name: Create Release

on:
  push:
    tags:
      - 'v*.*.*'

permissions:
  contents: write
  pull-requests: read

jobs:
  create_release:
    name: Create Release
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Generate Release Notes and Publish
        id: generate_release_notes
        uses: release-drafter/release-drafter@v6

import org.lastaflute.job.LaJob;
import org.lastaflute.job.LaJobRunner;
import org.lastaflute.job.LaJobScheduler;

import jakarta.annotation.Resource;

/**
 * Job scheduler for managing all scheduled jobs in Fess.
 * Implements LaJobScheduler to handle job scheduling and execution.
 */
public class AllJobScheduler implements LaJobScheduler {

    private static final Logger logger = LogManager.getLogger(AllJobScheduler.class);

  pull_request:
    types: [opened, labeled, unlabeled, synchronize]

permissions:
  contents: read

env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"

jobs:
  test_containers:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'containers')

name: Contributor CI Build

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

concurrency:
  # On master/release, we don't want any jobs cancelled so the sha is used to name the group
  group: ${{ (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' ) && format('contributor-pr-base-{0}', github.sha) || format('contributor-pr-{0}', github.ref) }}
  cancel-in-progress: false

env:

[@devinfra](https://github.com/orgs/tensorflow/teams/devinfra)

********************************************************************************

A directory for build and CI related scripts and jobs managed by the TensorFlow

name: Labels
on:
  pull_request_target:
    types:
      - opened
      - synchronize
      - reopened
      # For label-checker
      - labeled
      - unlabeled

jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@v6
      if: ${{ github.event.action != 'labeled' && github.event.action != 'unlabeled' }}

name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v4
      - name: 'Dependency Review'

name: Label Approved

on:
  schedule:
    - cron: "0 12 * * *"
  workflow_dispatch:

permissions:
  pull-requests: write

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  label-approved:
    if: github.repository_owner == 'fastapi'
    runs-on: ubuntu-latest
    steps:
    - name: Dump GitHub context
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
      run: echo "$GITHUB_CONTEXT"
    - uses: actions/checkout@v6

name: Update Topic Repos

on:
  schedule:
    - cron: "0 12 1 * *"
  workflow_dispatch:

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  topic-repos:
    if: github.repository_owner == 'fastapi'
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.0"
    with:
      scan-args: |-