diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 58bafc3853da13..ebf6fa41898dc4 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -1,20 +1,29 @@ name: Release Binaries on: - push: - tags: - - 'llvmorg-*' workflow_dispatch: inputs: + release-version: + description: 'Release Version' + required: true + type: string upload: description: 'Upload binaries to the release page' required: true - default: true + default: false type: boolean - tag: - description: 'Tag to build' + + workflow_call: + inputs: + release-version: + description: 'Release Version' required: true type: string + upload: + description: 'Upload binaries to the release page' + required: true + default: false + type: boolean schedule: # * is a special character in YAML so you have to quote this string - cron: '0 8 1 * *' @@ -26,21 +35,26 @@ jobs: prepare: name: Prepare to build binaries runs-on: ubuntu-22.04 - if: github.repository == 'llvm/llvm-project' outputs: - release-version: ${{ steps.validate-tag.outputs.release-version }} - flags: ${{ steps.validate-tag.outputs.flags }} - build-dir: ${{ steps.validate-tag.outputs.build-dir }} - rc-flags: ${{ steps.validate-tag.outputs.rc-flags }} - ref: ${{ steps.validate-tag.outputs.ref }} - upload: ${{ steps.validate-tag.outputs.upload }} + release-version: ${{ steps.vars.outputs.release-version }} + flags: ${{ steps.vars.outputs.flags }} + build-dir: ${{ steps.vars.outputs.build-dir }} + rc-flags: ${{ steps.vars.outputs.rc-flags }} + ref: ${{ steps.vars.outputs.ref }} + upload: ${{ steps.vars.outputs.upload }} steps: - name: Checkout LLVM uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Validate and parse tag - id: validate-tag + - name: Check Permissions + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} check-permissions + + - name: Collect Variables + id: vars # In order for the test-release.sh script to run correctly, the LLVM # source needs to be at the following location relative to the build dir: # | X.Y.Z-rcN | ./rcN/llvm-project @@ -61,9 +75,9 @@ jobs: if [ -n "${{ inputs.upload }}" ]; then upload="${{ inputs.upload }}" else - upload="true" + upload="false" fi - bash .github/workflows/set-release-binary-outputs.sh "${{ github.actor }}" "$tag" "$upload" + bash .github/workflows/set-release-binary-outputs.sh "$tag" "$upload" # Try to get around the 6 hour timeout by first running a job to fill # the build cache. diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml new file mode 100644 index 00000000000000..64572906988bab --- /dev/null +++ b/.github/workflows/release-documentation.yml @@ -0,0 +1,88 @@ +name: Release Documentation + +permissions: + contents: read + +on: + workflow_dispatch: + inputs: + release-version: + description: 'Release Version' + required: true + type: string + upload: + description: 'Upload documentation' + required: false + type: boolean + + workflow_call: + inputs: + release-version: + description: 'Release Version' + required: true + type: string + upload: + description: 'Upload documentation' + required: false + type: boolean + +jobs: + release-documentation: + name: Build and Upload Release Documentation + runs-on: ubuntu-latest + env: + upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }} + steps: + - name: Checkout LLVM + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Python env + uses: actions/setup-python@v4 + with: + cache: 'pip' + cache-dependency-path: './llvm/docs/requirements.txt' + + - name: Install Dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + graphviz \ + python3-github \ + ninja-build \ + texlive-font-utils + pip3 install --user -r ./llvm/docs/requirements.txt + + - name: Build Documentation + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + ./llvm/utils/release/build-docs.sh -release "${{ inputs.release-version }}" -no-doxygen + + - name: Create Release Notes Artifact + uses: actions/upload-artifact@v3 + with: + name: release-notes + path: docs-build/html-export/ + + - name: Clone www-releases + if: env.upload + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + repository: ${{ github.repository_owner }}/www-releases + ref: main + fetch-depth: 0 + path: www-releases + + - name: Upload Release Notes + if: env.upload + env: + WWW_RELEASES_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }} + run: | + mkdir -p ../www-releases/${{ inputs.release-version }} + mv ./docs-build/html-export/* ../www-releases/${{ inputs.release-version }} + cd ../www-releases + git add ${{ inputs.release-version }} + git config user.email "llvmbot@llvm.org" + git config user.name "llvmbot" + git commit -a -m "Add ${{ inputs.release-version }} documentation" + git push "https://$WWW_RELEASES_TOKEN@github.com/${{ github.repository_owner }}/www-releases" main:main diff --git a/.github/workflows/release-doxygen.yml b/.github/workflows/release-doxygen.yml new file mode 100644 index 00000000000000..5e322849a1d093 --- /dev/null +++ b/.github/workflows/release-doxygen.yml @@ -0,0 +1,67 @@ +name: Release Doxygen + +permissions: + contents: read + +on: + workflow_dispatch: + inputs: + release-version: + description: 'Release Version' + required: true + type: string + upload: + description: 'Upload documentation' + required: false + type: boolean + + workflow_call: + inputs: + release-version: + description: 'Release Version' + required: true + type: string + upload: + description: 'Upload documentation' + required: false + type: boolean + +jobs: + release-doxygen: + name: Build and Upload Release Doxygen + runs-on: ubuntu-latest + permissions: + contents: write + env: + upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }} + steps: + - name: Checkout LLVM + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Python env + uses: actions/setup-python@v4 + with: + cache: 'pip' + cache-dependency-path: './llvm/docs/requirements.txt' + + - name: Install Dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + doxygen \ + graphviz \ + python3-github \ + ninja-build \ + texlive-font-utils + pip3 install --user -r ./llvm/docs/requirements.txt + + - name: Build Doxygen + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + ./llvm/utils/release/build-docs.sh -release "${{ inputs.release-version }}" -no-sphinx + + - name: Upload Doxygen + if: env.upload + run: | + ./llvm/utils/release/github-upload-release.py --token "$GITHUB_TOKEN" --release "${{ inputs.release-version }}" --user "${{ github.actor }}" upload --files ./*doxygen*.tar.xz diff --git a/.github/workflows/release-lit.yml b/.github/workflows/release-lit.yml new file mode 100644 index 00000000000000..36b0b6edd518fc --- /dev/null +++ b/.github/workflows/release-lit.yml @@ -0,0 +1,74 @@ +name: Release Lit + +permissions: + contents: read + +on: + workflow_dispatch: + inputs: + release-version: + description: 'Release Version' + required: true + type: string + + workflow_call: + inputs: + release-version: + description: 'Release Version' + required: true + type: string + +jobs: + release-lit: + name: Release Lit + runs-on: ubuntu-latest + steps: + - name: Checkout LLVM + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: "llvmorg-${{ inputs.release-version }}" + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y python3-setuptools python3-psutil python3-github + + - name: Check Permissions + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} check-permissions + + - name: Setup Cpp + uses: aminya/setup-cpp@v1 + with: + compiler: llvm-16.0.6 + cmake: true + ninja: true + + - name: Test lit + run: | + mkdir build && cd build + export FILECHECK_OPTS='-dump-input-filter=all -vv -color' + cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja + ninja -v -j $(nproc) check-lit + + - name: Package lit + run: | + cd llvm/utils/lit + # Remove 'dev' suffix from lit version. + sed -i 's/ + "dev"//g' lit/__init__.py + python3 setup.py sdist + + - name: Upload lit to test.pypi.org + uses: pypa/gh-action-pypi-publish@release/v1 + with: + password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }} + repository-url: https://test.pypi.org/legacy/ + packages-dir: llvm/utils/lit/dist/ + + - name: Upload lit to pypi.org + uses: pypa/gh-action-pypi-publish@release/v1 + with: + password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }} + packages-dir: llvm/utils/lit/dist/ diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml index fd28edf55bc4eb..f2a831ad3577ad 100644 --- a/.github/workflows/release-tasks.yml +++ b/.github/workflows/release-tasks.yml @@ -1,7 +1,7 @@ name: Release Task permissions: - contents: read + contents: write on: push: @@ -10,112 +10,70 @@ on: - 'llvmorg-*' jobs: - release-tasks: - permissions: - contents: write # To upload assets to release. + validate-tag: + name: Validate Tag runs-on: ubuntu-latest if: github.repository == 'llvm/llvm-project' + outputs: + release-version: ${{ steps.validate-tag.outputs.release-version }} steps: - name: Validate Tag id: validate-tag run: | - test "${{ github.actor }}" = "tstellar" || test "${{ github.actor }}" = "tru" echo "${{ github.ref_name }}" | grep -e '^llvmorg-[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc[0-9]\+\)\?$' release_version=$(echo "${{ github.ref_name }}" | sed 's/llvmorg-//g') echo "release-version=$release_version" >> "$GITHUB_OUTPUT" - - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - + release-create: + name: Create a New Release + runs-on: ubuntu-latest + needs: validate-tag + steps: - name: Install Dependencies run: | sudo apt-get update - sudo apt-get install -y \ - doxygen \ - graphviz \ - python3-github \ - ninja-build \ - texlive-font-utils - pip3 install --user --require-hashes -r ./llvm/docs/requirements-hashed.txt - - - name: Create Release - run: | - ./llvm/utils/release/./github-upload-release.py --token ${{ github.token }} --release ${{ steps.validate-tag.outputs.release-version }} create - - - name: Build Documentation - run: | - ./llvm/utils/release/build-docs.sh -release ${{ steps.validate-tag.outputs.release-version }} - ./llvm/utils/release/github-upload-release.py --token ${{ github.token }} --release ${{ steps.validate-tag.outputs.release-version }} upload --files ./*doxygen*.tar.xz - - - name: Create Release Notes Artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: release-notes - path: docs-build/html-export/ - - - name: Clone www-releases - if: ${{ !contains(steps.validate-tag.outputs.release-version, 'rc') }} - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: ${{ github.repository_owner }}/www-releases - ref: main - fetch-depth: 0 - path: www-releases - - - name: Upload Release Notes - if: ${{ !contains(steps.validate-tag.outputs.release-version, 'rc') }} - run: | - mkdir -p ../www-releases/${{ steps.validate-tag.outputs.release-version }} - mv ./docs-build/html-export/* ../www-releases/${{ steps.validate-tag.outputs.release-version }} - cd ../www-releases - git add ${{ steps.validate-tag.outputs.release-version }} - git config user.email "llvmbot@llvm.org" - git config user.name "llvmbot" - git commit -a -m "Add ${{ steps.validate-tag.outputs.release-version }} documentation" - git push https://${{ secrets.WWW_RELEASES_TOKEN }}@github.com/${{ github.repository_owner }}/www-releases main:main + sudo apt-get install python3-github - release-lit: - runs-on: ubuntu-latest - if: github.repository == 'llvm/llvm-project' - steps: - name: Checkout LLVM uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Setup Cpp - uses: aminya/setup-cpp@6e563b8e5f796db317104d19605a414345807897 # v1 - with: - compiler: llvm-16.0.6 - cmake: true - ninja: true - - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install -y python3-setuptools python3-psutil - - - name: Test lit - run: | - mkdir build && cd build - export FILECHECK_OPTS='-dump-input-filter=all -vv -color' - cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja - ninja -v -j $(nproc) check-lit - - - name: Package lit + - name: Create Release + env: + GITHUB_TOKEN: ${{ github.token }} run: | - cd llvm/utils/lit - # Remove 'dev' suffix from lit version. - sed -i 's/ + "dev"//g' lit/__init__.py - python3 setup.py sdist - - - name: Upload lit to test.pypi.org - uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # release/v1 - with: - password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }} - repository-url: https://test.pypi.org/legacy/ - packages-dir: llvm/utils/lit/dist/ + ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} --user ${{ github.actor }} create + release-documentation: + name: Build and Upload Release Documentation + needs: + - validate-tag + uses: ./.github/workflows/release-documentation.yml + with: + release-version: ${{ needs.validate-tag.outputs.release-version }} + upload: true + + release-doxygen: + name: Build and Upload Release Doxygen + needs: + - validate-tag + - release-create + uses: ./.github/workflows/release-doxygen.yml + with: + release-version: ${{ needs.validate-tag.outputs.release-version }} + upload: true - - name: Upload lit to pypi.org - uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # release/v1 - with: - password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }} - packages-dir: llvm/utils/lit/dist/ + release-lit: + name: Release Lit + needs: validate-tag + uses: ./.github/workflows/release-lit.yml + with: + release-version: ${{ needs.validate-tag.outputs.release-version }} + + release-binaries: + name: Build Release Binaries + needs: + - validate-tag + - release-create + uses: ./.github/workflows/release-binaries.yml + with: + release-version: ${{ needs.validate-tag.outputs.release-version }} + upload: true diff --git a/.github/workflows/set-release-binary-outputs.sh b/.github/workflows/set-release-binary-outputs.sh index 9bc459a24e8019..59470cf83ba755 100644 --- a/.github/workflows/set-release-binary-outputs.sh +++ b/.github/workflows/set-release-binary-outputs.sh @@ -8,14 +8,8 @@ if [ -z "$GITHUB_OUTPUT" ]; then echo "Writing output variables to $GITHUB_OUTPUT" fi -github_user=$1 -tag=$2 -upload=$3 - -if [[ "$github_user" != "tstellar" && "$github_user" != "tru" ]]; then - echo "ERROR: User not allowed: $github_user" - exit 1 -fi +tag=$1 +upload=$2 if echo $tag | grep -e '^[0-9a-f]\+$'; then # This is a plain commit. diff --git a/llvm/utils/release/github-upload-release.py b/llvm/utils/release/github-upload-release.py index f1ad78120a0aa6..a8bb569d2fc999 100755 --- a/llvm/utils/release/github-upload-release.py +++ b/llvm/utils/release/github-upload-release.py @@ -30,8 +30,10 @@ import argparse import github +import sys from textwrap import dedent + def create_release(repo, release, tag=None, name=None, message=None): if not tag: tag = "llvmorg-{}".format(release) @@ -67,22 +69,36 @@ def upload_files(repo, release, files): parser = argparse.ArgumentParser() -parser.add_argument("command", type=str, choices=["create", "upload"]) +parser.add_argument( + "command", type=str, choices=["create", "upload", "check-permissions"] +) # All args parser.add_argument("--token", type=str) parser.add_argument("--release", type=str) +parser.add_argument("--user", type=str) # Upload args parser.add_argument("--files", nargs="+", type=str) - args = parser.parse_args() github = github.Github(args.token) -llvm_repo = github.get_organization("llvm").get_repo("llvm-project") +llvm_org = github.get_organization("llvm") +llvm_repo = llvm_org.get_repo("llvm-project") + +if args.user: + # Validate that this user is allowed to modify releases. + user = github.get_user(args.user) + team = llvm_org.get_team_by_slug("llvm-release-managers") + if not team.has_in_members(user): + print("User {} is not a allowed to modify releases".format(args.user)) + sys.exit(1) +elif args.command == "check-permissions": + print("--user option required for check-permissions") + sys.exit(1) if args.command == "create": - create_release(llvm_repo, args.release) + create_release(llvm_repo, args.release, args.user) if args.command == "upload": upload_files(llvm_repo, args.release, args.files)