From aaec9e3c03adaf0923f9f48d03edbc2d6529db96 Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Wed, 14 Feb 2024 13:11:05 +0900 Subject: [PATCH] add pinning dependencies --- .ci/Dockerfile | 2 +- .github/workflows/publish_internal.yml | 14 +++++++++----- .github/workflows/scorecard.yml | 2 +- Dockerfile | 2 +- requirements/publish.txt | 2 ++ 5 files changed, 14 insertions(+), 8 deletions(-) create mode 100644 requirements/publish.txt diff --git a/.ci/Dockerfile b/.ci/Dockerfile index 03912d478a5..cb4dd924d5d 100644 --- a/.ci/Dockerfile +++ b/.ci/Dockerfile @@ -3,7 +3,7 @@ ######################################################### ARG ver_cuda="11.7.1" -FROM nvidia/cuda:${ver_cuda}-devel-ubuntu20.04 AS python_base_cuda +FROM nvidia/cuda:${ver_cuda}-devel-ubuntu20.04@sha256:f663a1cf01a46daa469c75bf246ac00098bd5179aff2c75367c44f475cd4c8f4 AS python_base_cuda LABEL maintainer="OpenVINO Training Extensions Development Team" ARG HTTP_PROXY diff --git a/.github/workflows/publish_internal.yml b/.github/workflows/publish_internal.yml index 48b955fe5a1..e743fc996dd 100644 --- a/.github/workflows/publish_internal.yml +++ b/.github/workflows/publish_internal.yml @@ -30,7 +30,7 @@ jobs: with: python-version: "3.10" - name: Install pypa/build - run: python -m pip install build==1.* + run: python -m pip install -r requirements/publish.txt - name: Build sdist run: python -m build --sdist - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 @@ -45,12 +45,14 @@ jobs: permissions: packages: write steps: + - name: Checkout + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Set up Python uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: "3.10" - name: Install dependencies - run: python -m pip install twine==4.0.2 + run: python -m pip install -r requirements/publish.txt - name: Download artifacts uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -74,9 +76,11 @@ jobs: twine upload --verbose --repository-url $REPOSITORY_URL dist/* -u ${{ secrets.PYPI_USER }} -p ${{ secrets.PYPI_PASSWORD }} - name: Publish package distributions to TestPyPI if: ${{ steps.check-tag.outputs.match == '' }} - run: | - export REPOSITORY_URL=https://test.pypi.org/legacy/ - twine upload --verbose --repository-url $REPOSITORY_URL dist/* -u __token__ -p ${{ secrets.TESTPYPI_API_TOKEN }} + uses: pypa/gh-action-pypi-publish@22b4d1f12511f2696162c08546dafbaa903448a2 # v1.7.1 + with: + password: ${{ secrets.TESTPYPI_API_TOKEN }} + repository-url: https://test.pypi.org/legacy/ + verbose: true - name: Clean up dist if: ${{ always() }} run: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index abf3f564cfb..11effedb64f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@dc021d495cb77b369e4d9d04a501700fd83b8c51 # v2.24.0 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 0fab59ec3d5..221af69b797 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -ARG UBUNTU_VER=20.04 +ARG UBUNTU_VER=20.04@sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 FROM ubuntu:$UBUNTU_VER ARG PYTHON_VER=3.9 diff --git a/requirements/publish.txt b/requirements/publish.txt new file mode 100644 index 00000000000..b1b55833bd6 --- /dev/null +++ b/requirements/publish.txt @@ -0,0 +1,2 @@ +build==1.0.3 +twine==4.0.2