[Snyk] Fix for 2 vulnerabilities #164
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) ONNX Project Contributors | |
# | |
# SPDX-License-Identifier: Apache-2.0 | |
name: Lint | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
merge_group: | |
permissions: # set top-level default permissions as security best practice | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'workflow_dispatch' }} | |
cancel-in-progress: true | |
jobs: | |
optional-lint: | |
name: Optional Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: misspell # Check spellings as well | |
uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0 | |
with: | |
github_token: ${{ secrets.github_token }} | |
locale: "US" | |
reporter: github-pr-check | |
level: info | |
filter_mode: diff_context | |
exclude: | | |
./docs/docsgen/source/_static/* | |
- name: shellcheck # Static check shell scripts | |
uses: reviewdog/action-shellcheck@d99499e855260c9c56f7a1d066933b57326e9e7c # v1.26.0 | |
with: | |
github_token: ${{ secrets.github_token }} | |
reporter: github-pr-check | |
level: info | |
filter_mode: diff_context | |
- name: cpplint # Static check C++ code | |
uses: reviewdog/action-cpplint@3f691d27ef181edb2a57b6d1edcec63ade34c611 # v1.7.0 | |
with: | |
github_token: ${{ secrets.github_token }} | |
reporter: github-pr-check | |
level: warning | |
flags: --linelength=120 | |
filter: "-runtime/references" | |
enforce-style: | |
name: Enforce style | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup Python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
# Version range or exact version of Python to use, using SemVer's version range syntax. Reads from .python-version if unset. | |
python-version: "3.10" | |
- name: Install ONNX | |
run: | | |
source workflow_scripts/protobuf/build_protobuf_unix.sh $(nproc) | |
python -m pip install --quiet --upgrade pip setuptools wheel | |
python -m pip install --quiet -r requirements-release.txt | |
git submodule update --init --recursive | |
export ONNX_BUILD_TESTS=0 | |
export ONNX_ML=1 | |
export CMAKE_ARGS="-DONNXIFI_DUMMY_BACKEND=ON -DONNX_WERROR=ON" | |
export ONNX_NAMESPACE=ONNX_NAMESPACE_FOO_BAR_FOR_CI | |
python setup.py install | |
- name: Install dependencies | |
run: | | |
python -m pip install -r requirements-dev.txt | |
lintrunner init | |
- name: Run lintrunner on all files | |
run: | | |
set +e | |
if ! lintrunner --force-color --all-files --tee-json=lint.json -v; then | |
echo "" | |
echo -e "\e[1m\e[36mYou can reproduce these results locally by using \`lintrunner\`.\e[0m" | |
echo -e "\e[1m\e[36mSee https://github.com/onnx/onnx/blob/main/CONTRIBUTING.md#coding-style for setup instructions.\e[0m" | |
exit 1 | |
fi | |
- name: Produce SARIF | |
if: always() | |
run: | | |
python -m lintrunner_adapters to-sarif lint.json lintrunner.sarif | |
- name: Upload SARIF file | |
# Use always() to always upload SARIF even if lintrunner returns with error code | |
# To toggle linter comments in the files page, press `i` on the keyboard | |
if: always() | |
continue-on-error: true | |
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 | |
with: | |
# Path to SARIF file relative to the root of the repository | |
sarif_file: lintrunner.sarif | |
category: lintrunner | |
checkout_path: ${{ github.workspace }} | |
- name: Check auto-gen files are up-to-date | |
run: | | |
echo -e "\n::group:: ===> check auto-gen files are up-to-date..." | |
ONNX_ML=1 python onnx/defs/gen_doc.py | |
python onnx/gen_proto.py -l | |
python onnx/gen_proto.py -l --ml | |
python onnx/backend/test/stat_coverage.py | |
git status | |
git diff --exit-code -- . ':(exclude)onnx/onnx-data.proto' ':(exclude)onnx/onnx-data.proto3' | |
if [ $? -ne 0 ]; then | |
echo "git diff returned failures" | |
exit 1 | |
fi | |
echo -e "::endgroup::" |