Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional python requirements #11522

Merged
merged 4 commits into from
May 20, 2022
Merged

Add additional python requirements #11522

merged 4 commits into from
May 20, 2022

Conversation

garymm
Copy link
Contributor

@garymm garymm commented May 13, 2022
edited
Loading

These are used by some of the python code in the package, e.g.,

onnxruntime/onnxruntime/python/tools/transformers/optimizer.py

Line 25 in 0292356

import coloredlogs

onnxruntime/onnxruntime/python/tools/symbolic_shape_infer.py

Line 10 in c8270c2

import sympy

onnxruntime/onnxruntime/python/tools/transformers/torch_onnx_export_helper.py

Line 9 in 0292356

from packaging.version import Version

@garymm garymm changed the title Add coloredlogs to requirements Add additional python requirements May 13, 2022
@snnn snnn requested review from jywu-msft and pranavsharma May 15, 2022 18:05
thiagocrepaldi
thiagocrepaldi previously requested changes May 16, 2022
View reviewed changes
Copy link
Contributor

@thiagocrepaldi thiagocrepaldi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe you need to add its license at ThirdPartyNotice.txt

Refer to the commit below as an example

commit ef20efe
Author: Thiago Crepaldi [email protected]
Date: Mon Aug 17 15:03:54 2020 -0700

Register cerberus license into ThirdPartyNotices.txt (#4828)

You also have to ensure the Governance Compliance component check is passing (the CI does not fail when an issue is found, but it is logged instead)

@garymm garymm force-pushed the garymm-coloredlogs branch from 1721810 to adb32a1 Compare May 17, 2022 18:48
@garymm
Copy link
Contributor Author

garymm commented May 17, 2022

Thanks @thiagocrepaldi .

I believe you need to add its license at ThirdPartyNotice.txt

We're not distributing this software ourselves (e.g. by including any part of it in our packages), just declaring deps, so I don't think so.
Notice for example that numpy is not mentioned in that file.
But if I'm wrong could you please explain what the criteria is for being included in that file?

You also have to ensure the Governance Compliance component check is passing (the CI does not fail when an issue is found, but it is logged instead)

I don't see that in the list of checks. Do I need to trigger it manually? How?

@baijumeswani
Copy link
Contributor

@snnn does the file need to be named as requirements.txt (without the .in suffix) for component governance stuff?

@thiagocrepaldi
Copy link
Contributor

Thanks @thiagocrepaldi .

I believe you need to add its license at ThirdPartyNotice.txt

We're not distributing this software ourselves (e.g. by including any part of it in our packages), just declaring deps, so I don't think so. Notice for example that numpy is not mentioned in that file. But if I'm wrong could you please explain what the criteria is for being included in that file?

AFAIK cerberus and other projects are not redistributed as well, but I don't remember the exact criterium. Someone reached out to me at the time and asked me to do for compliance. Are tensorboard, tensorboardX or mpi4py distributed by us? They are in the aforementioned file.

You also have to ensure the Governance Compliance component check is passing (the CI does not fail when an issue is found, but it is logged instead)

I don't see that in the list of checks. Do I need to trigger it manually? How?
IIRC it is part of Linux CPU Pipeline. Possibly the Component Detection step right here

@thiagocrepaldi
Copy link
Contributor

Thanks @thiagocrepaldi .

I believe you need to add its license at ThirdPartyNotice.txt

We're not distributing this software ourselves (e.g. by including any part of it in our packages), just declaring deps, so I don't think so. Notice for example that numpy is not mentioned in that file. But if I'm wrong could you please explain what the criteria is for being included in that file?

AFAIK cerberus and other projects are not redistributed as well, but I don't remember the exact criterium. Someone reached out to me at the time and asked me to do for compliance. Are tensorboard, tensorboardX or mpi4py distributed by us? They are in the aforementioned file.

You also have to ensure the Governance Compliance component check is passing (the CI does not fail when an issue is found, but it is logged instead)

I don't see that in the list of checks. Do I need to trigger it manually? How?
IIRC it is part of Linux CPU Pipeline. Possibly the Component Detection step right here

Just talked to @snnn and he said (only) The ones we ship in our packages or docker images

@snnn
Copy link
Member

snnn commented May 18, 2022

@snnn does the file need to be named as requirements.txt (without the .in suffix) for component governance stuff?

We use this file to generate a requirements.txt in the build folder. I believe component governance scans build folder as well. So, it's fine.

@garymm garymm dismissed thiagocrepaldi’s stale review May 18, 2022 18:45

comments addressed

@garymm
Copy link
Contributor Author

garymm commented May 18, 2022

Can someone please approve or critique?

thiagocrepaldi
thiagocrepaldi approved these changes May 18, 2022
View reviewed changes
Copy link
Contributor

@thiagocrepaldi thiagocrepaldi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@garymm garymm merged commit e3a2d5c into master May 20, 2022
@garymm garymm deleted the garymm-coloredlogs branch May 20, 2022 23:16
yan12125 pushed a commit to archlinuxcn/repo that referenced this pull request Jul 23, 2022
python-onnxruntime: update to 1.12.0
78b4155 
* Update Python dependencies following upstream [1].
* Rebase patches for devendoring after upstream changes [2].
* Avoid wheel.vendored, which is needed since [3] while devendored in
  Arch [4].

[1] microsoft/onnxruntime#11522
[2] microsoft/onnxruntime#11146
[3] microsoft/onnxruntime#11834
[4] archlinux/svntogit-community@e691288
archlinux-github pushed a commit to archlinux/aur that referenced this pull request Aug 2, 2022
update to 1.12.0
c6eddeb 
* Update Python dependencies following upstream [1].
* Rebase patches for devendoring after upstream changes [2].
* Avoid wheel.vendored, which is needed since [3] while devendored in
  Arch [4].

[1] microsoft/onnxruntime#11522
[2] microsoft/onnxruntime#11146
[3] microsoft/onnxruntime#11834
[4] archlinux/svntogit-community@e691288
@yan12125 yan12125 mentioned this pull request Sep 24, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thiagocrepaldi thiagocrepaldi thiagocrepaldi approved these changes

@jywu-msft jywu-msft Awaiting requested review from jywu-msft

@pranavsharma pranavsharma Awaiting requested review from pranavsharma

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@garymm @baijumeswani @thiagocrepaldi @snnn