llvm-project
102 строки · 3.2 Кб
1name: Release Sources2
3permissions:4contents: read5
6on:7workflow_dispatch:8inputs:9release-version:10description: Release Version11required: true12type: string13workflow_call:14inputs:15release-version:16description: Release Version17required: true18type: string19# Run on pull_requests for testing purposes.20pull_request:21paths:22- '.github/workflows/release-sources.yml'23types:24- opened25- synchronize26- reopened27# When a PR is closed, we still start this workflow, but then skip28# all the jobs, which makes it effectively a no-op. The reason to29# do this is that it allows us to take advantage of concurrency groups30# to cancel in progress CI jobs whenever the PR is closed.31- closed32
33concurrency:34group: ${{ github.workflow }}-${{ inputs.release-version || github.event.pull_request.number }}35cancel-in-progress: True36
37jobs:38inputs:39name: Collect Job Inputs40if: >-41github.repository_owner == 'llvm' &&42github.event.action != 'closed'43outputs:44ref: ${{ steps.inputs.outputs.ref }}45export-args: ${{ steps.inputs.outputs.export-args }}46runs-on: ubuntu-latest47steps:48- id: inputs49run: |50ref=${{ inputs.release-version || github.sha }}
51if [ -n "${{ inputs.release-version }}" ]; then
52export_args="-release ${{ inputs.release-version }} -final"
53else
54export_args="-git-ref ${{ github.sha }}"
55fi
56echo "ref=$ref" >> $GITHUB_OUTPUT
57echo "export-args=$export_args" >> $GITHUB_OUTPUT
58
59release-sources:60name: Package Release Sources61if: github.repository_owner == 'llvm'62runs-on: ubuntu-latest63needs:64- inputs65permissions:66id-token: write67attestations: write68steps:69- name: Checkout LLVM70uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.171with:72ref: ${{ needs.inputs.outputs.ref }}73fetch-tags: true74- name: Install Dependencies75run: |76pip install --require-hashes -r ./llvm/utils/git/requirements.txt
77
78- name: Check Permissions79if: github.event_name != 'pull_request'80env:81GITHUB_TOKEN: ${{ github.token }}82USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}83run: |84./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
85- name: Create Tarballs86run: |87./llvm/utils/release/export.sh ${{ needs.inputs.outputs.export-args }}
88- name: Attest Build Provenance89if: github.event_name != 'pull_request'90id: provenance91uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.092with:93subject-path: "*.xz"94- if: github.event_name != 'pull_request'95run: |96mv ${{ steps.provenance.outputs.bundle-path }} .
97- name: Create Tarball Artifacts98uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #v4.3.399with:100path: |101*.xz
102attestation.jsonl
103
104
105