Merge branch 'main' into kmorabia/test-ci

Author: kevalmorabia97

.github/workflows/code_quality.yml

@@ -4,16 +4,12 @@ on:
   push:
     tags: ["[0-9]+.[0-9]+.[0-9]+"]
   pull_request:
-    branches: [main]
+    branches: [main, release/*]
 
 jobs:
   code-quality:
-    name: Code Quality
     runs-on: ubuntu-latest
     timeout-minutes: 15
-    strategy:
-      matrix:
-        tox_env: ["pre-commit-all", "build-docs"]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
@@ -22,4 +18,4 @@ jobs:
       - name: Install tox
         run: pip install tox
       - name: Run code quality checks
-        run: tox -e ${{ matrix.tox_env }}
+        run: tox -e pre-commit-all

SECURITY.md

@@ -0,0 +1,25 @@
+# Security
+
+NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.
+
+If you need to report a security issue, please use the appropriate contact points outlined below. **Please do not report security vulnerabilities through GitHub.**
+
+## Reporting Potential Security Vulnerability in an NVIDIA Product
+
+To report a potential security vulnerability in any NVIDIA product:
+
+- Web: [Security Vulnerability Submission Form](https://www.nvidia.com/object/submit-security-vulnerability.html)
+- E-Mail: [[email protected]](mailto:[email protected])
+  - We encourage you to use the following PGP key for secure email communication: [NVIDIA public PGP Key for communication](https://www.nvidia.com/en-us/security/pgp-key)
+  - Please include the following information:
+    - Product/Driver name and version/branch that contains the vulnerability
+    - Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
+    - Instructions to reproduce the vulnerability
+    - Proof-of-concept or exploit code
+    - Potential impact of the vulnerability, including how an attacker could exploit the vulnerability
+
+While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy. Please visit our [Product Security Incident Response Team (PSIRT)](https://www.nvidia.com/en-us/security/psirt-policies/) policies page for more information.
+
+## NVIDIA Product Security
+
+For all security-related concerns, please visit NVIDIA's [Product Security portal](https://www.nvidia.com/en-us/security)

tox.ini

@@ -0,0 +1,52 @@
+[tox]
+envlist=
+    pre-commit-all
+    py312-torch27-unit
+skipsdist = True
+toxworkdir = /tmp/{env:USER}-modelopt-tox
+
+
+############################
+# CPU Unit test environments
+############################
+[testenv:{py39,py310,py311,py312}-torch{24,25,26,27}-unit]
+deps =
+    # torch version auto-selected based on torchvision version
+    torch24: torchvision~=0.19.0
+    torch25: torchvision~=0.20.0
+    torch26: torchvision~=0.21.0
+    torch27: torchvision~=0.22.0
+
+    -e .[all,dev-test]
+commands =
+    python -m pytest tests/unit --cov
+
+
+#############################################
+# Code quality checks on all files or on diff
+#############################################
+[testenv:{pre-commit}-{all,diff}]
+deps =
+    -e .[all,dev-lint]
+commands =
+    all: pre-commit run --all-files --show-diff-on-failure {posargs}
+    diff: pre-commit run --from-ref origin/main --to-ref HEAD {posargs}
+
+
+#####################
+# Documentation build
+#####################
+[testenv:{build,debug}-docs]
+allowlist_externals =
+    rm
+passenv =
+    SETUPTOOLS_SCM_PRETEND_VERSION
+deps =
+    -e .[all,dev-docs]
+changedir = docs
+commands_pre =
+    rm -rf build
+    rm -rf source/reference/generated
+commands =
+    sphinx-build source build/html --fail-on-warning --show-traceback --keep-going
+    debug: sphinx-autobuild source build/html --host 0.0.0.0