE_TEST_SCRIPT}" fi - # TODO (huydhn): Move the following step to a separate build job - - name: Configure aws credentials (pytorch account) - if: ${{ inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly') }} - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels - aws-region: us-east-1 - - name: Configure aws credentials (pytorch account) - if: ${{ env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/') }} - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels - aws-region: us-east-1 - - name: Upload package to pytorch.org - if: ${{ (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }} - shell: bash -l {0} - working-directory: ${{ inputs.repository }} - run: | - source "${BUILD_ENV_FILE}" - ${CONDA_RUN} pip install awscli - for pkg in dist/*; do - # PYTORCH_S3_BUCKET_PATH derived from pkg-helpers - ${CONDA_RUN} aws s3 cp "$pkg" "${PYTORCH_S3_BUCKET_PATH}" --acl public-read - done - uses: ./test-infra/.github/actions/teardown-windows if: always() name: Teardown Windows + upload: + needs: build + uses: ./.github/workflows/_binary_upload.yml + with: + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + test-infra-repository: ${{ inputs.test-infra-repository }} + test-infra-ref: ${{ inputs.test-infra-ref }} + build-matrix: ${{ inputs.build-matrix }} + trigger-event: ${{ inputs.trigger-event }} + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ inputs.repository }}-${{ github.event_name == 'workflow_dispatch' }} cancel-in-progress: true diff --git a/.github/workflows/test_build_conda_linux_with_cuda.yml b/.github/workflows/test_build_conda_linux_with_cuda.yml index e14c81cffd..3163daae1b 100644 --- a/.github/workflows/test_build_conda_linux_with_cuda.yml +++ b/.github/workflows/test_build_conda_linux_with_cuda.yml @@ -7,6 +7,7 @@ on: - .github/workflows/test_build_conda_linux.yml - .github/workflows/build_conda_linux.yml - .github/workflows/generate_binary_build_matrix.yml + - .github/workflows/_binary_conda_upload.yml - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: diff --git a/.github/workflows/test_build_conda_linux_without_cuda.yml b/.github/workflows/test_build_conda_linux_without_cuda.yml index 9331bd8f06..b9d1da6c79 100644 --- a/.github/workflows/test_build_conda_linux_without_cuda.yml +++ b/.github/workflows/test_build_conda_linux_without_cuda.yml @@ -7,6 +7,7 @@ on: - .github/workflows/test_build_conda_linux.yml - .github/workflows/build_conda_linux.yml - .github/workflows/generate_binary_build_matrix.yml + - .github/workflows/_binary_conda_upload.yml - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: diff --git a/.github/workflows/test_build_conda_m1.yml b/.github/workflows/test_build_conda_m1.yml index cdbc036847..1a24cb0fda 100644 --- a/.github/workflows/test_build_conda_m1.yml +++ b/.github/workflows/test_build_conda_m1.yml @@ -7,6 +7,7 @@ on: - .github/workflows/test_build_conda_m1.yml - .github/workflows/build_conda_macos.yml - .github/workflows/generate_binary_build_matrix.yml + - .github/workflows/_binary_conda_upload.yml - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: diff --git a/.github/workflows/test_build_conda_macos.yml b/.github/workflows/test_build_conda_macos.yml index d63802e22c..8e6ce42662 100644 --- a/.github/workflows/test_build_conda_macos.yml +++ b/.github/workflows/test_build_conda_macos.yml @@ -7,6 +7,7 @@ on: - .github/workflows/test_build_conda_macos.yml - .github/workflows/build_conda_macos.yml - .github/workflows/generate_binary_build_matrix.yml + - .github/workflows/_binary_conda_upload.yml - tools/scripts/generate_binary_build_matrix.py jobs: diff --git a/.github/workflows/test_build_conda_windows_with_cuda.yml b/.github/workflows/test_build_conda_windows_with_cuda.yml index 8c68c06858..4ab1367637 100644 --- a/.github/workflows/test_build_conda_windows_with_cuda.yml +++ b/.github/workflows/test_build_conda_windows_with_cuda.yml @@ -7,6 +7,7 @@ on: - .github/workflows/test_build_conda_windows_with_cuda.yml - .github/workflows/build_conda_windows.yml - .github/workflows/generate_binary_build_matrix.yml + - .github/workflows/_binary_conda_upload.yml - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: diff --git a/.github/workflows/test_build_conda_windows_without_cuda.yml b/.github/workflows/test_build_conda_windows_without_cuda.yml index 4d5583d1e0..282ffcd742 100644 --- a/.github/workflows/test_build_conda_windows_without_cuda.yml +++ b/.github/workflows/test_build_conda_windows_without_cuda.yml @@ -7,6 +7,7 @@ on: - .github/workflows/test_build_conda_windows_without_cuda.yml - .github/workflows/build_conda_windows.yml - .github/workflows/generate_binary_build_matrix.yml + - .github/workflows/_binary_conda_upload.yml - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: diff --git a/.github/workflows/test_build_wheels_linux_aarch64_without_cuda.yml b/.github/workflows/test_build_wheels_linux_aarch64_without_cuda.yml index 907c5aa119..f354e5551f 100644 --- a/.github/workflows/test_build_wheels_linux_aarch64_without_cuda.yml +++ b/.github/workflows/test_build_wheels_linux_aarch64_without_cuda.yml @@ -11,6 +11,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml diff --git a/.github/workflows/test_build_wheels_linux_with_cuda.yml b/.github/workflows/test_build_wheels_linux_with_cuda.yml index 63a835bf8d..475ea62d73 100644 --- a/.github/workflows/test_build_wheels_linux_with_cuda.yml +++ b/.github/workflows/test_build_wheels_linux_with_cuda.yml @@ -11,6 +11,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml diff --git a/.github/workflows/test_build_wheels_linux_without_cuda.yml b/.github/workflows/test_build_wheels_linux_without_cuda.yml index 59718e9d52..c156874f31 100644 --- a/.github/workflows/test_build_wheels_linux_without_cuda.yml +++ b/.github/workflows/test_build_wheels_linux_without_cuda.yml @@ -11,6 +11,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml diff --git a/.github/workflows/test_build_wheels_m1.yml b/.github/workflows/test_build_wheels_m1.yml index 2b90e9d53b..bb9eca8caa 100644 --- a/.github/workflows/test_build_wheels_m1.yml +++ b/.github/workflows/test_build_wheels_m1.yml @@ -10,6 +10,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml diff --git a/.github/workflows/test_build_wheels_macos.yml b/.github/workflows/test_build_wheels_macos.yml index 737ee4bfb1..03eab1464b 100644 --- a/.github/workflows/test_build_wheels_macos.yml +++ b/.github/workflows/test_build_wheels_macos.yml @@ -10,6 +10,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml diff --git a/.github/workflows/test_build_wheels_windows_with_cuda.yml b/.github/workflows/test_build_wheels_windows_with_cuda.yml index bf18572489..9520c45cc6 100644 --- a/.github/workflows/test_build_wheels_windows_with_cuda.yml +++ b/.github/workflows/test_build_wheels_windows_with_cuda.yml @@ -10,6 +10,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml diff --git a/.github/workflows/test_build_wheels_windows_without_cuda.yml b/.github/workflows/test_build_wheels_windows_without_cuda.yml index 98b8b5da9f..6ee2adf5da 100644 --- a/.github/workflows/test_build_wheels_windows_without_cuda.yml +++ b/.github/workflows/test_build_wheels_windows_without_cuda.yml @@ -10,6 +10,10 @@ on: - tools/scripts/generate_binary_build_matrix.py workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: generate-matrix: uses: ./.github/workflows/generate_binary_build_matrix.yml