name: Upload SIG Build docker containers modified for release branches

on:
  workflow_dispatch:
  push:
    paths:
      - '.github/workflows/sigbuild-docker-branch.yml'
      - 'tensorflow/tools/tf_sig_build_dockerfiles/**'
      - '!tensorflow/tools/tf_sig_build_dockerfiles/README.md'
    branches:
      - "r[1-9].[0-9]+"

permissions:
  contents: read

jobs:
  docker:

# https://github.com/tensorflow/tensorflow/actions/workflows/release-branch-cherrypick.yml
# and click "Run Workflow." Leave "Use Workflow From" set to "master", then
# input the branch name and paste the cherry-pick commit and click Run. A PR
# will be created.

name: Release Branch Cherrypick
on:
  workflow_dispatch:
    inputs:
      # We use this instead of the "run on branch" argument because GitHub looks

name: CI

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

permissions:
  contents: read

jobs:
  test:
    permissions:
      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
      contents: read  # for actions/checkout to fetch code
    name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
    strategy:
      matrix:

on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '26 3 * * 2'
  push:
    branches: [ "master" ]

# limitations under the License.
# ==============================================================================

name: Creates a GitHub Issue when a PR Rolled back via Commit to Master
on:
  push:
    branches:
      - master
      
permissions: {}

jobs:
  create-issue-on-pr-rollback:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: read

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

name: Test

on:
  push:
    branches:
      - master
  pull_request:
    types:
      - opened
      - synchronize
  schedule:
    # cron every week on monday
    - cron: "0 0 * * 1"

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"

# limitations under the License.
# ==============================================================================

name: ARM CD

on:
  push:
    tags:
      - v2.**
    branches:
      - r2.**
  schedule:
    - cron: '0 8 * * *'

permissions:
  contents: read

jobs:
  build:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks

      - cron: '0 0 * * 0'
  push:
    paths:
      - '.github/workflows/sigbuild-docker.yml'
      - 'tensorflow/tools/tf_sig_build_dockerfiles/**'
      - '!tensorflow/tools/tf_sig_build_dockerfiles/README.md'
    branches:
      - master

permissions:
  contents: read

jobs:
  docker:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    runs-on: ubuntu-latest
    strategy:
      matrix:

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: ARM CI

on:
  push:
    branches:
      - master
      - r2.**
permissions:
  contents: read

jobs:
  build:
    # Don't do this in forks, and if labeled, only for 'kokoro:force-run'