ci: Add initial CI by guru-desh · Pull Request #9 · apple/coreai-optimization

guru-desh · 2026-06-23T00:12:04Z

This PR adds an initial GitHub Actions CI.

This configuration does the following:

Stage 1 - Runs make check on MacOS
Stage 2 - Runs test suite
- Highest PyTorch Fast Tests: Runs on MacOS

This PR also adds a change in pyproject.toml to exclude new packages until they have been on PyPi for more then 7 days. This allows us some security by making sure that the latest wheels are not always being installed.

madrob · 2026-06-23T21:20:32Z

I recommend also configuring dependabot to update your GitHub Actions

dengqiaoyu · 2026-06-23T22:54:15Z

+exclude-newer = "7 days"
+exclude-newer-package = { coreai-core = false, coreai-torch = false }


What do these two options do for the CI?

These aren't CI related per-say, but I thought it was small enough to include in this PR. I gave a quick summary in the description, but here's a more detailed description

exclude-newer = "7 days" forces uv to install packages that have only been on pypi.org for more than 7 days. It's mainly for security. The hope is that malicious packages that have been uploaded would be taken down within 7 days and that we wouldn't be compromised.

exclude-newer-package = { coreai-core = false, coreai-torch = false } tells uv to exclude the exclude rule for coreai-core and coreai-torch so that we can use the newest releases of coreai-core and coreai-torch

Thanks! I think that make sense, can you add some comments above?

exclude-newer = "7 days" forces uv to install packages that have only been on pypi.org for more than 7 days. It's mainly for security.

What would happen, if we pin a package in the pyproject.toml to a version that is very new. What would take precedence then, this rule or the pin specified in pyproject.toml ?

The rule takes precedence

In that case which version would be installed, the most recent below the pinned version?

If the pin was >=X.Y.Z or ==X.Y.Z, then a resolution error would occur unless X.Y.Z has been on pypi for more than 7 days

If we do need a specific package to be installed and to bypas the exclude-newer rule, we can add the package to exclude-newer-package. This is what we currently do for coreai-torch and coreai-core

dengqiaoyu

Thank you for setting it up!

guru-desh added 2 commits June 22, 2026 17:09

build: exclude packages newer than 7 days

f1b61c3

ci: add github CI workflow

397617f

guru-desh marked this pull request as ready for review June 23, 2026 00:12

guru-desh added 2 commits June 22, 2026 17:42

style: fix pyproject toml formatting

fb7d6e7

ci: fix darker diff base (fetch-depth 0 + origin/main...)

cd6cf85

guru-desh requested review from aseemw and dengqiaoyu June 23, 2026 17:48