From 8c3be0f28237851d94ffc74523144db2478c3544 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 08:55:02 +0000 Subject: [PATCH 01/36] [ci] refactor: consolidate per-PR + release workflows; use validate-only mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See NVIDIA-NeMo/FW-CI-templates#466 for design discussion. - Delete build-test-publish-wheel.yml. - Rewrite release.{yml,yaml} as the single caller for both push and workflow_dispatch. validate-only derives from the trigger. - One pin to FW-CI-templates governs PR rehearsal and real release. Signed-off-by: oliver könig --- .../workflows/build-test-publish-wheel.yml | 41 ------------ .github/workflows/release.yml | 63 ++++++++++++++++--- 2 files changed, 53 insertions(+), 51 deletions(-) delete mode 100644 .github/workflows/build-test-publish-wheel.yml diff --git a/.github/workflows/build-test-publish-wheel.yml b/.github/workflows/build-test-publish-wheel.yml deleted file mode 100644 index 02986742..00000000 --- a/.github/workflows/build-test-publish-wheel.yml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2020-2021, NVIDIA CORPORATION. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Build, test, and publish a PyPi wheel (to testpypi) - -on: - push: - branches: - - "main" - - "[rv][0-9].[0-9].[0-9]" - - "[rv][0-9].[0-9].[0-9]rc[0-9]" - pull_request: - -defaults: - run: - shell: bash -x -e -u -o pipefail {0} - -jobs: - build-test-publish-wheel: - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_build_test_publish_wheel.yml@v0.88.1 - with: - dry-run: true - python-package: nemo_run - python-version: "3.10" - packaging: setuptools - secrets: - TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} - TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - SLACK_WEBHOOK: ${{ secrets.SLACK_RELEASE_ENDPOINT }} - SLACK_WEBHOOK_ADMIN: ${{ secrets.SLACK_WEBHOOK_ADMIN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a7638cd6..41ebce3b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2020-2021, NVIDIA CORPORATION. +# Copyright (c) 2020-2026, NVIDIA CORPORATION. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,9 +11,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -name: "Release NeMo Run" +name: "Build, validate, and release NeMo Run" on: + push: + branches: + - "main" + - "[rv][0-9].[0-9].[0-9]" + - "[rv][0-9].[0-9].[0-9]rc[0-9]" + pull_request: workflow_dispatch: inputs: release-ref: @@ -21,7 +27,7 @@ on: required: true type: string dry-run: - description: Do not publish a wheel and GitHub release. + description: Compute the release but do not publish wheel, GH release, or docs. required: true default: true type: boolean @@ -39,21 +45,38 @@ on: type: string required: true description: Branch to target for version bump + +defaults: + run: + shell: bash -x -e -u -o pipefail {0} + +permissions: + id-token: write + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.event_name }} + cancel-in-progress: ${{ github.event_name != 'workflow_dispatch' }} + jobs: release: - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@v0.81.1 + if: '!cancelled()' + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@b7091aadca729136b12c48d45b832633c681b131 with: - release-ref: ${{ inputs.release-ref }} + release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run python-version: "3.10" library-name: NeMo Run + validate-only: ${{ github.event_name != 'workflow_dispatch' }} + dry-run: ${{ inputs.dry-run || false }} + version-bump-branch: ${{ inputs.version-bump-branch || github.ref_name }} app-id: ${{ vars.BOT_ID }} - dry-run: ${{ inputs.dry-run }} - version-bump-branch: ${{ inputs.version-bump-branch }} - gh-release-use-changelog-builder: ${{ inputs.generate-changelog }} - publish-docs: ${{ inputs.publish-docs }} - docs-target-path: nemo/run packaging: hatch + gh-release-use-changelog-builder: ${{ inputs.generate-changelog || false }} + publish-docs: ${{ inputs.publish-docs || false }} + docs-target-path: nemo/run + restrict-to-admins: true secrets: TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} @@ -71,3 +94,23 @@ jobs: AKAMAI_CLIENT_SECRET: ${{ secrets.AKAMAI_CLIENT_SECRET }} AKAMAI_ACCESS_TOKEN: ${{ secrets.AKAMAI_ACCESS_TOKEN }} S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} + + release-summary: + needs: [release] + if: always() && !cancelled() + runs-on: ubuntu-latest + steps: + - name: Result + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + FAILED_JOBS=$(gh run view $GITHUB_RUN_ID --repo ${{ github.repository }} --json jobs --jq '[.jobs[] | select(.conclusion == "failure" or .conclusion == "timed_out" or .conclusion == "action_required")] | length') + + if [ "${FAILED_JOBS:-0}" -eq 0 ]; then + echo "✅ All previous jobs completed successfully" + exit 0 + else + echo "❌ Found $FAILED_JOBS failed job(s)" + gh run view $GITHUB_RUN_ID --repo ${{ github.repository }} --json jobs --jq '.jobs[] | select(.conclusion == "failure" or .conclusion == "timed_out" or .conclusion == "action_required") | .name' + exit 1 + fi From dc559d276b3be34c06520f1736b7552c80e71f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 09:04:45 +0000 Subject: [PATCH 02/36] [ci] fix: bump FW-CI pin to slack-notify gate; correct packaging to setuptools MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 41ebce3b..10b8f2cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@b7091aadca729136b12c48d45b832633c681b131 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@04a3b7766cb4fcf3299d29549d42f5bce5e445c3 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run @@ -72,7 +72,7 @@ jobs: dry-run: ${{ inputs.dry-run || false }} version-bump-branch: ${{ inputs.version-bump-branch || github.ref_name }} app-id: ${{ vars.BOT_ID }} - packaging: hatch + packaging: setuptools gh-release-use-changelog-builder: ${{ inputs.generate-changelog || false }} publish-docs: ${{ inputs.publish-docs || false }} docs-target-path: nemo/run From 422ef0e28daf7134f47d4806f226b2c2479f52b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 09:07:34 +0000 Subject: [PATCH 03/36] [ci] chore: bump FW-CI pin to step-level webhook gate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10b8f2cb..9bdc659f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@04a3b7766cb4fcf3299d29549d42f5bce5e445c3 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@57817990f668f0bc9478ea21f8f6761ab6e22b27 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 388ab3cedd7756a5a0db7c1fa7c20e8b9a322cf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 09:15:00 +0000 Subject: [PATCH 04/36] [ci] chore: bump FW-CI pin to manifest-skip + app-id optional MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9bdc659f..49668b9a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@57817990f668f0bc9478ea21f8f6761ab6e22b27 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@42e9f23dc4c5279bb6a029b87ff17109c99e086f with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 3e5f435fd4b4e88f225aadee6e0fd749fcf0905a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 09:21:45 +0000 Subject: [PATCH 05/36] [ci] chore: bump FW-CI pin to PAT-forwarding fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 49668b9a..d3e2fc53 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@42e9f23dc4c5279bb6a029b87ff17109c99e086f + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@3b0712dad3432c02762f637ef546446103cdd2fd with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 32e308ecfb2fd460d0802df46495ac20891a3717 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 09:42:45 +0000 Subject: [PATCH 06/36] [ci] chore: bump FW-CI pin to skip-wheel-build + advisory check-manifest MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d3e2fc53..b77740b5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@3b0712dad3432c02762f637ef546446103cdd2fd + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@070b4e6c5ed961ad5c0cd896c5316e45f111a7b3 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 79dcccca18de8ea2e34d05d1ecbd9fdf85cecd9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 09:49:07 +0000 Subject: [PATCH 07/36] [ci] chore: bump FW-CI pin to strict check-manifest MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b77740b5..3429a460 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@070b4e6c5ed961ad5c0cd896c5316e45f111a7b3 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@ecf0991aa5979ecebe5e3f4358c39b3a23744f64 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 86fa9475c9b851520ec404490381dc5c8035d1a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 10:45:38 +0000 Subject: [PATCH 08/36] [ci] fix: drop pull_request trigger; copy-pr-bot pushes to pull-request/ instead MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3429a460..f64cbcc2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,6 @@ on: - "main" - "[rv][0-9].[0-9].[0-9]" - "[rv][0-9].[0-9].[0-9]rc[0-9]" - pull_request: workflow_dispatch: inputs: release-ref: From afaf1a386d88032143a7518deb4e92b16c0d9378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 10:46:03 +0000 Subject: [PATCH 09/36] [ci] chore: bump FW-CI pin to env-conditional bump (validate-only -> public env) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f64cbcc2..53c51906 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@ecf0991aa5979ecebe5e3f4358c39b3a23744f64 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@a31792b6ad98e4548339a5af38b07fa0d4f39865 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 0935c7fe28bda4609dcdff959083ab238d9247c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 10:59:21 +0000 Subject: [PATCH 10/36] [ci] chore: bump FW-CI pin + default publish-docs=true for push-triggered rehearsal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 53c51906..e38193ca 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@a31792b6ad98e4548339a5af38b07fa0d4f39865 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@e47407ffc4f65661eb7ff4a081b478073e11e733 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 4f1f754df7ed79619a157c1158de7daf9cc5b45b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 10:59:49 +0000 Subject: [PATCH 11/36] [ci] chore: default publish-docs=true to rehearse build-docs on PR push MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e38193ca..e7815a09 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,7 +73,7 @@ jobs: app-id: ${{ vars.BOT_ID }} packaging: setuptools gh-release-use-changelog-builder: ${{ inputs.generate-changelog || false }} - publish-docs: ${{ inputs.publish-docs || false }} + publish-docs: ${{ inputs.publish-docs || true }} docs-target-path: nemo/run restrict-to-admins: true secrets: From 132c8a7c70706fed2338d02bcdf88f9ad7bb1793 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 13:48:08 +0000 Subject: [PATCH 12/36] [ci] chore: bump FW-CI pin (drop hatch support) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e7815a09..f2712750 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@e47407ffc4f65661eb7ff4a081b478073e11e733 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@5b29b9b39f7b38952bafe8fbbd81a6a9e3ea4029 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From c0e6e525c1c3c698c9317d4cef6d4424f9705cf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 13:54:14 +0000 Subject: [PATCH 13/36] [ci] chore: bump FW-CI pin (drop PAT support) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f2712750..e9e2a5b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@5b29b9b39f7b38952bafe8fbbd81a6a9e3ea4029 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@2643bfeee2bcdccf1bb3a83d0eda888ca5d9f8ac with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 5eee7e4a269216ace301272d5c0d7e9a0634c742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 14:13:37 +0000 Subject: [PATCH 14/36] [ci] chore: drop PAT secret (now unused after FW-CI App-only refactor) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e9e2a5b2..05f903cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -81,7 +81,6 @@ jobs: TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} SLACK_WEBHOOK_ADMIN: ${{ secrets.SLACK_WEBHOOK_ADMIN }} SLACK_WEBHOOK: ${{ secrets.SLACK_RELEASE_ENDPOINT }} - PAT: ${{ secrets.PAT }} SSH_KEY: ${{ secrets.SSH_KEY }} SSH_PWD: ${{ secrets.SSH_PWD }} BOT_KEY: ${{ secrets.BOT_KEY }} From cf9206fdeee33e66033d1f064fb191515b37fc12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 14:22:43 +0000 Subject: [PATCH 15/36] [ci] chore: bump FW-CI pin (GPG optional) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05f903cb..4930d1ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@2643bfeee2bcdccf1bb3a83d0eda888ca5d9f8ac + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@ca6bda93283f6c3b5684d132dec0d5b33e40d2ef with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 348a6c553db04beb1034bee72d98dfe5691fe39f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 16:54:34 +0000 Subject: [PATCH 16/36] refactor(release): bump FW-CI pin; drop SSH_KEY/SSH_PWD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why: FW-CI-templates dropped GPG signing; SSH_KEY/SSH_PWD secrets no longer needed by the release pipeline. Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4930d1ae..1bec7f8d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@ca6bda93283f6c3b5684d132dec0d5b33e40d2ef + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@6f5c2545f1d0e1c47ab939ab6ac87079c38fb095 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run @@ -81,8 +81,6 @@ jobs: TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} SLACK_WEBHOOK_ADMIN: ${{ secrets.SLACK_WEBHOOK_ADMIN }} SLACK_WEBHOOK: ${{ secrets.SLACK_RELEASE_ENDPOINT }} - SSH_KEY: ${{ secrets.SSH_KEY }} - SSH_PWD: ${{ secrets.SSH_PWD }} BOT_KEY: ${{ secrets.BOT_KEY }} AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} From 58d90a85bb98be1248ef15d7de649931ab5f3a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 17:30:11 +0000 Subject: [PATCH 17/36] refactor(release): bump FW-CI pin to ee3b849 for wheel-content-ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1bec7f8d..700f9c80 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@6f5c2545f1d0e1c47ab939ab6ac87079c38fb095 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@ee3b84962e76b99aac2e64b1388f456f05b4a969 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 08e3b2e98d78186f749083270b4e939386322449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Tue, 5 May 2026 17:58:30 +0000 Subject: [PATCH 18/36] refactor(release): bump FW-CI pin to a129c51 (notify Slack-link fix) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 700f9c80..65e02b60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@ee3b84962e76b99aac2e64b1388f456f05b4a969 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@a129c51c9d5a1fea57f586d51b9889399ac573f0 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 038725e559f02dea9991d1f44f5140ac083155ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 13:48:39 +0000 Subject: [PATCH 19/36] refactor(release): bump FW-CI pin to aacccb4 (publish-wheel always runs) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 65e02b60..b4032a0c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@a129c51c9d5a1fea57f586d51b9889399ac573f0 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@aacccb4d05456ba6de350a6ef1b016a0d398c59f with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 209edd4c84caf740bc34ea5f7ef2f89385d2a79a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 15:12:11 +0000 Subject: [PATCH 20/36] refactor(release): bump FW-CI pin to 5cca628 (notify/publish-docs/admin-check always on) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b4032a0c..9fc93ed8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@aacccb4d05456ba6de350a6ef1b016a0d398c59f + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@5cca628871444cd5021723737af05ea2622c9944 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From cac49481ddbcf4601a75432533d7a0c3fb5eb762 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 15:46:44 +0000 Subject: [PATCH 21/36] refactor(release): bump FW-CI pin to a092192 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9fc93ed8..a98a0843 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@5cca628871444cd5021723737af05ea2622c9944 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@a0921929733d506dee2de6889c39feee5da623ab with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 96fed7f6b423874931cc519e43c80c741e62278e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 16:11:06 +0000 Subject: [PATCH 22/36] ci(release): trigger release on pull-request/** + deploy-release/* MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why: aligns with MBridge/Automodel/Curator/ExD/Eval/MLM — push pattern now covers copy-pr-bot mirror branches so the validate-only release rehearsal fires at PR time. Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a98a0843..c6d323f2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,6 +19,8 @@ on: - "main" - "[rv][0-9].[0-9].[0-9]" - "[rv][0-9].[0-9].[0-9]rc[0-9]" + - "pull-request/**" + - "deploy-release/*" workflow_dispatch: inputs: release-ref: From 2b7c994a0c6384262e495957cea1226093887a91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 16:20:31 +0000 Subject: [PATCH 23/36] ci(release): use pull_request trigger for validate-only path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why: Run has no copy-pr-bot mirror, so push to ko3n1g/* never matched on:push.branches. The pull_request trigger fires directly on each PR push without needing a mirror, giving validate-only coverage at PR time. Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c6d323f2..593d6e97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,8 @@ on: - "main" - "[rv][0-9].[0-9].[0-9]" - "[rv][0-9].[0-9].[0-9]rc[0-9]" - - "pull-request/**" - "deploy-release/*" + pull_request: workflow_dispatch: inputs: release-ref: From 2f550e173bcbbd4db9965ce4c860a684986ad82c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 16:42:47 +0000 Subject: [PATCH 24/36] refactor(release): bump FW-CI pin to 6afcae2 (build-docs root-dir) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 593d6e97..6b5086d2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@a0921929733d506dee2de6889c39feee5da623ab + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@6afcae295503a63fdafed18ba127c7d6dda24c01 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From b25402306f4a0d3a938b6be7b011766bb434060d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 16:49:33 +0000 Subject: [PATCH 25/36] refactor(release): bump FW-CI pin to 2a43619 (docs-root-dir / docs-requirements-file) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b5086d2..0bc07c60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@6afcae295503a63fdafed18ba127c7d6dda24c01 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@2a436194d7d678c163c28413b1294335cdb1b638 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 26dd79e76cfd2ddcfb99497cccfe3130f51f5ac9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 19:06:46 +0000 Subject: [PATCH 26/36] refactor(release): bump FW-CI pin to 2f00056 (Slack only on dispatch) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0bc07c60..895b883b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@2a436194d7d678c163c28413b1294335cdb1b638 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@2f00056b5f23aa546dd2587652b63dc359e94317 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 675ff270aa971c2476625503707087a7b01d3f36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Wed, 6 May 2026 22:23:20 +0000 Subject: [PATCH 27/36] ci(changelog): bump FW-CI pin (HYBRID mode default) + add cp-title transformer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why: HYBRID mode renders raw commits when no PR matches by merge_commit_sha (helps release branches built via cherry-pick). The transformer cleans up cp titles to show the inner PR title only. Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .../workflows/config/changelog-config.json | 272 +++++++++++------- 1 file changed, 174 insertions(+), 98 deletions(-) diff --git a/.github/workflows/config/changelog-config.json b/.github/workflows/config/changelog-config.json index 0b78b096..0a2838c1 100644 --- a/.github/workflows/config/changelog-config.json +++ b/.github/workflows/config/changelog-config.json @@ -1,118 +1,194 @@ { "categories": [ - { - "title": "## Executors\n\n", - "labels": ["executor", "local", "slurm", "dgxcloud", "lepton", "skypilot", "docker"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## Ray Integration\n\n", - "labels": ["ray", "kuberay", "ray-slurm"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## CLI & Configuration\n\n", - "labels": ["cli", "config", "parsing"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## Experiment & Job Management\n\n", - "labels": ["experiment", "job", "task"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## Packaging & Deployment\n\n", - "labels": ["packaging", "deployment"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## Documentation\n\n", - "labels": ["docs", "documentation"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## CI/CD\n\n", - "labels": ["ci", "github-actions", "workflow"], - "exclude_labels": ["ignore"] - }, - { - "title": "\n## Bug Fixes\n\n", - "labels": ["bug", "bugfix", "fix"], - "exclude_labels": ["ignore"] - } + { + "title": "## Executors\n\n", + "labels": [ + "executor", + "local", + "slurm", + "dgxcloud", + "lepton", + "skypilot", + "docker" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## Ray Integration\n\n", + "labels": [ + "ray", + "kuberay", + "ray-slurm" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## CLI & Configuration\n\n", + "labels": [ + "cli", + "config", + "parsing" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## Experiment & Job Management\n\n", + "labels": [ + "experiment", + "job", + "task" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## Packaging & Deployment\n\n", + "labels": [ + "packaging", + "deployment" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## Documentation\n\n", + "labels": [ + "docs", + "documentation" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## CI/CD\n\n", + "labels": [ + "ci", + "github-actions", + "workflow" + ], + "exclude_labels": [ + "ignore" + ] + }, + { + "title": "\n## Bug Fixes\n\n", + "labels": [ + "bug", + "bugfix", + "fix" + ], + "exclude_labels": [ + "ignore" + ] + } ], "ignore_labels": [ - "ignore", - "skip-changelog" + "ignore", + "skip-changelog" ], "sort": "ASC", "template": "\n${{CHANGELOG}}\n## Others\n\n${{UNCATEGORIZED}}\n", "pr_template": "- ${{TITLE}} [#${{NUMBER}}](${{URL}})", "empty_template": "- No changes in this release", "label_extractor": [ - { - "pattern": "(.*executor.*)|(.*local.*)|(.*slurm.*)|(.*dgxcloud.*)|(.*lepton.*)|(.*skypilot.*)|(.*docker.*)", - "target": "executor", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*ray.*)|(.*kuberay.*)", - "target": "ray", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*cli.*)|(.*command.*)|(.*parse.*)|(.*argument.*)", - "target": "cli", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*experiment.*)|(.*job.*)|(.*task.*)", - "target": "experiment", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*packaging.*)|(.*package.*)|(.*deploy.*)|(.*archive.*)|(.*mount.*)", - "target": "packaging", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*doc.*)|(.*readme.*)|(.*guide.*)|(.*tutorial.*)", - "target": "docs", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*\\bci\\b.*)|(.*github.*)|(.*workflow.*)|(.*action.*)", - "target": "ci", - "flags": "gimu", - "on_property": ["title", "body"] - }, - { - "pattern": "(.*\\[bug.*)|(.*\\bfix\\b.*)|(.*bugfix.*)|(.*patch.*)", - "target": "bug", - "flags": "gimu", - "on_property": ["title", "body"] - } + { + "pattern": "(.*executor.*)|(.*local.*)|(.*slurm.*)|(.*dgxcloud.*)|(.*lepton.*)|(.*skypilot.*)|(.*docker.*)", + "target": "executor", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*ray.*)|(.*kuberay.*)", + "target": "ray", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*cli.*)|(.*command.*)|(.*parse.*)|(.*argument.*)", + "target": "cli", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*experiment.*)|(.*job.*)|(.*task.*)", + "target": "experiment", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*packaging.*)|(.*package.*)|(.*deploy.*)|(.*archive.*)|(.*mount.*)", + "target": "packaging", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*doc.*)|(.*readme.*)|(.*guide.*)|(.*tutorial.*)", + "target": "docs", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*\\bci\\b.*)|(.*github.*)|(.*workflow.*)|(.*action.*)", + "target": "ci", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + }, + { + "pattern": "(.*\\[bug.*)|(.*\\bfix\\b.*)|(.*bugfix.*)|(.*patch.*)", + "target": "bug", + "flags": "gimu", + "on_property": [ + "title", + "body" + ] + } ], "duplicate_filter": { - "pattern": ".+", - "on_property": "title", - "method": "match" + "pattern": ".+", + "on_property": "title", + "method": "match" }, "transformers": [ + { + "pattern": "^cp:\\s*`(.+?)`\\s*into\\s*\\S+", + "target": "$1" + } ], "max_tags_to_fetch": 100, "max_pull_requests": 500, "max_back_track_time_days": 365, - "exclude_merge_branches": [ - ], + "exclude_merge_branches": [], "tag_resolver": { - "method": "semver" + "method": "semver" } -} - +} \ No newline at end of file From 364c72cd66d2c3e0e9bba90315f697858c8904df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 08:22:17 +0000 Subject: [PATCH 28/36] refactor(release): bump FW-CI pin to b57ebf9 ([skip ci] on bump commit) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 895b883b..a97f58b0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@2f00056b5f23aa546dd2587652b63dc359e94317 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@b57ebf9bc8e9f7e60cd84f196e0afc8f774a3045 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From c6664a9d35de123ee105e4d00e6645e559e5e041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 08:27:45 +0000 Subject: [PATCH 29/36] refactor(release): bump FW-CI pin to cb5e93b (notify env public for dry-run) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a97f58b0..aef25ce7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@b57ebf9bc8e9f7e60cd84f196e0afc8f774a3045 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@cb5e93b1737dab3e8bfb87d8d9b743cd1d92f6d6 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From 5db8735495ac5118f3255a1fbbb1ebb77d212a98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 08:44:31 +0000 Subject: [PATCH 30/36] refactor(release): bump FW-CI pin to 43d259e + drop SLACK_WEBHOOK passthrough MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why: SLACK_WEBHOOK now resolves at the env scope (public/main) so the env-scoped secret value is used. No longer pass it as a workflow_call secret. Co-Authored-By: Claude Opus 4.7 (1M context) Signed-off-by: oliver könig --- .github/workflows/release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aef25ce7..35c8ed37 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@cb5e93b1737dab3e8bfb87d8d9b743cd1d92f6d6 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@43d259e5b5f0a6cb4c14eefa04738a5bdf316fe1 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run @@ -82,7 +82,6 @@ jobs: TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} SLACK_WEBHOOK_ADMIN: ${{ secrets.SLACK_WEBHOOK_ADMIN }} - SLACK_WEBHOOK: ${{ secrets.SLACK_RELEASE_ENDPOINT }} BOT_KEY: ${{ secrets.BOT_KEY }} AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} From c8ba0e0f7a939f2d17f6db69ae48e968d80ba592 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 09:24:40 +0000 Subject: [PATCH 31/36] ci: bump FW-CI pin to d2f3dd3 + use secrets inherit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lets env-scoped SLACK_WEBHOOK reach the notify job in the called workflow. Signed-off-by: oliver könig --- .github/workflows/release.yml | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 35c8ed37..5309a900 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@43d259e5b5f0a6cb4c14eefa04738a5bdf316fe1 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@d2f3dd32aad11b7034f3f1821174556507d61670 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run @@ -78,18 +78,7 @@ jobs: publish-docs: ${{ inputs.publish-docs || true }} docs-target-path: nemo/run restrict-to-admins: true - secrets: - TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} - TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - SLACK_WEBHOOK_ADMIN: ${{ secrets.SLACK_WEBHOOK_ADMIN }} - BOT_KEY: ${{ secrets.BOT_KEY }} - AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AKAMAI_HOST: ${{ secrets.AKAMAI_HOST }} - AKAMAI_CLIENT_TOKEN: ${{ secrets.AKAMAI_CLIENT_TOKEN }} - AKAMAI_CLIENT_SECRET: ${{ secrets.AKAMAI_CLIENT_SECRET }} - AKAMAI_ACCESS_TOKEN: ${{ secrets.AKAMAI_ACCESS_TOKEN }} + secrets: inherit S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} release-summary: From e6ba58974f8b7c2fe60e3c03ceee4386e5167b51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 09:27:24 +0000 Subject: [PATCH 32/36] ci: strip orphan secret keys after secrets inherit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5309a900..235d7fe5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -79,7 +79,6 @@ jobs: docs-target-path: nemo/run restrict-to-admins: true secrets: inherit - S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} release-summary: needs: [release] From 12a0e1475adf06f66cba59593da9241e59ea2b4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 11:27:42 +0000 Subject: [PATCH 33/36] ci: bump FW-CI pin to 64293f6 (slack render fix) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 235d7fe5..0a764600 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@d2f3dd32aad11b7034f3f1821174556507d61670 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@64293f6d11ccd1a14a8d23c403761a543b4c21f9 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From ef2152712e5cd99f9d137897cc5957f93053729c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 20:14:58 +0000 Subject: [PATCH 34/36] ci: pin FW-CI templates to v1.0.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0a764600..f686df1c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ concurrency: jobs: release: if: '!cancelled()' - uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@64293f6d11ccd1a14a8d23c403761a543b4c21f9 + uses: NVIDIA-NeMo/FW-CI-templates/.github/workflows/_release_library.yml@v1.0.0 with: release-ref: ${{ inputs.release-ref || github.sha }} python-package: nemo_run From af179e735b26631a73b82d71d2f768623adc36df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Thu, 7 May 2026 20:21:37 +0000 Subject: [PATCH 35/36] ci: pragma allowlist secret on 'secrets: inherit' lines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f686df1c..799182ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,7 +78,7 @@ jobs: publish-docs: ${{ inputs.publish-docs || true }} docs-target-path: nemo/run restrict-to-admins: true - secrets: inherit + secrets: inherit # pragma: allowlist secret release-summary: needs: [release] From 00e3875f66c025dad72cb28871cfdd996010a300 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?oliver=20k=C3=B6nig?= Date: Fri, 8 May 2026 08:20:10 +0000 Subject: [PATCH 36/36] ci: simplify release-summary if-block (always() was dead code) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: oliver könig --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 799182ee..a8ff162e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -82,7 +82,7 @@ jobs: release-summary: needs: [release] - if: always() && !cancelled() + if: ${{ !cancelled() }} runs-on: ubuntu-latest steps: - name: Result