Skip to content

[no-ci] CI: remove restricted paths guard#2297

Open
rwgk wants to merge 1 commit into
NVIDIA:mainfrom
rwgk:remove-restricted-paths-guard
Open

[no-ci] CI: remove restricted paths guard#2297
rwgk wants to merge 1 commit into
NVIDIA:mainfrom
rwgk:remove-restricted-paths-guard

Conversation

@rwgk

@rwgk rwgk commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Description

Remove the obsolete CI: Restricted Paths Guard workflow now that CUDA Python is being relicensed under Apache-2.0.

The guard existed to label external PRs that touched cuda_bindings/ or cuda_python/ for special review while those paths had license-specific contribution restrictions. With the relicensing work in PR #2285 and PR #2293, that path-specific automation is no longer needed.

(I also checked for non-obvious references before removing the workflow. Tracked repository files no longer reference CI: Restricted Paths Guard, restricted-paths-guard, or Needs-Restricted-Paths-Review, and the GitHub ruleset/branch-rule metadata I inspected did not show any required-check reference to the guard.)

Follow-up

  • Remove the Needs-Restricted-Paths-Review label from the repository after this workflow removal lands.

@rwgk rwgk added this to the cuda.bindings next milestone Jul 2, 2026
@rwgk rwgk self-assigned this Jul 2, 2026
@rwgk rwgk added P0 High priority - Must do! CI/CD CI/CD infrastructure cuda.bindings Everything related to the cuda.bindings module labels Jul 2, 2026
@rwgk rwgk requested a review from kkraus14 July 2, 2026 16:39
@leofang

leofang commented Jul 2, 2026

Copy link
Copy Markdown
Member

@kkraus14 raised the concern that even with re-licensing we still don't want users to touch the generated code (because we need to update the codegen first). @kkraus14 @mdboom, we need to a new practice that can still be automated. Code review can be conducted by anyone on the team, and we've seen human errors before (that led to this path guard).

@leofang leofang left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(see above, blocking merge until we have a conclusion.)

@rwgk

rwgk commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

@kkraus14 raised the concern that even with re-licensing we still don't want users to touch the generated code (because we need to update the codegen first). @kkraus14 @mdboom, we need to a new practice that can still be automated. Code review can be conducted by anyone on the team, and we've seen human errors before (that led to this path guard).

I think it's a great idea to have a "generated files guard", but I think we should start such a workflow from scratch. E.g. it doesn't need any of the "is NVIDIA employee" logic, which is what made the restricted paths guard workflow so complex. The "generated files guard" workflow should be developed in tandem with cybind tweaks: small changes in cybind that make the guard workflow easier to implement (@mdboom for visibility). — I'm interested in working on that: if done right, it'll make the cuda-python-private workflows easier, too, potentially much easier.

@leofang

leofang commented Jul 2, 2026

Copy link
Copy Markdown
Member

but I think we should start such a workflow from scratch. E.g. it doesn't need any of the "is NVIDIA employee" logic

I think we do mean that we don't want non-NVIDIANs to touch these files.

@rwgk

rwgk commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

but I think we should start such a workflow from scratch. E.g. it doesn't need any of the "is NVIDIA employee" logic

I think we do mean that we don't want non-NVIDIANs to touch these files.

Oh, I didn't explain:

Because determining "is NVIDIA employee" is troublesome/unreliable, I was thinking of adding a (simple) heuristic: does it look like cybind was run?

So if someone only changes one, or a small subset, of the generated files, the alarm would trigger.

It seems very unlikely to me that anyone would change all generated files not through cybind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CI/CD CI/CD infrastructure cuda.bindings Everything related to the cuda.bindings module P0 High priority - Must do!

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants