# https://github.com/tensorflow/tensorflow/actions/workflows/release-branch-cherrypick.yml
# and click "Run Workflow." Leave "Use Workflow From" set to "master", then
# input the branch name and paste the cherry-pick commit and click Run. A PR
# will be created.

name: Release Branch Cherrypick
on:
  workflow_dispatch:
    inputs:
      # We use this instead of the "run on branch" argument because GitHub looks

name: Upload SIG Build docker containers modified for release branches

on:
  workflow_dispatch:
  push:
    paths:
      - '.github/workflows/sigbuild-docker-branch.yml'
      - 'tensorflow/tools/tf_sig_build_dockerfiles/**'
      - '!tensorflow/tools/tf_sig_build_dockerfiles/README.md'
    branches:
      - "r[1-9].[0-9]+"

permissions:
  contents: read

jobs:

# ============================================================================

name: Scorecards supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See

          add-paths: .teamcity/jdks.yaml
          title: "Update jdks.yaml"
          body: "This PR updates JDK to the latest versions available in `.teamcity/jdks.yaml`."
          delete-branch: true
          branch-suffix: timestamp
          labels: |
            in:building-gradle

        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
        with:
          # To allow latest-changes to commit to the main branch
          token: ${{ secrets.FASTAPI_LATEST_CHANGES }}
      # Allow debugging with tmate
      - name: Setup tmate session
        uses: mxschmitt/action-tmate@v3

# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See

          - os: windows-latest
            java: 21
            root-pom: pom.xml
    runs-on: ${{ matrix.os }}
    env:
      ROOT_POM: ${{ matrix.root-pom }}
    steps:
      # Cancel any previous runs for the same branch that are still running.
      - name: 'Cancel previous runs'
        uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
        with:
          access_token: ${{ github.token }}

    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v4
    # For pull requests it's not necessary to checkout the code but for the main branch it is
    - uses: dorny/paths-filter@v3
      id: filter
      with:
        filters: |
          docs:
            - README.md
            - docs/**
            - docs_src/**

version: 2
updates:

  - package-ecosystem: "maven"
    directory: "/"
    schedule:
      interval: "daily"

  - package-ecosystem: maven
    directory: "/"
    schedule:
      interval: "daily"
    target-branch: "maven-3.9.x"
    labels:
      - "mvn3"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:

        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          command: pages deploy ./site --project-name=${{ env.PROJECT_NAME }} --branch=${{ env.BRANCH }}
      - name: Comment Deploy
        run: python ./scripts/deploy_docs_status.py
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          DEPLOY_URL: ${{ steps.deploy.outputs.deployment-url }}