Google Git
Sign in
cos/mirrors/github.com/llvm/llvm-project/refs/heads/main/./.github/workflows/release-tasks.yml
blob: 9b191140c3db2813d4df14c2269e2834359221ac [file] [edit]
name: Release Task
permissions:
contents: read
on:
push:
tags:
# The regex support here is limited, so just match everything that starts with llvmorg- and filter later.
- 'llvmorg-*'
jobs:
validate-tag:
name: Validate Tag
runs-on: ubuntu-24.04
if: github.repository == 'llvm/llvm-project'
outputs:
release-version: ${{ steps.validate-tag.outputs.release-version }}
steps:
- name: Validate Tag
id: validate-tag
run: |
echo "${{ github.ref_name }}" | grep -e '^llvmorg-[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc[0-9]\+\)\?$'
release_version=$(echo "${{ github.ref_name }}" | sed 's/llvmorg-//g')
echo "release-version=$release_version" >> "$GITHUB_OUTPUT"
release-create:
name: Create a New Release
runs-on: ubuntu-24.04
environment:
name: release
deployment: false
permissions:
contents: write # For creating the release.
needs: validate-tag
steps:
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install python3-github
- name: Checkout LLVM
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- id: app-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
with:
app-id: ${{ secrets.LLVM_TOKEN_GENERATOR_CLIENT_ID }}
private-key: ${{ secrets.LLVM_TOKEN_GENERATOR_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
permission-members: read
- name: Create Release
env:
GITHUB_TOKEN: ${{ github.token }}
USER_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} --user ${{ github.actor }} --user-token "$USER_TOKEN" create
release-documentation:
name: Build and Upload Release Documentation
needs:
- validate-tag
uses: ./.github/workflows/release-documentation.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
release-doxygen:
name: Build and Upload Release Doxygen
permissions:
contents: write
needs:
- validate-tag
- release-create
uses: ./.github/workflows/release-doxygen.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
LLVM_TOKEN_GENERATOR_CLIENT_ID: ${{ secrets.LLVM_TOKEN_GENERATOR_CLIENT_ID }}
LLVM_TOKEN_GENERATOR_PRIVATE_KEY: ${{ secrets.LLVM_TOKEN_GENERATOR_PRIVATE_KEY }}
# The pypi trusted publishing does not support called workflows, so we
# can't use them here.
release-lit:
name: Release Lit
runs-on: ubuntu-24.04
permissions:
id-token: write # Requred for pypi publishing
needs:
- validate-tag
environment: pypi
steps:
- name: Checkout LLVM
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
ref: "llvmorg-${{ needs.validate-tag.outputs.release-version }}"
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-build python3-psutil python3-github
- name: Check Permissions
env:
GITHUB_TOKEN: ${{ github.token }}
USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
run: |
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
- name: Test lit
run: |
mkdir build && cd build
export FILECHECK_OPTS='-dump-input-filter=all -vv -color'
cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja
ninja -v -j $(nproc) check-lit
- name: Package lit
run: |
cd llvm/utils/lit
# Remove 'dev' suffix from lit version.
sed -i 's/ + "dev"//g' lit/__init__.py
python3 -m build
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: lit-${{ inputs.release-version }}-release-binary
path: |
llvm/utils/lit/dist
- name: Upload lit to test.pypi.org
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
repository-url: https://test.pypi.org/legacy/
packages-dir: llvm/utils/lit/dist/
- name: Upload lit to pypi.org
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
packages-dir: llvm/utils/lit/dist/
release-binaries:
name: Build Release Binaries
permissions:
contents: write
id-token: write
attestations: write
needs:
- validate-tag
- release-create
uses: ./.github/workflows/release-binaries-all.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-sources:
name: Package Release Sources
permissions:
contents: read
id-token: write
attestations: write
needs:
- validate-tag
uses: ./.github/workflows/release-sources.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
uncomment-download-links:
name: Uncomment download links
runs-on: ubuntu-24.04
permissions:
contents: write # For updating the release message.
if: '!cancelled()'
needs:
- validate-tag
- release-binaries
steps:
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install python3-github
- name: Checkout LLVM
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: llvm/utils/release/github-upload-release.py
sparse-checkout-cone-mode: false
- name: Uncomment Download Links
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} uncomment_download_links