name: VulnCheck
on:
  pull_request:
    branches:
      - master

  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:

# ============================================================================

name: Close inactive issues
on:
  schedule:
    - cron: "30 1 * * *"

permissions:
  contents: read

jobs:
  close-issues:
    # Don't do this in forks
    if: github.repository == 'tensorflow/tensorflow'
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:

name: Java CI with Maven

on:
  push:
    branches:
    - master
    - "*.x"
  pull_request:
    branches:
    - master
    - "*.x"

jobs:
  build:
    runs-on: ${{ matrix.os }}

    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest]

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 11

  pull_request:
    types: [opened, labeled, unlabeled, synchronize]

permissions:
  contents: read

env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"

jobs:
  test_containers:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'containers')

name: Smokeshow

on:
  workflow_run:
    workflows: [Test]
    types: [completed]

permissions:
  statuses: write

jobs:
  smokeshow:
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-latest

    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/setup-python@v5
        with:

# specific language governing permissions and limitations
# under the License.

name: Java CI

on: [push, pull_request]

# clear all permissions for GITHUB_TOKEN
permissions: {}

jobs:
  build:

    # execute on any push or pull request from forked repo
    if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )

    strategy:

name: 'Close stale PRs'
on:
  schedule:
    # Execute every hour at xx:05 to avoid conflicts with other workflows
    - cron: '5 * * * *'

permissions: {}

jobs:
  stale:
    permissions:
      pull-requests: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v9
        with:
          operations-per-run: 50
          ascending: true
          exempt-all-milestones: true

# limitations under the License.
# ==============================================================================

name: Trusted Partner PR
on:
  pull_request_target:

permissions:
  contents: read

jobs:
  assign-partner-tags:
    runs-on: ubuntu-latest
    permissions:
      # Needed to attach tags into the PR
      issues: write
      contents: write
      pull-requests: write
    if: |

# to reference the most recent versions of the SIG Build Docker images.
name: Update RBE Configs
on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  rbe:
    name: Update RBE Configs
    runs-on: ubuntu-latest
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    steps:
    - name: Checkout code

name: ARM CI Extended

on:
  push:
    tags:
      - v2.**
  schedule:
    - cron: '0 4 * * *'

permissions:
  contents: read

jobs:
  build:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    runs-on: [self-hosted, linux, ARM64]
    strategy:
      fail-fast: false
      matrix: