# the CACHEBUSTER to the PR number.
build --action_env=CACHEBUSTER=20220325

# Use Python 3.X as installed in container image
build --action_env PYTHON_BIN_PATH="/usr/local/bin/python3"
build --python_path="/usr/local/bin/python3"

# Build TensorFlow v2
build --define=tf_api_version=2 --action_env=TF2_BEHAVIOR=1

# Prevent double-compilation of some TF code, ref. b/183279666 (internal)

permissions:
  contents: read

jobs:
  build:
    # Don't do this in forks, and if labeled, only for 'kokoro:force-run'
    if: github.repository == 'tensorflow/tensorflow' && (github.event.action != 'labeled' || (github.event.action == 'labeled' && github.event.label.name == 'kokoro:force-run'))
    runs-on: [self-hosted, linux, ARM64]
    strategy:
      matrix:
        pyver: ['3.10']
    steps:

                                   TF_Status* status) {
  bool downloaded_block = false;
  auto reconcile_state = MakeCleanup([this, &downloaded_block, &key, &block] {
    // Perform this action in a cleanup callback to avoid locking mu_ after
    // locking block->mu.
    if (downloaded_block) {
      absl::MutexLock l(&mu_);
      // Do not update state if the block is already to be evicted.

      - name: "Run analysis"
        uses: ossf/scorecard-action@15c10fcf1cf912bd22260bfec67569a359ab87da # v2.1.1
        with:
          results_file: results.sarif
          results_format: sarif
          # Publish the results to enable scorecard badges. For more details, see
          # https://github.com/ossf/scorecard-action#publishing-results.

# the CACHEBUSTER to the PR number.
build --action_env=CACHEBUSTER=20220325

# Use Python 3.X as installed in container image
build --action_env PYTHON_BIN_PATH="/usr/local/bin/python3"
build --python_path="/usr/local/bin/python3"

# Build TensorFlow v2
build --define=tf_api_version=2 --action_env=TF2_BEHAVIOR=1

# Use lld as the linker
build --linkopt="-fuse-ld=lld"

      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      -
        name: Login to GCR
        if: contains(github.event.pull_request.labels.*.name, 'build and push to gcr.io for staging')
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
        with:
          registry: gcr.io

              console.log(await script.filter({github, context, domain}));
              break;
            case "google.com":
              console.log("Googler. No action necessary");
              break;
            default:
              console.log("Skip Trusted Partner Action");

    steps:
    - name: Checkout code
      uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
    - name: Get file changes
      id: get_file_changes
      uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b # v1.2.4
      with:
        output: ' '
    - name: Report list of changed files
      run: |
        echo Changed files: ${{ steps.get_file_changes.outputs.files }}

  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.6.2-beta1"
    with:
      scan-args: |-
        --lockfile=requirements.txt:./requirements_lock_3_9.txt
        --lockfile=requirements.txt:./requirements_lock_3_10.txt

        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      -
        name: Login to DockerHub
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}