llvm/.github/workflows/release-tasks.yml at 1d1a34ff3e57ae55fe82acb91b1391a04162556c · intel/llvm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
name: Release Task

permissions:
  contents: read

on:
  push:
    tags:
      # The regex support here is limited, so just match everything that starts with llvmorg- and filter later.
      - 'llvmorg-*'

jobs:
  validate-tag:
    name: Validate Tag
    runs-on: ubuntu-24.04
    if: github.repository == 'llvm/llvm-project'
    outputs:
      release-version: ${{ steps.validate-tag.outputs.release-version }}
    steps:
      - name: Validate Tag
        id: validate-tag
        run: |
          echo "${{ github.ref_name }}" | grep -e '^llvmorg-[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc[0-9]\+\)\?$'
          release_version=$(echo "${{ github.ref_name }}" | sed 's/llvmorg-//g')
          echo "release-version=$release_version" >> "$GITHUB_OUTPUT"

  release-create:
    name: Create a New Release
    runs-on: ubuntu-24.04
    permissions:
      contents: write # For creating the release.
    needs: validate-tag

    steps:
      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install python3-github

      - name: Checkout LLVM
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

      - name: Create Release
        env:
          GITHUB_TOKEN: ${{ github.token }}
          USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
        run: |
          ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} --user ${{ github.actor }} --user-token "$USER_TOKEN" create
  release-documentation:
    name: Build and Upload Release Documentation
    environment: release
    needs:
      - validate-tag
    uses: ./.github/workflows/release-documentation.yml
    with:
      release-version: ${{ needs.validate-tag.outputs.release-version }}
      upload: true
    # Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
    secrets:
      LLVMBOT_WWW_RELEASES_PUSH: ${{ secrets.LLVMBOT_WWW_RELEASES_PUSH }}
      WWW_RELEASES_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }}

  release-doxygen:
    name: Build and Upload Release Doxygen
    permissions:
      contents: write
    needs:
      - validate-tag
      - release-create
    uses: ./.github/workflows/release-doxygen.yml
    with:
      release-version: ${{ needs.validate-tag.outputs.release-version }}
      upload: true
    # Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
    secrets:
      RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}

  # The pypi trusted publishing does not support called workflows, so we
  # can't use them here.
  release-lit:
    name: Release Lit
    runs-on: ubuntu-24.04
    permissions:
      id-token: write # Requred for pypi publishing
    needs:
      - validate-tag
    environment: pypi
    steps:
      - name: Checkout LLVM
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          ref: "llvmorg-${{ needs.validate-tag.outputs.release-version }}"

      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y python3-build python3-psutil python3-github

      - name: Check Permissions
        env:
          GITHUB_TOKEN: ${{ github.token }}
          USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
        run: |
          ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions

      - name: Test lit
        run: |
          mkdir build && cd build
          export FILECHECK_OPTS='-dump-input-filter=all -vv -color'
          cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja
          ninja -v -j $(nproc) check-lit

      - name: Package lit
        run: |
          cd llvm/utils/lit
          # Remove 'dev' suffix from lit version.
          sed -i 's/ + "dev"//g' lit/__init__.py
          python3 -m build

      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: lit-${{ inputs.release-version }}-release-binary
          path: |
            llvm/utils/lit/dist

      - name: Upload lit to test.pypi.org
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
        with:
          repository-url: https://test.pypi.org/legacy/
          packages-dir: llvm/utils/lit/dist/

      - name: Upload lit to pypi.org
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
        with:
          packages-dir: llvm/utils/lit/dist/

  release-binaries:
    name: Build Release Binaries
    permissions:
      contents: write
      id-token: write
      attestations: write
    needs:
      - validate-tag
      - release-create
    uses: ./.github/workflows/release-binaries-all.yml
    with:
      release-version: ${{ needs.validate-tag.outputs.release-version }}
      upload: true
    # Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
    secrets:
      RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}

  release-sources:
    name: Package Release Sources
    permissions:
      contents: read
      id-token: write
      attestations: write
    needs:
      - validate-tag
    uses: ./.github/workflows/release-sources.yml
    with:
      release-version: ${{ needs.validate-tag.outputs.release-version }}
    # Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
    secrets:
      RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}

  uncomment-download-links:
    name: Uncomment download links
    runs-on: ubuntu-24.04
    permissions:
      contents: write # For updating the release message.
    if: '!cancelled()'
    needs:
      - validate-tag
      - release-binaries

    steps:
      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install python3-github

      - name: Checkout LLVM
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          sparse-checkout: llvm/utils/release/github-upload-release.py
          sparse-checkout-cone-mode: false

      - name: Uncomment Download Links
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} uncomment_download_links