From 722bf23d79d1f58442be170a3757acd6d333371c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 18:21:03 +0000 Subject: [PATCH 1/7] chore(deps): Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/pypi.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/test_notebooks.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 1f46134..11441cc 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -35,7 +35,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 14c968a..a5ba53e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -55,7 +55,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: # https://github.com/actions/checkout/issues/249 fetch-depth: 0 diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index 71a9317..e5161f5 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -39,7 +39,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: # for setuptools-scm fetch-depth: 0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0e93e84..c3d1ad1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -51,7 +51,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: # https://github.com/actions/checkout/issues/249 fetch-depth: 0 diff --git a/.github/workflows/test_notebooks.yml b/.github/workflows/test_notebooks.yml index 8efdf46..3fb4ba7 100644 --- a/.github/workflows/test_notebooks.yml +++ b/.github/workflows/test_notebooks.yml @@ -52,7 +52,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Free disk space uses: ./.github/actions/free-disk-space From cfa50edd4bc84037f24bd21971198635315b191d Mon Sep 17 00:00:00 2001 From: Khoi-Nguyen Tran Date: Wed, 3 Dec 2025 20:38:52 +0000 Subject: [PATCH 2/7] fix: Change method of passing of secrets to reusable workflow. No long passable with `env` keyword. --- .github/workflows/test_notebooks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_notebooks.yml b/.github/workflows/test_notebooks.yml index 3fb4ba7..092ba4a 100644 --- a/.github/workflows/test_notebooks.yml +++ b/.github/workflows/test_notebooks.yml @@ -75,7 +75,7 @@ jobs: - name: Setup intrinsics on Ollama server uses: ./.github/actions/ollama-setup-intrinsics - env: + with: HF_TOKEN: ${{ secrets.HF_TOKEN }} - name: "Test notebooks" From eb8b0d226aaa2cdb60623dc214c25fdf9f266bbe Mon Sep 17 00:00:00 2001 From: Khoi-Nguyen Tran Date: Wed, 3 Dec 2025 20:48:11 +0000 Subject: [PATCH 3/7] fix: Change method of passing secrets to reusable workflow. --- .github/actions/ollama-setup-intrinsics/action.yml | 8 ++++++++ .github/workflows/test_notebooks.yml | 6 +----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/actions/ollama-setup-intrinsics/action.yml b/.github/actions/ollama-setup-intrinsics/action.yml index 43cf9f1..55390ca 100644 --- a/.github/actions/ollama-setup-intrinsics/action.yml +++ b/.github/actions/ollama-setup-intrinsics/action.yml @@ -1,5 +1,11 @@ name: 'Setup intrinsics for Ollama' description: 'Convert intrinsics and serve on Ollama' +on: + workflow_call: + secrets: + HF_TOKEN: + required: true + runs: using: "composite" steps: @@ -10,6 +16,8 @@ runs: echo "https://user:${HF_TOKEN}@huggingface.co" > ~/.git-credentials git config --global user.email "github-actions@github.com" git config --global user.name "GitHub Actions" + env: + HF_TOKEN: ${{ secrets.HF_TOKEN }} - name: Clone HF intrinsics repo shell: bash diff --git a/.github/workflows/test_notebooks.yml b/.github/workflows/test_notebooks.yml index 092ba4a..d04e244 100644 --- a/.github/workflows/test_notebooks.yml +++ b/.github/workflows/test_notebooks.yml @@ -20,10 +20,6 @@ on: - 'pyproject.toml' - 'tox.ini' - '.github/workflows/test_notebooks.*' # This workflow - workflow_call: - secrets: - HF_TOKEN: - required: true env: LC_ALL: en_US.UTF-8 @@ -75,7 +71,7 @@ jobs: - name: Setup intrinsics on Ollama server uses: ./.github/actions/ollama-setup-intrinsics - with: + secrets: HF_TOKEN: ${{ secrets.HF_TOKEN }} - name: "Test notebooks" From e02852006547660decaaad55c22df960b5a02146 Mon Sep 17 00:00:00 2001 From: Khoi-Nguyen Tran Date: Wed, 3 Dec 2025 20:51:53 +0000 Subject: [PATCH 4/7] fix: Change location of passing secrets. --- .github/workflows/test_notebooks.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test_notebooks.yml b/.github/workflows/test_notebooks.yml index d04e244..77df137 100644 --- a/.github/workflows/test_notebooks.yml +++ b/.github/workflows/test_notebooks.yml @@ -41,6 +41,8 @@ jobs: - "3.12" platform: - "ubuntu-latest" + secrets: + HF_TOKEN: ${{ secrets.HF_TOKEN }} steps: - name: "Harden Runner" uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 @@ -71,8 +73,6 @@ jobs: - name: Setup intrinsics on Ollama server uses: ./.github/actions/ollama-setup-intrinsics - secrets: - HF_TOKEN: ${{ secrets.HF_TOKEN }} - name: "Test notebooks" id: testnotebooks From 972013a669fd258f81c6dd4825cdbaab084ef35e Mon Sep 17 00:00:00 2001 From: Khoi-Nguyen Tran Date: Wed, 3 Dec 2025 21:15:58 +0000 Subject: [PATCH 5/7] feat: Add actionlint to tox. --- tox.ini | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index f1e7c36..688e470 100644 --- a/tox.ini +++ b/tox.ini @@ -1,7 +1,7 @@ # SPDX-License-Identifier: Apache-2.0 [tox] -envlist = ruff, lint, unit, examples, readme, notebooks +envlist = ruff, lint, actionlint, unit, examples, readme, notebooks minversion = 4.4 [testenv] @@ -39,6 +39,14 @@ extras = commands = {basepython} -m pylint --load-plugins pylint_pydantic src/granite_common/ tests/ +[testenv:actionlint] +description = Lint GitHub Actions workflow files +skip_install = true +deps = + actionlint-py +commands = + actionlint + [testenv:ruff] description = lint and format check with ruff basepython = {[testenv:py3]basepython} From 942260cb2f9b376c8ba6547830dc20a7ba8675b1 Mon Sep 17 00:00:00 2001 From: Khoi-Nguyen Tran Date: Wed, 3 Dec 2025 21:16:27 +0000 Subject: [PATCH 6/7] fix: Passing secrets using 'with'. --- .github/actions/ollama-setup-intrinsics/action.yml | 13 +++++-------- .github/workflows/test_notebooks.yml | 4 ++-- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/actions/ollama-setup-intrinsics/action.yml b/.github/actions/ollama-setup-intrinsics/action.yml index 55390ca..a7da9ac 100644 --- a/.github/actions/ollama-setup-intrinsics/action.yml +++ b/.github/actions/ollama-setup-intrinsics/action.yml @@ -1,10 +1,9 @@ name: 'Setup intrinsics for Ollama' description: 'Convert intrinsics and serve on Ollama' -on: - workflow_call: - secrets: - HF_TOKEN: - required: true + +inputs: + HF_TOKEN: + required: true runs: using: "composite" @@ -13,11 +12,9 @@ runs: shell: bash run: | git config --global credential.helper store - echo "https://user:${HF_TOKEN}@huggingface.co" > ~/.git-credentials + echo "https://user:${{ inputs.HF_TOKEN }}@huggingface.co" > ~/.git-credentials git config --global user.email "github-actions@github.com" git config --global user.name "GitHub Actions" - env: - HF_TOKEN: ${{ secrets.HF_TOKEN }} - name: Clone HF intrinsics repo shell: bash diff --git a/.github/workflows/test_notebooks.yml b/.github/workflows/test_notebooks.yml index 77df137..8c3e7ca 100644 --- a/.github/workflows/test_notebooks.yml +++ b/.github/workflows/test_notebooks.yml @@ -41,8 +41,6 @@ jobs: - "3.12" platform: - "ubuntu-latest" - secrets: - HF_TOKEN: ${{ secrets.HF_TOKEN }} steps: - name: "Harden Runner" uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 @@ -73,6 +71,8 @@ jobs: - name: Setup intrinsics on Ollama server uses: ./.github/actions/ollama-setup-intrinsics + with: + HF_TOKEN: ${{ secrets.HF_TOKEN }} - name: "Test notebooks" id: testnotebooks From 4debd0e0a85c9f9c25fe7b8f3864c1ed3bc990c1 Mon Sep 17 00:00:00 2001 From: Khoi-Nguyen Tran Date: Wed, 3 Dec 2025 21:20:31 +0000 Subject: [PATCH 7/7] fix: Pull main branch, feature was merged. --- .github/actions/ollama-setup-intrinsics/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/ollama-setup-intrinsics/action.yml b/.github/actions/ollama-setup-intrinsics/action.yml index a7da9ac..849e67b 100644 --- a/.github/actions/ollama-setup-intrinsics/action.yml +++ b/.github/actions/ollama-setup-intrinsics/action.yml @@ -19,7 +19,7 @@ runs: - name: Clone HF intrinsics repo shell: bash run: | - git clone -b feat/ollama-loras https://huggingface.co/generative-computing/rag-intrinsics-lib + git clone https://huggingface.co/generative-computing/rag-intrinsics-lib - name: List cloned files shell: bash