[DO NOT MERGE] Modify Project Workflows #8
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
|
||
| jobs: | ||
| git-mirror: | ||
| runs-on: AMD-ROCm-Internal-dev1 |
There was a problem hiding this comment.
This file is no longer needed
|
|
||
| jobs: | ||
| git-mirror: | ||
| runs-on: AMD-ROCm-Internal-dev1 |
There was a problem hiding this comment.
This file is no longer needed
| @@ -19,7 +19,7 @@ jobs: | |||
| # - https://gh.io/supported-runners-and-hardware-resources | |||
| # - https://gh.io/using-larger-runners (GitHub.com only) | |||
| # Consider using larger runners or machines with greater resources for possible analysis time improvements. | |||
There was a problem hiding this comment.
It seems you have CodeQL in the parent Directory, if so and if it checks for CPP, Actions and Python then no need for this file as well
|
|
||
| jobs: | ||
| git-mirror: | ||
| runs-on: AMD-ROCm-Internal-dev1 |
|
|
||
| jobs: | ||
| git-mirror: | ||
| runs-on: AMD-ROCm-Internal-dev1 |
| jobs: | ||
| git-mirror: | ||
| runs-on: AMD-ROCm-Internal-dev1 | ||
| runs-on: ubuntu-latest |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - distro: "ubuntu" | ||
| version: "20.04" | ||
| - distro: "ubuntu" | ||
| version: "22.04" | ||
| - distro: "ubuntu" | ||
| version: "24.04" | ||
| - distro: "opensuse" | ||
| version: "15.5" | ||
| - distro: "opensuse" | ||
| version: "15.6" | ||
| - distro: "rhel" | ||
| version: "8.10" | ||
| - distro: "rhel" | ||
| version: "9.3" | ||
| - distro: "rhel" | ||
| version: "9.4" | ||
| - distro: "rhel" | ||
| version: "9.5" | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| sparse-checkout: projects/rocprofiler-systems | ||
| submodules: recursive | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
||
| - name: Build CI Container | ||
| timeout-minutes: 45 | ||
| uses: nick-fields/retry@v3 | ||
| with: | ||
| retry_wait_seconds: 60 | ||
| timeout_minutes: 45 | ||
| max_attempts: 3 | ||
| command: | | ||
| pushd projects/rocprofiler-systems/docker | ||
| ./build-docker-ci.sh --distro ${{ matrix.distro }} --versions ${{ matrix.version }} --user ${{ secrets.DOCKERHUB_USERNAME }} --push --jobs 2 --elfutils-version 0.186 --boost-version 1.79.0 | ||
| popd | ||
|
|
||
| rocprofiler-systems-release: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, you should add a permissions block to the workflow file. The best way to do this is to add the block at the top level of the workflow, so it applies to all jobs unless overridden. Based on the workflow's steps, the jobs only need to check out code (which requires contents: read) and do not need to write to the repository or access other resources. Therefore, set contents: read as the minimal permission. If in the future a job needs more permissions, you can override the block at the job level.
Edit the file .github/workflows/rocprofiler-systems-containers.yml and add the following block after the name and run-name lines (before on:):
permissions:
contents: readNo additional methods, imports, or definitions are needed.
| @@ -2,2 +2,4 @@ | ||
| run-name: ci-containers | ||
| permissions: | ||
| contents: read | ||
|
|
| submodules: recursive | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| uses: docker/setup-qemu-action@v2 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v2 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Build CI Container | ||
| timeout-minutes: 45 | ||
| uses: nick-fields/retry@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| runs-on: ubuntu-22.04 | ||
| strategy: | ||
| matrix: | ||
| python-version: [3.8] | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| sparse-checkout: projects/rocprofiler-systems | ||
|
|
||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: ${{ matrix.python-version }} | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install black | ||
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | ||
|
|
||
| - name: black format | ||
| run: | | ||
| cd projects/rocprofiler-systems | ||
| black --diff --check . | ||
|
|
||
| cmake: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, add a permissions block to the workflow file to explicitly restrict the GITHUB_TOKEN permissions to the minimum required. The best way to do this is to add the following block at the top level of the workflow (after the name and before on), which will apply to all jobs unless overridden:
permissions:
contents: readThis ensures that all jobs in the workflow only have read access to repository contents, which is sufficient for formatting and linting tasks. No additional imports or definitions are needed, as this is a configuration change in the workflow YAML file.
| @@ -3,2 +3,4 @@ | ||
| run-name: formatting | ||
| permissions: | ||
| contents: read | ||
|
|
| runs-on: ubuntu-24.04 | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| sparse-checkout: projects/rocprofiler-systems | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y python3-pip | ||
| python3 -m pip install gersemi | ||
| - name: gersemi | ||
| run: | | ||
| set +e | ||
| gersemi -i $(find . -type f ! -path '*/external/*' | grep -E 'CMakeLists.txt|\.cmake$') | ||
| if [ $(git diff | wc -l) -gt 0 ]; then | ||
| echo -e "\nError! CMake code not formatted. Run gersemi ...\n" | ||
| echo -e "\nFiles:\n" | ||
| git diff --name-only | ||
| echo -e "\nFull diff:\n" | ||
| git diff | ||
| exit 1 | ||
| fi | ||
|
|
||
| source: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, you should add a permissions block to the workflow file .github/workflows/rocprofiler-systems-formatting.yml. The best way to do this is to add the block at the root level, immediately after the name and run-name fields, so that it applies to all jobs unless overridden. The minimal starting point is contents: read, which restricts the workflow's access to repository contents to read-only. If any job requires additional permissions (e.g., to write to issues or pull requests), you can expand the block accordingly, but based on the provided workflow, contents: read is sufficient. The change should be made at the top of the file, after the workflow name and run-name.
| @@ -3,2 +3,4 @@ | ||
| run-name: formatting | ||
| permissions: | ||
| contents: read | ||
|
|
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| sparse-checkout: projects/rocprofiler-systems | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| DISTRIB_CODENAME=$(cat /etc/lsb-release | grep DISTRIB_CODENAME | awk -F '=' '{print $NF}') | ||
| sudo apt-get update | ||
| sudo apt-get install -y software-properties-common wget curl clang-format-18 | ||
| - name: clang-format | ||
| run: | | ||
| set +e | ||
| FILES=$(find source examples tests -type f | egrep '\.(h|hpp|c|cpp)(|\.in)$') | ||
| FORMAT_OUT=$(clang-format-18 -output-replacements-xml ${FILES}) | ||
| RET=$(echo ${FORMAT_OUT} | grep -c '<replacement ') | ||
| if [ "${RET}" -ne 0 ]; then | ||
| echo -e "\nError! Code not formatted. Detected ${RET} lines\n" | ||
| clang-format-18 -i ${FILES} | ||
| git diff | ||
| exit ${RET} | ||
| fi | ||
|
|
||
| includes: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, add a permissions block to the workflow file. The best practice is to set this at the top level of the workflow, so it applies to all jobs unless overridden. Since the jobs in this workflow only check formatting and do not need to write to the repository or interact with issues or pull requests, the minimal required permission is contents: read. This change should be made near the top of the file, after the name and run-name fields and before the on block, or immediately after the on block. No additional methods, imports, or definitions are needed.
| @@ -3,2 +3,4 @@ | ||
| run-name: formatting | ||
| permissions: | ||
| contents: read | ||
|
|
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| python-version: ["3.7", "3.8", "3.9", "3.10"] | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| sparse-checkout: projects/rocprofiler-systems | ||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: ${{ matrix.python-version }} | ||
| - name: Install dependencies | ||
| run: | | ||
| cd projects/rocprofiler-systems/source/python/gui | ||
| python -m pip install --upgrade pip | ||
| pip install flake8 | ||
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | ||
| - name: Lint with flake8 | ||
| run: | | ||
| cd projects/rocprofiler-systems/source/python/gui | ||
| # stop the build if there are Python syntax errors or undefined names | ||
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | ||
| # flake8 options are defined in setup.cfg | ||
| flake8 . --count --statistics |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, add a permissions block to the workflow to explicitly set the minimal required permissions for the GITHUB_TOKEN. Since the workflow only checks out code and runs linting, it only needs read access to repository contents. The best way to do this is to add permissions: contents: read at the top level of the workflow file, just after the name and run-name fields and before the on block. This will apply the permission restriction to all jobs in the workflow. No other changes are needed.
| @@ -2,2 +2,4 @@ | ||
| run-name: Python | ||
| permissions: | ||
| contents: read | ||
|
|
Updating Runners for ROCProfiler
This reverts commit a964aa7.
The target_graphics_version was not formatted properly and was showing incorrect Target Name. Corrected this by fomatting major, minor and revision numbers. Signed-off-by: Bindhiya Kanangot Balakrishnan <[email protected]>
Co-authored-by: Jonathan R. Madsen <[email protected]>
Updating README to add a note about doc on rocm.docs portal Co-authored-by: srawat <[email protected]> Co-authored-by: Bhardwaj, Gopesh <[email protected]>
Co-authored-by: Jonathan R. Madsen <[email protected]> [ROCm/rocprofiler-register commit: 9338b9a]
Updating README to add a note about doc on rocm.docs portal Co-authored-by: srawat <[email protected]> Co-authored-by: Bhardwaj, Gopesh <[email protected]> [ROCm/rocprofiler commit: 578db22]
* Rename some examples still using the "omni" prefix. * CMake formatting [ROCm/rocprofiler-systems commit: 656b34b]
The target_graphics_version was not formatted properly and was showing incorrect Target Name. Corrected this by fomatting major, minor and revision numbers. Signed-off-by: Bindhiya Kanangot Balakrishnan <[email protected]> [ROCm/rocm_smi_lib commit: 94dca70]
The target_graphics_version was not formatted properly and was showing incorrect Target Name. Corrected this by fomatting major, minor and revision numbers. Signed-off-by: Bindhiya Kanangot Balakrishnan <[email protected]> [ROCm/rocm_smi_lib commit: 6337f7b]
[ROCm/rocm-core commit: baedf5d]
Co-authored-by: [email protected] <[email protected]> [ROCm/hipother commit: bb66090]
Updated amd-smi set help text --------- Signed-off-by: gabrpham <[email protected]> Signed-off-by: Pham, Gabriel <[email protected]>
Updated amd-smi set help text --------- Signed-off-by: gabrpham <[email protected]> Signed-off-by: Pham, Gabriel <[email protected]> [ROCm/amdsmi commit: 93a027e]
Updated amd-smi set help text --------- Signed-off-by: gabrpham <[email protected]> Signed-off-by: Pham, Gabriel <[email protected]> [ROCm/amdsmi commit: 93a027e]
No description provided.