diff --git a/.github/workflows/aarch64-acl.yml b/.github/workflows/aarch64-acl.yml index 75645d20b9..3b1149dab7 100644 --- a/.github/workflows/aarch64-acl.yml +++ b/.github/workflows/aarch64-acl.yml @@ -28,8 +28,9 @@ on: workflow_dispatch: -# Declare default permissions as read only. -permissions: read-all +permissions: + contents: read + id-token: none jobs: # Cache is built sequentially to avoid cache-hit race conditions diff --git a/.github/workflows/nightly-aarch64.yml b/.github/workflows/nightly-aarch64.yml index 922aae495a..1041585cae 100644 --- a/.github/workflows/nightly-aarch64.yml +++ b/.github/workflows/nightly-aarch64.yml @@ -32,13 +32,15 @@ concurrency: cancel-in-progress: true # Declare default permissions as read only. -permissions: write-all +permissions: read-all jobs: build-acl-cache: uses: ./.github/workflows/aarch64-acl.yml test-performance: + permissions: + contents: write uses: ./.github/workflows/performance-aarch64.yml build-and-test: @@ -52,6 +54,8 @@ jobs: name: ${{ matrix.config.name }}, ${{ matrix.config.toolset }}, ${{ matrix.config.threading }}, ${{ matrix.config.build }} runs-on: ${{ matrix.config.label }} + permissions: + contents: write steps: - name: Checkout oneDNN diff --git a/.github/workflows/performance-aarch64.yml b/.github/workflows/performance-aarch64.yml index 81cad72ce0..7191a19e09 100644 --- a/.github/workflows/performance-aarch64.yml +++ b/.github/workflows/performance-aarch64.yml @@ -52,8 +52,10 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }}-performance cancel-in-progress: true -# Declare default permissions as read only. -permissions: write-all +# Setting this to read-all causes issues with the id-tokens permission +permissions: + contents: read + id-token: none jobs: build-acl-base: @@ -76,8 +78,9 @@ jobs: name: ${{ matrix.config.name }}, ${{ matrix.config.toolset }}, ${{ matrix.config.threading }}, ${{ matrix.config.build }} runs-on: ${{ matrix.config.label }} + permissions: + contents: write steps: - - name: Checkout oneDNN uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: @@ -222,8 +225,10 @@ jobs: if: ${{ inputs.benchdnn_command == '' }} shell: bash run: | - OMP_NUM_THREADS=${{ inputs.num_threads || 16 }} bash ${{ github.workspace }}/oneDNN/.github/automation/performance/bench_nightly_performance.sh ${{ github.workspace }}/oneDNN_base/build/tests/benchdnn/benchdnn ${{ github.workspace }}/oneDNN_new/build/tests/benchdnn/benchdnn base.txt new.txt + bash ${{ github.workspace }}/oneDNN/.github/automation/performance/bench_nightly_performance.sh ${{ github.workspace }}/oneDNN_base/build/tests/benchdnn/benchdnn ${{ github.workspace }}/oneDNN_new/build/tests/benchdnn/benchdnn base.txt new.txt python ${{ github.workspace }}/oneDNN/.github/automation/performance/benchdnn_comparison.py base.txt new.txt --out-file perf_table.md + env: + OMP_NUM_THREADS: ${{ inputs.num_threads || 16 }} - name: Update wiki if: ${{ (success() || failure()) && inputs.benchdnn_command == '' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/ryo-not-rio/wiki') }} @@ -237,11 +242,13 @@ jobs: if: ${{ inputs.benchdnn_command != '' }} shell: bash run: | - OMP_NUM_THREADS=${{ inputs.num_threads || 16 }} \ bash ${{ github.workspace }}/oneDNN/.github/automation/performance/run_benchdnn_compare.sh \ "${{ github.workspace }}/oneDNN_base/build/tests/benchdnn/benchdnn" \ "${{ github.workspace }}/oneDNN_new/build/tests/benchdnn/benchdnn" \ - base.txt new.txt ${{ inputs.benchdnn_command }} + base.txt new.txt "$BENCHDNN_COMMAND" + env: + OMP_NUM_THREADS: ${{ inputs.num_threads || 16 }} + BENCHDNN_COMMAND: ${{ inputs.benchdnn_command }} - name: Print speed comparisons if: ${{ (success() || failure()) && inputs.benchdnn_command != '' }}