Skip to content

[CI] Sign nightly linux build #19945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

[CI] Sign nightly linux build #19945

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion .github/workflows/sycl-linux-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ on:

# Artifacts:

sign_artifacts:
type: boolean
default: false

retention-days:
description: 'Artifacts retention period'
type: string
Expand Down Expand Up @@ -131,7 +135,11 @@ on:
options:
- "sycl_linux_default"

permissions: read-all
permissions:
actions: read
contents: read
id-token: write
packages: read

jobs:
build:
Expand Down Expand Up @@ -308,6 +316,12 @@ jobs:
- name: Pack toolchain
if: ${{ always() && !cancelled() && steps.build.conclusion == 'success' }}
run: tar -I '${{ steps.artifact_info.outputs.COMPRESS }}' -cf ${{ steps.artifact_info.outputs.ARCHIVE_NAME }} -C $GITHUB_WORKSPACE/toolchain .
- name: Sign the toolchain archive & upload the signature artifact
if: ${{ always() && !cancelled() && steps.build.conclusion == 'success' && inputs.sign_artifacts == true }}
uses: ./devops/actions/sign_artifacts_and_upload_signature
with:
archive_path: ${{ steps.artifact_info.outputs.ARCHIVE_NAME }}
artifact_name: ${{ inputs.toolchain_artifact }}_signing_artifact
- name: Upload toolchain
if: ${{ always() && !cancelled() && steps.build.conclusion == 'success' }}
uses: actions/upload-artifact@v4
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/sycl-nightly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,19 @@ jobs:

ubuntu2204_build:
if: github.repository == 'intel/llvm'
permissions:
actions: read
contents: read
id-token: write
packages: read
uses: ./.github/workflows/sycl-linux-build.yml
secrets: inherit
with:
build_cache_root: "/__w/"
build_configure_extra_args: '--hip --cuda'
build_image: ghcr.io/intel/llvm/ubuntu2204_build:latest

sign_artifacts: true
retention-days: 90
toolchain_artifact: sycl_linux_default
# We upload the build for people to download/use, override its name and
Expand Down
25 changes: 25 additions & 0 deletions devops/actions/sign_artifacts_and_upload_signature/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: "Sign and upload artifacts"

description: "Signs an archive and uploads the signing artifacts."

inputs:
archive_path:
description: "Path to the archive to sign"
required: true
artifact_name:
description: "Name for the signing artifact"
required: true

runs:
using: "composite"
steps:
- name: Sign the archive
uses: sigstore/[email protected]
with:
inputs: ${{ inputs.archive_path }}

- name: Upload signing artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifact_name }}
path: ${{ inputs.archive_path }}.sigstore.json