mirror of
https://github.com/huggingface/xet-core.git
synced 2026-06-04 13:30:29 +08:00
2659c69892
## 🔒 Pin GitHub Actions to commit SHAs This PR pins all GitHub Actions to their exact commit SHA instead of mutable tags or branch names. **Why?** Pinning to a SHA prevents supply chain attacks where a tag (e.g. `v4`) could be moved to point to malicious code. ### Changes | Workflow | Action | Avant | Après | SHA | |---|---|---|---|---| | `hf-xet-tests.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `hf-xet-tests.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `hf-xet-tests.yml` | `actions/setup-python` | `v6` | `v6` | `a309ff8b426b…` | | `hf-xet-tests.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `release.yml` | `actions/setup-python` | `v6` | `v6` | `a309ff8b426b…` | | `release.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `release.yml` | `actions/setup-python` | `v6` | `v6` | `a309ff8b426b…` | | `release.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `release.yml` | `actions/setup-python` | `v6` | `v6` | `a309ff8b426b…` | | `release.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `release.yml` | `actions/setup-python` | `v6` | `v6` | `a309ff8b426b…` | | `release.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `release.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `release.yml` | `actions/download-artifact` | `v7` | `v7` | `37930b1c2aba…` | | `release.yml` | `actions/attest-build-provenance` | `v3` | `v3` | `977bb373ede9…` | | `release.yml` | `PyO3/maturin-action` | `v1` | `v1` | `04ac600d27cd…` | | `release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `release.yml` | `actions/download-artifact` | `v7` | `v7` | `37930b1c2aba…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `dtolnay/rust-toolchain` | `stable` | `nightly` | `3c5f7ea28cd6…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `bnjbvr/cargo-machete` | `main` | `main` | `b81ce1560c5f…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `ci.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `ci.yml` | `dtolnay/rust-toolchain` | `nightly` | `nightly` | `3c5f7ea28cd6…` | | `git-xet-release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `git-xet-release.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `git-xet-release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `git-xet-release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `git-xet-release.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `git-xet-release.yml` | `lando/code-sign-action` | `v3` | `v3` | `a5703d3b5486…` | | `git-xet-release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `git-xet-release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `git-xet-release.yml` | `dtolnay/rust-toolchain` | `1.89.0` | `1.94.1` | `3c5f7ea28cd6…` | | `git-xet-release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `git-xet-release.yml` | `actions/upload-artifact` | `v6` | `v6` | `b7c566a772e6…` | | `git-xet-release.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` | | `git-xet-release.yml` | `actions/download-artifact` | `v7` | `v7` | `37930b1c2aba…` | > 🤖 Generated by `/github-actions-audit` — [security/pin-actions-to-sha] Closes huggingface/tracking-issues#291 Co-authored-by: di <di@huggingface.co>
135 lines
5.0 KiB
YAML
135 lines
5.0 KiB
YAML
name: xet-core CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
fmt:
|
|
name: Rustfmt
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: nightly
|
|
components: rustfmt
|
|
- name: Format
|
|
run: |
|
|
cargo fmt --manifest-path ./Cargo.toml --all -- --check
|
|
cargo fmt --manifest-path ./hf_xet/Cargo.toml --all -- --check
|
|
detect-unused-dependencies:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Machete
|
|
uses: bnjbvr/cargo-machete@b81ce1560c5fbd0210cb66d88bf210329ff04266 # main
|
|
check-bench-compiles:
|
|
name: Check benchmarks compile
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Compile benchmarks
|
|
run: |
|
|
cargo bench --no-run --workspace --exclude git_xet
|
|
build_and_test-linux:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust 1.94
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
components: clippy
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Lint
|
|
run: |
|
|
cargo clippy -r --verbose -- -D warnings # elevates warnings to errors
|
|
cargo clippy -r --verbose --manifest-path hf_xet/Cargo.toml -- -D warnings # elevates warnings to errors
|
|
- name: Set up Git LFS
|
|
run: |
|
|
curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash
|
|
sudo apt-get install git-lfs
|
|
git lfs install
|
|
- name: Build and Test
|
|
run: |
|
|
cargo test --verbose --no-fail-fast --features "strict simulation git-xet-for-integration-test"
|
|
- name: Build and Test hf_xet
|
|
run: |
|
|
cd hf_xet && cargo test --verbose --no-fail-fast
|
|
- name: Check Cargo.lock has no uncommitted changes
|
|
run: |
|
|
# the build and test steps would update Cargo.lock if it is out of date
|
|
test -z "$(git status --porcelain Cargo.lock)" || (echo "Cargo.lock has uncommitted changes!" && exit 1)
|
|
build_and_test-win:
|
|
runs-on: windows-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust 1.94
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Build and Test
|
|
run: |
|
|
cargo test --verbose --no-fail-fast --features "strict simulation git-xet-for-integration-test"
|
|
- name: Build and Test hf_xet
|
|
run: |
|
|
cd hf_xet && cargo test --verbose --no-fail-fast
|
|
build_and_test-macos:
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust 1.94
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- name: Set up Git LFS
|
|
run: |
|
|
brew install git-lfs
|
|
git lfs install
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Build and Test
|
|
run: |
|
|
cargo test --verbose --no-fail-fast --features "strict simulation git-xet-for-integration-test"
|
|
- name: Build and Test hf_xet
|
|
run: |
|
|
cd hf_xet && cargo test --verbose --no-fail-fast
|
|
build_and_test-wasm:
|
|
name: Build WASM
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust nightly
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: nightly
|
|
targets: wasm32-unknown-unknown
|
|
components: rust-src
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Install wasm-bindgen-cli and wasm-pack
|
|
run: |
|
|
cargo install --version 0.2.100 wasm-bindgen-cli
|
|
cargo install --version 0.13.1 wasm-pack
|
|
- name: Build hf_xet_thin_wasm
|
|
working-directory: wasm/hf_xet_thin_wasm
|
|
run: |
|
|
./build_wasm.sh
|
|
- name: Build hf_xet_wasm
|
|
working-directory: wasm/hf_xet_wasm
|
|
run: |
|
|
./build_wasm.sh |