Skip to content

Run Android release job on ephemeral runners #10190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 15, 2025
Merged

Run Android release job on ephemeral runners #10190

merged 2 commits into from
Apr 15, 2025

Conversation

huydhn
Copy link
Contributor

@huydhn huydhn commented Apr 15, 2025
edited
Loading

To summary the discussion with @kirklandsign, only repository secrets are accessible in a Nova linux job. However, GitHub warns against using such secrets on persistent self-hosted runners https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners. In this case, it's important to use a fresh ephemeral runner instead to make sure that nothing on the runner could steal these secrets.

Testing

https://github.com/pytorch/executorch/actions/runs/14465234621

@huydhn huydhn requested a review from kirklandsign April 15, 2025 08:15
@pytorch-bot PyTorch Bot
Copy link

pytorch-bot bot commented Apr 15, 2025
edited
Loading

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/10190

Note: Links to docs will display an error until the docs builds have been completed.

✅ No Failures

As of commit 801fa82 with merge base 4559a61 (image):
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Apr 15, 2025
@huydhn huydhn requested a review from ZainRizvi April 15, 2025 08:53
@huydhn huydhn merged commit 64fdebe into main Apr 15, 2025
85 checks passed
@huydhn huydhn deleted the run-android-release-ephemeral-runner branch April 15, 2025 21:41
keyprocedure pushed a commit to keyprocedure/executorch that referenced this pull request Apr 21, 2025
@huydhn @keyprocedure
Run Android release job on ephemeral runners (pytorch#10190)
d22689d 
To summary the discussion with @kirklandsign, only repository secrets
are accessible in a Nova linux job. However, GitHub warns against using
such secrets on persistent self-hosted runners
https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners.
In this case, it's important to use a fresh ephemeral runner instead to
make sure that nothing on the runner could steal these secrets.

### Testing

https://github.com/pytorch/executorch/actions/runs/14465234621
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kirklandsign kirklandsign kirklandsign approved these changes

@ZainRizvi ZainRizvi Awaiting requested review from ZainRizvi

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. topic: not user facing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@huydhn @kirklandsign @facebook-github-bot