caf324b09d
Build documentation / build (push) Failing after 0s
Deploy "method_comparison" Gradio to Spaces / deploy (push) Has been cancelled
Deploy "PEFT shop" Gradio app to Spaces / deploy (push) Has been cancelled
tests on transformers main / tests (push) Has been cancelled
tests / check_code_quality (push) Has been cancelled
tests / tests (ubuntu-latest, 3.10) (push) Has been cancelled
tests / tests (ubuntu-latest, 3.11) (push) Has been cancelled
tests / tests (ubuntu-latest, 3.12) (push) Has been cancelled
tests / tests (ubuntu-latest, 3.13) (push) Has been cancelled
tests / tests (windows-latest, 3.10) (push) Has been cancelled
tests / tests (windows-latest, 3.11) (push) Has been cancelled
tests / tests (windows-latest, 3.12) (push) Has been cancelled
tests / tests (windows-latest, 3.13) (push) Has been cancelled
Secret Leaks / trufflehog (push) Has been cancelled
CI security linting / zizmor latest via Cargo (push) Has been cancelled
29 lines
1.4 KiB
YAML
29 lines
1.4 KiB
YAML
rules:
|
|
dangerous-triggers:
|
|
ignore:
|
|
# this workflow is only triggered after maintainer approval
|
|
- upload_pr_documentation.yml:3:1
|
|
cache-poisoning:
|
|
ignore:
|
|
# the docker buildx binary is cached and zizmor warns about a cache poisoning attack.
|
|
# OTOH this cache would make us more resilient against an intrusion on docker-buildx' side.
|
|
# There is no obvious benefit so we leave it as it is.
|
|
- build_docker_images.yml:39:9
|
|
- build_docker_images.yml:74:9
|
|
secrets-outside-env:
|
|
ignore:
|
|
# Zizmor warns about HF_TOKEN being used there but the token is not exposed to external users:
|
|
# > With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.
|
|
# https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets#using-secrets-in-a-workflow
|
|
# Moreover, the workflow needs to be manually triggered by maintainers, who will review the code first
|
|
- tests.yml:131:25
|
|
unpinned-images:
|
|
ignore:
|
|
# We want to test these images with the latest version and we're not using them
|
|
# to deploy anything so we deem it safe to use those, even if they are unpinned.
|
|
- nightly-bnb.yml:30:7
|
|
- nightly-bnb.yml:155:7
|
|
- nightly.yml:27:7
|
|
- nightly.yml:95:7
|
|
- torch_compile_tests.yml:32:7
|