brintos

brintos / llvm-project-archived public Read only

0
0
Text · 3.4 KiB · 9b21d2a Raw
109 lines · yaml
1name: Release Sources2 3permissions:4  contents: read5 6on:7  workflow_dispatch:8    inputs:9      release-version:10        description: Release Version11        required: true12        type: string13  workflow_call:14    inputs:15      release-version:16        description: Release Version17        required: true18        type: string19    secrets:20      RELEASE_TASKS_USER_TOKEN:21        description: "Secret used to check user permissions."22        required: false23  # Run on pull_requests for testing purposes.24  pull_request:25    paths:26      - '.github/workflows/release-sources.yml'27    types:28      - opened29      - synchronize30      - reopened31      # When a PR is closed, we still start this workflow, but then skip32      # all the jobs, which makes it effectively a no-op.  The reason to33      # do this is that it allows us to take advantage of concurrency groups34      # to cancel in progress CI jobs whenever the PR is closed.35      - closed36 37concurrency:38  group: ${{ github.workflow }}-${{ inputs.release-version || github.event.pull_request.number }}39  cancel-in-progress: True40 41jobs:42  inputs:43    name: Collect Job Inputs44    if: >-45      github.repository_owner == 'llvm' &&46      github.event.action != 'closed'47    outputs:48      ref: ${{ steps.inputs.outputs.ref }}49      export-args: ${{ steps.inputs.outputs.export-args }}50    runs-on: ubuntu-24.0451    steps:52      - id: inputs53        run: |54          ref=${{ (inputs.release-version && format('llvmorg-{0}', inputs.release-version)) || github.sha }}55          if [ -n "${{ inputs.release-version }}" ]; then56            export_args="-release ${{ inputs.release-version }} -final"57          else58            export_args="-git-ref ${{ github.sha }}"59          fi60          echo "ref=$ref" >> $GITHUB_OUTPUT61          echo "export-args=$export_args" >> $GITHUB_OUTPUT62 63  release-sources:64    name: Package Release Sources65    if: github.repository_owner == 'llvm'66    runs-on: ubuntu-24.0467    needs:68      - inputs69    permissions:70      id-token: write71      attestations: write72    steps:73      - name: Checkout LLVM74        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.075        with:76          ref: ${{ needs.inputs.outputs.ref }}77          fetch-tags: true78      - name: Install Dependencies79        run: |80          pip install --require-hashes -r ./llvm/utils/git/requirements.txt81 82      - name: Check Permissions83        if: github.event_name != 'pull_request'84        env:85          GITHUB_TOKEN: ${{ github.token }}86          USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}87        run: |88          ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions89      - name: Create Tarballs90        run: |91          ./llvm/utils/release/export.sh ${{ needs.inputs.outputs.export-args }}92      - name: Attest Build Provenance93        if: github.event_name != 'pull_request'94        id: provenance95        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.096        with:97          subject-path: "*.xz"98      - if: github.event_name != 'pull_request'99        run: |100          mv ${{ steps.provenance.outputs.bundle-path }} .101      - name: Create Tarball Artifacts102        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0103        with:104          path: |105            *.xz106            attestation.jsonl107 108 109