# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write

name: CI

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

permissions:
  contents: read

jobs:
  test:
    permissions:
      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
      contents: read  # for actions/checkout to fetch code
    name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
    strategy:
      matrix:

name: VulnCheck
on:
  pull_request:
    branches:
      - master

  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:

    steps:
      - name: Evaluate Rules
        uses: linear-b/gitstream-github-action@v1
        env:
          REPO_READ_TOKEN: ${{ secrets.GITSTREAM_TESTING_TOKEN }}
        id: rules-engine
        with:
          full_repository: ${{ github.event.inputs.full_repository }}
          head_ref: ${{ github.event.inputs.head_ref }}
          base_ref: ${{ github.event.inputs.base_ref }}

  lokiCanary:
    enabled: false
resultsCache:
  enabled: false
chunksCache:
  enabled: false
singleBinary:
  replicas: 1
deploymentMode: SingleBinary
gateway:
  enabled: false
read:
  replicas: 0
write:
  replicas: 0
backend:

    branches:
      - master
      - next

# This ensures that previous jobs for the PR are canceled when the PR is
# updated.
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  iam-matrix-test:
    name: "[Go=${{ matrix.go-version }}|ldap=${{ matrix.ldap }}|etcd=${{ matrix.etcd }}|openid=${{ matrix.openid }}]"
    runs-on: ubuntu-latest

    branches:
    - master
    - next

# This ensures that previous jobs for the PR are canceled when the PR is
# updated.
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  replication-test:
    name: Advanced Tests with Go ${{ matrix.go-version }}
    runs-on: ubuntu-latest

    strategy:
      matrix:
        go-version: [1.21.x]

    branches:
      - master
  pull_request:
    types:
      - opened
      - synchronize
jobs:
  changes:
    runs-on: ubuntu-latest
    # Required permissions
    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v4

EY_TMP|wc -l) -ne 2 ]];then echo "credentials file is invalid" rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP return 1 fi SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) # Create the svcacct if it does not exist if ! checkSvcacctExists ; then echo "Creating svcacct '$SVCACCT'" # Check if policy file is define if [ -z $FILENAME ]; then ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER else ${MC} admin user...

# to reference the most recent versions of the SIG Build Docker images.
name: Update RBE Configs
on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  rbe:
    name: Update RBE Configs
    runs-on: ubuntu-latest
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    steps:
    - name: Checkout code