migrate v2 branch to develop

.ci/piptools-deps.in

@@ -0,0 +1 @@
+pip-tools==7.4.1

.ci/piptools-deps.txt

@@ -0,0 +1,45 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --generate-hashes --output-file=.ci/piptools-deps.txt .ci/piptools-deps.in
+#
+build==1.1.1 \
+    --hash=sha256:8ed0851ee76e6e38adce47e4bee3b51c771d86c64cf578d0c2245567ee200e73 \
+    --hash=sha256:8eea65bb45b1aac2e734ba2cc8dad3a6d97d97901a395bd0ed3e7b46953d2a31
+    # via pip-tools
+click==8.1.7 \
+    --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
+    --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
+    # via pip-tools
+packaging==23.2 \
+    --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
+    --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
+    # via build
+pip-tools==7.4.1 \
+    --hash=sha256:4c690e5fbae2f21e87843e89c26191f0d9454f362d8acdbd695716493ec8b3a9 \
+    --hash=sha256:864826f5073864450e24dbeeb85ce3920cdfb09848a3d69ebf537b521f14bcc9
+    # via -r .ci/piptools-deps.in
+pyproject-hooks==1.0.0 \
+    --hash=sha256:283c11acd6b928d2f6a7c73fa0d01cb2bdc5f07c57a2eeb6e83d5e56b97976f8 \
+    --hash=sha256:f271b298b97f5955d53fb12b72c1fb1948c22c1a6b70b315c54cedaca0264ef5
+    # via
+    #   build
+    #   pip-tools
+tomli==2.0.1 \
+    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+    # via
+    #   build
+    #   pip-tools
+    #   pyproject-hooks
+wheel==0.42.0 \
+    --hash=sha256:177f9c9b0d45c47873b619f5b650346d632cdc35fb5e4d25058e09c9e581433d \
+    --hash=sha256:c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8
+    # via pip-tools
+
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes and the requirement is not
+# satisfied by a package already installed. Consider using the --allow-unsafe flag.
+# pip
+# setuptools

.ci/publish-deps.in

@@ -0,0 +1,2 @@
+build==1.1.1
+twine==5.0.0

.ci/tox-deps.in

@@ -0,0 +1 @@
+tox==4.14.1

.ci/tox-deps.txt

@@ -0,0 +1,62 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --generate-hashes --output-file=.ci/tox-deps.txt .ci/tox-deps.in
+#
+cachetools==5.3.3 \
+    --hash=sha256:0abad1021d3f8325b2fc1d2e9c8b9c9d57b04c3932657a72465447332c24d945 \
+    --hash=sha256:ba29e2dfa0b8b556606f097407ed1aa62080ee108ab0dc5ec9d6a723a007d105
+    # via tox
+chardet==5.2.0 \
+    --hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \
+    --hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970
+    # via tox
+colorama==0.4.6 \
+    --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
+    --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
+    # via tox
+distlib==0.3.8 \
+    --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \
+    --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64
+    # via virtualenv
+filelock==3.13.1 \
+    --hash=sha256:521f5f56c50f8426f5e03ad3b281b490a87ef15bc6c526f168290f0c7148d44e \
+    --hash=sha256:57dbda9b35157b05fb3e58ee91448612eb674172fab98ee235ccb0b5bee19a1c
+    # via
+    #   tox
+    #   virtualenv
+packaging==23.2 \
+    --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
+    --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
+    # via
+    #   pyproject-api
+    #   tox
+platformdirs==4.2.0 \
+    --hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \
+    --hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768
+    # via
+    #   tox
+    #   virtualenv
+pluggy==1.4.0 \
+    --hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \
+    --hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be
+    # via tox
+pyproject-api==1.6.1 \
+    --hash=sha256:1817dc018adc0d1ff9ca1ed8c60e1623d5aaca40814b953af14a9cf9a5cae538 \
+    --hash=sha256:4c0116d60476b0786c88692cf4e325a9814965e2469c5998b830bba16b183675
+    # via tox
+tomli==2.0.1 \
+    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+    # via
+    #   pyproject-api
+    #   tox
+tox==4.14.1 \
+    --hash=sha256:b03754b6ee6dadc70f2611da82b4ed8f625fcafd247e15d1d0cb056f90a06d3b \
+    --hash=sha256:f0ad758c3bbf7e237059c929d3595479363c3cdd5a06ac3e49d1dd020ffbee45
+    # via -r .ci/tox-deps.in
+virtualenv==20.25.1 \
+    --hash=sha256:961c026ac520bac5f69acb8ea063e8a4f071bcc9457b9c1f28f6b085c511583a \
+    --hash=sha256:e08e13ecdca7a0bd53798f356d5831434afa5b07b93f0abdf0797b7a06ffe197
+    # via tox

.dockerignore

@@ -1,15 +1,7 @@
-**/venv/**
-.git
-.github
-.mypy_cache
-.pytest_cache
-.tox
-.vscode
-__pycache__
-build/
-data/
-docs/
-lightning_logs/
-misc/
-results/
-venv/
+*
+!src/otx
+!pyproject.toml
+!README.md
+!LICENSE
+!MANIFEST.in
+!docker/download_pretrained_weights.py

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# See help here: https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+# These owners will be the default owners for everything in the repo.
+* @samet-akcay @harimkang @vinnamkim @jaegukhyun @sungmanc @eugene123tw @kprokofi @chuneuny-emily @sovrasov

.github/dependabot.yaml

@@ -0,0 +1,26 @@
+version: 2
+updates:
+  - package-ecosystem: docker
+    directory: /.ci
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /docker
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: pip
+    directory: /src/otx/core/exporter/exportable_code/demo
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: weekly

.github/labeler.yml

@@ -1,31 +1,24 @@
 # See help here: https://github.com/marketplace/actions/labeler
 
-CLI:
-  - "src/otx/cli/**/*"
-API:
-  - "src/otx/api/**/*"
-ALGO:
-  - "src/otx/algorithms/**/*"
+OTX 2.0:
+  - "src/otx/**/*"
 TEST:
   - "tests/**/*"
 DOC:
   - "docs/**/*"
   - "**/*.md"
   - "LICENSE"
   - "third-party-programs.txt"
+  - "NOTICE"
+  - "for_developers/**/*"
 BUILD:
   - ".ci/**/*"
   - ".github/**/*"
-  - ".flake8"
-  - ".isort.cfg"
-  - ".mdlrc"
   - ".pre-commit-config.yaml"
   - "markdownlint.rb"
-  - "setup.py"
   - "pyproject.toml"
   - "tox.ini"
   - "MANIFEST.in"
 DEPENDENCY:
   - "requirements/*"
-  - "setup.py"
   - "pyproject.toml"

.github/pull_request_template.md

@@ -34,6 +34,6 @@ not fully covered by unit tests or manual testing can be complicated. -->
 - [ ] I have updated the license header for each file (see an example below).
 
 ```python
-# Copyright (C) 2023 Intel Corporation
+# Copyright (C) 2024 Intel Corporation
 # SPDX-License-Identifier: Apache-2.0
 ```

.github/workflows/code_scan.yaml

@@ -0,0 +1,58 @@
+name: Code Scanning
+
+on:
+  workflow_dispatch: # run on request (no need for PR)
+  push:
+    branches:
+      - "releases/*"
+  schedule:
+    # every UTC 6PM from Mon to Fri
+    - cron: "0 18 * * 1-5"
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  Trivy-scan:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: python -m pip install --require-hashes --no-deps -r .ci/tox-deps.txt
+      - name: Trivy Scanning
+        env:
+          TRIVY_DOWNLOAD_URL: ${{ vars.TRIVY_DOWNLOAD_URL }}
+        run: tox -vv -e trivy-scan
+      - name: Upload Trivy results artifact
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: trivy-results
+          path: |
+            .tox/trivy-spdx-otx.json
+            .tox/trivy-results-otx.txt
+            .tox/trivy-results-otx.csv
+  Bandit:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: python -m pip install --require-hashes --no-deps -r .ci/tox-deps.txt
+      - name: Bandit Scanning
+        run: tox -e bandit-scan
+      - name: Upload Bandit artifact
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: bandit-report
+          path: .tox/bandit-report.txt
+        # Use always() to always run this step to publish scan results when there are test failures
+        if: ${{ always() }}