Skip to content

[Snyk] Fix for 2 vulnerabilities #164

[Snyk] Fix for 2 vulnerabilities

[Snyk] Fix for 2 vulnerabilities #164

Workflow file for this run

# Copyright (c) ONNX Project Contributors
#
# SPDX-License-Identifier: Apache-2.0
name: Lint
on:
push:
branches:
- main
pull_request:
merge_group:
permissions: # set top-level default permissions as security best practice
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'workflow_dispatch' }}
cancel-in-progress: true
jobs:
optional-lint:
name: Optional Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: misspell # Check spellings as well
uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0
with:
github_token: ${{ secrets.github_token }}
locale: "US"
reporter: github-pr-check
level: info
filter_mode: diff_context
exclude: |
./docs/docsgen/source/_static/*
- name: shellcheck # Static check shell scripts
uses: reviewdog/action-shellcheck@d99499e855260c9c56f7a1d066933b57326e9e7c # v1.26.0
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-check
level: info
filter_mode: diff_context
- name: cpplint # Static check C++ code
uses: reviewdog/action-cpplint@3f691d27ef181edb2a57b6d1edcec63ade34c611 # v1.7.0
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-check
level: warning
flags: --linelength=120
filter: "-runtime/references"
enforce-style:
name: Enforce style
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
# Version range or exact version of Python to use, using SemVer's version range syntax. Reads from .python-version if unset.
python-version: "3.10"
- name: Install ONNX
run: |
source workflow_scripts/protobuf/build_protobuf_unix.sh $(nproc)
python -m pip install --quiet --upgrade pip setuptools wheel
python -m pip install --quiet -r requirements-release.txt
git submodule update --init --recursive
export ONNX_BUILD_TESTS=0
export ONNX_ML=1
export CMAKE_ARGS="-DONNXIFI_DUMMY_BACKEND=ON -DONNX_WERROR=ON"
export ONNX_NAMESPACE=ONNX_NAMESPACE_FOO_BAR_FOR_CI
python setup.py install
- name: Install dependencies
run: |
python -m pip install -r requirements-dev.txt
lintrunner init
- name: Run lintrunner on all files
run: |
set +e
if ! lintrunner --force-color --all-files --tee-json=lint.json -v; then
echo ""
echo -e "\e[1m\e[36mYou can reproduce these results locally by using \`lintrunner\`.\e[0m"
echo -e "\e[1m\e[36mSee https://github.com/onnx/onnx/blob/main/CONTRIBUTING.md#coding-style for setup instructions.\e[0m"
exit 1
fi
- name: Produce SARIF
if: always()
run: |
python -m lintrunner_adapters to-sarif lint.json lintrunner.sarif
- name: Upload SARIF file
# Use always() to always upload SARIF even if lintrunner returns with error code
# To toggle linter comments in the files page, press `i` on the keyboard
if: always()
continue-on-error: true
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
with:
# Path to SARIF file relative to the root of the repository
sarif_file: lintrunner.sarif
category: lintrunner
checkout_path: ${{ github.workspace }}
- name: Check auto-gen files are up-to-date
run: |
echo -e "\n::group:: ===> check auto-gen files are up-to-date..."
ONNX_ML=1 python onnx/defs/gen_doc.py
python onnx/gen_proto.py -l
python onnx/gen_proto.py -l --ml
python onnx/backend/test/stat_coverage.py
git status
git diff --exit-code -- . ':(exclude)onnx/onnx-data.proto' ':(exclude)onnx/onnx-data.proto3'
if [ $? -ne 0 ]; then
echo "git diff returned failures"
exit 1
fi
echo -e "::endgroup::"