Merge branch 'main' into main

namgyu-youn · web-flow · commit b5b8236f8cbe · 2025-06-15T04:25:56.000+09:00
diff --git a/.github/workflows/code_quality.yml b/.github/workflows/code_quality.yml
@@ -0,0 +1,21 @@
+name: Code Quality
+
+on:
+  push:
+    tags: ["[0-9]+.[0-9]+.[0-9]+"]
+  pull_request:
+    branches: [main, release/*]
+
+jobs:
+  code-quality:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Install tox
+        run: pip install tox
+      - name: Run code quality checks
+        run: tox -e pre-commit-all
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security
+
+NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.
+
+If you need to report a security issue, please use the appropriate contact points outlined below. **Please do not report security vulnerabilities through GitHub.**
+
+## Reporting Potential Security Vulnerability in an NVIDIA Product
+
+To report a potential security vulnerability in any NVIDIA product:
+
+- Web: [Security Vulnerability Submission Form](https://www.nvidia.com/object/submit-security-vulnerability.html)
+- E-Mail: [psirt@nvidia.com](mailto:psirt@nvidia.com)
+  - We encourage you to use the following PGP key for secure email communication: [NVIDIA public PGP Key for communication](https://www.nvidia.com/en-us/security/pgp-key)
+  - Please include the following information:
+    - Product/Driver name and version/branch that contains the vulnerability
+    - Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
+    - Instructions to reproduce the vulnerability
+    - Proof-of-concept or exploit code
+    - Potential impact of the vulnerability, including how an attacker could exploit the vulnerability
+
+While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy. Please visit our [Product Security Incident Response Team (PSIRT)](https://www.nvidia.com/en-us/security/psirt-policies/) policies page for more information.
+
+## NVIDIA Product Security
+
+For all security-related concerns, please visit NVIDIA's [Product Security portal](https://www.nvidia.com/en-us/security)
diff --git a/tox.ini b/tox.ini
@@ -0,0 +1,52 @@
+[tox]
+envlist=
+    pre-commit-all
+    py312-torch27-unit
+skipsdist = True
+toxworkdir = /tmp/{env:USER}-modelopt-tox
+
+
+############################
+# CPU Unit test environments
+############################
+[testenv:{py39,py310,py311,py312}-torch{24,25,26,27}-unit]
+deps =
+    # torch version auto-selected based on torchvision version
+    torch24: torchvision~=0.19.0
+    torch25: torchvision~=0.20.0
+    torch26: torchvision~=0.21.0
+    torch27: torchvision~=0.22.0
+
+    -e .[all,dev-test]
+commands =
+    python -m pytest tests/unit --cov
+
+
+#############################################
+# Code quality checks on all files or on diff
+#############################################
+[testenv:{pre-commit}-{all,diff}]
+deps =
+    -e .[all,dev-lint]
+commands =
+    all: pre-commit run --all-files --show-diff-on-failure {posargs}
+    diff: pre-commit run --from-ref origin/main --to-ref HEAD {posargs}
+
+
+#####################
+# Documentation build
+#####################
+[testenv:{build,debug}-docs]
+allowlist_externals =
+    rm
+passenv =
+    SETUPTOOLS_SCM_PRETEND_VERSION
+deps =
+    -e .[all,dev-docs]
+changedir = docs
+commands_pre =
+    rm -rf build
+    rm -rf source/reference/generated
+commands =
+    sphinx-build source build/html --fail-on-warning --show-traceback --keep-going
+    debug: sphinx-autobuild source build/html --host 0.0.0.0
