CVS-157213-fixing vulnerabilities - [NPM] Fix npm audit findings in ov.contrib #124
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linux (Ubuntu 20.04, Python 3.11) | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- master | |
- 'releases/**' | |
concurrency: | |
# github.ref is not unique in post-commit | |
group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux | |
cancel-in-progress: true | |
env: | |
PYTHON_VERSION: '3.11' | |
OV_BRANCH: ${{ github.base_ref || github.event.merge_group.base_ref || github.ref }} | |
permissions: read-all | |
jobs: | |
Build_and_test: | |
name: Build and Test | |
timeout-minutes: 150 | |
defaults: | |
run: | |
shell: bash | |
runs-on: ubuntu-20.04-16-cores | |
container: | |
image: ubuntu:20.04 | |
env: | |
DEBIAN_FRONTEND: noninteractive # to prevent apt-get from waiting user input | |
CMAKE_BUILD_TYPE: 'Release' | |
CMAKE_CXX_COMPILER_LAUNCHER: ccache | |
CMAKE_C_COMPILER_LAUNCHER: ccache | |
GITHUB_WORKSPACE: /__w/openvino_contrib/openvino_contrib | |
OPENVINO_REPO: /__w/openvino_contrib/openvino_contrib/openvino | |
OPENVINO_CONTRIB_REPO: /__w/openvino_contrib/openvino_contrib/openvino_contrib | |
TEST_DATA: /__w/openvino_contrib/openvino_contrib/testdata | |
INSTALL_DIR: /__w/openvino_contrib/openvino_contrib/openvino_install | |
BUILD_DIR: /__w/openvino_contrib/openvino_contrib/openvino_build | |
DEVELOPER_PACKAGE_DIR: /__w/openvino_contrib/openvino_contrib/developer_package_install | |
CCACHE_DIR: /__w/openvino_contrib/openvino_contrib/ccache | |
CCACHE_MAXSIZE: "2G" | |
GRADLE_VER: '7.1.1' | |
steps: | |
- name: Set apt retries | |
run: echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80-retries | |
- name: Install git | |
run: | | |
apt-get update | |
apt-get install --assume-yes --no-install-recommends git git-lfs ca-certificates | |
- name: Clone OpenVINO | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
repository: 'openvinotoolkit/openvino' | |
path: ${{ env.OPENVINO_REPO }} | |
submodules: 'true' | |
ref: ${{ env.OV_BRANCH}} | |
- name: Clone OpenVINO Contrib | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
path: ${{ env.OPENVINO_CONTRIB_REPO }} | |
submodules: 'true' | |
- name: Clone Testdata | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
repository: 'openvinotoolkit/testdata' | |
path: ${{ env.TEST_DATA }} | |
lfs: 'true' | |
submodules: 'true' | |
# | |
# Dependencies | |
# | |
- name: Install build dependencies | |
run: | | |
bash ${OPENVINO_REPO}/install_build_dependencies.sh | |
# default-jdk - Java API; unzip for gradle installation | |
apt install --assume-yes --no-install-recommends default-jdk libopencv-dev unzip | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | |
with: | |
gradle-version: ${{ env.GRADLE_VER }} | |
- name: Setup Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install python dependencies | |
run: python3 -m pip install -r ${OPENVINO_REPO}/src/bindings/python/wheel/requirements-dev.txt | |
- name: Setup ccache | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
# Should save cache only if run in the master branch of the base repo | |
# github.ref_name is 'ref/PR_#' in case of the PR, and 'branch_name' when executed on push | |
save-always: ${{ github.ref_name == 'master' && 'true' || 'false' }} | |
path: ${{ env.CCACHE_DIR }} | |
key: ${{ runner.os }}-${{ runner.arch }}-ccache-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-ccache | |
# | |
# Build | |
# | |
- name: CMake configure - OpenVINO | |
run: | | |
cmake \ | |
-GNinja \ | |
-DCMAKE_VERBOSE_MAKEFILE=ON \ | |
-DCMAKE_BUILD_TYPE=${{ env.CMAKE_BUILD_TYPE }} \ | |
-DBUILD_nvidia_plugin=OFF \ | |
-DENABLE_INTEL_GPU=OFF \ | |
-DENABLE_OV_TF_FRONTEND=OFF \ | |
-DENABLE_OV_PADDLE_FRONTEND=OFF \ | |
-DENABLE_OV_TF_LITE_FRONTEND=OFF \ | |
-DENABLE_OV_PYTORCH_FRONTEND=OFF \ | |
-DOPENVINO_EXTRA_MODULES=${OPENVINO_CONTRIB_REPO}/modules \ | |
-DENABLE_PYTHON=ON \ | |
-DCPACK_GENERATOR=TGZ \ | |
-DENABLE_WHEEL=ON \ | |
-DENABLE_TESTS=ON \ | |
-DENABLE_INTEL_NPU=OFF \ | |
-DCMAKE_CXX_COMPILER_LAUNCHER=${{ env.CMAKE_CXX_COMPILER_LAUNCHER }} \ | |
-DCMAKE_C_COMPILER_LAUNCHER=${{ env.CMAKE_C_COMPILER_LAUNCHER }} \ | |
-S ${OPENVINO_REPO} \ | |
-B ${BUILD_DIR} | |
- name: Clean ccache stats | |
run: ccache --zero-stats --show-config | |
- name: Cmake build | |
run: cmake --build ${BUILD_DIR} --parallel | |
- name: Show ccache stats | |
run: ccache --show-stats | |
- name: Cmake install | |
run: | | |
cmake -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} -P ${BUILD_DIR}/cmake_install.cmake | |
cmake -DCMAKE_INSTALL_PREFIX=${DEVELOPER_PACKAGE_DIR} -DCOMPONENT=developer_package -P ${BUILD_DIR}/cmake_install.cmake | |
- name: Java tests | |
working-directory: ${{ env.OPENVINO_CONTRIB_REPO }}/modules/java_api | |
run: | | |
source ${INSTALL_DIR}/setupvars.sh | |
gradle clean build --info | |
for d in CPU HETERO:CPU; do | |
gradle test -Prun_tests -DMODELS_PATH=${TEST_DATA} -Ddevice=$d --info; | |
done | |
- name: Install requirements for custom operations tests | |
run: | | |
python3 -m pip install -r ${OPENVINO_CONTRIB_REPO}/modules/custom_operations/tests/requirements.txt | |
python3 -m pip install ${INSTALL_DIR}/tools/openvino-*.whl | |
- name: Custom user operation tests | |
working-directory: ${{ env.OPENVINO_CONTRIB_REPO }}/modules/custom_operations | |
run: python3 -m pytest -k "not sparse_conv" tests/run_tests.py | |
env: | |
CUSTOM_OP_LIB: ${{ env.OPENVINO_REPO }}/bin/intel64/${{ env.CMAKE_BUILD_TYPE }}/libuser_ov_extensions.so | |
- name: Pack Artifacts | |
run: | | |
pushd ${INSTALL_DIR} | |
tar -czvf ${BUILD_DIR}/openvino_package.tar.gz * | |
popd | |
pushd ${DEVELOPER_PACKAGE_DIR} | |
tar -czvf ${BUILD_DIR}/openvino_developer_package.tar.gz * | |
popd | |
- name: Upload Test Results | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ !cancelled() }} | |
with: | |
name: test-results-java | |
path: ${{ env.OPENVINO_CONTRIB_REPO }}/modules/java_api/build/test-results | |
if-no-files-found: 'warn' | |
- name: Upload openvino package | |
if: ${{ always() }} | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: openvino_package | |
path: ${{ env.BUILD_DIR }}/openvino_package.tar.gz | |
if-no-files-found: 'error' | |
- name: Upload openvino developer package | |
if: ${{ always() }} | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: openvino_developer_package | |
path: ${{ env.BUILD_DIR }}/openvino_developer_package.tar.gz | |
if-no-files-found: 'error' | |
NVIDIA_Plugin: | |
name: NVIDIA plugin | |
needs: Build_and_test | |
timeout-minutes: 40 | |
defaults: | |
run: | |
shell: bash | |
runs-on: ubuntu-20.04-16-cores | |
container: | |
image: nvidia/cuda:11.8.0-cudnn8-runtime-ubuntu20.04 | |
env: | |
CMAKE_BUILD_TYPE: 'Release' | |
CMAKE_GENERATOR: 'Ninja Multi-Config' | |
CMAKE_CUDA_COMPILER_LAUNCHER: ccache | |
CMAKE_CXX_COMPILER_LAUNCHER: ccache | |
CMAKE_C_COMPILER_LAUNCHER: ccache | |
INSTALL_DIR: /__w/openvino_contrib/openvino_contrib/install | |
OPENVINO_DEVELOPER_PACKAGE: /__w/openvino_contrib/openvino_contrib/install/developer_package | |
OPENVINO_REPO: /__w/openvino_contrib/openvino_contrib/openvino | |
OPENVINO_CONTRIB_REPO: /__w/openvino_contrib/openvino_contrib/openvino_contrib | |
NVIDIA_BUILD_DIR: /__w/openvino_contrib/openvino_contrib/nvidia_plugin_build | |
CCACHE_DIR: /__w/openvino_contrib/openvino_contrib/ccache | |
CCACHE_MAXSIZE: "2G" | |
DEBIAN_FRONTEND: 'noninteractive' | |
steps: | |
- name: Set apt retries | |
run: echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80-retries | |
- name: Fetch install_build_dependencies.sh | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
sparse-checkout: | | |
install_build_dependencies.sh | |
sparse-checkout-cone-mode: false | |
repository: 'openvinotoolkit/openvino' | |
ref: ${{ env.OV_BRANCH}} | |
path: ${{ env.OPENVINO_REPO }} | |
- name: Install Prerequisites | |
run: apt update && apt install -y git ca-certificates | |
- name: Download OpenVINO package | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: openvino_package | |
path: ${{ env.INSTALL_DIR }} | |
- name: Download OpenVINO Developer package | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: openvino_developer_package | |
path: ${{ env.INSTALL_DIR }} | |
- name: Extract OpenVINO packages | |
run: | | |
pushd ${INSTALL_DIR} | |
tar -xzf openvino_package.tar.gz -C ${INSTALL_DIR} | |
popd | |
pushd ${INSTALL_DIR} | |
tar -xzf openvino_developer_package.tar.gz -C ${INSTALL_DIR} | |
popd | |
- name: Clone OpenVINO Contrib | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
path: ${{ env.OPENVINO_CONTRIB_REPO }} | |
# | |
# Dependencies | |
# | |
- name: Install build dependencies | |
run: | | |
${OPENVINO_REPO}/install_build_dependencies.sh | |
apt -y --no-install-recommends install software-properties-common curl | |
- name: Setup ccache | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
# Should save cache only if run in the master branch of the base repo | |
# github.ref_name is 'ref/PR_#' in case of the PR, and 'branch_name' when executed on push | |
save-always: ${{ github.ref_name == 'master' && 'true' || 'false' }} | |
path: ${{ env.CCACHE_DIR }} | |
key: ${{ runner.os }}-${{ runner.arch }}-nvidia-ccache-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-nvidia-ccache | |
- name: Install CUDA | |
run: | | |
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-ubuntu2004.pin | |
mv cuda-ubuntu2004.pin /etc/apt/preferences.d/cuda-repository-pin-600 | |
apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/3bf863cc.pub | |
add-apt-repository "deb https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/ /" | |
apt update | |
apt install -y --allow-downgrades --allow-change-held-packages \ | |
libcudnn8=8.9.4.*-1+cuda11.8 \ | |
libcudnn8-dev=8.9.4.*-1+cuda11.8 \ | |
libcudnn8-samples=8.9.4.*-1+cuda11.8 \ | |
cuda-runtime-11-8 \ | |
cuda-11-8 \ | |
libcutensor1=1.6.1.5-1 \ | |
libcutensor-dev=1.6.1.5-1 \ | |
cuda-drivers=520.61.05-1 | |
# | |
# Build | |
# | |
- name: Cmake & Build - NVIDIA Plugin | |
run: | | |
source ${INSTALL_DIR}/setupvars.sh | |
cmake \ | |
-DOpenVINODeveloperPackage_DIR=${OPENVINO_DEVELOPER_PACKAGE}/cmake \ | |
-DCMAKE_COMPILE_WARNING_AS_ERROR=OFF \ | |
-S ${OPENVINO_CONTRIB_REPO}/modules/nvidia_plugin \ | |
-B ${NVIDIA_BUILD_DIR} | |
cmake --build ${NVIDIA_BUILD_DIR} --parallel --config ${{ env.CMAKE_BUILD_TYPE }} --verbose -- ov_nvidia_func_tests ov_nvidia_unit_tests | |
- name: Show ccache stats | |
run: ccache --show-stats | |
Overall_Status: | |
name: ci/gha_overall_status_linux | |
needs: [ Build_and_test, NVIDIA_Plugin ] | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check status of all jobs | |
if: >- | |
${{ | |
contains(needs.*.result, 'failure') || | |
contains(needs.*.result, 'cancelled') | |
}} | |
run: exit 1 |