From cbc416cfcc89ad1186db45252ad6608772f9a94e Mon Sep 17 00:00:00 2001 From: marvinfriede <51965259+marvinfriede@users.noreply.github.com> Date: Wed, 18 Dec 2024 15:39:17 -0600 Subject: [PATCH] Update workflows (PyTorch 2.5.1, zizmor security fixes) --- .github/workflows/codeql.yaml | 2 ++ .github/workflows/macos-arm.yaml | 14 ++++++++++---- .github/workflows/macos-x86.yaml | 15 +++++++++------ .github/workflows/release.yaml | 8 ++++++-- .github/workflows/ubuntu-nolibcint.yaml | 25 ++++++++++--------------- .github/workflows/ubuntu-pytorch-1.yaml | 12 +++++++++--- .github/workflows/ubuntu.yaml | 20 +++++++++++++------- .github/workflows/windows.yaml | 16 +++++++++++----- README.md | 2 +- tox.ini | 9 +++++---- 10 files changed, 76 insertions(+), 47 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 163eac5f6..54edf4385 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -57,6 +57,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/macos-arm.yaml b/.github/workflows/macos-arm.yaml index e5901597c..3181b1452 100644 --- a/.github/workflows/macos-arm.yaml +++ b/.github/workflows/macos-arm.yaml @@ -46,7 +46,7 @@ jobs: # https://github.com/actions/setup-python/issues/696 python-version: ["3.10", "3.11", "3.12"] # only test oldest and newest version of torch - torch-version: ["1.11.0", "2.5.0"] + torch-version: ["1.11.0", "2.5.1"] exclude: # Check latest versions here: https://download.pytorch.org/whl/torch/ # @@ -74,7 +74,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 @@ -90,7 +92,11 @@ jobs: run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')-nolibcint" >> $GITHUB_ENV - name: Print TOXENV - run: echo "TOXENV is set to '${{ env.TOXENV }}'." + run: echo "TOXENV is set to '${TOXENV}'." + env: + TOXENV: ${{ env.TOXENV }} - name: Unittests with tox - run: EXTRAS=pyscf tox -e ${{ env.TOXENV }} + run: EXTRAS=pyscf tox -e $TOXENV + env: + TOXENV: ${{ env.TOXENV }} diff --git a/.github/workflows/macos-x86.yaml b/.github/workflows/macos-x86.yaml index 9753c5708..22b64d632 100644 --- a/.github/workflows/macos-x86.yaml +++ b/.github/workflows/macos-x86.yaml @@ -76,9 +76,6 @@ jobs: torch-version: "1.12.1" - python-version: "3.11" torch-version: "1.13.1" - # PyTorch>=2.5.0 does not support Python<3.9 - - python-version: "3.8" - torch-version: "2.5.0" runs-on: ${{ matrix.os }} @@ -88,7 +85,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 @@ -104,7 +103,11 @@ jobs: run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')-nolibcint" >> $GITHUB_ENV - name: Print TOXENV - run: echo "TOXENV is set to '${{ env.TOXENV }}'." + run: echo "TOXENV is set to '${TOXENV}'." + env: + TOXENV: ${{ env.TOXENV }} - name: Unittests with tox - run: EXTRAS=pyscf tox -e ${{ env.TOXENV }} + run: EXTRAS=pyscf tox -e $TOXENV + env: + TOXENV: ${{ env.TOXENV }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 79613de83..f984d9468 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Build wheel (bdist) run: pipx run build --wheel @@ -48,7 +50,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Build source distribution (sdist) run: pipx run build --sdist diff --git a/.github/workflows/ubuntu-nolibcint.yaml b/.github/workflows/ubuntu-nolibcint.yaml index 836137e02..4a68405f3 100644 --- a/.github/workflows/ubuntu-nolibcint.yaml +++ b/.github/workflows/ubuntu-nolibcint.yaml @@ -44,7 +44,7 @@ jobs: os: [ubuntu-latest] # PyTorch>=2.5.0 does not support Python<3.9 python-version: ["3.9", "3.10", "3.11", "3.12"] - torch-version: ["2.5.0"] + torch-version: ["2.5.1"] runs-on: ${{ matrix.os }} @@ -54,7 +54,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 @@ -70,18 +72,11 @@ jobs: run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')-nolibcint" >> $GITHUB_ENV - name: Print TOXENV - run: echo "TOXENV is set to '${{ env.TOXENV }}'." + run: echo "TOXENV is set to '${TOXENV}'." + env: + TOXENV: ${{ env.TOXENV }} - name: Unittests with tox - run: EXTRAS=pyscf tox -e ${{ env.TOXENV }} - - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 - if: > - matrix.python-version == '3.11' && - matrix.torch-version == '2.2.2' && - matrix.os == 'ubuntu-latest' - with: - files: ./coverage.xml # optional - token: ${{ secrets.CODECOV_TOKEN }} # required - verbose: true # optional (default = false) + run: EXTRAS=pyscf tox -e $TOXENV + env: + TOXENV: ${{ env.TOXENV }} diff --git a/.github/workflows/ubuntu-pytorch-1.yaml b/.github/workflows/ubuntu-pytorch-1.yaml index 40c041780..8374b5b1f 100644 --- a/.github/workflows/ubuntu-pytorch-1.yaml +++ b/.github/workflows/ubuntu-pytorch-1.yaml @@ -66,7 +66,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 @@ -82,7 +84,11 @@ jobs: run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')" >> $GITHUB_ENV - name: Print TOXENV - run: echo "TOXENV is set to '${{ env.TOXENV }}'." + run: echo "TOXENV is set to '${TOXENV}'." + env: + TOXENV: ${{ env.TOXENV }} - name: Unittests with tox - run: EXTRAS=pyscf tox -e ${{ env.TOXENV }}-libcint + run: EXTRAS=pyscf tox -e ${TOXENV}-libcint + env: + TOXENV: ${{ env.TOXENV }} diff --git a/.github/workflows/ubuntu.yaml b/.github/workflows/ubuntu.yaml index 90b022d5c..dd2fa6954 100644 --- a/.github/workflows/ubuntu.yaml +++ b/.github/workflows/ubuntu.yaml @@ -43,7 +43,7 @@ jobs: matrix: os: [ubuntu-latest] python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] - torch-version: ["2.0.1", "2.1.2", "2.2.2", "2.3.1", "2.4.1", "2.5.0"] + torch-version: ["2.0.1", "2.1.2", "2.2.2", "2.3.1", "2.4.1", "2.5.1"] exclude: # Check latest versions here: https://download.pytorch.org/whl/torch/ # @@ -59,7 +59,7 @@ jobs: torch-version: "2.1.2" # PyTorch>=2.5.0 does not support Python<3.9 - python-version: "3.8" - torch-version: "2.5.0" + torch-version: "2.5.1" runs-on: ${{ matrix.os }} @@ -69,7 +69,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 @@ -85,16 +87,20 @@ jobs: run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')" >> $GITHUB_ENV - name: Print TOXENV - run: echo "TOXENV is set to '${{ env.TOXENV }}'." + run: echo "TOXENV is set to '${TOXENV}'." + env: + TOXENV: ${{ env.TOXENV }} - name: Unittests with tox - run: EXTRAS=pyscf tox -e ${{ env.TOXENV }}-libcint + run: EXTRAS=pyscf tox -e ${TOXENV}-libcint + env: + TOXENV: ${{ env.TOXENV }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # 5.1.1 if: > matrix.python-version == '3.11' && - matrix.torch-version == '2.2.2' && + matrix.torch-version == '2.5.1' && matrix.os == 'ubuntu-latest' with: files: ./coverage.xml # optional diff --git a/.github/workflows/windows.yaml b/.github/workflows/windows.yaml index d724397a2..827f9048e 100644 --- a/.github/workflows/windows.yaml +++ b/.github/workflows/windows.yaml @@ -44,7 +44,7 @@ jobs: os: [windows-latest] python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] # only test oldest and newest version of torch - torch-version: ["1.11.0", "2.5.0"] + torch-version: ["1.11.0", "2.5.1"] exclude: # Check latest versions here: https://download.pytorch.org/whl/torch/ # @@ -73,7 +73,7 @@ jobs: torch-version: "1.13.1" # PyTorch>=2.5.0 does not support Python<3.9 - python-version: "3.8" - torch-version: "2.5.0" + torch-version: "2.5.1" runs-on: ${{ matrix.os }} @@ -83,7 +83,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 @@ -99,7 +101,11 @@ jobs: run: echo "TOXENV=py$(echo ${{ matrix.python-version }} | tr -d '.')-torch$(echo ${{ matrix.torch-version }} | tr -d '.')-nolibcint" >> $GITHUB_ENV - name: Print TOXENV - run: echo "TOXENV is set to '${{ env.TOXENV }}'." + run: echo "TOXENV is set to '${TOXENV}'." + env: + TOXENV: ${{ env.TOXENV }} - name: Unittests with tox - run: tox -e ${{ env.TOXENV }} + run: tox -e $TOXENV + env: + TOXENV: ${{ env.TOXENV }} diff --git a/README.md b/README.md index 420638a21..0bc0fd9e5 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ For more examples and details, check out [the documentation](https://dxtb.readth | 2.2.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | 2.3.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | 2.4.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| 2.5.0 | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| 2.5.1 | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | Note that only the latest bug fix version is listed, but all preceding bug fix minor versions are supported. For example, although only version 2.2.2 is listed, version 2.2.0 and 2.2.1 are also supported. diff --git a/tox.ini b/tox.ini index 3b8ec4a4c..62b3aee28 100644 --- a/tox.ini +++ b/tox.ini @@ -19,10 +19,10 @@ min_version = 4.0 isolated_build = True envlist = py38-torch{1110,1121,1131,201,212,222,231,241}-{nolibcint,libcint}, - py39-torch{1110,1121,1131,201,212,222,231,241,250,260}-{nolibcint,libcint}, - py310-torch{1110,1121,1131,201,212,222,231,241,250,260}-{nolibcint,libcint}, - py311-torch{1131,201,212,222,231,241,250,260}-{nolibcint,libcint}, - py312-torch{222,231,241,250,260}-{nolibcint,libcint} + py39-torch{1110,1121,1131,201,212,222,231,241,251,260}-{nolibcint,libcint}, + py310-torch{1110,1121,1131,201,212,222,231,241,251,260}-{nolibcint,libcint}, + py311-torch{1131,201,212,222,231,241,251,260}-{nolibcint,libcint}, + py312-torch{222,231,241,251,260}-{nolibcint,libcint} [testenv] setenv = @@ -47,6 +47,7 @@ deps = torch240: torch==2.4.0 torch241: torch==2.4.1 torch250: torch==2.5.0 + torch250: torch==2.5.1 torch260: torch==2.6.0 extras =