name: VulnCheck
on:
  pull_request:
    branches:
      - master

  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:

name: Upload SIG Build docker containers modified for release branches

on:
  workflow_dispatch:
  push:
    paths:
      - '.github/workflows/sigbuild-docker-branch.yml'
      - 'tensorflow/tools/tf_sig_build_dockerfiles/**'
      - '!tensorflow/tools/tf_sig_build_dockerfiles/README.md'
    branches:
      - "r[1-9].[0-9]+"

permissions:
  contents: read

jobs:
  docker:

name: Contributor CI Build

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

concurrency:
  # On master/release, we don't want any jobs cancelled so the sha is used to name the group
  # On PR branches, we cancel the job if new commits are pushed

name: Submit Dependency Graph
on:
  workflow_dispatch:
  push:
    branches:
      - master

permissions: {}

jobs:
  generate-and-submit:
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-java@v4
      with:
        distribution: temurin
        java-version: 17
    - name: Setup Gradle

name: tests

on:
  push:
    branches-ignore:
      - 'gh-pages'
  pull_request:
    branches-ignore:
      - 'gh-pages'

permissions:
  contents: read

jobs:
  # Label of the container job
  sqlite:
    strategy:
      matrix:
        go: ['1.22', '1.21', '1.20']
        platform: [ubuntu-latest] # can not run in windows OS
    runs-on: ${{ matrix.platform }}

    steps:
    - name: Set up Go 1.x

# limitations under the License.
# ==============================================================================

name: Creates a GitHub Issue when a PR Rolled back via Commit to Master
on:
  push:
    branches:
      - master
      
permissions: {}

jobs:
  create-issue-on-pr-rollback:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: read

name: CI

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

permissions:
  contents: read

jobs:
  test:
    permissions:
      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
      contents: read  # for actions/checkout to fetch code
    name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
    strategy:
      matrix:

name: Linters and Tests

on:
  pull_request:
    branches:
      - master

# This ensures that previous jobs for the PR are canceled when the PR is
# updated.
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  build:
    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:

     * should be enabled, i.e. when new commits are pushed to this branch, should a ReadyForNightly job
     * be triggered automatically?
     *
     * Currently, we only enable VCS trigger for `master`/`release`/`releaseNx` branches.
     */
    val enableVcsTriggers: Boolean = nightlyPromotionTriggerHour != null

    companion object {
        private
        const val MASTER_BRANCH = "master"

        private

WIP ML Build Docker container for ML repositories (Tensorflow, JAX and XLA).

This container branches off from
/tensorflow/tools/tf_sig_build_dockerfiles/. However, since
hermetic CUDA and hermetic Python is now available for Tensorflow, a lot of the
requirements installed on the original container can be removed to reduce the
footprint of the container and make it more reusable across different ML