diff --git a/.github/workflows/_android.yml b/.github/workflows/_android.yml index 96fdfd51feb..36b679eda44 100644 --- a/.github/workflows/_android.yml +++ b/.github/workflows/_android.yml @@ -7,7 +7,10 @@ on: jobs: build-llm-demo: name: build-llm-demo - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read with: runner: linux.2xlarge docker-image: executorch-ubuntu-22.04-clang12-android diff --git a/.github/workflows/_unittest.yml b/.github/workflows/_unittest.yml index 74ea5ca7bcc..414f86494b0 100644 --- a/.github/workflows/_unittest.yml +++ b/.github/workflows/_unittest.yml @@ -14,7 +14,10 @@ on: jobs: linux: - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read with: runner: linux.2xlarge docker-image: ${{ inputs.docker-image }} diff --git a/.github/workflows/android-perf.yml b/.github/workflows/android-perf.yml index 5d34bd86261..a83d374ab0b 100644 --- a/.github/workflows/android-perf.yml +++ b/.github/workflows/android-perf.yml @@ -155,7 +155,10 @@ jobs: export-models: name: export-models - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read needs: set-parameters secrets: inherit strategy: @@ -332,7 +335,10 @@ jobs: build-benchmark-app: name: build-benchmark-app - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read needs: set-parameters with: runner: linux.2xlarge diff --git a/.github/workflows/android-release-artifacts.yml b/.github/workflows/android-release-artifacts.yml index a10de79363c..d204e121ffa 100644 --- a/.github/workflows/android-release-artifacts.yml +++ b/.github/workflows/android-release-artifacts.yml @@ -31,7 +31,10 @@ jobs: build-aar: name: build-aar needs: check-if-aar-exists - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read with: runner: linux.2xlarge docker-image: executorch-ubuntu-22.04-clang12-android diff --git a/.github/workflows/doc-build.yml b/.github/workflows/doc-build.yml index 7a3b862b217..b52961ed0b1 100644 --- a/.github/workflows/doc-build.yml +++ b/.github/workflows/doc-build.yml @@ -15,7 +15,10 @@ on: jobs: build: - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: matrix: include: @@ -82,7 +85,8 @@ jobs: if: github.repository == 'pytorch/executorch' && github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) permissions: contents: write - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + contents: read + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main with: repository: pytorch/executorch download-artifact: docs diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 93c89355d76..aab68b30597 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,7 +16,10 @@ concurrency: jobs: lintrunner: - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read with: runner: linux.2xlarge docker-image: executorch-ubuntu-22.04-linter @@ -62,7 +65,10 @@ jobs: exit $RC android-java-format: - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read with: runner: linux.2xlarge docker-image: executorch-ubuntu-22.04-linter diff --git a/.github/workflows/periodic.yml b/.github/workflows/periodic.yml index df13140ca92..6b4644bb522 100644 --- a/.github/workflows/periodic.yml +++ b/.github/workflows/periodic.yml @@ -39,7 +39,10 @@ jobs: test-models-linux: name: test-models-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read needs: gather-models strategy: matrix: ${{ fromJSON(needs.gather-models.outputs.models) }} diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml index dbe0e872acd..6825eff0fe4 100644 --- a/.github/workflows/pull.yml +++ b/.github/workflows/pull.yml @@ -33,7 +33,10 @@ jobs: test-setup-linux-gcc: name: test-setup-linux-gcc - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -55,7 +58,10 @@ jobs: test-models-linux: name: test-models-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read needs: gather-models strategy: matrix: ${{ fromJSON(needs.gather-models.outputs.models) }} @@ -82,7 +88,10 @@ jobs: test-llama-runner-linux: name: test-llama-runner-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: matrix: dtype: [fp32] @@ -121,7 +130,10 @@ jobs: test-llama-runner-linux-android: name: test-llama-runner-linux-android - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -141,7 +153,10 @@ jobs: test-custom-ops-linux: name: test-custom-ops-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -162,7 +177,10 @@ jobs: test-selective-build-linux: name: test-selective-build-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -183,7 +201,10 @@ jobs: test-llava-runner-linux: name: test-llava-runner-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -214,7 +235,10 @@ jobs: test-quantized-aot-lib-linux: name: test-quantized-aot-lib-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -234,7 +258,10 @@ jobs: test-pybind-build-linux: name: test-pybind-build-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -260,7 +287,10 @@ jobs: test-binary-size-linux-gcc: name: test-binary-size-linux-gcc - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -292,7 +322,10 @@ jobs: test-binary-size-linux: name: test-binary-size-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -365,7 +398,10 @@ jobs: test-llama-runner-qnn-linux: name: test-llama-runner-qnn-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: matrix: dtype: [fp32] @@ -400,7 +436,10 @@ jobs: test-qnn-models-linux: name: test-qnn-models-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -419,7 +458,10 @@ jobs: test-phi-3-mini-runner-linux: name: test-phi-3-mini-runner-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -446,7 +488,10 @@ jobs: test-eval_llama-wikitext-linux: name: test-eval_llama-wikitext-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -473,7 +518,10 @@ jobs: test-eval_llama-mmlu-linux: name: test-eval_llama-mmlu-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -500,7 +548,10 @@ jobs: test-llama_runner_eager-linux: name: test-llama_runner_eager-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: @@ -527,7 +578,10 @@ jobs: test-mediatek-models-linux: name: test-mediatek-models-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: fail-fast: false with: diff --git a/.github/workflows/trunk.yml b/.github/workflows/trunk.yml index 0cbbe6f643e..325dc6ff933 100644 --- a/.github/workflows/trunk.yml +++ b/.github/workflows/trunk.yml @@ -107,7 +107,10 @@ jobs: test-demo-backend-delegation: name: test-demo-backend-delegation - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: matrix: include: @@ -301,7 +304,10 @@ jobs: test-qnn-model: name: test-qnn-model - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: matrix: dtype: [fp32] @@ -361,7 +367,10 @@ jobs: # NB: Don't run this on fork PRs because they won't have access to the secret and would fail anyway if: ${{ !github.event.pull_request.head.repo.fork }} name: test-huggingface-transformers - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read secrets: inherit strategy: matrix: @@ -445,7 +454,10 @@ jobs: test-llama-runner-qnn-linux: name: test-llama-runner-qnn-linux - uses: pytorch/test-infra/.github/workflows/linux_job.yml@main + uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main + permissions: + id-token: write + contents: read strategy: matrix: dtype: [fp32]