Merge branch 'develop' into llm_phi

.github/actions/tr_post_test_run/action.yml

@@ -16,7 +16,7 @@ runs:
       if: ${{ always() }}
       run: |
         export PYTHONPATH="$PYTHONPATH:."
-        python tests/end_to_end/utils/summary_helper.py
+        python tests/end_to_end/utils/summary_helper.py --func_name "print_task_runner_score"
         echo "Test summary printed"
       shell: bash
 

.github/workflows/bandit.yml

@@ -0,0 +1,51 @@
+name: Bandit Code Scan
+
+on:
+  push:
+    branches: 
+      - develop
+      - v1.7.x
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  bandit_scan:
+    if: github.event.pull_request.draft == false
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Bandit Scan
+    runs-on: ubuntu-22.04
+    timeout-minutes: 15
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set Filename Suffix Report Date and Time
+        run: |
+          echo "REPORT_DATE=$(date +'%d-%b-%Y_%H-%M-%S')" >> $GITHUB_ENV
+    
+      - name: Define SARIF Report Path
+        run: echo "SARIF_REPORT_PATH=${{ github.workspace }}/results.sarif" >> $GITHUB_ENV
+
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+        with:
+          configfile: 'DEFAULT'
+          profile: 'DEFAULT'
+          tests: 'DEFAULT'
+          skips: 'DEFAULT'
+          severity: 'DEFAULT'
+          confidence: 'DEFAULT'
+          exclude: '.svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg'
+          baseline: 'DEFAULT'
+          ini: 'DEFAULT'
+          targets: '.'
+
+      - name: Upload Bandit SARIF Report as Artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: "bandit-report-summary_${{ env.REPORT_DATE }}"
+          path: ${{ env.SARIF_REPORT_PATH }}

.github/workflows/federated_runtime.yml

@@ -0,0 +1,66 @@
+#---------------------------------------------------------------------------
+# Workflow to run 301_MNIST_Watermarking notebook
+# Authors - Noopur, Payal Chaurasiya
+#---------------------------------------------------------------------------
+name: Federated Runtime 301 MNIST Watermarking
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test_federated_runtime_301_watermarking_notebook:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-22.04
+    timeout-minutes: 20
+    steps:
+    - name: Checkout OpenFL repository
+      uses: actions/[email protected]
+      with:
+        fetch-depth: 2 # needed for detecting changes
+        submodules: "true"
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v3
+      with:
+        python-version: "3.10"
+
+    - name: Install dependencies # Without this step, fx command will not work
+      id: install_dependencies
+      run: |
+        python -m pip install --upgrade pip ipython ipykernel
+        pip install .
+        pip install -r test-requirements.txt
+
+    - name: Run Federated Runtime 301 MNIST Watermarking via pytest
+      id: run_tests
+      run: |
+        python -m pytest -s tests/end_to_end/test_suites/wf_federated_runtime_tests.py -k test_federated_runtime_301_watermarking
+        echo "Federated Runtime 301 MNIST Watermarking test run completed"
+
+    - name: Print test summary
+      id: print_test_summary
+      if: ${{ always() }}
+      run: |
+        export PYTHONPATH="$PYTHONPATH:."
+        python tests/end_to_end/utils/summary_helper.py --func_name "print_federated_runtime_score"
+        echo "Test summary printed"
+
+    - name: Tar files
+      if: ${{ always() }}   # collect artifacts regardless of failures
+      run: |
+        tar -cvf notebook_301.tar --exclude="__pycache__" $HOME/results --ignore-failed-read
+        echo "TAR file created"
+
+    - name: Upload Artifacts
+      uses: actions/upload-artifact@v4
+      if: ${{ always() }}   # collect artifacts regardless of failures
+      with:
+        name: federated_runtime_301_watermarking_${{ github.run_id }}
+        path: notebook_301.tar

.github/workflows/lint.yml

@@ -25,6 +25,6 @@ jobs:
     - name: Install linters
       run: |
         python -m pip install --upgrade pip
-        pip install -r linters-requirements.txt 
+        pip install -r linters-requirements.txt
     - name: Lint with OpenFL-specific rules
       run: bash scripts/lint.sh

.github/workflows/pki.yml

@@ -33,20 +33,3 @@ jobs:
     - name: Test PKI
       run: |
         python tests/github/pki_insecure_client.py
-  test_wrong_common_name:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python 3
-      uses: actions/setup-python@v3
-      with:
-        python-version: "3.10"
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install .
-    - name: Test PKI
-      run: |
-        python tests/github/pki_wrong_cn.py

.github/workflows/straggler-handling.yml

@@ -21,7 +21,7 @@ jobs:
       matrix:
        os: ['ubuntu-latest', 'windows-latest']
     runs-on: ${{ matrix.os }}
-    timeout-minutes: 15
+    timeout-minutes: 30
 
     steps:
     - uses: actions/checkout@v3

.github/workflows/task_runner_basic_e2e.yml

@@ -31,7 +31,7 @@ jobs:
   test_with_tls:
     name: tr_tls
     runs-on: ubuntu-22.04
-    timeout-minutes: 15
+    timeout-minutes: 30
     strategy:
       matrix:
         # There are open issues for some of the models, so excluding them for now:
@@ -74,7 +74,7 @@ jobs:
   test_with_non_tls:
     name: tr_non_tls
     runs-on: ubuntu-22.04
-    timeout-minutes: 15
+    timeout-minutes: 30
     strategy:
       matrix:
         # Testing non TLS scenario only for torch_cnn_mnist model and python 3.10
@@ -117,7 +117,7 @@ jobs:
   test_with_no_client_auth:
     name: tr_no_client_auth
     runs-on: ubuntu-22.04
-    timeout-minutes: 15
+    timeout-minutes: 30
     strategy:
       matrix:
         # Testing non TLS scenario only for torch_cnn_mnist model and python 3.10
@@ -160,7 +160,7 @@ jobs:
   test_memory_logs:
     name: tr_tls_memory_logs
     runs-on: ubuntu-22.04
-    timeout-minutes: 15
+    timeout-minutes: 30
     strategy:
       matrix:
         # Testing non TLS scenario only for torch_cnn_mnist model and python 3.10

.github/workflows/taskrunner.yml

@@ -17,29 +17,19 @@ env:
 jobs:
   build:
     if: github.event.pull_request.draft == false
-    strategy:
-      matrix:
-       os: ['ubuntu-latest', 'windows-latest']
-       python-version: ["3.10", "3.11", "3.12"]
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 15
-
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python 
       uses: actions/setup-python@v4
       with:
-        python-version: ${{ matrix.python-version }}
+        python-version: "3.10"
     - name: Install dependencies ubuntu
-      if: matrix.os == 'ubuntu-latest'
-      run: |
-        python -m pip install --upgrade pip
-        pip install .
-    - name: Install dependencies windows
-      if: matrix.os == 'windows-latest'
       run: |
         python -m pip install --upgrade pip
         pip install .
-    - name: Test TaskRunner API
+    - name: Task Runner API
       run: |
-        python -m tests.github.test_hello_federation --template keras_cnn_mnist --fed_workspace aggregator --col1 col1 --col2 col2  --rounds-to-train 3 --save-model output_model
+          python -m tests.github.test_hello_federation --template torch_cnn_mnist --fed_workspace aggregator --col1 collaborator1 --col2 collaborator2  --rounds-to-train 3 --save-model output_model

.github/workflows/ubuntu.yml

@@ -13,6 +13,9 @@ env:
 
 jobs:
   pytest-coverage: # from pytest_coverage.yml
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
@@ -21,7 +24,7 @@ jobs:
     - name: Set up Python 3
       uses: actions/setup-python@v3
       with:
-        python-version: "3.10"
+        python-version: ${{ matrix.python-version }}
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/wf_functional_e2e.yml

@@ -29,9 +29,9 @@ env:
   NUM_COLLABORATORS: ${{ github.event.inputs.num_collaborators || '2' }}
 
 jobs:
-  test_wf_func:
+  test_wf_functional_local_runtime:
     if: github.event.pull_request.draft == false
-    name: wf_func
+    name: wf_functional_local_runtime
     runs-on: ubuntu-22.04
     timeout-minutes: 15
     strategy:
@@ -74,7 +74,7 @@ jobs:
         if: ${{ always() }}
         run: |
           export PYTHONPATH="$PYTHONPATH:."
-          python tests/end_to_end/utils/summary_helper.py
+          python tests/end_to_end/utils/summary_helper.py --func_name "print_local_runtime_score"
           echo "Test summary printed"
 
       - name: Create Tar (exclude cert and data folders)

.github/workflows/windows.yml

@@ -13,14 +13,18 @@ env:
 
 jobs:
   pytest-coverage: # from pytest_coverage.yml
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
     runs-on: windows-latest
     timeout-minutes: 15
+
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python 3
       uses: actions/setup-python@v3
       with:
-        python-version: "3.10"
+        python-version: ${{ matrix.python-version }}
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/workflow_interface_101_mnist.yml

@@ -14,10 +14,10 @@ permissions:
   contents: read
 
 jobs:
-  run_notebook:
+  wf_local_101_mnist:
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-22.04
-    timeout-minutes: 15
+    timeout-minutes: 30
     steps:
     - name: Checkout OpenFL repository
       uses: actions/[email protected]
@@ -31,16 +31,17 @@ jobs:
       with:
         python-version: "3.10"
 
-    - name: Install Jupyter Lab Package
-      run: pip install jupyterlab
+    - name: Install Papermill Package
+      run: python -m pip install --upgrade pip ipython ipykernel papermill
 
     - name: Run Notebook
       run: |
-        jupyter nbconvert --execute --to notebook ./openfl-tutorials/experimental/workflow/101_MNIST.ipynb
+        cd openfl-tutorials/experimental/workflow
+        papermill 101_MNIST.ipynb 101_MNIST_output.ipynb --request-save-on-cell-execute --log-output --autosave-cell-every 30
         echo "Notebook run completed"
 
     - name: Tar files
-      run: tar -cvf notebook.tar ./openfl-tutorials/experimental/workflow/101_MNIST.nbconvert.ipynb
+      run: tar -cvf notebook.tar ./openfl-tutorials/experimental/workflow/101_MNIST_output.ipynb
 
     - name: Upload Artifacts
       uses: actions/upload-artifact@v4

.pre-commit-config.yaml

@@ -27,4 +27,10 @@ repos:
           - --in-place
           - --remove-unused-variables
           - --recursive
-          - --ignore-pass-statements
+          - --ignore-pass-statements
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.4
+    hooks:
+      - id: bandit
+        args: ["-c", "pre_commit.toml"]
+        additional_dependencies: ["bandit[toml]"]

README.md

@@ -71,6 +71,9 @@ OpenFL supports popular aggregation algorithms out-of-the-box, with more algorit
 | FedProx | [Li et al., 2020](https://arxiv.org/pdf/1812.06127.pdf) | yes | yes | - |
 | FedCurv | [Shoham et al., 2019](https://arxiv.org/pdf/1910.07796.pdf) | yes | - | - |
 
+### Enabling Bandit Precommit
+To ensure that precommit is setup in your local for Bandit Scan. For more details, kindly follow this doc: [Setup Guide - Precommit](precommit-doc.md)
+
 ## Contributing
 We welcome contributions! Please refer to the [contributing guidelines](https://openfl.readthedocs.io/en/latest/contributing.html).