[None][infra] Fix source code scanning#12773
[None][infra] Fix source code scanning#12773yuanjingx87 merged 1 commit intoNVIDIA:mainNVIDIA/TensorRT-LLM:mainfrom yuanjingx87:user/yuanjingx/fix_source_code_scanningyuanjingx87/TensorRT-LLM:user/yuanjingx/fix_source_code_scanningCopy head branch name to clipboard
Conversation
Signed-off-by: Yuanjing Xue <197832395+yuanjingx87@users.noreply.github.com>
|
/bot skip --comment "no need to run CI" |
GitHub Bot Help
Provide a user friendly way for developers to interact with a Jenkins server. Run See details below for each supported subcommand. Details
Launch build/test pipelines. All previously running jobs will be killed.
kill
Kill all running builds associated with pull request. skip
Skip testing for latest commit on pull request. reuse-pipeline
Reuse a previous pipeline to validate current commit. This action will also kill all currently running builds associated with the pull request. IMPORTANT NOTE: This is dangerous since lack of user care and validation can cause top of tree to break. |
📝 WalkthroughWalkthroughA single command parameter modification in a Jenkins Groovy script that adds explicit exclusion of the PIP detector to a pulse scan invocation while preserving the SBOM generation and no-fail behavior. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@jenkins/TensorRT_LLM_PLC.groovy`:
- Line 211: Next to the sh invocation "sh 'pulse scan --no-fail
--exclude-detectors PIP --sbom .'", add a concise inline comment that states:
the specific reason PIP detector is disabled (e.g., false positives,
performance, compatibility), whether this exclusion is temporary or permanent,
and if temporary include the mitigation plan and expected re‑enable date or
ticket/issue ID; if permanent explicitly acknowledge and accept the reduced
Python dependency scanning coverage and reference any risk acceptance or
tracking ticket. Ensure the comment is brief but includes the rationale,
permanence, and a link/ID to the tracking ticket or next action.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 3d043c50-4be4-41d0-9d61-1e7a6657ef03
📒 Files selected for processing (1)
jenkins/TensorRT_LLM_PLC.groovy
|
/bot skip --comment "no need to run CI" |
|
PR_Github #41966 [ skip ] triggered by Bot. Commit: |
|
PR_Github #41966 [ skip ] completed with state |
Signed-off-by: Yuanjing Xue <197832395+yuanjingx87@users.noreply.github.com>
Signed-off-by: Yuanjing Xue <197832395+yuanjingx87@users.noreply.github.com>
Signed-off-by: Yuanjing Xue <197832395+yuanjingx87@users.noreply.github.com>
Summary by CodeRabbit
Description
Disable pip inspector in PLC nightly pipeline
Test Coverage
PR Checklist
Please review the following before submitting your PR:
PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.
PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.
Test cases are provided for new code paths (see test instructions)
Any new dependencies have been scanned for license and vulnerabilities
CODEOWNERS updated if ownership changes
Documentation updated as needed
Update tava architecture diagram if there is a significant design change in PR.
The reviewers assigned automatically/manually are appropriate for the PR.
Please check this after reviewing the above items as appropriate for this PR.
GitHub Bot Help
To see a list of available CI bot commands, please comment
/bot help.