274 Commits

Author SHA1 Message Date
Tobias Hieta
a0971f027c
[Infra] Fix version-check workflow (#100090) 2024-07-23 13:03:27 +02:00
Tom Stellard
56ffbd97fd
[workflows] Avoid usage of access token in issue-write.yml (#94011)
This adds a new composite workflow that allows you to download artifacts
from other workflows without using an access token.

actions/download-artifact from GitHub requires an access token in order
to download artifacts from a different workflow, which is why we can't
use it here if we want to avoid using a token.

See
https://github.com/actions/download-artifact?tab=readme-ov-file#download-artifacts-from-other-workflow-runs-or-repositories
2024-07-19 14:47:35 -07:00
Nikolas Klauser
655651a023
[libc++] Upgrade to GCC 14 (#97205) 2024-07-04 17:23:31 +02:00
Aiden Grossman
da3e60bbe7
[Github] Make issue write workflow only run after success/failure (#97341)
This patch makes the issue write workflow only run after success or
failure of the workflow invoking it, preventing it from running where
the original workflow was skipped.

Fixes #97294
2024-07-01 13:38:33 -07:00
Tom Stellard
2879a03647
[workflows] Fix release note request workflow (#94784)
We need to use the issue-write workflow to write the comments, because
pull_request targets don't have permissions to write comments.
2024-06-27 15:54:22 -07:00
Tom Stellard
da0e5359fc
workflows: Add a new job for packaging release sources (#91834)
This job uses the new artifact attestations:

https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/

This will allow users to verify that the sources came from a specific
workflow run in the llvm-project repository. Currently, this job does
not automatically upload sources to the release page, but rather it
attaches them the workflow run as artifacts. The release manager is
expected to download, verify, and sign the sources before uploading them
to the release page.

We may be able to automatically upload them in the future once we have a
process for signing the binaries within the github workflow.
Technically, though, the binaries are being signed as part of the
attestation process, but the only way to verify the signatures is using
the gh command line tool, and I don't think it is best to rely on that,
since the tool may not be easily available on all systems.
2024-06-18 08:27:33 -07:00
Owen Pan
5914a5671a
[GitHub][workflows] Use latest clang-format version 18.1.7 (#95757)
Since clang-format 18.1.4, there have been a number of commits that
fixed various kinds of issues:

- Bug
3ceccbdb1995

- Regression
6dbaa89433f7
51ff7f38b633
35fea1032741
7699b341b763
768118d1ad38
8c0fe0d65ed8

- Crash
f1491c7460e7

- Invalid code generation
0abb89a80f5c
2024-06-17 09:49:12 -07:00
Louis Dionne
c7b32341e9 [libc++] Rename workflow that restarts preempted jobs
All the libc++ workflows start with `libcxx-`, so use that prefix for
this job as well. Also, remove trailing whitespace from the yaml file.
2024-06-14 12:44:09 -04:00
Jannick Kremer
e38729968b
[CI] Update setup-python action to v5 for GHA (#95414)
We currently receive a warning on all Github Actions workflows that use
`setup-python`, since they all use v4 of the action, which uses the
deprecated Node.js 16. This PR upgrades the action in all places to v5,
which uses Node.js 20 (see [setup-python release
page](https://github.com/actions/setup-python/releases/tag/v5.0.0))
2024-06-13 10:16:59 -07:00
Jannick Kremer
8f795fc798
[libclang/python] Change minimum Python test version to 3.8 (#95210)
This fixes #95209
2024-06-13 18:48:31 +04:00
Martin Storsjö
bce2498767
[libcxx] [ci] Update Clang for Windows jobs to 18.1.x (#95228)
Pick the latest version available in Chocolatey (18.1.6) and llvm-mingw
(20240606, which includes LLVM 18.1.7).

Also add the flag "--allow-downgrade" when installing a specific version
of LLVM. If the preinstalled version is higher than the requested one,
Chocolatey would otherwise error out when requesting installing a lower
version. This will avoid errors in the future, if the runner image comes
preinstalled with a newer version of LLVM.

(This currently seems to happen with a recent version of the GitHub
Actions runner image, version 20240610.1.0 has LLVM 18.1.6 already
preinstalled, and will error out when trying to install the 17.0.6
version that we previously requested.)
2024-06-12 12:01:08 -04:00
Martin Storsjö
27ac46e6be
[libc++][ci] Don't install wget in the Windows jobs (#95215)
Nothing uses wget - only curl is used, and that's available out of the
box.
2024-06-12 11:25:37 -04:00
Tom Stellard
81671fe0e2
[workflows] Add post-commit job that periodically runs the clang static analyzer (#94106)
This job will run once per day on the main branch, and for every commit
on a release branch. It currently only builds llvm, but could add more
sub-projects in the future.

OpenSSF Best Practices recommends running a static analyzer on software
before it is released:
https://www.bestpractices.dev/en/criteria/0#0.static_analysis
2024-06-07 19:02:55 -07:00
Tom Stellard
0d1b3671a9
[CMake][Release] Use the TXZ cpack generator for binaries (#90138) 2024-06-07 02:27:59 -07:00
Tom Stellard
e49f902358
[workflows] Add scan-build to ci-ubuntu-22.04 container (#94543)
This will be used for a new CI job that runs the static analyzer.
2024-06-06 06:05:29 -07:00
Tom Stellard
aa512943f4
workflows: Disable stage2 of the release builds (#93056)
We need to skip this step until PGO is re-enabled for the release
builds.
2024-06-05 09:33:13 -07:00
Eric Fiselier
b6ea134e41 Fix pagination issue in libc++ buildbot restarter 2024-06-02 10:18:44 -04:00
Eric Fiselier
867c9f6713 Fix permissions on restarter workflow 2024-06-01 12:30:14 -04:00
Eric Fiselier
e9057c30a4 Create check run on workflow run to better display result.
In order to make the behavior of the libc++ restarter more visible
to users, this change creates a check run on the considered workflow
to let users know what action, if any, was taken
2024-06-01 12:22:26 -04:00
Eric Fiselier
86bb5c8427 Create annotations to better explain restarter decision 2024-06-01 11:53:22 -04:00
Eric Fiselier
e492aa5adb Remove one more unneeded debug log line 2024-05-28 21:08:07 -04:00
Eric Fiselier
d11922ebb2 Remove unneeded debug logging 2024-05-28 20:54:16 -04:00
Eric Fiselier
bd5cd4b837 Fix trigger for libc++ job rerunner.
Testing github actions is such a pain. I swear it should match now.
2024-05-28 20:03:36 -04:00
Eric Fiselier
b9cdea66b6 Attempt to fix issue with plus sign in libc++ workflow name 2024-05-28 18:23:14 -04:00
Eric
067b4ccb4b
Upstream libc++ buildbot restarter. (#93582)
I've been running a cronjob on my local machine to restart preempted
libc++ CI runs. This is bad and brittle. This upstreams a much better
version of the restarter.

It works by matching on check run annotations looking for mention
of the machine being shutdown.

If there are both preempted jobs and failing jobs, we don't restart
the workflow. Maybe we should change that?
2024-05-28 18:19:04 -04:00
Ryuichi Watanabe
7892d43474
Update llvm-bugs.yml (#77243) 2024-05-19 15:01:47 -07:00
Tom Stellard
89b83d2d3f
[git] Add hashes to requirements.txt for extra security (#92305)
https://pip.pypa.io/en/stable/topics/secure-installs/
2024-05-17 06:49:27 -07:00
Tom Stellard
d06270ee00
[workflows] Fix libclang-abi-tests to work with new version scheme (#91865) 2024-05-15 06:08:29 -07:00
Tom Stellard
c99d1156c2
[workflows] Add a job for requesting a release note on release branch PRs (#91826)
We have been collecting release notes from the PRs for most of the
18.1.x releases and this just helps automate the process.
2024-05-13 16:31:21 -07:00
Tom Stellard
720dfd94df
workflows: Fix missing GITHUB_TOKEN in release-doxygen.yml upload step (#91091)
We were accidentally setting the GITHUB_TOKEN environment variable in
the previous step.
2024-05-09 20:30:29 -07:00
Tom Stellard
0d31ac8893
workflows: Remove top-level permissions from release-tasks.yml (#91088)
This is the recommend best practice and we also don't need write access
for all jobs.
2024-05-09 20:29:25 -07:00
Tom Stellard
abac98479b
[Workflows] Re-write release-binaries workflow (#89521)
This updates the release-binaries workflow so that the different build
stages are split across multiple jobs. This saves money by reducing the
time spent on the larger github runners and also makes it easier to
debug, because now it's possible to build a smaller release package
(with clang and lld) using only the free GitHub runners.

The workflow no longer uses the test-release.sh script but instead uses
the Release.cmake cache. This gives the workflow more flexibility and
ensures that the binary package will always be created even if the tests
fail.

This idea to split the stages comes from the "LLVM Precommit CI through
Github Actions" RFC:

https://discourse.llvm.org/t/rfc-llvm-precommit-ci-through-github-actions/76456
2024-05-04 15:10:12 -07:00
Mark de Wever
9e95951830
[libc++][CI] Removes clang-tidy references. (#89092)
The clang-tidy selection has been made automatic recently so this is not
longer needed.

Thanks to Louis for spotting this.
2024-04-23 19:46:40 +02:00
Marius Brehler
a952c12388
[GitHub] Set top level token permission (#87326) 2024-04-11 22:58:47 +02:00
Schuyler Eldridge
8a8ab8f70c
[lit][ci] Publish lit wheels (#88072)
Add wheel publishing in addition to existing source distribution
publishing of lit.

Fixes #63369. This also uses the exact fix proposed by @EFord36 in
#63369.

Signed-off-by: Schuyler Eldridge <schuyler.eldridge@sifive.com>
2024-04-09 11:55:17 -04:00
Mark de Wever
b798c2af8b
[libc++][CI] Updates to Clang 19. (#85301)
Since we have released Clang 16 is no longer actively supported. However
the FreeBSD runner is still using this, so some tests still guard
against Clang 16.
2024-04-04 20:48:23 +02:00
Tom Stellard
817c6915ae
[workflows] Use issue-write workflow for warning about private emails (#87399)
This allows us to use the less privileged pull_request event for the
validate_email job, since this workflow no longer writes a comment
directly.
2024-04-02 13:36:08 -07:00
Aiden Grossman
f6c87be1dd [Github] Fix typo in PR code formatting job
The recent change to split the PR code formatting job accidentally
misspelled the repository field when specifying the repository to fetch
the code formatting utils from. This patch fixes the spelling so that
the job does not throw a warning and clones the tools from the specified
repository.
2024-04-02 00:33:50 -07:00
Tom Stellard
649f9603a2
[workflows] issue-write: Avoid race condition when PR branch is deleted (#87118)
Fixes #87102 .
2024-04-01 15:17:24 -07:00
Tom Stellard
6b136ce738
[workflows] issue-write: Exit early if there are no comments (#87114)
This will eliminate some unnecessary REST API calls.
2024-04-01 14:35:39 -07:00
Tom Stellard
2fa46ca922
[workflows] Update the version of the scorecard-action (#86753)
I'm hoping this will fix the errors we've been seeing the last few days:

2024-03-19T20:44:07.4841482Z 2024/03/19 20:44:07 error signing scorecard
json results: error signing payload: getting key from Fulcio: verifying
SCT: updating local metadata and targets: error updating to TUF remote
mirror: invalid key
2024-03-27 06:25:10 -07:00
Tom Stellard
de917dc20e
[workflow] Don't add a comment when the first run of the formatter passes (#86335)
This was inadvertently changed in
2120f574103c487787390263b3692c4b167f6bdf.
2024-03-25 15:04:11 -07:00
Tom Stellard
2120f57410
Reapply [workflows] Split pr-code-format into two parts to make it more secure (#78215) (#80495)
Actions triggered by pull_request_target events have access to all
repository secrets, so it is unsafe to use them when executing untrusted
code. The pr-code-format workflow does not execute any untrusted code,
but it passes untrused input into clang-format. An attacker could use
this to exploit a flaw in clang-format and potentially gain access to
the repository secrets.
    
By splitting the workflow, we can use the pull_request target which is
more secure and isolate the issue write permissions in a separate job.
The pull_request target also makes it easier to test changes to the
code-format-helepr.py script, because the version of the script from the
pull request will be used rather than the version of the script from
main.
    
Fixes #77142
2024-03-22 11:45:51 -07:00
Tom Stellard
d93363a0e8
workflows: Fix baseline version for llvm abi checks (#85166)
The baseline version calculations was assuming the minor release would
always be 0.
2024-03-19 06:55:10 -07:00
Owen Pan
6f39c1e284 [GitHub][workflows] Use latest clang-format version 18.1.1 (#85502) 2024-03-16 04:23:15 -07:00
Aiden Grossman
f1ca0b6ce8 Revert "[GitHub][workflows] Use latest clang-format version 18.1.1 (#85502)"
This reverts commit dec63221d56e8092557f29f1f2c127828d7521bb.

This probably needs more discussion before we can land it. The consensus
(from what I can gather) in https://discourse.llvm.org/t/rfc-clang-format-all-the-things/76614
is that we should be careful with version upgrades for consistency.
2024-03-16 02:45:27 -07:00
Owen Pan
dec63221d5
[GitHub][workflows] Use latest clang-format version 18.1.1 (#85502) 2024-03-16 02:17:49 -07:00
Tom Stellard
175b533720
workflows: Add workaround for lld failures on MacOS (#85021)
See #81967
2024-03-13 10:44:12 -07:00
Tom Stellard
8d220d109d
workflows: Fix incorrect input name in release-binaries.yml (#84604)
In aa02002491333c42060373bc84f1ff5d2c76b4ce the input name was changed
from tag to release-version, but the code was never updated.
2024-03-11 16:03:32 -07:00
Tom Stellard
0be1c3b92b
[workflows] Mention the correct user who makes a /cherry-pick comment (#82680)
We were mentioning the creator of the issue with the comment rather than
the creator of the comment.

Fixes #82580
2024-03-09 14:20:15 -08:00