mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-19 01:46:49 +00:00
Code Issues Projects Releases Wiki Activity

workflows/release-tasks: Pass required secrets to all called workflows (#106286)

Browse Source 
Called workflows don't have access to secrets by default, so we need to
explicitly pass secrets that we use.
This commit is contained in:
Tom Stellard 2024-08-28 22:18:08 -07:00 committed by GitHub
parent 572d2fd327
commit 9d81e7e36e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/release-doxygen.yml vendored
View File

@ -25,6 +25,10 @@ on:
description: 'Upload documentation'
required: false
type: boolean
secrets:
RELEASE_TASKS_USER_TOKEN:
description: "Secret used to check user permissions."
required: false
jobs:
release-doxygen:
@ -63,5 +67,6 @@ jobs:
if: env.upload
env:
GITHUB_TOKEN: ${{ github.token }}
USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
run: |
./llvm/utils/release/github-upload-release.py --token "$GITHUB_TOKEN" --release "${{ inputs.release-version }}" --user "${{ github.actor }}" upload --files ./*doxygen*.tar.xz
./llvm/utils/release/github-upload-release.py --token "$GITHUB_TOKEN" --release "${{ inputs.release-version }}" --user "${{ github.actor }}" --user-token "$USER_TOKEN" upload --files ./*doxygen*.tar.xz

7
.github/workflows/release-lit.yml vendored
View File

@ -17,6 +17,10 @@ on:
description: 'Release Version'
required: true
type: string
secrets:
RELEASE_TASKS_USER_TOKEN:
description: "Secret used to check user permissions."
required: false
jobs:
release-lit:
@ -36,8 +40,9 @@ jobs:
- name: Check Permissions
env:
GITHUB_TOKEN: ${{ github.token }}
USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
run: |
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} check-permissions
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
- name: Setup Cpp
uses: aminya/setup-cpp@v1

4
.github/workflows/release-sources.yml vendored
View File

@ -16,6 +16,10 @@ on:
description: Release Version
required: true
type: string
secrets:
RELEASE_TASKS_USER_TOKEN:
description: "Secret used to check user permissions."
required: false
# Run on pull_requests for testing purposes.
pull_request:
paths:

12
.github/workflows/release-tasks.yml vendored
View File

@ -66,6 +66,9 @@ jobs:
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-lit:
name: Release Lit
@ -73,6 +76,9 @@ jobs:
uses: ./.github/workflows/release-lit.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-binaries:
name: Build Release Binaries
@ -97,6 +103,9 @@ jobs:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
runs-on: ${{ matrix.runs-on }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-sources:
name: Package Release Sources
@ -109,3 +118,6 @@ jobs:
uses: ./.github/workflows/release-sources.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}