Skip to content

a) add license/Copyright header, b) add missing TopLevel Security (#6… #159

a) add license/Copyright header, b) add missing TopLevel Security (#6…

a) add license/Copyright header, b) add missing TopLevel Security (#6… #159

# Copyright (c) ONNX Project Contributors
#
# SPDX-License-Identifier: Apache-2.0
name: LinuxRelease_aarch64
on:
schedule:
# Run weekly on Monday 00:00
- cron: '00 00 * * MON'
push:
branches: [main, rel-*]
pull_request:
branches: [main, rel-*]
workflow_dispatch:
permissions: # set top-level default permissions as security best practice
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'workflow_dispatch' }}
cancel-in-progress: true
jobs:
build:
if: github.event_name != 'pull_request' || startsWith( github.base_ref, 'rel-') || contains( github.event.pull_request.labels.*.name, 'run release CIs')
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [cp38-cp38, cp39-cp39, cp310-cp310, cp311-cp311, cp312-cp312]
env:
# setting up python and docker image
py: /opt/python/${{ matrix.python-version }}/bin/python
img: quay.io/pypa/manylinux2014_aarch64
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Checkout submodules
shell: bash
run: |
auth_header="$(git config --local --get http.https://github.com/.extraheader)"
git submodule sync --recursive
git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
# setting up qemu for enabling aarch64 binary execution on x86 machine
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
# Creating a virtual environment on machine with the help of docker container \
# and installing the dependencies inside that \
# so that we can use installed dependencies.
- name: Install dependencies
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '${{ env.py }} -m pip install -q virtualenv && ${{ env.py }} -m venv .env && \
source .env/bin/activate && \
${{ env.py }} -m pip install -q --only-binary google-re2 -r requirements-release.txt && \
yum install -y protobuf-compiler protobuf-devel
deactivate'
# using created virtual environment in new container and executing the script
- name: Build manylinux2014_aarch64
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
yum install -y sudo && \
sudo chmod +x .github/workflows/manylinux/entrypoint.sh && \
sudo .github/workflows/manylinux/entrypoint.sh ${{ env.py }} manylinux2014_aarch64 ${{ github.event_name }}
deactivate'
# using created virtual environment in new container and testing the wheel
- name: Test wheel with Python ${{ matrix.python-version }}
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip install -q --upgrade pip && \
python -m pip install -q --only-binary google-re2 -r requirements-release.txt && \
pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: wheels
path: dist
- name: Upload wheel to PyPI weekly
if: (github.event_name == 'schedule') # Only triggered by weekly event
run: |
python -m pip install -q twine
twine upload --verbose dist/*.whl --repository-url https://upload.pypi.org/legacy/ -u ${{ secrets.ONNXWEEKLY_USERNAME }} -p ${{ secrets.ONNXWEEKLY_TOKEN }}
- name: Verify ONNX with the latest numpy and protobuf
if: ${{ always() }}
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y numpy onnx protobuf && python -m pip install numpy protobuf && \
python -m pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
- name: Verify ONNX with the minimumly supported packages
if: ${{ always() }}
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y onnx && python -m pip install -r requirements-min.txt && \
python -m pip install dist/*manylinux2014_aarch64.whl && \
pytest && \
deactivate'
- name: Verify ONNX with ONNX Runtime PyPI package
if: matrix.python-version != 'cp312-cp312'
run: |
docker run --rm -v ${{ github.workspace }}:/ws:rw --workdir=/ws \
${{ env.img }} \
bash -exc '\
source .env/bin/activate && \
python -m pip uninstall -y protobuf numpy && python -m pip install -q -r requirements-release.txt && \
python -m pip install -q onnxruntime==1.16.3 && \
export ORT_MAX_IR_SUPPORTED_VERSION=9 \
export ORT_MAX_ML_OPSET_SUPPORTED_VERSION=3 \
export ORT_MAX_ONNX_OPSET_SUPPORTED_VERSION=20 \
pytest && \
deactivate'