diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000000..9a1ea95268 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,56 @@ +# Uses https://github.com/ossf/scorecard-action +name: Scorecard +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '29 7 * * 5' + push: + branches: + - master + pull_request: + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: results.sarif diff --git a/.github/workflows/wheel_linux_aarch64.yml b/.github/workflows/wheel_linux_aarch64.yml index f314b497fb..d4b6b40c10 100644 --- a/.github/workflows/wheel_linux_aarch64.yml +++ b/.github/workflows/wheel_linux_aarch64.yml @@ -6,6 +6,7 @@ name: Wheel::Linux::ARM # **Who does it impact**: Wheels to be uploaded to PyPI. on: + pull_request: push: branches: - master @@ -31,7 +32,7 @@ jobs: arch: [aarch64] exec_model: ${{ fromJson(needs.set_wheel_build_matrix.outputs.exec_model) }} kokkos_version: ${{ fromJson(needs.set_wheel_build_matrix.outputs.kokkos_version) }} - container_img: ["quay.io/pypa/manylinux2014_aarch64"] + container_img: ["quay.io/pypa/manylinux_2_28_aarch64"] timeout-minutes: 45 name: Kokkos core (${{ matrix.exec_model }}::${{ matrix.arch }}) runs-on: ${{ matrix.os }} @@ -90,7 +91,7 @@ jobs: cibw_build: ${{ fromJson(needs.set_wheel_build_matrix.outputs.python_version) }} exec_model: ${{ fromJson(needs.set_wheel_build_matrix.outputs.exec_model) }} kokkos_version: ${{ fromJson(needs.set_wheel_build_matrix.outputs.kokkos_version) }} - container_img: ["quay.io/pypa/manylinux2014_aarch64"] + container_img: ["quay.io/pypa/manylinux_2_28_aarch64"] timeout-minutes: 45 name: ${{ matrix.os }}::${{ matrix.arch }} - ${{ matrix.pl_backend }} (Python ${{ fromJson('{ "cp39-*":"3.9","cp310-*":"3.10","cp311-*":"3.11", "cp312-*":"3.12" }')[matrix.cibw_build] }}) runs-on: ${{ matrix.os }} @@ -135,7 +136,7 @@ jobs: CIBW_ENVIRONMENT: | PL_BACKEND="${{ matrix.pl_backend }}" - CIBW_MANYLINUX_AARCH64_IMAGE: manylinux2014 + CIBW_MANYLINUX_AARCH64_IMAGE: manylinux_2_28 CIBW_BUILD_VERBOSITY: 3 diff --git a/.github/workflows/wheel_linux_ppc64le.yml b/.github/workflows/wheel_linux_ppc64le.yml index 910e1a1334..5227dad283 100644 --- a/.github/workflows/wheel_linux_ppc64le.yml +++ b/.github/workflows/wheel_linux_ppc64le.yml @@ -6,6 +6,7 @@ name: Wheel::Linux::PowerPC # **Who does it impact**: Wheels to be uploaded to PyPI. on: + pull_request: push: branches: - master @@ -31,7 +32,7 @@ jobs: arch: [ppc64le] exec_model: ${{ fromJson(needs.set_wheel_build_matrix.outputs.exec_model) }} kokkos_version: ${{ fromJson(needs.set_wheel_build_matrix.outputs.kokkos_version) }} - container_img: ["quay.io/pypa/manylinux2014_ppc64le"] + container_img: ["quay.io/pypa/manylinux_2_28_ppc64le"] timeout-minutes: 45 name: Kokkos core (${{ matrix.exec_model }}::${{ matrix.arch }}) runs-on: ${{ matrix.os }} @@ -90,7 +91,7 @@ jobs: cibw_build: ${{fromJson(needs.set_wheel_build_matrix.outputs.python_version)}} exec_model: ${{ fromJson(needs.set_wheel_build_matrix.outputs.exec_model) }} kokkos_version: ${{ fromJson(needs.set_wheel_build_matrix.outputs.kokkos_version) }} - container_img: ["quay.io/pypa/manylinux2014_ppc64le"] + container_img: ["quay.io/pypa/manylinux_2_28_ppc64le"] timeout-minutes: 45 name: ${{ matrix.os }}::${{ matrix.arch }} - ${{ matrix.pl_backend }} (Python ${{ fromJson('{"cp39-*":"3.9","cp310-*":"3.10","cp311-*":"3.11", "cp312-*":"3.12"}')[matrix.cibw_build] }}) runs-on: ${{ matrix.os }} @@ -134,7 +135,7 @@ jobs: CIBW_ENVIRONMENT: | PL_BACKEND="${{ matrix.pl_backend }}" - CIBW_MANYLINUX_PPC64LE_IMAGE: manylinux2014 + CIBW_MANYLINUX_PPC64LE_IMAGE: manylinux_2_28 CIBW_BUILD_VERBOSITY: 3 diff --git a/.github/workflows/wheel_linux_x86_64.yml b/.github/workflows/wheel_linux_x86_64.yml index 9101665494..5f0298d8ea 100644 --- a/.github/workflows/wheel_linux_x86_64.yml +++ b/.github/workflows/wheel_linux_x86_64.yml @@ -6,7 +6,7 @@ name: Wheel::Linux::x86_64 # **Who does it impact**: Wheels to be uploaded to PyPI. env: - GCC_VERSION: 11 + GCC_VERSION: 13 on: pull_request: @@ -35,11 +35,12 @@ jobs: os: [ubuntu-latest] exec_model: ${{ fromJson(needs.set_wheel_build_matrix.outputs.exec_model) }} kokkos_version: ${{ fromJson(needs.set_wheel_build_matrix.outputs.kokkos_version) }} - container_img: ["quay.io/pypa/manylinux2014_x86_64"] + container_img: ["quay.io/pypa/manylinux_2_28_x86_64"] timeout-minutes: 30 name: Kokkos core (${{ matrix.exec_model }}) runs-on: ${{ matrix.os }} - container: ${{ matrix.container_img }} + container: + image: ${{ matrix.container_img }} steps: - name: Cache installation directories @@ -53,12 +54,12 @@ jobs: if: ${{ (matrix.container_img == 'ubuntu-latest') && (steps.kokkos-cache.outputs.cache-hit != 'true') }} run: | apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y -q install cmake gcc-$GCC_VERSION g++-$GCC_VERSION ninja-build git - echo "COMPILER=g++-11" >> $GITHUB_ENV + echo "COMPILER=g++-13" >> $GITHUB_ENV - - name: Install dependencies (CentOS) - if: ${{ (matrix.container_img == 'quay.io/pypa/manylinux2014_x86_64') && (steps.kokkos-cache.outputs.cache-hit != 'true') }} + - name: Install dependencies (AlmaLinux) + if: ${{ (matrix.container_img == 'quay.io/pypa/manylinux_2_28_x86_64') && (steps.kokkos-cache.outputs.cache-hit != 'true') }} run: | - yum update -y && yum install -y cmake ninja-build + dnf update -y && dnf install -y cmake ninja-build echo "COMPILER=g++" >> $GITHUB_ENV - name: Clone Kokkos libs @@ -96,11 +97,13 @@ jobs: cibw_build: ${{ fromJson(needs.set_wheel_build_matrix.outputs.python_version) }} exec_model: ${{ fromJson(needs.set_wheel_build_matrix.outputs.exec_model) }} kokkos_version: ${{ fromJson(needs.set_wheel_build_matrix.outputs.kokkos_version) }} - container_img: ["quay.io/pypa/manylinux2014_x86_64"] + container_img: ["quay.io/pypa/manylinux_2_28_x86_64"] timeout-minutes: 30 name: ${{ matrix.os }}::${{ matrix.arch }} - ${{ matrix.pl_backend }} (Python ${{ fromJson('{ "cp39-*":"3.9","cp310-*":"3.10","cp311-*":"3.11","cp312-*":"3.12" }')[matrix.cibw_build] }}) runs-on: ${{ matrix.os }} - container: ${{ matrix.container_img }} + container: + image: ${{ matrix.container_img }} + options: --privileged steps: - name: Restoring cached dependencies @@ -119,18 +122,18 @@ jobs: mkdir Kokkos cp -rf /root/Kokkos_install/${{ matrix.exec_model }}/* Kokkos/ - - name: Install dependencies (CentOS) - if: ${{ (matrix.container_img == 'quay.io/pypa/manylinux2014_x86_64') }} + - name: Install dependencies (AlmaLinux) + if: ${{ (matrix.container_img == 'quay.io/pypa/manylinux_2_28_x86_64') }} run: | - # Reduce wait time for repos not responding - cat /etc/yum.conf | sed "s/\[main\]/\[main\]\ntimeout=5/g" > /etc/yum.conf - yum update -y && yum install -y docker + dnf update -y && dnf install -y podman - name: Install cibuildwheel run: python3.9 -m pip install cibuildwheel~=2.16.0 - name: Build wheels env: + CIBW_CONTAINER_ENGINE: "podman" + CIBW_ARCHS_LINUX: ${{matrix.arch}} CIBW_BUILD: ${{ matrix.cibw_build }} @@ -139,15 +142,15 @@ jobs: # Python build settings CIBW_BEFORE_BUILD: | - cat /etc/yum.conf | sed "s/\[main\]/\[main\]\ntimeout=5/g" > /etc/yum.conf + cat /etc/dnf.conf | sed "s/\[main\]/\[main\]\ntimeout=5/g" > /etc/dnf.conf python -m pip install ninja cmake~=3.24.0 - yum clean all -y - yum install centos-release-scl-rh -y - yum install devtoolset-11-gcc-c++ -y - source /opt/rh/devtoolset-11/enable -y + dnf clean all -y + dnf install gcc-toolset-13 -y + source ls /opt/rh/gcc-toolset-13/enable -y + PATH="/opt/rh/gcc-toolset-13/root/usr/bin:$PATH" CIBW_ENVIRONMENT: | - PATH="/opt/rh/devtoolset-11/root/usr/bin:$PATH" \ + PATH="/opt/rh/gcc-toolset-13/root/usr/bin:$PATH" \ PL_BACKEND="${{ matrix.pl_backend }}" CIBW_BEFORE_TEST: | @@ -158,7 +161,7 @@ jobs: DEVICENAME=`echo ${{ matrix.pl_backend }} | sed "s/_/./g"` pl-device-test --device=${DEVICENAME} --skip-ops -x --tb=short --no-flaky-report - CIBW_MANYLINUX_X86_64_IMAGE: manylinux2014 + CIBW_MANYLINUX_X86_64_IMAGE: manylinux_2_28 CIBW_BUILD_VERBOSITY: 3 diff --git a/.github/workflows/wheel_linux_x86_64_cuda.yml b/.github/workflows/wheel_linux_x86_64_cuda.yml index f537e53b31..a94fdc6834 100644 --- a/.github/workflows/wheel_linux_x86_64_cuda.yml +++ b/.github/workflows/wheel_linux_x86_64_cuda.yml @@ -6,7 +6,7 @@ name: Wheel::Linux::x86_64::CUDA # **Who does it impact**: Wheels to be uploaded to PyPI. env: - GCC_VERSION: "11" + GCC_VERSION: 12 on: pull_request: @@ -38,28 +38,30 @@ jobs: pl_backend: ["lightning_gpu"] cuda_version: ["12"] cibw_build: ${{ fromJson(needs.set_wheel_build_matrix.outputs.python_version) }} - container_img: ["quay.io/pypa/manylinux2014_x86_64"] + container_img: ["quay.io/pypa/manylinux_2_28_x86_64"] timeout-minutes: 30 name: ${{ matrix.os }}::${{ matrix.arch }} - ${{ matrix.pl_backend }} CUDA ${{ matrix.cuda_version }} (Python ${{ fromJson('{ "cp39-*":"3.9","cp310-*":"3.10","cp311-*":"3.11","cp312-*":"3.12" }')[matrix.cibw_build] }}) runs-on: ${{ matrix.os }} - container: ${{ matrix.container_img }} + container: + image: ${{ matrix.container_img }} + options: --privileged steps: - name: Checkout PennyLane-Lightning uses: actions/checkout@v3 - - name: Install dependencies (CentOS) - if: ${{ (matrix.container_img == 'quay.io/pypa/manylinux2014_x86_64') }} + - name: Install dependencies (AlmaLinux) + if: ${{ (matrix.container_img == 'quay.io/pypa/manylinux_2_28_x86_64') }} run: | - # Reduce wait time for repos not responding - cat /etc/yum.conf | sed "s/\[main\]/\[main\]\ntimeout=5/g" > /etc/yum.conf - yum update -y && yum install -y docker + dnf update -y && dnf install -y podman - name: Install cibuildwheel run: python3.9 -m pip install cibuildwheel~=2.16.0 - name: Build wheels env: + CIBW_CONTAINER_ENGINE: "podman" + CIBW_ARCHS_LINUX: ${{ matrix.arch }} CIBW_BUILD: ${{ matrix.cibw_build }} @@ -70,25 +72,23 @@ jobs: # Python build settings CIBW_BEFORE_BUILD: | - cat /etc/yum.conf | sed "s/\[main\]/\[main\]\ntimeout=5/g" > /etc/yum.conf python -m pip install ninja cmake~=3.24.3 auditwheel~=5.0 custatevec-cu${{ matrix.cuda_version }} - yum clean all -y - yum install centos-release-scl-rh -y - yum install devtoolset-11-gcc-c++ -y - source /opt/rh/devtoolset-11/enable -y - yum-config-manager --add-repo https://developer.download.nvidia.com/compute/cuda/repos/rhel7/x86_64/cuda-rhel7.repo -y - yum -y install cuda-${{ matrix.cuda_version }}-0 git openssh wget + dnf clean all -y + dnf install gcc-toolset-12 dnf-utils -y + source ls /opt/rh/gcc-toolset-12/enable -y + yum-config-manager --add-repo http://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/cuda-rhel8.repo -y + dnf -y install cuda-${{ matrix.cuda_version }}-0 git openssh wget # ensure nvcc is available CIBW_ENVIRONMENT: | - PATH=/opt/rh/devtoolset-11/root/usr/bin:$PATH:/usr/local/cuda-${{ matrix.cuda_version }}/bin \ - LD_LIBRARY_PATH=/opt/rh/devtoolset-11/root/usr/lib64:/opt/rh/devtoolset-11/root/usr/lib:/opt/rh/devtoolset-11/root/usr/lib64/dyninst:/opt/rh/devtoolset-11/root/usr/lib/dyninst:$LD_LIBRARY_PATH:/usr/local/cuda-${{ matrix.cuda_version }}/lib64 \ + PATH=/opt/rh/gcc-toolset-12/root/usr/bin:$PATH:/usr/local/cuda-${{ matrix.cuda_version }}/bin \ + LD_LIBRARY_PATH=/opt/rh/gcc-toolset-12/root/usr/lib64:/opt/rh/gcc-toolset-12/root/usr/lib:/opt/rh/gcc-toolset-12/root/usr/lib64/dyninst:/opt/rh/gcc-toolset-12/root/usr/lib/dyninst:$LD_LIBRARY_PATH:/usr/local/cuda-${{ matrix.cuda_version }}/lib64 \ PL_BACKEND="${{ matrix.pl_backend }}" \ - PKG_CONFIG_PATH=/opt/rh/devtoolset-11/root/usr/lib64/pkgconfig:$PKG_CONFIG_PATH + PKG_CONFIG_PATH=/opt/rh/gcc-toolset-12/root/usr/lib64/pkgconfig:$PKG_CONFIG_PATH CIBW_REPAIR_WHEEL_COMMAND_LINUX: "./bin/auditwheel repair -w {dest_dir} {wheel}" - CIBW_MANYLINUX_X86_64_IMAGE: manylinux2014 + CIBW_MANYLINUX_X86_64_IMAGE: manylinux_2_28 CIBW_BUILD_VERBOSITY: 3 @@ -133,4 +133,3 @@ jobs: user: __token__ password: ${{ secrets.TEST_PYPI_LGPU_TOKEN }} repository_url: https://test.pypi.org/legacy/ - diff --git a/pennylane_lightning/core/_version.py b/pennylane_lightning/core/_version.py index 86e85a246a..b0da18e929 100644 --- a/pennylane_lightning/core/_version.py +++ b/pennylane_lightning/core/_version.py @@ -16,4 +16,4 @@ Version number (major.minor.patch[-label]) """ -__version__ = "0.36.0-dev22" +__version__ = "0.36.0-dev24"