The default GitHub token does not have read permissions on the org, so
we need to use a custom token in order to read the members of the
llvm-release-managers team.
* Split out the lit release job and the documentation build job into
their own workflow files. This makes it possible to manually run these
jobs via workflow_dispatch.
* Improve tag/user validation and ensure it gets run for each release
task.
Closes#75620
As I mentioned on the issue, this PR aims to hash-pin the CI
dependencies used on sensitive context -- i.e., they either are called
with write permissions, or are being used to build critical artifacts
like a release. In summary, this PR brings 3 changes:
1. Hash pin GitHub Actions called on sensitive context
2. Hash pin python dependencies used on sensitive context
3. Configure dependabot to automatically update those hashes
I'm further explaining the steps bellow.
The dependencies in format of GitHub Actions, I simply hash-pinned them.
I also made sure to keep the human-readable version as comments at the
same line.
At the
[release-tasks.yml](https://github.com/llvm/llvm-project/blob/main/.github/workflows/release-tasks.yml)
file, I've changed the installation method of some python dependencies
to install them considering their hashpinning. That required the
generation of a requirements file that had all the correct hashes, and
for that I used [pip-tools](https://pypi.org/project/pip-tools/2.0.0/).
While configuring dependabot, I set it to send a monthly PR updating all
the GitHub Actions, and a weekly PR to update any python dependency
required by
[/llvm/docs/requirements.txt](https://github.com/llvm/llvm-project/blob/main/llvm/docs/requirements.txt).
Let me know if you have any questions or concerns, I'd be happy to
clarify and help.
Thanks!
---------
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
lit tests require commands FileCheck and not. They must be available in
the PATH.
This also guarantees that python3-psutil is installed in order to enable
more tests.
Fixes#64892.
- Remove usages of the non-existent `ignore-forks` field, conditions in
jobs already exist to prevent the jobs from running in forks.
- Don't use variables in the `printf` format string. Use `printf
"..%s.." "$foo"`. ([SC2059](https://www.shellcheck.net/wiki/SC2059))
- Double quote variable expansion to prevent globbing and word
splitting. ([SC2086](https://www.shellcheck.net/wiki/SC2086))
- Prefer `[ p ] || [ q ]` as `[ p -o q ]` is not well defined.
([SC2166](https://www.shellcheck.net/wiki/SC2166))
- Consider `{ cmd1; cmd2; } >> file` instead of individual redirects.
([SC2129](https://www.shellcheck.net/wiki/SC2129))
- Use `$(...)` notation instead of legacy notation `...`.
([SC2006](https://www.shellcheck.net/wiki/SC2006))
- Use `./*glob*` or `-- *glob*` so names with dashes won't become
options. ([SC2035](https://www.shellcheck.net/wiki/SC2035))
- Refactor JavaScript code in certain workflows.
- Change workflow variable substitution style of some workflows to be
consistent with others.
- Update the `actions/download-artifact` action to version 3.
- Use the major version of an action instead of specifying the minor or patch versions.
Differential Revision: https://reviews.llvm.org/D148327
This make sure the docs are always available and can be manually uploaded
if a later step fails.
Reviewed By: thieta
Differential Revision: https://reviews.llvm.org/D145996
- Update the GitHub workflow actions to their latest versions.
- Use the latest Node.js LTS release.
- Use the latest Ubuntu version for consistency across all workflows.
- The `set-output` command is deprecated and will soon be disabled (https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/) so use the new recommended way.
- Use the `$()` expressions for string interpolation instead of the deprecated backticks in Bash.
- Format the YAML files.
Differential Revision: https://reviews.llvm.org/D143015
For each release tag, this action will create a new release on GitHub,
and for each -final tag, this action will build the documentation and
upload it to GitHub.
Reviewed By: hans, kwk
Differential Revision: https://reviews.llvm.org/D99780
