Skip to content

Vulnerability fixes #11377

Vulnerability fixes

Vulnerability fixes #11377

name: assets-validation
on:
push:
branches:
- release
pull_request:
branches:
- main
workflow_dispatch:
inputs:
asset_dirs:
description: Asset directories
default: assets
required: true
env:
default_asset_dirs: assets
scripts_azureml_assets_dir: scripts/azureml-assets
scripts_assets_dir: scripts/azureml-assets/azureml/assets
scripts_release_dir: scripts/release
asset_config_filename: asset.yaml
defaults:
run:
shell: bash
permissions:
# Required for OIDC login to Azure
id-token: write
# Required to clone repo
contents: read
jobs:
check-directory-file-changes:
uses: Azure/azureml-assets/.github/workflows/check-changed-files.yaml@main
with:
folder_path: "assets/**"
forked_pr_input: false
validate:
name: Validate
needs: check-directory-file-changes
if: needs.check-directory-file-changes.outputs.files-changed != ''
runs-on: ubuntu-latest
environment: Testing
steps:
- name: Clone branch
uses: actions/checkout@v3
- name: Use Python 3.10 or newer
uses: actions/setup-python@v4
with:
python-version: '>=3.10'
- name: Log in to Azure
env:
# to use in condition
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
if: env.client_id != '' && env.tenant_id != ''
uses: azure/login@v1
with:
client-id: ${{ env.client_id }}
tenant-id: ${{ env.tenant_id }}
subscription-id: ${{ env.subscription_id }}
- name: Install dependencies
run: pip install -e $scripts_azureml_assets_dir
- name: Validate assets
run: python -u $scripts_assets_dir/validate_assets.py -i "${{ github.event.inputs.asset_dirs || env.default_asset_dirs }}" -a $asset_config_filename -c "${{ needs.check-directory-file-changes.outputs.files-changed }}" -n -I -C -b -t -e
env:
SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Validate source tree
run: python -u $scripts_assets_dir/validate_tree.py -i "${{ github.event.inputs.asset_dirs || env.default_asset_dirs }}"
- name: Check test coverage
run: |
mkdir -p ${{ runner.temp }}/test_coverage
python -u $scripts_release_dir/test_file_convert.py -i "${{ github.event.inputs.asset_dirs || env.default_asset_dirs }}" -r ${{ runner.temp }}/test_coverage