description: the resolver url to pass results to
        required: true
      resolver_token:
        description: Optional resolver token for resolver service
        required: false
        default: ''

jobs:
  gitStream:
    timeout-minutes: 15
    runs-on: ubuntu-latest
    name: gitStream workflow automation
    steps:
      - name: Evaluate Rules
        uses: linear-b/gitstream-github-action@v1
        env:

# limitations under the License.
# ==============================================================================

name: Trusted Partner PR
on:
  pull_request_target:

permissions:
  contents: read

jobs:
  assign-partner-tags:
    runs-on: ubuntu-latest
    permissions:
      # Needed to attach tags into the PR
      issues: write
      contents: write
      pull-requests: write
    if: |

name: "Close Missing Playground issues"
on:
  schedule:
  - cron: "*/10 * * * *"

permissions:
  contents: read

jobs:
  stale:
    permissions:
      issues: write  # for actions/stale to close stale issues
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    env:
      ACTIONS_STEP_DEBUG: true
    steps:
    - name: Close Stale Issues
      uses: actions/stale@v8
      with:

name: Deploy Docs
on:
  workflow_run:
    workflows:
      - Build Docs
    types:
      - completed

jobs:
  deploy-docs:
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
      - name: Clean site
        run: |
          rm -rf ./site
          mkdir ./site

      - 'tensorflow/tools/tf_sig_build_dockerfiles/**'
      - '!tensorflow/tools/tf_sig_build_dockerfiles/README.md'
    branches:
      - "r[1-9].[0-9]+"

permissions:
  contents: read

jobs:
  docker:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [python3.9, python3.10, python3.11, python3.12]

# See .github/workflows/CheckBadMerge.groovy for explanation
name: Check bad merge commit
on:
  pull_request:
    types:
     - opened
     - synchronize

permissions: {}

jobs:
  check_pr_commits:
    permissions:
      contents: read
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up JDK 11

# ==============================================================================

name: PyLint
on:
  pull_request:
    paths:
      - '**.py'

permissions:
  contents: read

jobs:
  build:
    name: PyLint
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
    - name: Get file changes

        required: true
        type: string
      git_commit:
        description: 'Git commit to cherry-pick'
        required: true
        type: string

permissions:
  contents: read

jobs:
  cherrypick:
    name: Cherrypick to ${{ github.event.inputs.release_branch}} - ${{ github.event.inputs.git_commit }}
    runs-on: ubuntu-latest
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.6.2-beta1"
    with:
      scan-args: |-

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================
# Release jobs are very basic. They don't use any caching or RBE,
# but they do upload logs to resultstore.
# IMPORTANT: trailing slash is required on GCS URIs, as it tells gcloud to
# pretend the path is a directory.