fix: Make validate-lockfile action non-blocking#361
Conversation
Signed-off-by: Fiona-Waters <[email protected]>
kramaranya
left a comment
There was a problem hiding this comment.
Thanks @Fiona-Waters
/lgtm
There was a problem hiding this comment.
Pull request overview
Updates the validate-lockfile GitHub Action to be non-blocking by turning lockfile/CVE regressions into PR warnings rather than failing the workflow.
Changes:
- Emit
::warningannotations (yellow banner) for lockfile sync failures and new HIGH/CRITICAL CVEs, while exiting with success. - Make PR commenting steps non-fatal via
continue-on-error: true. - Remove the workflow’s “main repo only” fork guard, causing it to run on fork PRs as well.
| check-security-regressions: | ||
| runs-on: ubuntu-latest | ||
| # Only run on PRs from the main repository, not forks | ||
| if: github.event.pull_request.head.repo.full_name == github.repository | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write |
There was a problem hiding this comment.
Removing the fork guard means this workflow now runs on PRs from forks too, but the job requests pull-requests: write and later attempts to create/update PR comments (which will typically be denied on fork PRs). If the intent is only to make the check non-blocking (not broaden its scope), consider restoring the job-level if: or gating the commenting steps to only run when github.event.pull_request.head.repo.full_name == github.repository so behavior matches expectations.
| echo "ERROR: uv.lock is out of sync with pyproject.toml" | ||
| echo "" | ||
| echo "This means pyproject.toml was modified but 'uv lock' was not run." | ||
| echo "" | ||
| echo "To fix this:" | ||
| echo " 1. Run: uv lock" | ||
| echo " 2. Commit the updated uv.lock file" | ||
| echo " 3. Push your changes" | ||
| echo "" | ||
| exit 1 | ||
| exit 0 # To prevent blocking |
There was a problem hiding this comment.
This step now exits 0 but still logs ERROR: uv.lock is out of sync..., which is misleading given the workflow is intentionally non-blocking. Consider changing the log wording to WARNING (or similar) and/or setting an explicit output (e.g., lockfile_out_of_sync=true) so later steps can be skipped if you don't want to scan/comment based on a potentially stale lockfile.
| echo "" | ||
|
|
||
| # This creates the yellow warning banner for security risks | ||
| echo "::warning title=Security Alert::This PR introduces new HIGH/CRITICAL vulnerabilities. Review the bot comment below." |
There was a problem hiding this comment.
The warning message says "Review the bot comment below", but on fork PRs the github-script comment step may be unable to post (and is now continue-on-error). Consider rewording this warning to not assume a PR comment will exist (e.g., point to the workflow logs and say a comment will be posted when permissions allow).
| echo "::warning title=Security Alert::This PR introduces new HIGH/CRITICAL vulnerabilities. Review the bot comment below." | |
| echo "::warning title=Security Alert::This PR introduces new HIGH/CRITICAL vulnerabilities. See this workflow's logs for details; a PR comment will be added when permissions allow." |
| - name: Comment on PR with CVE regression details | ||
| continue-on-error: true | ||
| if: always() && steps.compare.outputs.new_cves_found == 'true' | ||
| uses: actions/github-script@v8 | ||
| with: |
There was a problem hiding this comment.
Since this workflow is now non-blocking, the PR comment posted by this step should avoid language like "Why This Failed" (currently in the script body) because the check will still pass. Please update the comment text to clearly indicate it's a warning/non-blocking regression notice so reviewers aren’t misled about CI status.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andreyvelich The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* chore!: upgrade to Python 3.10 (kubeflow#282) This upgrades the minimum Python version for the project from 3.9 to 3.10. Python 3.9 is past end-of-life and dependencies will likely require a supported version soon. Signed-off-by: Jon Burdo <[email protected]> * chore: Confirm that a public ConfigMap exists to check version (kubeflow#250) * Confirm that a public ConfigMap exists to check version Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * python 3.9 fix Co-authored-by: Copilot <[email protected]> Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Exceptiom handling better Co-authored-by: Copilot <[email protected]> Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Addressing comments Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Update kubeflow/trainer/backends/kubernetes/backend.py Co-authored-by: Andrey Velichkevich <[email protected]> Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Refactored tests into a single function and followed agents.md Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * CI friendly edit Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * pre-commit format checked Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Modified according to new updates Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Ran pre-commit locally to fix formatting Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * unix2dos CLAUDE.md Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> * Revert CLAUDE.md Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> --------- Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Andrey Velichkevich <[email protected]> * chore: added sdk docs website to readme (kubeflow#284) * docs: added sdk docs website to readme Signed-off-by: Akash Jaiswal <[email protected]> * format: order of sdk docs Signed-off-by: Akash Jaiswal <[email protected]> --------- Signed-off-by: Akash Jaiswal <[email protected]> * feat(trainer): add dataset and model initializer support to container backend (kubeflow#188) * feat(trainer): add dataset and model initializer support to container backend Add support for dataset and model initializers in the container backend to bring it to feature parity with the Kubernetes backend. Changes: - Add utility functions for building initializer commands and environment variables - Implement _run_initializers() and _run_single_initializer() methods in ContainerBackend - Run initializers sequentially before training containers start - Download datasets to /workspace/dataset and models to /workspace/model - Track initializer containers as separate steps in TrainJob - Support all initializer types: HuggingFace, S3, and DataCache - Add comprehensive unit tests for all initializer configurations - Handle initializer failures with proper cleanup and error messages Fixes kubeflow#171 Signed-off-by: HKanoje <[email protected]> * feat(trainer): address reviewer feedback for initializer support - Make initializer image configurable via ContainerBackendConfig - Make initializer timeout configurable (default 600 seconds) - Implement wait API in adapters instead of polling - Clean up successful initializer containers after completion - Clean up network on initializer failure - Raise ValueError for unsupported initializer types (no datacache fallback) All tests passing (173/173). Addresses all feedback from PR kubeflow#188. Signed-off-by: HKanoje <[email protected]> * chore(trainer): add cleanup helper to reduce duplication Add _cleanup_container_resources() helper method to consolidate duplicated cleanup logic for stopping/removing containers and deleting networks. Refactor 5 locations across train(), initializer handlers, and delete_job() to use this helper. Signed-off-by: HKanoje <[email protected]> * fix(trainer): use correct initializer images and working directory Address feedback for initializer support in container backend: - Use separate images for dataset/model initializers: - kubeflow/dataset-initializer:latest for datasets - kubeflow/model-initializer:latest for models (instead of kubeflow/training-operator:latest) - Update python commands to use pkg.initializers module: - python -m pkg.initializers.dataset (for dataset) - python -m pkg.initializers.model (for model) - Change initializer working_dir from /workspace to /app per Dockerfile convention Refs: https://github.com/kubeflow/trainer/tree/master/cmd/initializers Signed-off-by: HKanoje <[email protected]> * fix(container): address PR review comments for initializer support - Use GHCR images as default for dataset/model initializers - Replace suppress with try-except blocks - Refactor initializer utils with ContainerInitializer dataclass - Add get_dataset_initializer and get_model_initializer functions - Remove DataCache support (unsupported in container backend) - Merge initializer tests into test_train() and test_get_job_logs() - Remove duplicate test functions Signed-off-by: HKanoje <[email protected]> * fix(container): add name field to ContainerInitializer and remove init_type - Add name field to ContainerInitializer dataclass - Set name='dataset-initializer' and name='model-initializer' in utils - Remove init_type parameter from _run_single_initializer() - Use container_init.name for labels and log messages Signed-off-by: HKanoje <[email protected]> --------- Signed-off-by: HKanoje <[email protected]> * feat: add SparkClient API for SparkConnect session management (kubeflow#225) * feat(spark): add core types, dataclasses, and constants - Add SparkConnectInfo, SparkConnectState, Driver, Executor types - Add type tests for validation - Add Kubernetes backend constants (CRD group, version, defaults) Signed-off-by: Shekhar Rajak <[email protected]> * feat(spark): add backend base class and options pattern - Add RuntimeBackend abstract base class with session lifecycle methods - Add options pattern (Name, Image, Timeout, etc.) aligned with trainer SDK - Add validation utilities for connect parameters - Add comprehensive option tests Signed-off-by: Shekhar Rajak <[email protected]> * feat(spark): add KubernetesBackend for SparkConnect CRD operations - Implement KubernetesBackend with create/get/list/delete session methods - Add port-forward support for out-of-cluster connections - Add CRD builder utilities and URL validation - Add comprehensive backend and utils tests with parametrized patterns Signed-off-by: Shekhar Rajak <[email protected]> * feat(spark): add SparkClient API with KEP-107 compliant connect method - Implement SparkClient as main user interface for SparkConnect sessions - Support connect to existing server (base_url) or auto-create new session - Add public exports for SparkClient, Driver, Executor, options - Add SparkClient unit tests Signed-off-by: Shekhar Rajak <[email protected]> * chore(spark): add test infrastructure and package init files - Add test common utilities and fixtures - Add package __init__ files for test directories - Setup test/e2e/spark structure Signed-off-by: Shekhar Rajak <[email protected]> * feat(spark): add example scripts demonstrating SparkClient usage - Add spark_connect_simple.py with 3 usage levels (minimal, simple, advanced) - Add spark_advanced_options.py with full configuration examples - Add connect_existing_session.py for connecting to existing servers - Add demo and test scripts for local development Signed-off-by: Shekhar Rajak <[email protected]> * docs(spark): add documentation for SparkClient and E2E testing - Add examples/spark/README.md with usage guide - Add local Spark Connect testing documentation - Add E2E test README with CI/CD integration guide - Update KEP-107 proposal documentation Signed-off-by: Shekhar Rajak <[email protected]> * test(spark): add E2E test framework with cluster watcher - Add test_spark_examples.py with example validation tests - Add cluster_watcher.py for monitoring SparkConnect and pods during tests - Add run_in_cluster.py for executing examples as K8s Jobs Signed-off-by: Shekhar Rajak <[email protected]> * ci(spark): add GitHub Actions workflow and E2E cluster setup - Add test-spark-examples.yaml workflow for E2E validation - Add e2e-setup-cluster.sh for Kind cluster with Spark Operator - Add SparkConnect CRD, Kind config, and E2E runner Dockerfile - Update Makefile with E2E setup target - Update PR title check for spark prefix Signed-off-by: Shekhar Rajak <[email protected]> * chore(spark): add pyspark[connect] dependency and update lock file - Add spark extra with pyspark[connect]==3.4.1 for grpcio, pandas, pyarrow - Update uv.lock with resolved dependencies - Update .gitignore for spark-related files Signed-off-by: Shekhar Rajak <[email protected]> * Update kubeflow/spark/backends/base.py Co-authored-by: Andrey Velichkevich <[email protected]> Signed-off-by: Shekhar Prasad Rajak <[email protected]> * refactor(spark): rename backend.connect_session() to connect() Signed-off-by: Shekhar Rajak <[email protected]> * refactor: move session creation flow from SparkClient to backend.create_and_connect() Signed-off-by: Shekhar Rajak <[email protected]> --------- Signed-off-by: Shekhar Rajak <[email protected]> Signed-off-by: Shekhar Prasad Rajak <[email protected]> Co-authored-by: Andrey Velichkevich <[email protected]> * chore: bump minimum model-registry version to 0.3.6 (kubeflow#289) Signed-off-by: Jon Burdo <[email protected]> * fix: Improve CVE workflow (kubeflow#267) * fix: Improve CVE workflow Signed-off-by: Fiona-Waters <[email protected]> * fix: fix issue with bash compare Signed-off-by: Fiona-Waters <[email protected]> * feat: Add workflow to cleanup overrides in pyproject.toml Signed-off-by: Fiona-Waters <[email protected]> * fix: address review comments Signed-off-by: Fiona-Waters <[email protected]> * chore: refactor to reduce size of cve related workflows Signed-off-by: Fiona-Waters <[email protected]> --------- Signed-off-by: Fiona-Waters <[email protected]> * chore: upgrade code style for python3.10 (kubeflow#288) * chore: update code style for Python 3.10 This disables a couple ruff rules in pyproject.toml: ``` "UP007", # Use X | Y instead of Union[X, Y] (requires Python 3.10+) "UP045", # Use X | None instead of Optional[X] (requires Python 3.10+) ``` Then the code changes are made with: ``` uv run ruff check --fix uv run ruff format ``` Signed-off-by: Jon Burdo <[email protected]> * fix: handle unions, bools in convert_value The convert_value function didn't seems to be handling union types properly and also needs to handle `T | None` similarly to `Optional[None]` after the upgrade to Python 3.10. This fixes union types, an issue with bool conversion, and adds tests for this function. Signed-off-by: Jon Burdo <[email protected]> --------- Signed-off-by: Jon Burdo <[email protected]> * chore(ci): bump astral-sh/setup-uv from 5 to 7 (kubeflow#276) Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5 to 7. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v5...v7) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the python-minor group across 1 directory with 4 updates (kubeflow#291) Bumps the python-minor group with 4 updates in the / directory: [coverage](https://github.com/coveragepy/coveragepy), [ruff](https://github.com/astral-sh/ruff), [pre-commit](https://github.com/pre-commit/pre-commit) and [ty](https://github.com/astral-sh/ty). Updates `coverage` from 7.10.7 to 7.13.4 - [Release notes](https://github.com/coveragepy/coveragepy/releases) - [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.10.7...7.13.4) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) Updates `pre-commit` from 4.3.0 to 4.5.1 - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v4.3.0...v4.5.1) Updates `ty` from 0.0.14 to 0.0.16 - [Release notes](https://github.com/astral-sh/ty/releases) - [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md) - [Commits](astral-sh/ty@0.0.14...0.0.16) --- updated-dependencies: - dependency-name: coverage dependency-version: 7.13.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor - dependency-name: pre-commit dependency-version: 4.5.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor - dependency-name: ty dependency-version: 0.0.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: Added examples to the documentation demonstrating different ways to handle ports (kubeflow#243) * update docs and add test cases. Signed-off-by: osamaahmed17 <[email protected]> * pre-commit error solved Signed-off-by: osamaahmed17 <[email protected]> * Update kubeflow/hub/api/model_registry_client.py Co-authored-by: Jon Burdo <[email protected]> Signed-off-by: Osama Tahir <[email protected]> * readme updated Signed-off-by: Osama Tahir <[email protected]> * Refactor model registry client test cases for clarity Signed-off-by: Osama Tahir <[email protected]> --------- Signed-off-by: osamaahmed17 <[email protected]> Signed-off-by: Osama Tahir <[email protected]> Co-authored-by: Jon Burdo <[email protected]> * chore(ci): bump peter-evans/create-pull-request from 6 to 8 (kubeflow#277) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6 to 8. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v6...v8) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(ci): bump actions/checkout from 4 to 6 (kubeflow#278) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: Adds a GitHub Actions workflow to check kubeflow/hub/OWNERS. (kubeflow#280) * Add OWNERS validation Signed-off-by: muhammadjunaid8047 <[email protected]> * Update .github/workflows/check-owners.yaml Co-authored-by: Jon Burdo <[email protected]> Signed-off-by: Muhammad Junaid <[email protected]> * Update OWNERS file check in workflow Signed-off-by: Muhammad Junaid <[email protected]> * Update paths in check-owners workflow Signed-off-by: Muhammad Junaid <[email protected]> --------- Signed-off-by: muhammadjunaid8047 <[email protected]> Signed-off-by: Muhammad Junaid <[email protected]> Co-authored-by: Jon Burdo <[email protected]> * fix: nightly security dependency updates (kubeflow#296) Co-authored-by: google-oss-prow <[email protected]> * chore(ci): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 in the actions group (kubeflow#297) Bumps the actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.34.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pytest from 8.4.2 to 9.0.2 (kubeflow#301) Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.2 to 9.0.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.4.2...9.0.2) --- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(trainer): Support namespaced TrainingRuntime in the SDK (kubeflow#130) * feat(backend): Support namespaced TrainingRuntime in the SDK Signed-off-by: Moeed Shaik <[email protected]> * Fixed bugs and validated current test cases Signed-off-by: Moeed Shaik <[email protected]> * Fixed pre-commit test failure Signed-off-by: Moeed Shaik <[email protected]> * Addressed comments Signed-off-by: Moeed Shaik <[email protected]> * Fixed no attribute 'DEFAULT_TIMEOUT' error Signed-off-by: Moeed Shaik <[email protected]> * Added namespace-scoped runtime to test cases Signed-off-by: Moeed Shaik <[email protected]> * Addressed fallback logic bugs Signed-off-by: Moeed Shaik <[email protected]> * Added scope field to Runtime Signed-off-by: Moeed Shaik <[email protected]> * Improved code Signed-off-by: Moeed Shaik <[email protected]> * Fixed copilot's comments Signed-off-by: Moeed Shaik <[email protected]> * Shadow duplicate runtimes, priority to ns Signed-off-by: Moeed Shaik <[email protected]> * Fixed bug Signed-off-by: Moeed Shaik <[email protected]> * Fixed copilot comments Signed-off-by: Moeed Shaik <[email protected]> * Improved test cases to validate all possible cases Signed-off-by: Moeed Shaik <[email protected]> * small fix Signed-off-by: Moeed Shaik <[email protected]> * lint fix Signed-off-by: Moeed Shaik <[email protected]> * improved error message Co-authored-by: Copilot <[email protected]> Signed-off-by: Moeed <[email protected]> * refactored code Signed-off-by: Moeed Shaik <[email protected]> * improve code Signed-off-by: Moeed Shaik <[email protected]> * Removed RuntimeScope Signed-off-by: Moeed Shaik <[email protected]> * removed scope references and improved error handling as per kubeflow standards Signed-off-by: Moeed Shaik <[email protected]> --------- Signed-off-by: Moeed Shaik <[email protected]> Signed-off-by: Moeed <[email protected]> Co-authored-by: Copilot <[email protected]> * fix: Fix runtime lookup fallback and test local SDK in E2E (kubeflow#307) * fix: Install SDK locally in E2E workflow and improve error handling for runtime fetching in Kubernetes backend. Signed-off-by: XploY04 <[email protected]> * refactor: Explicitly return errors from and refine exception handling in . Signed-off-by: XploY04 <[email protected]> * docs: update comment to clarify Kubeflow SDK installation from source in e2e workflow. Signed-off-by: XploY04 <[email protected]> * feat: Enhance runtime retrieval tests to cover Kubernetes API 404/403 errors and partial success for list operations on timeout. Signed-off-by: XploY04 <[email protected]> * refactor: Update runtime listing to immediately raise exceptions on failure instead of collecting partial results. Signed-off-by: XploY04 <[email protected]> --------- Signed-off-by: XploY04 <[email protected]> * chore(ci): bump actions/setup-python from 5 to 6 (kubeflow#298) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the python-minor group with 2 updates (kubeflow#299) Bumps the python-minor group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [ty](https://github.com/astral-sh/ty). Updates `ruff` from 0.15.0 to 0.15.1 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.0...0.15.1) Updates `ty` from 0.0.16 to 0.0.17 - [Release notes](https://github.com/astral-sh/ty/releases) - [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md) - [Commits](astral-sh/ty@0.0.16...0.0.17) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.15.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor - dependency-name: ty dependency-version: 0.0.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve logging around packages_to_install (kubeflow#269) * improve logging around packages_to_install Signed-off-by: Brian Gallagher <[email protected]> * exit when pip install fails, append errors from both attempts Signed-off-by: Brian Gallagher <[email protected]> * Add shlex to address command injection vulnerabilities. Write pip install logfile to cwd Signed-off-by: Brian Gallagher <[email protected]> --------- Signed-off-by: Brian Gallagher <[email protected]> * feat: Add validate lockfile workflow to complement CVE scanning (kubeflow#306) * feat: Add validate lockfile workflow to complement CVE scanning Signed-off-by: Fiona-Waters <[email protected]> * fix: make cve fix pr branch static Signed-off-by: Fiona-Waters <[email protected]> --------- Signed-off-by: Fiona-Waters <[email protected]> * fix(trainer): handle falsy values in get_args_from_peft_config (kubeflow#328) * fix(trainer): handle falsy values in get_args_from_peft_config Signed-off-by: krishdef7 <[email protected]> * fix: apply pre-commit formatting Signed-off-by: krishdef7 <[email protected]> * fix: also handle falsy train_on_input in dataset_preprocess_config Signed-off-by: krishdef7 <[email protected]> * fix: add missing newline at end of utils_test.py Signed-off-by: krishdef7 <[email protected]> * fix: pre-commit formatting Signed-off-by: krishdef7 <[email protected]> --------- Signed-off-by: krishdef7 <[email protected]> * fix(optimizer): prevent input mutation in optimize() (kubeflow#322) * fix(optimizer): prevent input mutation in optimize() Signed-off-by: ruskaruma <[email protected]> * remove unnecessary things Signed-off-by: ruskaruma <[email protected]> * rename test Signed-off-by: ruskaruma <[email protected]> --------- Signed-off-by: ruskaruma <[email protected]> * feat: add TrainerClient examples for local PyTorch distributed training (kubeflow#312) * docs: add TrainerClient examples for local PyTorch distributed training - Add examples/trainer/pytorch_distributed_simple.py - Add examples/trainer/README.md - Demonstrates LocalProcessBackend usage without Kubernetes - Fixes kubeflow#218 Signed-off-by: Mansi Singh <[email protected]> * docs: add training examples table to SDK website Signed-off-by: Mansi Singh <[email protected]> * docs: expand examples table with PyTorch, MLX, DeepSpeed, and TorchTune examples grouped by framework Signed-off-by: Mansi Singh <[email protected]> --------- Signed-off-by: Mansi Singh <[email protected]> * chore: fix docstrings in TrainerClient (kubeflow#333) Signed-off-by: Transcendental-Programmer <[email protected]> * feat(spark): Refactor unit tests to sdk coding standards (kubeflow#293) * Refactored unit test Signed-off-by: digvijay-y <[email protected]> * Changes made Signed-off-by: digvijay-y <[email protected]> * Version Signed-off-by: digvijay-y <[email protected]> * Restructured clien_test Signed-off-by: digvijay-y <[email protected]> * reformated backend_test.py Signed-off-by: digvijay-y <[email protected]> * revert pyproject.toml and uv.lock changes Signed-off-by: digvijay-y <[email protected]> * Standarized spark backend tests Signed-off-by: digvijay-y <[email protected]> * backend_tests Signed-off-by: digvijay-y <[email protected]> --------- Signed-off-by: digvijay-y <[email protected]> * fix(optimizer): add missing get_job_events() to RuntimeBackend base c… (kubeflow#325) * fix(optimizer): add missing get_job_events() to RuntimeBackend base class Signed-off-by: ruskaruma <[email protected]> * Update kubeflow/optimizer/backends/base.py Co-authored-by: Copilot <[email protected]> Signed-off-by: Ruskaruma <[email protected]> * Update kubeflow/optimizer/backends/base.py Co-authored-by: Andrey Velichkevich <[email protected]> Signed-off-by: Ruskaruma <[email protected]> * fix: add abstractmethod, remove docstrings Signed-off-by: ruskaruma <[email protected]> * make get_job_events abstract in RuntimeBackend Signed-off-by: ruskaruma <[email protected]> * Update kubeflow/trainer/backends/localprocess/backend.py Co-authored-by: Andrey Velichkevich <[email protected]> Signed-off-by: Ruskaruma <[email protected]> * fix Signed-off-by: ruskaruma <[email protected]> --------- Signed-off-by: ruskaruma <[email protected]> Signed-off-by: Ruskaruma <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Andrey Velichkevich <[email protected]> * chore(spark): migrate SDK to kubeflow_spark_api Pydantic models (kubeflow#295) * chore(spark): add kubeflow-spark-api dependency Signed-off-by: tariq-hasan <[email protected]> * chore(spark): migrate options to typed Pydantic models Signed-off-by: tariq-hasan <[email protected]> * chore(spark): migrate utils to typed Pydantic models Signed-off-by: tariq-hasan <[email protected]> * chore(spark): migrate backend to typed Pydantic models Signed-off-by: tariq-hasan <[email protected]> * chore(spark): refactor tests to use typed models and cleanup Signed-off-by: tariq-hasan <[email protected]> * chore(spark): rename build_spark_connect_crd to build_spark_connect_cr Signed-off-by: tariq-hasan <[email protected]> * fix(spark): use typed model helpers in mock handlers Signed-off-by: tariq-hasan <[email protected]> * chore(spark): bump kubeflow-spark-api to 2.4.0 Signed-off-by: tariq-hasan <[email protected]> --------- Signed-off-by: tariq-hasan <[email protected]> * feat(docs): Update README with Spark Support (kubeflow#349) Signed-off-by: Andrey Velichkevich <[email protected]> * fix(trainer): return TRAINJOB_COMPLETE when all steps are done (kubeflow#340) * fix(local): return TRAINJOB_COMPLETE when all steps are done (kubeflow#338) Signed-off-by: priyank <[email protected]> * test(trainer): add test case for __get_job_status Signed-off-by: priyank <[email protected]> * fix(trainer): early return TRAINJOB_CREATED when job has no steps Signed-off-by: priyank <[email protected]> * test(trainer): refactor test_get_job_status with TestCase fixture Signed-off-by: priyank <[email protected]> --------- Signed-off-by: priyank <[email protected]> * fix(trainer): adapt SDK to removal of numProcPerNode from TorchMLPolicySource (kubeflow#360) Signed-off-by: tariq-hasan <[email protected]> * fix: Make validate-lockfile action non-blocking (kubeflow#361) Signed-off-by: Fiona-Waters <[email protected]> * chore(spark): change pyspark[connect] dependency (kubeflow#357) Change pyspark[connect] 3.4.1 dependency to pyspark-connect 4.0.1. This matches the version of Spark in the spark-operator container image (https://github.com/kubeflow/spark-operator/blob/master/Dockerfile#L17). Signed-off-by: Ali Maredia <[email protected]> * chore(spark): remove SDK-side validation from SparkClient (kubeflow#345) Remove all SDK-side input validation from the spark module. Validation will be handled server-side by the Spark Operator admission webhooks (spark-operator#2862). - Remove validation.py and validation_test.py - Remove isinstance checks from _create_session() - Remove ValidationError from public API Closes: kubeflow#272 Signed-off-by: Yassin Nouh <[email protected]> Signed-off-by: yassinnouh21 <[email protected]> * chore: Merge upstream/main (preserving downstream config) Signed-off-by: Brian Gallagher <[email protected]> * update workflow to skip requirements generation on merge conflict Signed-off-by: Brian Gallagher <[email protected]> * remove compatibility with python 3.9 and udpated tests Signed-off-by: Brian Gallagher <[email protected]> * fix tests Signed-off-by: Brian Gallagher <[email protected]> --------- Signed-off-by: Jon Burdo <[email protected]> Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> Signed-off-by: Surya Sameer Datta Vaddadi <[email protected]> Signed-off-by: Akash Jaiswal <[email protected]> Signed-off-by: HKanoje <[email protected]> Signed-off-by: Shekhar Rajak <[email protected]> Signed-off-by: Shekhar Prasad Rajak <[email protected]> Signed-off-by: Fiona-Waters <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: osamaahmed17 <[email protected]> Signed-off-by: Osama Tahir <[email protected]> Signed-off-by: muhammadjunaid8047 <[email protected]> Signed-off-by: Muhammad Junaid <[email protected]> Signed-off-by: Moeed Shaik <[email protected]> Signed-off-by: Moeed <[email protected]> Signed-off-by: XploY04 <[email protected]> Signed-off-by: Brian Gallagher <[email protected]> Signed-off-by: krishdef7 <[email protected]> Signed-off-by: ruskaruma <[email protected]> Signed-off-by: Mansi Singh <[email protected]> Signed-off-by: Transcendental-Programmer <[email protected]> Signed-off-by: digvijay-y <[email protected]> Signed-off-by: Ruskaruma <[email protected]> Signed-off-by: tariq-hasan <[email protected]> Signed-off-by: Andrey Velichkevich <[email protected]> Signed-off-by: priyank <[email protected]> Signed-off-by: Ali Maredia <[email protected]> Signed-off-by: Yassin Nouh <[email protected]> Signed-off-by: yassinnouh21 <[email protected]> Co-authored-by: Jon Burdo <[email protected]> Co-authored-by: Surya Sameer Datta Vaddadi <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Andrey Velichkevich <[email protected]> Co-authored-by: Akash Jaiswal <[email protected]> Co-authored-by: Hrithik Kanoje <[email protected]> Co-authored-by: Shekhar Prasad Rajak <[email protected]> Co-authored-by: Fiona Waters <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Osama Tahir <[email protected]> Co-authored-by: Muhammad Junaid <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: google-oss-prow <[email protected]> Co-authored-by: Moeed <[email protected]> Co-authored-by: Yash Agarwal <[email protected]> Co-authored-by: krishdef7 <[email protected]> Co-authored-by: Ruskaruma <[email protected]> Co-authored-by: Mansi Singh <[email protected]> Co-authored-by: Priyansh Saxena <[email protected]> Co-authored-by: DIGVIJAY <[email protected]> Co-authored-by: Tariq Hasan <[email protected]> Co-authored-by: Priyank Patel <[email protected]> Co-authored-by: Ali Maredia <[email protected]> Co-authored-by: Yassin Nouh <[email protected]>
What this PR does / why we need it:
This PR updates the validate-lockfile action so that it is non-blocking.
Here is the new flow:
Which issue(s) this PR fixes (optional, in
Fixes #<issue number>, #<issue number>, ...format, will close the issue(s) when PR gets merged):Fixes #
cc @kramaranya @andreyvelich
Checklist: