name: "Check markdown links"

on:
  push:
    branches:
      - master
  pull_request:
  workflow_dispatch:

permissions: {}

jobs:
  check-links:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Check links
        uses: lycheeverse/lychee-action@v2.7.0
        with:
          # excluded:

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: cffconvert

on:
  push:
    paths:
      - CITATION.cff

permissions:
  contents: read

jobs:
  validate:

name: "Check CODEOWNERS file"

on:
  push:
    branches:
      - master
  pull_request:
  workflow_dispatch:

permissions: { }

jobs:
  code-owners-validation:
    permissions:
      contents: read
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - name: Get Secrets
        uses: gradle/actions-internal/get-aws-secrets@v1

  DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
  # Enable debug for the `gradle-build-action` cache operations
  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true

permissions: {}

jobs:
  build:
    name: "Compile All"
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: git clone
        uses: actions/checkout@v6
      - id: setup-matrix

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write

  schedule:
    - cron: '26 3 * * 2'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    name: Scorecards analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write

name: Submit Dependency Graph
on:
  workflow_dispatch:
  push:
    branches:
      - master

permissions: {}

jobs:
  generate-and-submit:
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v6
    - uses: actions/setup-java@v5
      with:
        distribution: temurin
        java-version: 17
    - name: Setup Gradle

    branches:
      - master
  pull_request:
    types:
      - opened
      - synchronize

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  changes:
    runs-on: ubuntu-latest
    # Required permissions
    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v6

on:
  workflow_dispatch: # Allows manual triggering of the action
  schedule: # Runs the action weekly on Monday at 3:42 UTC
    - cron: '42 3 * * 1'

permissions:
  contents: write
  pull-requests: write

jobs:
  update-jdks:
    if: github.repository == 'gradle/gradle'
    permissions:
      contents: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: ARM CI

on:
  push:
    branches:
      - master
      - r2.**
permissions:
  contents: read

jobs:
  build: