name: 'Auto Assign PR to Author'
on:
  pull_request:
    types: [opened]

permissions: {}

jobs:
  add-reviews:
    permissions:
      contents: read  # for kentaro-m/auto-assign-action to fetch config file
      pull-requests: write  # for kentaro-m/auto-assign-action to assign PR reviewers
    runs-on: ubuntu-latest
    steps:

permissions: {}

jobs:
  check_pr_commits:
    permissions:
      contents: read
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up JDK 11
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '11'
      - name: Install Groovy

    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'documentation')

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: 17

      - uses: actions/setup-python@v5
        with:

    strategy:
      fail-fast: false
      matrix:
        language: ['java', 'javascript']

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        fetch-depth: 2

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}

    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:

      id: cherrypick
      run: |
          git config --global user.name "TensorFlow Release Automation"
          git config --global user.email "******@****.***"
          git fetch origin master
          git cherry-pick ${{ github.event.inputs.git_commit }}
          echo "SHORTSHA=$(git log -1 ${{ github.event.inputs.git_commit }} --format="%h")" >> "$GITHUB_OUTPUT"

name: VulnCheck
on:
  pull_request:
    branches:
      - master

  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:

    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'containers')

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: 17

      - name: Setup Gradle

permissions:
  contents: read

jobs:
  test:
    permissions:
      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
      contents: read  # for actions/checkout to fetch code
    name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
    strategy:
      matrix:
        os: [ ubuntu-latest ]
        java: [ 8, 11, 17, 21 ]

    - cron: '0 5 * * *'

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix: