Skip to content

[Snyk] Security upgrade tornado from 6.2 to 6.3.3 #93

[Snyk] Security upgrade tornado from 6.2 to 6.3.3

[Snyk] Security upgrade tornado from 6.2 to 6.3.3 #93

name: LinuxRelease_aarch64
on:
schedule:
# Run weekly on Monday 00:00
- cron: '00 00 * * MON'
push:
branches: [main, rel-*]
pull_request:
branches: [main, rel-*]
workflow_dispatch:
permissions: # set top-level default permissions as security best practice
contents: read
jobs:
build:
if: github.event_name != 'pull_request' || startsWith( github.base_ref, 'rel-') || contains( github.event.pull_request.labels.*.name, 'run release CIs')
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [cp38-cp38, cp39-cp39, cp310-cp310, cp311-cp311]
env:
# setting up python and docker image
py: /opt/python/${{ matrix.python-version }}/bin/python
img: quay.io/pypa/manylinux2014_aarch64
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Checkout submodules
shell: bash
run: |
auth_header="$(git config --local --get http.https://github.com/.extraheader)"
git submodule sync --recursive
git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
# setting up qemu for enabling aarch64 binary execution on x86 machine
- uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
# Creating a virtual environment on machine with the help of docker container \
# and installing the dependencies inside that \
# so that we can use installed dependencies.
- name: Install dependencies
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '${{ env.py }} -m pip install -q virtualenv && ${{ env.py }} -m venv .env && \
source .env/bin/activate && \
${{ env.py }} -m pip install -q -r requirements-release.txt && \
yum install -y protobuf-compiler protobuf-devel
deactivate'
# using created virtual environment in new container and executing the script
- name: Build manylinux2014_aarch64
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
yum install -y sudo && \
sudo chmod +x .github/workflows/manylinux/entrypoint.sh && \
sudo .github/workflows/manylinux/entrypoint.sh ${{ env.py }} manylinux2014_aarch64 ${{ github.event_name }}
deactivate'
# using created virtual environment in new container and testing the wheel
- name: Test wheel with Python ${{ matrix.python-version }}
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip install -q --upgrade pip && \
python -m pip install -q -r requirements-release.txt && \
pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: wheels
path: dist
- name: Upload wheel to PyPI weekly
if: (github.event_name == 'schedule') # Only triggered by weekly event
run: |
python -m pip install -q twine
twine upload --verbose dist/*.whl --repository-url https://upload.pypi.org/legacy/ -u ${{ secrets.ONNXWEEKLY_USERNAME }} -p ${{ secrets.ONNXWEEKLY_TOKEN }}
- name: Verify ONNX with the latest numpy and protobuf
if: ${{ always() }}
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y numpy onnx protobuf && python -m pip install numpy protobuf && \
python -m pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
- name: Verify ONNX with the minimum supported numpy
if: ${{ always() }}
run: |
# only difference is numpy version
if [[ "${{ matrix.python-version }}" == "cp38-cp38" || "${{ matrix.python-version }}" == "cp39-cp39" ]]; then
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y onnx numpy && python -m pip install numpy==1.16.6 && \
python -m pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
else
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y onnx numpy && python -m pip install numpy==1.23.2 && \
python -m pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
fi
- name: Verify ONNX with the minimum supported protobuf (from requirements.txt)
if: ${{ always() }}
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y onnx && python -m pip install protobuf==3.20.2 && \
python -m pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
- name: Verify ONNX with ONNX Runtime PyPI package
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y protobuf numpy && python -m pip install -q -r requirements-release.txt && \
python -m pip install -q onnxruntime && \
export ORT_MAX_IR_SUPPORTED_VERSION=9 \
export ORT_MAX_ML_OPSET_SUPPORTED_VERSION=3 \
export ORT_MAX_ONNX_OPSET_SUPPORTED_VERSION=19 \
pytest && \
deactivate'