Skip to content

Commit

Permalink
Update/actions (#887)
Browse files Browse the repository at this point in the history
**Context:** GitHub Actions need to be updated.

**Description of the Change:** GH detected a
[high-severity](GHSA-cxww-7g56-2vh6)
vulnerability, with the download artifact action.

**Benefits:**

**Possible Drawbacks:**

**Related GitHub Issues:**


[sc-72698]

---------

Co-authored-by: ringo-but-quantum <github-ringo-but-quantum@xanadu.ai>
  • Loading branch information
AmintorDusko and ringo-but-quantum authored Sep 4, 2024
1 parent 492706a commit e4acf2e
Show file tree
Hide file tree
Showing 26 changed files with 167 additions and 94 deletions.
5 changes: 4 additions & 1 deletion .github/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@

### Improvements

* Update GitHub actions in response to a high-severity vulnerability.
[(#887)](https://github.com/PennyLaneAI/pennylane-lightning/pull/887)

* Optimize gate cache recording for `lightning.tensor` C++ layer.
[(#879)](https://github.com/PennyLaneAI/pennylane-lightning/pull/879)

Expand All @@ -20,7 +23,7 @@

This release contains contributions from (in alphabetical order):

Luis Alfredo Nuñez Meneses, Shuli Shu
Amintor Dusko, Luis Alfredo Nuñez Meneses, Shuli Shu

---

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docker_linux_x86_64.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ jobs:
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and export to Docker
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
load: true
push: false
Expand All @@ -80,7 +80,7 @@ jobs:
docker run --rm test:${{ inputs.lightning-version }}-${{ matrix.pl_backend }}
- name: Build and push version
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
if: ${{ inputs.push-to-dockerhub }}
with:
push: ${{ inputs.push-to-dockerhub }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/post_release_version_bump.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
--changelog_path "./.github/CHANGELOG.md" --post_release
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
uses: peter-evans/create-pull-request@v7
with:
commit-message: post release version bump
title: Version Bump
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pre_release_version_bump.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
--changelog_path "./.github/CHANGELOG.md" --pre_release
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
uses: peter-evans/create-pull-request@v7
with:
commit-message: pre release version bump
title: Version Bump
Expand Down
34 changes: 20 additions & 14 deletions .github/workflows/tests_lgpu_cpp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ jobs:
echo "venv_name=${{ env.VENV_NAME }}" >> $GITHUB_OUTPUT
echo "Python_ROOT_DIR=${{ env.VENV_NAME }}" >> $GITHUB_ENV
echo "Python3_ROOT_DIR=${{ env.VENV_NAME }}" >> $GITHUB_ENV
# Adding venv site-packages to output for subsequent step to referecen if needed
echo "site_packages_dir=$(${{ env.VENV_NAME }}/bin/python -c 'import sysconfig; print(sysconfig.get_path("platlib"))')" >> $GITHUB_OUTPUT
Expand All @@ -127,7 +127,7 @@ jobs:
py_path=$(which python)
echo "Python Interpreter Path => $py_path"
echo "python=$py_path" >> $GITHUB_OUTPUT
pip_path=$(which pip)
echo "PIP Path => $pip_path"
echo "pip=$pip_path" >> $GITHUB_OUTPUT
Expand All @@ -151,25 +151,30 @@ jobs:
-G Ninja
cmake --build ./Build
cd ./Build
mkdir -p ./tests/results_${{ github.job }}_${{ matrix.pl_backend }}
for file in *runner ; do ./$file --order lex --reporter junit --out ./tests/results_${{ github.job }}_${{ matrix.pl_backend }}/report_$file.xml; done;
mkdir -p ./tests/results_${{ github.job }}_${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}
for file in *runner ; do ./$file --order lex --reporter junit --out ./tests/results_${{ github.job }}_${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}/report_$file.xml; done;
lcov --directory . -b ../pennylane_lightning/core/src --capture --output-file coverage.info
lcov --remove coverage.info '/usr/*' --output-file coverage.info
mv coverage.info coverage-${{ github.job }}-${{ matrix.pl_backend }}.info
mv coverage.info coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}.info
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: always()
with:
name: ubuntu-tests-reports-${{ github.job }}_${{ matrix.pl_backend }}
path: ./main/Build/tests/results_${{ github.job }}_${{ matrix.pl_backend }}
name: ubuntu-tests-reports-${{ github.job }}_${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}
path: ./main/Build/tests/results_${{ github.job }}_${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}
retention-days: 1
if-no-files-found: error
include-hidden-files: true

- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-cpp
path: ./main/Build/coverage-${{ github.job }}-${{ matrix.pl_backend }}.info
name: ubuntu-codecov-results-cpp-${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}
path: ./main/Build/coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_lapack }}.info
retention-days: 1
if-no-files-found: error
include-hidden-files: true

upload-to-codecov-linux-cpp:
needs: [cpptestswithLGPU]
Expand All @@ -180,17 +185,18 @@ jobs:
uses: actions/checkout@v4

- name: Download coverage reports
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ubuntu-codecov-results-cpp
pattern: ubuntu-codecov*
merge-multiple: true

- name: Upload to Codecov
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: true
verbose: true
token: ${{ secrets.CODECOV_TOKEN }}

- name: Cleanup
if: always()
run: |
Expand Down
8 changes: 5 additions & 3 deletions .github/workflows/tests_lgpu_python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -235,11 +235,13 @@ jobs:
mv coverage.xml coverage-${{ github.job }}-${{ matrix.pl_backend }}.xml
- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-python
name: ubuntu-codecov-results-python-${{ matrix.pl_backend }}
path: ./main/coverage-${{ github.job }}-${{ matrix.pl_backend }}.xml
retention-days: 1
if-no-files-found: error
include-hidden-files: true

upload-to-codecov-linux-python:
needs: [pythontestswithLGPU]
Expand All @@ -250,7 +252,7 @@ jobs:
uses: actions/checkout@v4

- name: Download coverage reports
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ubuntu-codecov-results-python

Expand Down
17 changes: 11 additions & 6 deletions .github/workflows/tests_lgpumpi_cpp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -153,19 +153,23 @@ jobs:
mv coverage.info coverage-${{ github.job }}-lightning_gpu_${{ matrix.mpilib }}.info
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: always()
with:
name: ubuntu-tests-reports
name: ubuntu-tests-reports-${{ matrix.mpilib }}
path: ./Build/tests/results/
retention-days: 1
if-no-files-found: error
include-hidden-files: true

- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-cpp
name: ubuntu-codecov-results-cpp-${{ matrix.mpilib }}
path: ./Build/coverage-${{ github.job }}-lightning_gpu_${{ matrix.mpilib }}.info
retention-days: 1
if-no-files-found: error
include-hidden-files: true

- name: Cleanup
if: always()
Expand All @@ -183,9 +187,10 @@ jobs:
uses: actions/checkout@v4

- name: Download coverage reports
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ubuntu-codecov-results-cpp
pattern: ubuntu-codecov*
merge-multiple: true

- name: Upload to Codecov
uses: codecov/codecov-action@v4
Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/tests_lgpumpi_python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -157,11 +157,13 @@ jobs:
coverage xml -o coverage-${{ github.job }}-lightning_gpu_${{ matrix.mpilib }}_cu${{ matrix.cuda_version_maj }}-main.xml
- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-python
name: ubuntu-codecov-results-python-${{ matrix.mpilib }}
path: coverage-${{ github.job }}-lightning_gpu_${{ matrix.mpilib }}_cu${{ matrix.cuda_version_maj }}-*.xml
retention-days: 1
if-no-files-found: error
include-hidden-files: true

- name: Cleanup
if: always()
Expand All @@ -179,9 +181,10 @@ jobs:
uses: actions/checkout@v4

- name: Download coverage reports
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ubuntu-codecov-results-python
pattern: ubuntu-codecov*
merge-multiple: true

- name: Upload to Codecov
uses: codecov/codecov-action@v4
Expand Down
43 changes: 28 additions & 15 deletions .github/workflows/tests_linux_cpp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -97,23 +97,25 @@ jobs:
for file in *runner ; do ./$file --order lex --reporter junit --out ./tests/results/report_$file.xml; done;
lcov --directory . -b ../pennylane_lightning/core/src --capture --output-file coverage.info
lcov --remove coverage.info '/usr/*' --output-file coverage.info
mv coverage.info coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}.info
mv coverage.info coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}-${{ matrix.enable_lapack }}.info
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: always()
with:
name: ubuntu-tests-reports-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}
name: ubuntu-tests-reports-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}-${{ matrix.enable_lapack }}
retention-days: 1
include-hidden-files: true
path: |
./Build/tests/results/
if-no-files-found: error

- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}
path: ./Build/coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}.info
name: ubuntu-codecov-results-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}-${{ matrix.enable_lapack }}
path: ./Build/coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.enable_kernel_avx_streaming }}-${{ matrix.enable_kernel_omp }}-${{ matrix.enable_lapack }}.info
if-no-files-found: error

cpptestswithOpenBLAS:
Expand Down Expand Up @@ -159,19 +161,23 @@ jobs:
mv coverage.info coverage-${{ github.job }}-${{ matrix.pl_backend }}.info
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: always()
with:
name: ubuntu-tests-reports-blas-${{ github.job }}-${{ matrix.pl_backend }}
path: ./Build/tests/results/
retention-days: 1
if-no-files-found: error
include-hidden-files: true

- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-blas-${{ matrix.pl_backend }}
path: ./Build/coverage-${{ github.job }}-${{ matrix.pl_backend }}.info
retention-days: 1
if-no-files-found: error
include-hidden-files: true

build_and_cache_Kokkos:
name: "Build and cache Kokkos"
Expand Down Expand Up @@ -241,19 +247,23 @@ jobs:
mv coverage.info coverage-${{ github.job }}-${{ matrix.pl_backend }}.info
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: always()
with:
name: ubuntu-tests-reports-${{ github.job }}-${{ matrix.pl_backend }}
path: ./Build/tests/results-${{ github.job }}-${{ matrix.pl_backend }}
retention-days: 1
if-no-files-found: error
include-hidden-files: true

- name: Upload code coverage results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ubuntu-codecov-results-cpp
name: ubuntu-codecov-results-cpp-${{ github.job }}-${{ matrix.pl_backend }}
path: ./Build/coverage-${{ github.job }}-${{ matrix.pl_backend }}.info
retention-days: 1
if-no-files-found: error
include-hidden-files: true

upload-to-codecov-linux-cpp:
needs: [cpptests, cpptestswithOpenBLAS, cpptestswithKokkos]
Expand All @@ -264,9 +274,10 @@ jobs:
uses: actions/checkout@v4

- name: Download coverage reports
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ubuntu-codecov-results-cpp
pattern: ubuntu-codecov*
merge-multiple: true

- name: Upload to Codecov
uses: codecov/codecov-action@v4
Expand Down Expand Up @@ -331,9 +342,11 @@ jobs:
for file in *runner ; do ./$file --order lex --reporter junit --out ./tests/results_multiple_backends/report_$file.xml; done;
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: always()
with:
name: ubuntu-tests-reports-${{ github.job }}-multiple-backends
name: ubuntu-tests-reports-${{ github.job }}-multiple-backends-kokkos${{ matrix.kokkos_version }}-${{ matrix.exec_model }}
path: ./Build/tests/results_multiple_backends/
retention-days: 1
if-no-files-found: error
include-hidden-files: true
5 changes: 3 additions & 2 deletions .github/workflows/tests_lkcpu_python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,7 @@ jobs:
with:
name: .coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.group }}
path: ${{ github.workspace }}/.coverage-${{ github.job }}-${{ matrix.pl_backend }}-${{ matrix.group }}
retention-days: 1
if-no-files-found: error
include-hidden-files: true

Expand All @@ -296,13 +297,13 @@ jobs:
- name: Download coverage reports
uses: actions/download-artifact@v4
with:
pattern: .coverage*
pattern: .coverage-*
merge-multiple: true

- name: Combine coverage files
run: |
python -m pip install coverage
python -m coverage combine .coverage*
python -m coverage combine .coverage-*
# Added cov xml -i to ignore "No source for code" random errors
# https://stackoverflow.com/questions/2386975/no-source-for-code-message-in-coverage-py
python -m coverage xml -i -o coverage-${{ github.job }}.xml
Expand Down
Loading

0 comments on commit e4acf2e

Please sign in to comment.