diff --git a/.github/workflows/workflow_finetune.yml b/.github/workflows/workflow_finetune.yml index 9650ebfa..91950e55 100644 --- a/.github/workflows/workflow_finetune.yml +++ b/.github/workflows/workflow_finetune.yml @@ -29,6 +29,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-ft cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: finetune: name: finetune @@ -63,7 +66,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build Docker Image run: | @@ -88,6 +91,12 @@ jobs: source dev/scripts/ci-functions.sh finetune_test ${{ matrix.model }} + - name: Run Finetune DPO Test + run: | + TARGET="finetune" + source dev/scripts/ci-functions.sh + finetune_dpo_test ${{ matrix.model }} + - name: Run PEFT-LoRA Test run: | source dev/scripts/ci-functions.sh diff --git a/.github/workflows/workflow_finetune_gpu.yml b/.github/workflows/workflow_finetune_gpu.yml index fb1ec910..b48811df 100644 --- a/.github/workflows/workflow_finetune_gpu.yml +++ b/.github/workflows/workflow_finetune_gpu.yml @@ -13,6 +13,9 @@ on: type: string default: 'http://proxy-prc.intel.com:912' +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: finetune-gpu: name: finetune-gpu @@ -35,7 +38,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Running task on Intel GPU run: | diff --git a/.github/workflows/workflow_inference.yml b/.github/workflows/workflow_inference.yml index ed226684..e01ef598 100644 --- a/.github/workflows/workflow_inference.yml +++ b/.github/workflows/workflow_inference.yml @@ -29,6 +29,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-inf cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: inference: name: inference @@ -65,7 +68,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Determine Target id: "target" diff --git a/.github/workflows/workflow_inference_gaudi2.yml b/.github/workflows/workflow_inference_gaudi2.yml index 97b1618a..56f2df99 100644 --- a/.github/workflows/workflow_inference_gaudi2.yml +++ b/.github/workflows/workflow_inference_gaudi2.yml @@ -23,6 +23,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-inf-gaudi2 cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: inference: name: inference @@ -81,7 +84,7 @@ jobs: echo "target=$target" >> $GITHUB_OUTPUT - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build Docker Image run: | diff --git a/.github/workflows/workflow_lint.yml b/.github/workflows/workflow_lint.yml index 35c1ea31..a0094cbf 100644 --- a/.github/workflows/workflow_lint.yml +++ b/.github/workflows/workflow_lint.yml @@ -11,6 +11,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-lt cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: lint: name: lint @@ -22,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run Lint run: ./format.sh -a diff --git a/.github/workflows/workflow_orders_nightly.yml b/.github/workflows/workflow_orders_nightly.yml index 025dcbe5..ab9b3009 100644 --- a/.github/workflows/workflow_orders_nightly.yml +++ b/.github/workflows/workflow_orders_nightly.yml @@ -4,6 +4,9 @@ on: [] # schedule: # - cron: "0 16 * * *" +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: call-inference: diff --git a/.github/workflows/workflow_orders_on_merge.yml b/.github/workflows/workflow_orders_on_merge.yml index 632f880b..d26c641e 100644 --- a/.github/workflows/workflow_orders_on_merge.yml +++ b/.github/workflows/workflow_orders_on_merge.yml @@ -8,6 +8,9 @@ on: - '**' - '!*.md' +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: Lint: uses: ./.github/workflows/workflow_lint.yml diff --git a/.github/workflows/workflow_orders_on_pr.yml b/.github/workflows/workflow_orders_on_pr.yml index cac4bfac..0c14c60c 100644 --- a/.github/workflows/workflow_orders_on_pr.yml +++ b/.github/workflows/workflow_orders_on_pr.yml @@ -7,6 +7,10 @@ on: paths: - '**' - '!*.md' + +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: Lint: diff --git a/.github/workflows/workflow_test_benchmark.yml b/.github/workflows/workflow_test_benchmark.yml index ba57af94..778de1c3 100644 --- a/.github/workflows/workflow_test_benchmark.yml +++ b/.github/workflows/workflow_test_benchmark.yml @@ -29,6 +29,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-bench cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: setup-test: @@ -51,7 +54,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Load environment variables run: cat /root/actions-runner-config/.env >> $GITHUB_ENV diff --git a/.github/workflows/workflow_tests.yml b/.github/workflows/workflow_tests.yml index eb51d4f0..c7453686 100644 --- a/.github/workflows/workflow_tests.yml +++ b/.github/workflows/workflow_tests.yml @@ -7,6 +7,9 @@ on: type: string default: 'pr' +permissions: # added using https://github.com/step-security/secure-repo + contents: read + jobs: setup-test: @@ -26,10 +29,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: ${{matrix.python-version}} architecture: 'x64' @@ -60,10 +63,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: ${{matrix.python-version}} architecture: 'x64' @@ -94,10 +97,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: ${{matrix.python-version}} architecture: 'x64' @@ -141,7 +144,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Determine Target id: "target" @@ -165,7 +168,7 @@ jobs: code_checkout_path=${{ github.workspace }} source dev/scripts/ci-functions.sh start_docker ${TARGET} ${code_checkout_path} - + - name: Install Dependencies for Tests run: | TARGET=${{steps.target.outputs.target}} @@ -189,4 +192,4 @@ jobs: run: | TARGET=${{steps.target.outputs.target}} source dev/scripts/ci-functions.sh - stop_container ${TARGET} \ No newline at end of file + stop_container ${TARGET}