Implement cross-site external authentication protected by CSRF tokens #4541
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: ci-slow | |
on: | |
workflow_dispatch: | |
workflow_call: | |
push: | |
branches: [main] | |
paths-ignore: [docs/**, docker/**, '*', '!pyproject.toml', '**.md'] | |
pull_request: | |
types: [opened, synchronize, ready_for_review] | |
paths-ignore: [docs/**, docker/**, '*', '!pyproject.toml', '**.md'] | |
concurrency: | |
# New commit on branch cancels running workflows of the same branch | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
run-slow-ci-label-is-set: | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
steps: | |
# using this instead of contains(github.event.pull_request.labels.*.name, 'run-slow-ci') | |
# to make it dynamic, otherwise github context is fixed at the moment of trigger event. | |
# With dynamic approach dev can set label and rerun this flow to make it running. | |
- name: Get PR labels | |
id: pr-labels | |
uses: actions/github-script@v7.0.1 | |
with: | |
script: | | |
const prNumber = ${{ github.event.pull_request.number }}; | |
const { data: labels } = await github.rest.issues.listLabelsOnIssue({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: prNumber, | |
}); | |
const labelNames = labels.map(label => label.name); | |
core.setOutput('all-labels', labelNames.join(',')); | |
- name: Slow CI label not set | |
if: ${{ !contains(steps.pr-labels.outputs.all-labels, 'run-slow-ci') }} | |
run: | | |
echo "Please add the 'run-slow-ci' label to this PR before merging." | |
exit 1 | |
mysql-db-migration-testing-full: | |
if: github.event.pull_request.draft == false | |
needs: run-slow-ci-label-is-set | |
env: | |
ZENML_ANALYTICS_OPT_IN: false | |
ZENML_DEBUG: true | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5.3.0 | |
with: | |
python-version: '3.9' | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
if: github.event.pull_request.head.repo.fork == false | |
- name: Test migrations across versions | |
run: bash scripts/test-migrations.sh mysql full | |
mysql-db-migration-testing-random: | |
if: github.event.pull_request.draft == false | |
needs: run-slow-ci-label-is-set | |
env: | |
ZENML_ANALYTICS_OPT_IN: false | |
ZENML_DEBUG: true | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5.3.0 | |
with: | |
python-version: '3.9' | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
if: github.event.pull_request.head.repo.fork == false | |
- name: Test migrations across versions | |
run: bash scripts/test-migrations.sh mysql random | |
sqlite-db-migration-testing-full: | |
needs: run-slow-ci-label-is-set | |
runs-on: ubuntu-latest | |
env: | |
ZENML_ANALYTICS_OPT_IN: false | |
ZENML_DEBUG: true | |
if: github.event.pull_request.draft == false | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5.3.0 | |
with: | |
python-version: '3.9' | |
- name: Test migrations across versions | |
run: bash scripts/test-migrations.sh sqlite full | |
mariadb-db-migration-testing: | |
if: github.event.pull_request.draft == false | |
needs: run-slow-ci-label-is-set | |
env: | |
ZENML_ANALYTICS_OPT_IN: false | |
ZENML_DEBUG: true | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5.3.0 | |
with: | |
python-version: '3.9' | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
if: github.event.pull_request.head.repo.fork == false | |
- name: Test migrations across versions | |
run: bash scripts/test-migrations.sh mariadb full | |
small-checks: | |
if: github.event.pull_request.draft == false | |
needs: run-slow-ci-label-is-set | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.2.2 | |
- name: Set up Python | |
uses: actions/setup-python@v5.3.0 | |
with: | |
python-version: '3.11' | |
- name: Install uv | |
run: | | |
curl -LsSf https://astral.sh/uv/install.sh | sh | |
source $HOME/.cargo/env | |
- name: Create virtual environment | |
run: | | |
uv venv | |
- name: Check for broken dependencies | |
run: | | |
source .venv/bin/activate | |
uv pip check | |
- name: Markdown link check | |
uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 | |
with: | |
use-quiet-mode: 'yes' | |
use-verbose-mode: 'no' | |
folder-path: ./examples, ./docs/book, ./src | |
file-path: ./README.md, ./LICENSE, ./RELEASE_NOTES.md, CODE-OF-CONDUCT.md, | |
CONTRIBUTING.md, CLA.md, RELEASE_NOTES.md, ROADMAP.md | |
config-file: .github/workflows/markdown_check_config.json | |
continue-on-error: true | |
- name: Security check | |
run: | | |
source .venv/bin/activate | |
uv pip install bandit | |
bash scripts/check-security.sh | |
- name: Check for alembic branch divergence | |
env: | |
ZENML_DEBUG: 0 | |
run: | | |
source .venv/bin/activate | |
uv pip install alembic | |
bash scripts/check-alembic-branches.sh | |
- name: Install latest dashboard (test gitignore) | |
run: bash scripts/install-dashboard.sh | |
ubuntu-linting: | |
needs: run-slow-ci-label-is-set | |
if: github.event.pull_request.draft == false | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ['3.9', '3.10', '3.12'] | |
fail-fast: false | |
uses: ./.github/workflows/linting.yml | |
with: | |
python-version: ${{ matrix.python-version }} | |
os: ${{ matrix.os }} | |
secrets: inherit | |
ubuntu-unit-test: | |
if: github.event.pull_request.draft == false | |
needs: [run-slow-ci-label-is-set, ubuntu-linting] | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ['3.9', '3.10', '3.12'] | |
fail-fast: false | |
uses: ./.github/workflows/unit-test.yml | |
with: | |
python-version: ${{ matrix.python-version }} | |
os: ${{ matrix.os }} | |
secrets: inherit | |
windows-linting: | |
needs: run-slow-ci-label-is-set | |
if: github.event.pull_request.draft == false | |
strategy: | |
matrix: | |
os: [windows-latest] | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
fail-fast: false | |
uses: ./.github/workflows/linting.yml | |
with: | |
python-version: ${{ matrix.python-version }} | |
os: ${{ matrix.os }} | |
secrets: inherit | |
windows-unit-test: | |
if: github.event.pull_request.draft == false | |
needs: [run-slow-ci-label-is-set, windows-linting] | |
strategy: | |
matrix: | |
os: [windows-latest] | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
fail-fast: false | |
uses: ./.github/workflows/unit-test.yml | |
with: | |
python-version: ${{ matrix.python-version }} | |
os: ${{ matrix.os }} | |
secrets: inherit | |
macos-linting: | |
needs: run-slow-ci-label-is-set | |
if: github.event.pull_request.draft == false | |
strategy: | |
matrix: | |
os: [macos-latest] | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
fail-fast: false | |
uses: ./.github/workflows/linting.yml | |
with: | |
python-version: ${{ matrix.python-version }} | |
os: ${{ matrix.os }} | |
secrets: inherit | |
macos-unit-test: | |
if: github.event.pull_request.draft == false | |
needs: [run-slow-ci-label-is-set, macos-linting] | |
strategy: | |
matrix: | |
os: [macos-latest] | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
fail-fast: false | |
uses: ./.github/workflows/unit-test.yml | |
with: | |
python-version: ${{ matrix.python-version }} | |
os: ${{ matrix.os }} | |
secrets: inherit | |
windows-integration-test: | |
if: github.event.pull_request.draft == false | |
needs: [run-slow-ci-label-is-set, windows-unit-test] | |
strategy: | |
matrix: | |
os: [windows-latest] | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
test_environment: [default] | |
fail-fast: false | |
uses: ./.github/workflows/integration-test-slow.yml | |
with: | |
os: ${{ matrix.os }} | |
python-version: ${{ matrix.python-version }} | |
test_environment: ${{ matrix.test_environment }} | |
secrets: inherit | |
macos-integration-test: | |
if: github.event.pull_request.draft == false | |
needs: [run-slow-ci-label-is-set, macos-unit-test] | |
strategy: | |
matrix: | |
os: [macos-latest] | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
test_environment: [default] | |
fail-fast: false | |
uses: ./.github/workflows/integration-test-slow.yml | |
with: | |
os: ${{ matrix.os }} | |
python-version: ${{ matrix.python-version }} | |
test_environment: ${{ matrix.test_environment }} | |
secrets: inherit | |
ubuntu-latest-integration-test: | |
if: github.event.pull_request.draft == false | |
needs: [run-slow-ci-label-is-set, ubuntu-unit-test] | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ['3.9', '3.10', '3.12'] | |
test_environment: | |
- default | |
- docker-server-docker-orchestrator-mysql | |
- docker-server-docker-orchestrator-mariadb | |
exclude: | |
# docker is time-consuming to run, so we only run it on 3.9 | |
- test_environment: docker-server-docker-orchestrator-mysql | |
python-version: '3.9' | |
- test_environment: docker-server-docker-orchestrator-mysql | |
python-version: '3.10' | |
- test_environment: docker-server-docker-orchestrator-mysql | |
python-version: '3.12' | |
- test_environment: docker-server-docker-orchestrator-mariadb | |
python-version: '3.9' | |
- test_environment: docker-server-docker-orchestrator-mariadb | |
python-version: '3.10' | |
- test_environment: docker-server-docker-orchestrator-mariadb | |
python-version: '3.12' | |
fail-fast: false | |
uses: ./.github/workflows/integration-test-slow.yml | |
with: | |
os: ${{ matrix.os }} | |
python-version: ${{ matrix.python-version }} | |
test_environment: ${{ matrix.test_environment }} | |
secrets: inherit |