on:
  push:
    branches:
      - master
      
permissions: {}

jobs:
  create-issue-on-pr-rollback:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: read
    if: |
      github.repository == 'tensorflow/tensorflow' &&
      startsWith(github.event.head_commit.message, 'Rollback of PR #')
    steps:
      - name: Checkout repo

  const string input_name =
      signature_def.inputs().at(tensorflow::kRegressInputs).name();
  const string output_name =
      signature_def.outputs().at(tensorflow::kRegressOutputs).name();

  // Write {0, 1, 2, 3} as tensorflow::Example inputs.
  Tensor input(tensorflow::DT_STRING, TensorShape({4}));
  for (int64_t i = 0; i < input.NumElements(); ++i) {
    tensorflow::Example example;

    name: Scorecards analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      id-token: write

    steps:
      - name: "Checkout code"
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
        with:
          persist-credentials: false

name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'

permissions: {}

jobs:
  master-to-nightly:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
    - uses: zofrex/mirror-branch@a8809f0b42f9dfe9b2c5c2162a46327c23d15266 # v1.0.3
      name: Set nightly branch to master HEAD
      with:

# 3. Add modifiers. Some modifiers for local execution are:
#      Ex. disk_cache -- Use a local cache
#      Ex. public_cache -- Use TF's public cache (read-only)
#      Ex. public_cache_push -- Use TF's public cache (read and write, Googlers only)
#      Ex. rbe        -- Use RBE for faster builds (Googlers only; see below)
#      Ex. no_docker  -- Disable docker on enabled platforms

permissions:
  contents: read

jobs:
  assign-partner-tags:
    runs-on: ubuntu-latest
    permissions:
      # Needed to attach tags into the PR
      issues: write
      contents: write
      pull-requests: write
    if: |
      github.event.pull_request.draft == false &&
      github.event.sender.type == 'User'
    steps:
      - name: Checkout repo

# limitations under the License.
# ==============================================================================
# Sourcing this enables Bazel remote cache (read and write)
# Note that "_push" cache configs write to GCS buckets and require
# authentication. If you are not a Googler, source "public_cache" to enable the
# public read-only cache.
# The cache configs are different for MacOS and Linux

variables as part of those interactions (ex: using a string variable to build a
filesystem path), a maliciously created checkpoint might be able to change the
targets of those operations, which could result in arbitrary
read/write/executions.

### Running a TensorFlow server

TensorFlow is a platform for distributed computing, and as such there is a
TensorFlow server (`tf.train.Server`). The TensorFlow server is intended for

    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [python3.9, python3.10, python3.11, python3.12]
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Delete unnecessary tools folder
        run: |
          df -h
          rm -rf /opt/hostedtoolcache
          df -h
      -
        name: Checkout