Release Binaries #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Binaries | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release-version: | |
| description: 'Release Version' | |
| required: false | |
| type: string | |
| upload: | |
| description: 'Upload binaries to the release page' | |
| required: true | |
| default: false | |
| type: boolean | |
| runs-on: | |
| description: "Runner to use for the build" | |
| required: true | |
| type: choice | |
| options: | |
| - ubuntu-22.04 | |
| - ubuntu-22.04-arm | |
| - macos-13 | |
| - macos-14 | |
| workflow_call: | |
| inputs: | |
| release-version: | |
| description: 'Release Version' | |
| required: false | |
| type: string | |
| upload: | |
| description: 'Upload binaries to the release page' | |
| required: true | |
| default: false | |
| type: boolean | |
| runs-on: | |
| description: "Runner to use for the build" | |
| required: true | |
| type: string | |
| secrets: | |
| RELEASE_TASKS_USER_TOKEN: | |
| description: "Secret used to check user permissions." | |
| required: false | |
| permissions: | |
| contents: read # Default everything to read-only | |
| jobs: | |
| prepare: | |
| name: Prepare to build binaries | |
| runs-on: ${{ inputs.runs-on }} | |
| if: github.repository_owner == 'llvm' | |
| outputs: | |
| release-version: ${{ steps.vars.outputs.release-version }} | |
| ref: ${{ steps.vars.outputs.ref }} | |
| upload: ${{ steps.vars.outputs.upload }} | |
| target-cmake-flags: ${{ steps.vars.outputs.target-cmake-flags }} | |
| ccache: ${{ steps.vars.outputs.ccache }} | |
| build-flang: ${{ steps.vars.outputs.build-flang }} | |
| enable-pgo: ${{ steps.vars.outputs.enable-pgo }} | |
| release-binary-basename: ${{ steps.vars.outputs.release-binary-basename }} | |
| release-binary-filename: ${{ steps.vars.outputs.release-binary-filename }} | |
| build-runs-on: ${{ steps.vars.outputs.build-runs-on }} | |
| test-runs-on: ${{ steps.vars.outputs.build-runs-on }} | |
| steps: | |
| # It's good practice to use setup-python, but this is also required on macos-14 | |
| # due to https://github.com/actions/runner-images/issues/10385 | |
| - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f | |
| with: | |
| python-version: '3.12' | |
| - name: Checkout LLVM | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Install Dependencies | |
| shell: bash | |
| run: | | |
| pip install --require-hashes -r ./llvm/utils/git/requirements.txt | |
| - name: Check Permissions | |
| if: github.event_name != 'pull_request' | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }} | |
| shell: bash | |
| run: | | |
| ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user "$GITHUB_ACTOR" --user-token "$USER_TOKEN" check-permissions | |
| - name: Collect Variables | |
| id: vars | |
| shell: bash | |
| # In order for the test-release.sh script to run correctly, the LLVM | |
| # source needs to be at the following location relative to the build dir: | |
| # | X.Y.Z-rcN | ./rcN/llvm-project | |
| # | X.Y.Z | ./final/llvm-project | |
| # | |
| # We also need to set divergent flags based on the release version: | |
| # | X.Y.Z-rcN | -rc N -test-asserts | |
| # | X.Y.Z | -final | |
| run: | | |
| trimmed=$(echo ${{ inputs.release-version }} | xargs) | |
| if [ -n "$trimmed" ]; then | |
| release_version="$trimmed" | |
| ref="llvmorg-$release_version" | |
| else | |
| release_version="${{ (github.event_name == 'pull_request' && format('PR{0}', github.event.pull_request.number)) || 'CI'}}-$GITHUB_SHA" | |
| ref="$GITHUB_SHA" | |
| fi | |
| if [ -n "${{ inputs.upload }}" ]; then | |
| upload="${{ inputs.upload }}" | |
| else | |
| upload="false" | |
| fi | |
| echo "release-version=$release_version">> $GITHUB_OUTPUT | |
| echo "ref=$ref" >> $GITHUB_OUTPUT | |
| echo "upload=$upload" >> $GITHUB_OUTPUT | |
| release_binary_basename="LLVM-$release_version-$RUNNER_OS-$RUNNER_ARCH" | |
| echo "release-binary-basename=$release_binary_basename" >> $GITHUB_OUTPUT | |
| echo "release-binary-filename=$release_binary_basename.tar.xz" >> $GITHUB_OUTPUT | |
| target="$RUNNER_OS-$RUNNER_ARCH" | |
| # The hendrikmuhs/ccache-action action does not support installing sccache | |
| # on arm64 Linux. | |
| if [ "$target" = "Linux-ARM64" ]; then | |
| echo ccache=ccache >> $GITHUB_OUTPUT | |
| else | |
| echo ccache=sccache >> $GITHUB_OUTPUT | |
| fi | |
| # Detect necessary CMake flags | |
| echo "enable-pgo=false" >> $GITHUB_OUTPUT | |
| target_cmake_flags="-DLLVM_RELEASE_ENABLE_PGO=OFF" | |
| # The macOS builds try to cross compile some libraries so we need to | |
| # add extra CMake args to disable them. | |
| # See https://github.com/llvm/llvm-project/issues/99767 | |
| if [ "$RUNNER_OS" = "macOS" ]; then | |
| target_cmake_flags="$target_cmake_flags -DBOOTSTRAP_COMPILER_RT_ENABLE_IOS=OFF" | |
| if [ "$RUNNER_ARCH" = "ARM64" ]; then | |
| arches=arm64 | |
| else | |
| arches=x86_64 | |
| fi | |
| target_cmake_flags="$target_cmake_flags -DBOOTSTRAP_DARWIN_osx_ARCHS=$arches -DBOOTSTRAP_DARWIN_osx_BUILTIN_ARCHS=$arches" | |
| fi | |
| build_flang="true" | |
| if [ "$RUNNER_OS" = "Windows" ]; then | |
| # The build times out on Windows, so we need to disable LTO. | |
| target_cmake_flags="$target_cmake_flags -DLLVM_RELEASE_ENABLE_LTO=OFF" | |
| fi | |
| echo "target-cmake-flags=$target_cmake_flags" >> $GITHUB_OUTPUT | |
| echo "build-flang=$build_flang" >> $GITHUB_OUTPUT | |
| case "${{ inputs.runs-on }}" in | |
| ubuntu-22.04*) | |
| build_runs_on="depot-${{ inputs.runs-on }}-16" | |
| test_runs_on=$build_runs_on | |
| ;; | |
| macos-13) | |
| if [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then | |
| build_runs_on="${{ inputs.runs-on }}" | |
| else | |
| build_runs_on="macos-13-large" | |
| fi | |
| test_runs_on="${{ inputs.runs-on }}" | |
| ;; | |
| macos-14) | |
| if [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then | |
| build_runs_on="${{ inputs.runs-on }}" | |
| else | |
| build_runs_on="depot-macos-14" | |
| fi | |
| test_runs_on="${{ inputs.runs-on }}" | |
| ;; | |
| *) | |
| test_runs_on="${{ inputs.runs-on }}" | |
| build_runs_on=$test_runs_on | |
| ;; | |
| esac | |
| echo "build-runs-on=$build_runs_on" >> $GITHUB_OUTPUT | |
| echo "test-runs-on=$test_runs_on" >> $GITHUB_OUTPUT | |
| build-release-package: | |
| name: "Build Release Package" | |
| needs: prepare | |
| if: github.repository_owner == 'llvm' | |
| runs-on: ${{ needs.prepare.outputs.build-runs-on }} | |
| steps: | |
| - name: Checkout Actions | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }} | |
| sparse-checkout: | | |
| .github/workflows/ | |
| sparse-checkout-cone-mode: false | |
| # Check out outside of working directory so the source checkout doesn't | |
| # remove it. | |
| path: workflows | |
| # actions/checkout does not support paths outside of the GITHUB_WORKSPACE. | |
| # Also, anything that we put inside of GITHUB_WORKSPACE will be overwritten | |
| # by future actions/checkout steps. Therefore, in order to checkout the | |
| # latest actions from main, we need to first checkout out the actions inside of | |
| # GITHUB_WORKSPACE (see previous step), then use actions/checkout to checkout | |
| # the code being built and the move the actions from main back into GITHUB_WORKSPACE, | |
| # becasue the uses on composite actions only reads workflows from inside GITHUB_WORKSPACE. | |
| - shell: bash | |
| run: mv workflows ../workflows-main | |
| - name: Checkout LLVM | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: ${{ needs.prepare.outputs.ref }} | |
| - name: Copy main workflows | |
| shell: bash | |
| run: | | |
| mv ../workflows-main . | |
| - name: Setup Stage | |
| id: setup-stage | |
| uses: ./workflows-main/.github/workflows/release-binaries-setup-stage | |
| - name: Configure | |
| id: build | |
| shell: bash | |
| env: | |
| CCACHE_BIN: ${{ needs.prepare.outputs.ccache }} | |
| run: | | |
| # There were some issues on the ARM64 MacOS runners with trying to build x86 object, | |
| # so we need to set some extra cmake flags to disable this. | |
| cmake -G Ninja -S llvm -B ${{ steps.setup-stage.outputs.build-prefix }}/build \ | |
| ${{ needs.prepare.outputs.target-cmake-flags }} \ | |
| -C clang/cmake/caches/Release.cmake \ | |
| -DBOOTSTRAP_LLVM_PARALLEL_LINK_JOBS=1 \ | |
| -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" | |
| - name: Build | |
| shell: bash | |
| run: | | |
| ninja -v -C ${{ steps.setup-stage.outputs.build-prefix }}/build stage2-package | |
| mv ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/${{ needs.prepare.outputs.release-binary-filename }} . | |
| - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 | |
| with: | |
| name: ${{ runner.os }}-${{ runner.arch }}-release-binary | |
| # Due to path differences on Windows when running in bash vs running on node, | |
| # we need to search for files in the current workspace. | |
| path: | | |
| ${{ needs.prepare.outputs.release-binary-filename }} | |
| # Clean up some build files to reduce size of artifact. | |
| - name: Clean Up Build Directory | |
| shell: bash | |
| run: | | |
| find ${{ steps.setup-stage.outputs.build-prefix }}/build -iname ${{ needs.prepare.outputs.release-binary-filename }} -delete | |
| rm -Rf ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/_CPack_Packages | |
| - name: Save Stage | |
| uses: ./workflows-main/.github/workflows/release-binaries-save-stage | |
| with: | |
| build-prefix: ${{ steps.setup-stage.outputs.build-prefix }} | |
| upload-release-binaries: | |
| name: "Upload Release Binaries" | |
| needs: | |
| - prepare | |
| - build-release-package | |
| if: >- | |
| github.event_name != 'pull_request' && | |
| needs.prepare.outputs.upload == 'true' | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write # For release uploads | |
| id-token: write # For artifact attestations | |
| attestations: write # For artifact attestations | |
| steps: | |
| - name: Checkout Release Scripts | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| sparse-checkout: | | |
| llvm/utils/release/github-upload-release.py | |
| llvm/utils/git/requirements.txt | |
| sparse-checkout-cone-mode: false | |
| - name: 'Download artifact' | |
| uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 | |
| with: | |
| pattern: '*-release-binary' | |
| merge-multiple: true | |
| - name: Attest Build Provenance | |
| id: provenance | |
| uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0 | |
| with: | |
| subject-path: ${{ needs.prepare.outputs.release-binary-filename }} | |
| - name: Rename attestation file | |
| run: | |
| mv ${{ steps.provenance.outputs.bundle-path }} ${{ needs.prepare.outputs.release-binary-filename }}.jsonl | |
| - name: Upload Build Provenance | |
| uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #v4.3.3 | |
| with: | |
| name: ${{ needs.prepare.outputs.release-binary-filename }}-attestation | |
| path: ${{ needs.prepare.outputs.release-binary-filename }}.jsonl | |
| - name: Install Python Requirements | |
| run: | | |
| pip install --require-hashes -r ./llvm/utils/git/requirements.txt | |
| - name: Upload Release | |
| shell: bash | |
| run: | | |
| ./llvm/utils/release/github-upload-release.py \ | |
| --token ${{ github.token }} \ | |
| --release ${{ needs.prepare.outputs.release-version }} \ | |
| upload \ | |
| --files ${{ needs.prepare.outputs.release-binary-filename }}* | |
| test-release: | |
| name: "Test Release" | |
| needs: | |
| - prepare | |
| - build-release-package | |
| if: >- | |
| github.repository_owner == 'llvm' | |
| runs-on: ${{ needs.prepare.outputs.test-runs-on }} | |
| steps: | |
| - name: Checkout Actions | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }} | |
| sparse-checkout: | | |
| .github/workflows/ | |
| sparse-checkout-cone-mode: false | |
| path: workflows | |
| - name: Setup Stage | |
| id: setup-stage | |
| uses: ./workflows/.github/workflows/release-binaries-setup-stage | |
| with: | |
| previous-artifact: build-release-package | |
| - name: Run Tests | |
| shell: bash | |
| run: | | |
| ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build stage2-check-all |