workflows: Refactor release-tasks.yml #69523
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@llvm/pr-subscribers-github-workflow Author: Tom Stellard (tstellar) Changes
Full diff: https://github.com/llvm/llvm-project/pull/69523.diff 6 Files Affected:
diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
index e52e52f5d3f36fa..e9155e355fd0ccb 100644
--- a/.github/workflows/release-binaries.yml
+++ b/.github/workflows/release-binaries.yml
@@ -1,20 +1,29 @@
name: Release Binaries
on:
- push:
- tags:
- - 'llvmorg-*'
workflow_dispatch:
inputs:
+ release-version:
+ description: 'Release Version'
+ required: true
+ type: string
upload:
description: 'Upload binaries to the release page'
required: true
- default: true
+ default: false
type: boolean
- tag:
- description: 'Tag to build'
+
+ workflow_call:
+ inputs:
+ release-version:
+ description: 'Release Version'
required: true
type: string
+ upload:
+ description: 'Upload binaries to the release page'
+ required: true
+ default: false
+ type: boolean
permissions:
contents: read # Default everything to read-only
@@ -23,21 +32,26 @@ jobs:
prepare:
name: Prepare to build binaries
runs-on: ubuntu-22.04
- if: github.repository == 'llvm/llvm-project'
outputs:
- release-version: ${{ steps.validate-tag.outputs.release-version }}
- release: ${{ steps.validate-tag.outputs.release }}
- build-dir: ${{ steps.validate-tag.outputs.build-dir }}
- rc-flags: ${{ steps.validate-tag.outputs.rc-flags }}
- ref: ${{ steps.validate-tag.outputs.ref }}
- upload: ${{ steps.validate-tag.outputs.upload }}
+ release-version: ${{ steps.vars.outputs.release-version }}
+ release: ${{ steps.vars.outputs.release }}
+ build-dir: ${{ steps.vars.outputs.build-dir }}
+ rc-flags: ${{ steps.vars.outputs.rc-flags }}
+ ref: ${{ steps.vars.outputs.ref }}
+ upload: ${{ steps.vars.outputs.upload }}
steps:
- name: Checkout LLVM
uses: actions/checkout@v4
- - name: Validate and parse tag
- id: validate-tag
+ - name: Check Permissions
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ run: |
+ ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} check-permissions
+
+ - name: Collect Variables
+ id: vars
# In order for the test-release.sh script to run correctly, the LLVM
# source needs to be at the following location relative to the build dir:
# | X.Y.Z-rcN | ./rcN/llvm-project
@@ -47,15 +61,12 @@ jobs:
# | X.Y.Z-rcN | -rc N -test-asserts
# | X.Y.Z | -final
run: |
- tag="${{ github.ref_name }}"
- trimmed=$(echo ${{ inputs.tag }} | xargs)
- [[ "$trimmed" != "" ]] && tag="$trimmed"
if [ -n "${{ inputs.upload }}" ]; then
upload="${{ inputs.upload }}"
else
- upload="true"
+ upload="false"
fi
- bash .github/workflows/set-release-binary-outputs.sh "${{ github.actor }}" "$tag" "$upload"
+ bash .github/workflows/set-release-binary-outputs.sh "${{ inputs.release-version }}" "$upload"
build-binaries:
name: ${{ matrix.target.triple }}
diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml
new file mode 100644
index 000000000000000..ac241370a82b08e
--- /dev/null
+++ b/.github/workflows/release-documentation.yml
@@ -0,0 +1,86 @@
+name: Release Documentation
+
+permissions:
+ contents: write
+
+on:
+ workflow_dispatch:
+ inputs:
+ release-version:
+ description: 'Release Version'
+ required: true
+ type: string
+ upload:
+ description: 'Upload documentation'
+ required: false
+ type: boolean
+
+ workflow_call:
+ inputs:
+ release-version:
+ description: 'Release Version'
+ required: true
+ type: string
+ upload:
+ description: 'Upload documentation'
+ required: false
+ type: boolean
+
+jobs:
+ release-documentation:
+ name: Build and Upload Release Documentation
+ runs-on: ubuntu-latest
+ env:
+ upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }}
+ steps:
+ - name: Checkout LLVM
+ uses: actions/checkout@v4
+
+ - name: Install Dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y \
+ doxygen \
+ graphviz \
+ python3-github \
+ ninja-build \
+ texlive-font-utils
+ pip3 install --user -r ./llvm/docs/requirements.txt
+ echo "UPLOAD SETTING: $upload"
+
+ - name: Build Documentation
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ run: |
+ ./llvm/utils/release/build-docs.sh -release "${{ inputs.release-version }}"
+ ./llvm/utils/release/github-upload-release.py --token "$GITHUB_TOKEN" --release "${{ inputs.release-version }}" --user "${{ github.actor }}" upload --files ./*doxygen*.tar.xz
+
+ - name: Create Release Notes Artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: release-notes
+ path: docs-build/html-export/
+
+ - name: Clone www-releases
+ if: env.upload
+ uses: actions/checkout@v4
+ with:
+ repository: ${{ github.repository_owner }}/www-releases
+ ref: main
+ fetch-depth: 0
+ path: www-releases
+
+ - name: Upload Release Notes
+ if: env.upload
+ env:
+ WWW_RELEASES_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }}
+ run: |
+ mkdir -p ../www-releases/${{ inputs.release-version }}
+ mv ./docs-build/html-export/* ../www-releases/${{ inputs.release-version }}
+ cd ../www-releases
+ git add ${{ inputs.release-version }}
+ git config user.email "llvmbot@llvm.org"
+ git config user.name "llvmbot"
+ git commit -a -m "Add ${{ inputs.release-version }} documentation"
+ git push "https://$WWW_RELEASES_TOKEN@github.com/${{ github.repository_owner }}/www-releases" main:main
+
diff --git a/.github/workflows/release-lit.yml b/.github/workflows/release-lit.yml
new file mode 100644
index 000000000000000..feaca8719608640
--- /dev/null
+++ b/.github/workflows/release-lit.yml
@@ -0,0 +1,74 @@
+name: Release Lit
+
+permissions:
+ contents: read
+
+on:
+ workflow_dispatch:
+ inputs:
+ release-version:
+ description: 'Release Version'
+ required: true
+ type: string
+
+ workflow_call:
+ inputs:
+ release-version:
+ description: 'Release Version'
+ required: true
+ type: string
+
+jobs:
+ release-lit:
+ name: Release Lit
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout LLVM
+ uses: actions/checkout@v4
+ with:
+ ref: "llvmorg-${{ inputs.release-version }}"
+
+ - name: Install dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y python3-setuptools python3-psutil python3-github
+
+ - name: Check Permissions
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ run: |
+ ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} check-permissions
+
+ - name: Setup Cpp
+ uses: aminya/setup-cpp@v1
+ with:
+ compiler: llvm-16.0.6
+ cmake: true
+ ninja: true
+
+ - name: Test lit
+ run: |
+ mkdir build && cd build
+ export FILECHECK_OPTS='-dump-input-filter=all -vv -color'
+ cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja
+ ninja -v -j $(nproc) check-lit
+
+ - name: Package lit
+ run: |
+ cd llvm/utils/lit
+ # Remove 'dev' suffix from lit version.
+ sed -i 's/ + "dev"//g' lit/__init__.py
+ python3 setup.py sdist
+
+ - name: Upload lit to test.pypi.org
+ uses: pypa/gh-action-pypi-publish@release/v1
+ with:
+ password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }}
+ repository-url: https://test.pypi.org/legacy/
+ packages-dir: llvm/utils/lit/dist/
+
+ - name: Upload lit to pypi.org
+ uses: pypa/gh-action-pypi-publish@release/v1
+ with:
+ password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }}
+ packages-dir: llvm/utils/lit/dist/
diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml
index 065b84dd8822eb7..f4f867a3429cd97 100644
--- a/.github/workflows/release-tasks.yml
+++ b/.github/workflows/release-tasks.yml
@@ -1,7 +1,7 @@
name: Release Task
permissions:
- contents: read
+ contents: write
on:
push:
@@ -10,112 +10,61 @@ on:
- 'llvmorg-*'
jobs:
- release-tasks:
- permissions:
- contents: write # To upload assets to release.
+ validate-tag:
+ name: Validate Tag
runs-on: ubuntu-latest
if: github.repository == 'llvm/llvm-project'
+ outputs:
+ release-version: ${{ steps.validate-tag.outputs.release-version }}
steps:
- name: Validate Tag
id: validate-tag
run: |
- test "${{ github.actor }}" = "tstellar" || test "${{ github.actor }}" = "tru"
echo "${{ github.ref_name }}" | grep -e '^llvmorg-[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc[0-9]\+\)\?$'
release_version=$(echo "${{ github.ref_name }}" | sed 's/llvmorg-//g')
echo "release-version=$release_version" >> "$GITHUB_OUTPUT"
- - name: Checkout LLVM
- uses: actions/checkout@v4
-
+ release-create:
+ name: Create a New Release
+ runs-on: ubuntu-latest
+ needs: validate-tag
+ steps:
- name: Install Dependencies
run: |
sudo apt-get update
- sudo apt-get install -y \
- doxygen \
- graphviz \
- python3-github \
- ninja-build \
- texlive-font-utils
- pip3 install --user -r ./llvm/docs/requirements.txt
-
- - name: Create Release
- run: |
- ./llvm/utils/release/./github-upload-release.py --token ${{ github.token }} --release ${{ steps.validate-tag.outputs.release-version }} create
-
- - name: Build Documentation
- run: |
- ./llvm/utils/release/build-docs.sh -release ${{ steps.validate-tag.outputs.release-version }}
- ./llvm/utils/release/github-upload-release.py --token ${{ github.token }} --release ${{ steps.validate-tag.outputs.release-version }} upload --files ./*doxygen*.tar.xz
-
- - name: Create Release Notes Artifact
- uses: actions/download-artifact@v3
- with:
- name: release-notes
- path: docs-build/html-export/
-
- - name: Clone www-releases
- if: ${{ !contains(steps.validate-tag.outputs.release-version, 'rc') }}
- uses: actions/checkout@v4
- with:
- repository: ${{ github.repository_owner }}/www-releases
- ref: main
- fetch-depth: 0
- path: www-releases
-
- - name: Upload Release Notes
- if: ${{ !contains(steps.validate-tag.outputs.release-version, 'rc') }}
- run: |
- mkdir -p ../www-releases/${{ steps.validate-tag.outputs.release-version }}
- mv ./docs-build/html-export/* ../www-releases/${{ steps.validate-tag.outputs.release-version }}
- cd ../www-releases
- git add ${{ steps.validate-tag.outputs.release-version }}
- git config user.email "llvmbot@llvm.org"
- git config user.name "llvmbot"
- git commit -a -m "Add ${{ steps.validate-tag.outputs.release-version }} documentation"
- git push https://${{ secrets.WWW_RELEASES_TOKEN }}@github.com/${{ github.repository_owner }}/www-releases main:main
+ sudo apt-get install python3-github
- release-lit:
- runs-on: ubuntu-latest
- if: github.repository == 'llvm/llvm-project'
- steps:
- name: Checkout LLVM
uses: actions/checkout@v4
- - name: Setup Cpp
- uses: aminya/setup-cpp@v1
- with:
- compiler: llvm-16.0.6
- cmake: true
- ninja: true
-
- - name: Install dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y python3-setuptools python3-psutil
-
- - name: Test lit
- run: |
- mkdir build && cd build
- export FILECHECK_OPTS='-dump-input-filter=all -vv -color'
- cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja
- ninja -v -j $(nproc) check-lit
-
- - name: Package lit
+ - name: Create Release
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
run: |
- cd llvm/utils/lit
- # Remove 'dev' suffix from lit version.
- sed -i 's/ + "dev"//g' lit/__init__.py
- python3 setup.py sdist
-
- - name: Upload lit to test.pypi.org
- uses: pypa/gh-action-pypi-publish@release/v1
- with:
- password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }}
- repository-url: https://test.pypi.org/legacy/
- packages-dir: llvm/utils/lit/dist/
+ ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} --user ${{ github.actor }} create
+ release-documentation:
+ name: Build and Upload Release Documentation
+ needs:
+ - validate-tag
+ - release-create
+ uses: ./.github/workflows/release-documentation.yml
+ with:
+ release-version: ${{ needs.validate-tag.outputs.release-version }}
+ upload: true
- - name: Upload lit to pypi.org
- uses: pypa/gh-action-pypi-publish@release/v1
- with:
- password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }}
- packages-dir: llvm/utils/lit/dist/
+ release-lit:
+ name: Release Lit
+ needs: validate-tag
+ uses: ./.github/workflows/release-lit.yml
+ with:
+ release-version: ${{ needs.validate-tag.outputs.release-version }}
+
+ release-binaries:
+ name: Build Release Binaries
+ needs:
+ - validate-tag
+ - release-create
+ uses: ./.github/workflows/release-binaries.yml
+ with:
+ release-version: ${{ needs.validate-tag.outputs.release-version }}
+ upload: true
diff --git a/.github/workflows/set-release-binary-outputs.sh b/.github/workflows/set-release-binary-outputs.sh
index 8a7944e7e55fa06..0fa23fe3df968c1 100644
--- a/.github/workflows/set-release-binary-outputs.sh
+++ b/.github/workflows/set-release-binary-outputs.sh
@@ -8,21 +8,9 @@ if [ -z "$GITHUB_OUTPUT" ]; then
echo "Writing output variables to $GITHUB_OUTPUT"
fi
-github_user=$1
-tag=$2
-upload=$3
-
-if [[ "$github_user" != "tstellar" && "$github_user" != "tru" ]]; then
- echo "ERROR: User not allowed: $github_user"
- exit 1
-fi
-pattern='^llvmorg-[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc[0-9]\+\)\?$'
-echo "$tag" | grep -e $pattern
-if [ $? != 0 ]; then
- echo "ERROR: Tag '$tag' doesn't match pattern: $pattern"
- exit 1
-fi
-release_version=`echo "$tag" | sed 's/llvmorg-//g'`
+release_version=$1
+upload=$2
+tag="llvmorg-$release_version"
release=`echo "$release_version" | sed 's/-.*//g'`
build_dir=`echo "$release_version" | sed 's,^[^-]\+,final,' | sed 's,[^-]\+-rc\(.\+\),rc\1,'`
rc_flags=`echo "$release_version" | sed 's,^[^-]\+,-final,' | sed 's,[^-]\+-rc\(.\+\),-rc \1 -test-asserts,' | sed 's,--,-,'`
diff --git a/llvm/utils/release/github-upload-release.py b/llvm/utils/release/github-upload-release.py
index 86a71368dd84322..95d852e08c9cc34 100755
--- a/llvm/utils/release/github-upload-release.py
+++ b/llvm/utils/release/github-upload-release.py
@@ -30,6 +30,7 @@
import argparse
import github
+import sys
def create_release(repo, release, tag=None, name=None, message=None):
@@ -56,22 +57,34 @@ def upload_files(repo, release, files):
parser = argparse.ArgumentParser()
-parser.add_argument("command", type=str, choices=["create", "upload"])
+parser.add_argument("command", type=str, choices=["create", "upload", "check-permissions"])
# All args
parser.add_argument("--token", type=str)
parser.add_argument("--release", type=str)
+parser.add_argument("--user", type=str)
# Upload args
parser.add_argument("--files", nargs="+", type=str)
-
args = parser.parse_args()
github = github.Github(args.token)
-llvm_repo = github.get_organization("llvm").get_repo("llvm-project")
+llvm_org = github.get_organization("llvm")
+llvm_repo = llvm_org.get_repo("llvm-project")
+
+if args.user:
+ # Validate that this user is allowed to modify releases.
+ user = github.get_user(args.user)
+ team = llvm_org.get_team_by_slug('llvm-release-managers')
+ if not team.has_in_members(user):
+ print("User {} is not a allowed to modify releases".format(args.user))
+ sys.exit(1)
+elif args.command == "check-permissions":
+ print("--user option required for check-permissions")
+ sys.exit(1)
if args.command == "create":
- create_release(llvm_repo, args.release)
+ create_release(llvm_repo, args.release, args.user)
if args.command == "upload":
upload_files(llvm_repo, args.release, args.files)
|
|
NOTE: The 'workflows/release-tasks: Fix release note artifact upload' commit will be pushed first with PR#69522. |
|
✅ With the latest revision this PR passed the Python code formatter. |
|
Thanks for doing this. I had some local changes very similar to this. One thing I think we should do is to spilt the build docs step as well. I have added flags to build just sphinx and only doxygen already. The idea is that oxygen takes almost an hour to run while sphinx is done in 10 minutes. And when doing a release the critical wait is for the sphinx step since that contains the release notes. I think it would be good to separate these steps and make it easier to just rerun one of them if needed. |
tstellar
force-pushed
the
release-tasks-reorg-pr
branch
2 times, most recently
from
90b3368
to
c976c50
Compare
* Split out the lit release job and the documentation build jobs into their own workflow files. This makes it possible to manually run these jobs via workflow_dispatch. * Improve tag/user validation and ensure it gets run for each release task.
tstellar
force-pushed
the
release-tasks-reorg-pr
branch
from
5b71eca
to
d5b347a
Compare
|
@tru Can you take another look at this. I think we can merge now that the 17.x cycle is (likely) done. |
tru
approved these changes
Nov 29, 2023
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| run: | | ||
| echo "UPLOAD SETTING: $upload" |
There was a problem hiding this comment.
Is this debug useful in the final workflow?
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y \ | ||
| doxygen \ |
There was a problem hiding this comment.
Isn't doxygen already listed as a requirement in the pip requirements file?
It might be worth adding the pip cache with setup-python since it makes the install so much faster.
There was a problem hiding this comment.
doxygen is not in the requirements file.
| ninja-build \ | ||
| texlive-font-utils | ||
| pip3 install --user -r ./llvm/docs/requirements.txt | ||
| echo "UPLOAD SETTING: $upload" |
There was a problem hiding this comment.
another stray debug line. fine to keep it, but maybe we should add them in the same place in both workflows.
Also the pip caching here is probably good to use.
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }} | ||
| repository-url: https://test.pypi.org/legacy/ |
There was a problem hiding this comment.
is the legacy part of this URL intentional?
There was a problem hiding this comment.
Yes, this is comes from an example in the README file for this action: https://github.com/pypa/gh-action-pypi-publish
|
I didn't plan to approve - I wanted my questions answered first! I just picked the wrong option! |
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y \ | ||
| doxygen \ |
There was a problem hiding this comment.
Is installing Doxygen necessary here? It seems to be unused (-no-doxygen).
|
@tru @VoltrexKeyva I believe I've addressed all the review comments now. |
Add a fix up after merge from main.
|
Ping. |
There was a problem hiding this comment.
No issues on my end. Definitely seems to be an improvement over what was there before.
It would be nice to unify the documentation test action and the documentation release action (at least somewhat), but it doesn't seem like they're particularly amenable to being combined given the different purposes they serve.
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| run: | | ||
| ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} check-permissions |
There was a problem hiding this comment.
What's the purpose of this permissions check?
There was a problem hiding this comment.
I want to make sure that only the release managers are allowed to run this job manually, because we have a limited budget for using the bigger runners and I don't want to use it up.
There was a problem hiding this comment.
Ah, makes sense. Wasn't thinking that anyone with commit access is allowed to run the job rather than just the release managers.
| git config user.name "llvmbot" | ||
| git commit -a -m "Add ${{ steps.validate-tag.outputs.release-version }} documentation" | ||
| git push https://${{ secrets.WWW_RELEASES_TOKEN }}@github.com/${{ github.repository_owner }}/www-releases main:main | ||
| sudo apt-get install python3-github |
There was a problem hiding this comment.
Might not be a major issue, but it would be good to version match this with other workflows that use the github python package.
There was a problem hiding this comment.
Yeah I was thinking about that, actually in general in this file. Shouldn't we try to hashpin all the dependencies since we have started to do that in other workflows?
There was a problem hiding this comment.
Hashpinning the action dependencies can probably be done in a follow-up patch and that would help keep the diff clean.
There was a problem hiding this comment.
I just merged the latest main branch into this patch and it picked up the hashpins that were updated by a separate commit in main. I think just the setup-python action is missing a hashpin. I'll update those in a separate PR.
boomanaiden154
approved these changes
Jan 17, 2024
ampandey-1995
pushed a commit
to ampandey-1995/llvm-project
that referenced
this pull request
Jan 19, 2024
* Split out the lit release job and the documentation build job into
their own workflow files. This makes it possible to manually run these
jobs via workflow_dispatch.
* Improve tag/user validation and ensure it gets run for each release
task.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Split out the lit release job and the documentation build job into their own workflow files. This makes it possible to manually run these jobs via workflow_dispatch.
Improve tag/user validation and ensure it gets run for each release task.