@@ -181,6 +181,9 @@ jobs:
181181 needs : prepare
182182 if : github.repository_owner == 'llvm'
183183 runs-on : ${{ needs.prepare.outputs.build-runs-on }}
184+ outputs :
185+ digest : ${{ steps.digest.outputs.digest }}
186+ artifact-id : ${{ steps.artifact-upload.outputs.artifact-id }}
184187 steps :
185188
186189 - name : Checkout LLVM
@@ -215,8 +218,17 @@ jobs:
215218 ninja -v -C ${{ steps.setup-stage.outputs.build-prefix }}/build stage2-package
216219 release_dir=`find ${{ steps.setup-stage.outputs.build-prefix }}/build -iname 'stage2-bins'`
217220 mv $release_dir/${{ needs.prepare.outputs.release-binary-filename }} .
218-
221+
222+ name : Generate sha256 digest for binaries
223+ id : digest
224+ shell : bash
225+ env :
226+ RELEASE_BINARY_FILENAME : ${{ needs.prepare.outputs.release-binary-filename }}
227+ run : |
228+ echo "digest=$(cat $RELEASE_BINARY_FILENAME | sha256sum | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT
229+
219230uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
231+ id : artifact-upload
220232 with :
221233 name : ${{ runner.os }}-${{ runner.arch }}-release-binary
222234 # Due to path differences on Windows when running in bash vs running on node,
@@ -236,54 +248,27 @@ jobs:
236248 - prepare
237249 - build-release-package
238250 if : >-
239- github.event_name != 'pull_request' &&
240- needs.prepare.outputs.upload == 'true'
251+ github.event_name != 'pull_request'
241252runs-on : ubuntu-24.04
242253 permissions :
243254 contents : write # For release uploads
244255 id-token : write # For artifact attestations
245256 attestations : write # For artifact attestations
246257
247258 steps :
248- - name : Checkout Release Scripts
249- uses : actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
250- with :
251- sparse-checkout : |
252- llvm/utils/release/github-upload-release.py
253- llvm/utils/git/requirements.txt
254- sparse-checkout-cone-mode : false
255-
256- - name : ' Download artifact'
257- uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
258- with :
259- pattern : ' *-release-binary'
260- merge-multiple : true
261-
262- - name : Attest Build Provenance
263- id : provenance
264- uses : actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
265- with :
266- subject-path : ${{ needs.prepare.outputs.release-binary-filename }}
267-
268- - name : Rename attestation file
269- run :
270- mv ${{ steps.provenance.outputs.bundle-path }} ${{ needs.prepare.outputs.release-binary-filename }}.jsonl
271-
272- - name : Upload Build Provenance
273- uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
274- with :
275- name : ${{ needs.prepare.outputs.release-binary-filename }}-attestation
276- path : ${{ needs.prepare.outputs.release-binary-filename }}.jsonl
277-
278- - name : Install Python Requirements
279- run : |
280- pip install --require-hashes -r ./llvm/utils/git/requirements.txt
281-
282- name : Upload Release
283- shell : bash
284- run : |
285- ./llvm/utils/release/github-upload-release.py \
286- --token ${{ github.token }} \
287- --release ${{ needs.prepare.outputs.release-version }} \
288- upload \
289- --files ${{ needs.prepare.outputs.release-binary-filename }}*
259+ - name : Checkout Release Scripts
260+ uses : actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
261+ with :
262+ sparse-checkout : |
263+ .github/workflows/upload-release-artifact
264+ llvm/utils/release/github-upload-release.py
265+ llvm/utils/git/requirements.txt
266+ sparse-checkout-cone-mode : false
267+
268+ - name : Upload Artifacts
269+ uses : ./.github/workflows/upload-release-artifact
270+ with :
271+ artifact-id : ${{ needs.build-release-package.outputs.artifact-id }}
272+ attestation-name : ${{ runner.os }}-${{ runner.arch }}-release-binary-attestation
273+ digest : ${{ needs.build-release-package.outputs.digest }}
274+ upload : ${{ needs.prepare.outputs.upload }}
0 commit comments