mirror of
https://github.com/pytorch/pytorch.git
synced 2025-10-20 12:54:11 +08:00
79e8dc7d53
Pin actions from repos external to the PyTorch project to their shasums for security. This is a best practice as Git tags are not immutable. https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/ Pull Request resolved: https://github.com/pytorch/pytorch/pull/152110 Approved by: https://github.com/seemethere, https://github.com/ZainRizvi
44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
name: runner-determinator
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
branches: [main]
|
|
paths:
|
|
- .github/workflows/_runner-determinator.yaml
|
|
- .github/workflows/_runner_determinator_script_sync.yaml
|
|
- .github/workflows/scripts/runner_determinator.py
|
|
|
|
jobs:
|
|
python-script-sync-check:
|
|
if: github.repository_owner == 'pytorch'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
sparse-checkout: |
|
|
.github
|
|
|
|
- name: Extract the script from runner_determinator
|
|
run: |
|
|
# Runner determinator files
|
|
RUNNER_DETERMINATOR_WORKFLOW_FILE=.github/workflows/_runner-determinator.yml
|
|
RUNNER_DETERMINATOR_PYTHON_SCRIPT_FILE=.github/scripts/runner_determinator.py
|
|
|
|
# Parse the job file, extract the script and run it, up to the final EOF,
|
|
# to generate the python file in the local folder
|
|
yq '.jobs.runner-determinator.steps[] | select(.id == "hardcode-script") | .run' \
|
|
"${RUNNER_DETERMINATOR_WORKFLOW_FILE}" | sed '/^EOF$/q' | bash
|
|
|
|
set +e
|
|
DIFF="$(diff "$(basename ${RUNNER_DETERMINATOR_PYTHON_SCRIPT_FILE})" ${RUNNER_DETERMINATOR_PYTHON_SCRIPT_FILE})"
|
|
IS_DIFF=$?
|
|
set -e
|
|
if [ $IS_DIFF -eq 0 ]; then
|
|
echo "Scripts are in sync! ^_^";
|
|
else
|
|
echo -e "Scripts are *NOT* in sync:\n ${DIFF}";
|
|
exit 1
|
|
fi
|