fix: add security template for OpenSSF scoring #532
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: 2022 - 2023 Intel Corporation | |
# | |
# SPDX-License-Identifier: Apache-2.0 | |
name: Conda package | |
# Declare default permissions as read only. | |
permissions: read-all | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '[0-9]+.[0-9]+*' | |
pull_request: | |
env: | |
PACKAGE_NAME: dpbench | |
MODULE_NAME: dpbench | |
# There is a separate action that removes defaults. | |
CHANNELS: 'dppy/label/dev,conda-forge,intel,nodefaults' | |
VER_JSON_NAME: 'version.json' | |
VER_SCRIPT1: "import json; f = open('version.json', 'r'); j = json.load(f); f.close(); " | |
VER_SCRIPT2: "d = j['dpbench'][0]; print('='.join((d[s] for s in ('version', 'build'))))" | |
PYTHONIOENCODING: 'utf-8' | |
jobs: | |
build: | |
name: Build ['${{ matrix.os }}', python='${{ matrix.python }}'] | |
strategy: | |
fail-fast: false | |
matrix: | |
python: ['3.9', '3.10', '3.11'] | |
os: [ubuntu-latest, windows-2019] | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: | |
shell: ${{ matrix.os == 'windows-latest' && 'cmd /U /C CALL {0}' || 'bash -el {0}' }} | |
continue-on-error: false | |
steps: | |
- name: Cancel Previous Runs | |
uses: styfle/[email protected] | |
with: | |
access_token: ${{ github.token }} | |
- name: Checkout ${{ env.PACKAGE_NAME }} repo | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Setup miniconda | |
uses: conda-incubator/setup-miniconda@v3 | |
with: | |
auto-activate-base: true | |
activate-environment: "" | |
channels: ${{ env.CHANNELS }} | |
channel-priority: "disabled" | |
miniforge-version: latest | |
- name: Disable defautls | |
run: conda config --remove channels defaults | |
- name: Store conda paths as envs | |
shell: bash -l {0} | |
run: | | |
echo "CONDA_BLD=$CONDA_PREFIX/conda-bld/${{ runner.os == 'Linux' && 'linux' || 'win' }}-64/" | tr "\\" '/' >> $GITHUB_ENV | |
echo "WHEELS_OUTPUT_FOLDER=$GITHUB_WORKSPACE${{ runner.os == 'Linux' && '/' || '\\' }}" >> $GITHUB_ENV | |
- name: Install conda-build | |
run: conda install conda-build | |
- name: Configure MSBuild | |
if: runner.os == 'Windows' | |
uses: microsoft/[email protected] | |
with: | |
vs-version: '14.35' | |
- name: Show conda-rc | |
shell: bash -el {0} | |
run: cat ~/.condarc | |
- name: Build conda package | |
run: conda build --python ${{ matrix.python }} conda-recipe | |
- name: Upload artifact | |
uses: actions/[email protected] | |
with: | |
name: ${{ env.PACKAGE_NAME }} ${{ runner.os }} Python ${{ matrix.python }} | |
path: ${{ env.CONDA_BLD }}${{ env.PACKAGE_NAME }}-*.tar.bz2 | |
- name: Upload wheels artifact | |
uses: actions/[email protected] | |
with: | |
name: ${{ env.PACKAGE_NAME }} ${{ runner.os }} Wheels Python ${{ matrix.python }} | |
path: ${{ env.WHEELS_OUTPUT_FOLDER }}${{ env.PACKAGE_NAME }}-*.whl | |
test: | |
name: Test ['${{ matrix.os }}', python='${{ matrix.python }}'] | |
needs: build | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: | |
shell: ${{ matrix.os == 'windows-latest' && 'cmd /U /C CALL {0}' || 'bash -el {0}' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
python: ['3.9', '3.10', '3.11'] | |
os: [ubuntu-20.04, ubuntu-latest, windows-latest] | |
precision: ["single", "double"] | |
experimental: [false] | |
continue-on-error: ${{ matrix.experimental }} | |
steps: | |
- name: Setup miniconda | |
uses: conda-incubator/setup-miniconda@v3 | |
with: | |
python-version: ${{ matrix.python }} | |
activate-environment: "build" | |
channels: ${{ env.CHANNELS }} | |
channel-priority: "disabled" | |
miniforge-version: latest | |
- name: Disable defautls | |
run: conda config --remove channels defaults | |
- name: Store conda paths as envs | |
shell: bash -l {0} | |
run: | | |
echo "CHANNEL_PATH=${{ github.workspace }}/channel/" | tr "\\" "/" >> $GITHUB_ENV | |
echo "EXTRACTED_PKG_PATH=${{ github.workspace }}/pkg/" | tr "\\" "/" >> $GITHUB_ENV | |
echo "VER_JSON_PATH=${{ github.workspace }}/version.json" | tr "\\" "/" >> $GITHUB_ENV | |
echo "PKG_PATH_IN_CHANNEL=${{ github.workspace }}/channel/${{ runner.os == 'Linux' && 'linux' || 'win' }}-64/" | tr "\\" "/" >> $GITHUB_ENV | |
- name: Download artifact | |
uses: actions/[email protected] | |
with: | |
name: ${{ env.PACKAGE_NAME }} ${{ runner.os }} Python ${{ matrix.python }} | |
path: ${{ env.PKG_PATH_IN_CHANNEL }} | |
# We need --force-local because on windows path looks like C:/foo/bar | |
# and tar interprits semicolons as remote device. | |
- name: Extract package archive | |
shell: bash -l {0} | |
run: | | |
mkdir -p ${EXTRACTED_PKG_PATH} | |
tar -xvf ${PKG_PATH_IN_CHANNEL}${PACKAGE_NAME}-*.tar.bz2 -C ${EXTRACTED_PKG_PATH} --force-local | |
# Needed to be able to run conda index | |
- name: Install conda-build | |
run: conda install conda-build conda-index | |
- name: Create conda channel | |
run: python -m conda_index ${{ env.CHANNEL_PATH }} | |
- name: Test conda channel | |
run: | | |
conda search ${{ env.PACKAGE_NAME }} -c ${{ env.CHANNEL_PATH }} --override-channels --info --json > ${{ env.VER_JSON_PATH }} | |
cat ${{ env.VER_JSON_PATH }} | |
- name: Install dpbench | |
run: conda install ${{ env.PACKAGE_NAME }}=${{ env.PACKAGE_VERSION }} pytest intel::intel-opencl-rt python=${{ matrix.python }} -c ${{ env.CHANNEL_PATH }} | |
- name: Setup OpenCL CPU device | |
if: runner.os == 'Windows' | |
shell: pwsh | |
run: | | |
$script_path="$env:CONDA_PREFIX\Scripts\set-intel-ocl-icd-registry.ps1" | |
&$script_path | |
echo "OCL_ICD_FILENAMES=$env:CONDA_PREFIX\Library\lib\intelocl64.dll" >> $env:GITHUB_ENV | |
- name: List installed packages | |
run: conda list | |
- name: Smoke test | |
run: python -c "import dpnp, dpctl, dpbench; dpctl.lsplatform()" | |
- name: Run benchmarks | |
run: | | |
dpbench -i numpy,numba_dpex_p,dpnp,numba_n,sycl run | |
- name: Generate report | |
run: | | |
dpbench report | |
# we want to make sure that configuration files are geting populated | |
- name: Run npbench benchmark | |
run: | | |
dpbench -i numpy -b azimint_hist run --experimental-npbench --precision=${{matrix.precision}} | |
- name: Run rodinia benchmark | |
run: | | |
dpbench run --experimental-rodinia --no-dpbench --no-validate -r 1 --precision=${{matrix.precision}} | |
upload_anaconda: | |
name: Upload dppy/label/dev ['${{ matrix.os }}', python='${{ matrix.python }}'] | |
needs: [test] | |
strategy: | |
matrix: | |
python: ['3.9', '3.10', '3.11'] | |
os: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: | |
shell: bash -el {0} | |
continue-on-error: false | |
if: | | |
(github.repository == 'IntelPython/dpbench') && | |
(github.ref == 'refs/heads/main' || (startsWith(github.ref, 'refs/heads/release') == true) || github.event_name == 'push' && contains(github.ref, 'refs/tags/')) | |
steps: | |
- name: Download artifact | |
uses: actions/[email protected] | |
with: | |
name: ${{ env.PACKAGE_NAME }} ${{ runner.os }} Python ${{ matrix.python }} | |
- name: Download wheels artifact | |
uses: actions/[email protected] | |
with: | |
name: ${{ env.PACKAGE_NAME }} ${{ runner.os }} Wheels Python ${{ matrix.python }} | |
- name: Setup miniconda | |
uses: conda-incubator/[email protected] | |
with: | |
auto-update-conda: true | |
python-version: ${{ matrix.python }} | |
miniconda-version: 'latest' | |
activate-environment: 'upload' | |
- name: Install anaconda-client | |
run: conda install anaconda-client | |
- name: Package version | |
run: echo "PACKAGE_VERSION=$(basename ${{ env.PACKAGE_NAME }}-*.tar.bz2 | sed 's/^${{ env.PACKAGE_NAME }}-\([^-]*\).*/\1/')" >> $GITHUB_ENV | |
- name: Upload | |
run: anaconda --token ${{ env.ANACONDA_TOKEN }} upload --user dppy --label dev ${{ env.PACKAGE_NAME }}-*.tar.bz2 | |
env: | |
ANACONDA_TOKEN: ${{ secrets.ANACONDA_TOKEN }} | |
- name: Upload Wheels | |
run: anaconda --token ${{ env.ANACONDA_TOKEN }} upload --user dppy --label dev ${{ env.PACKAGE_NAME }}-*.whl --version ${{ env.PACKAGE_VERSION }} | |
env: | |
ANACONDA_TOKEN: ${{ secrets.ANACONDA_TOKEN }} | |
cleanup_packages: | |
name: Clean up anaconda packages | |
needs: [upload_anaconda] | |
runs-on: 'ubuntu-latest' | |
defaults: | |
run: | |
shell: bash -el {0} | |
steps: | |
- uses: conda-incubator/setup-miniconda@v2 | |
with: | |
run-post: false | |
channel-priority: "disabled" | |
channels: conda-forge | |
python-version: '3.11' | |
- name: Install anaconda-client | |
run: conda install anaconda-client | |
- name: Checkout repo | |
uses: actions/checkout@v2 | |
with: | |
repository: IntelPython/devops-tools | |
fetch-depth: 0 | |
- name: Cleanup old packages | |
run: | | |
python scripts/cleanup-old-packages.py \ | |
--verbose --force --token ${{ secrets.ANACONDA_TOKEN }} \ | |
--package dppy/${{ env.PACKAGE_NAME }} --label dev |