llvm-project

mirrors/llvm-project

Fork 0

mirror of https://github.com/llvm/llvm-project.git synced 2025-04-17 09:46:39 +00:00

Commit Graph

Author	SHA1	Message	Date
Aiden Grossman	9e98815ef0	[Github] Revert accidental changes to dependabot config f3524e9aebbfabed0c60d0087b39ce14d8f778da accidentally touched the dependabot config. This patch reverts that change.	2024-05-18 05:04:59 +00:00
Mircea Trofin	cfe9deb135	Reapply "[ctx_profile] Integration test (#92456 )" This reverts commit 881f20e958e80bd30463fc57d2d3e891bcb8a571. Passing -ldl -lpthread explicitly	2024-05-17 21:55:39 -07:00
Diogo Teles Sant'Anna	f3524e9aeb	Hashpin sensitive dependencies and configure dependabot to update them automatically (#75859 ) Closes #75620 As I mentioned on the issue, this PR aims to hash-pin the CI dependencies used on sensitive context -- i.e., they either are called with write permissions, or are being used to build critical artifacts like a release. In summary, this PR brings 3 changes: 1. Hash pin GitHub Actions called on sensitive context 2. Hash pin python dependencies used on sensitive context 3. Configure dependabot to automatically update those hashes I'm further explaining the steps bellow. The dependencies in format of GitHub Actions, I simply hash-pinned them. I also made sure to keep the human-readable version as comments at the same line. At the [release-tasks.yml](https://github.com/llvm/llvm-project/blob/main/.github/workflows/release-tasks.yml) file, I've changed the installation method of some python dependencies to install them considering their hashpinning. That required the generation of a requirements file that had all the correct hashes, and for that I used [pip-tools](https://pypi.org/project/pip-tools/2.0.0/). While configuring dependabot, I set it to send a monthly PR updating all the GitHub Actions, and a weekly PR to update any python dependency required by [/llvm/docs/requirements.txt](https://github.com/llvm/llvm-project/blob/main/llvm/docs/requirements.txt). Let me know if you have any questions or concerns, I'd be happy to clarify and help. Thanks! --------- Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>	2024-01-15 12:30:41 -08:00

Author

SHA1

Message

Date

Aiden Grossman

9e98815ef0

[Github] Revert accidental changes to dependabot config

f3524e9aebbfabed0c60d0087b39ce14d8f778da accidentally touched the
dependabot config. This patch reverts that change.

2024-05-18 05:04:59 +00:00

Mircea Trofin

cfe9deb135

Reapply "[ctx_profile] Integration test (#92456 )"

This reverts commit 881f20e958e80bd30463fc57d2d3e891bcb8a571.

Passing -ldl -lpthread explicitly

2024-05-17 21:55:39 -07:00

Diogo Teles Sant'Anna

f3524e9aeb

Hashpin sensitive dependencies and configure dependabot to update them automatically (#75859 )

Closes #75620 

As I mentioned on the issue, this PR aims to hash-pin the CI
dependencies used on sensitive context -- i.e., they either are called
with write permissions, or are being used to build critical artifacts
like a release. In summary, this PR brings 3 changes:

1. Hash pin GitHub Actions called on sensitive context
2. Hash pin python dependencies used on sensitive context
3. Configure dependabot to automatically update those hashes
I'm further explaining the steps bellow.

The dependencies in format of GitHub Actions, I simply hash-pinned them.
I also made sure to keep the human-readable version as comments at the
same line.

At the
[release-tasks.yml](https://github.com/llvm/llvm-project/blob/main/.github/workflows/release-tasks.yml)
file, I've changed the installation method of some python dependencies
to install them considering their hashpinning. That required the
generation of a requirements file that had all the correct hashes, and
for that I used [pip-tools](https://pypi.org/project/pip-tools/2.0.0/).

While configuring dependabot, I set it to send a monthly PR updating all
the GitHub Actions, and a weekly PR to update any python dependency
required by
[/llvm/docs/requirements.txt](https://github.com/llvm/llvm-project/blob/main/llvm/docs/requirements.txt).

Let me know if you have any questions or concerns, I'd be happy to
clarify and help.

Thanks!

---------

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>

2024-01-15 12:30:41 -08:00

3 Commits