name: Release Task
permissions:
contents: read
on:
push:
tags:
# The regex support here is limited, so just match everything that starts with llvmorg- and filter later.
- 'llvmorg-*'
jobs:
validate-tag:
name: Validate Tag
runs-on: ubuntu-latest
if: github.repository == 'llvm/llvm-project'
outputs:
release-version: ${{ steps.validate-tag.outputs.release-version }}
steps:
- name: Validate Tag
id: validate-tag
run: |
echo "${{ github.ref_name }}" | grep -e '^llvmorg-[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc[0-9]\+\)\?$'
release_version=$(echo "${{ github.ref_name }}" | sed 's/llvmorg-//g')
echo "release-version=$release_version" >> "$GITHUB_OUTPUT"
release-create:
name: Create a New Release
runs-on: ubuntu-latest
permissions:
contents: write # For creating the release.
needs: validate-tag
steps:
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install python3-github
- name: Checkout LLVM
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Create Release
env:
GITHUB_TOKEN: ${{ github.token }}
USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
run: |
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --release ${{ needs.validate-tag.outputs.release-version }} --user ${{ github.actor }} --user-token "$USER_TOKEN" create
release-documentation:
name: Build and Upload Release Documentation
needs:
- validate-tag
uses: ./.github/workflows/release-documentation.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
release-doxygen:
name: Build and Upload Release Doxygen
permissions:
contents: write
needs:
- validate-tag
- release-create
uses: ./.github/workflows/release-doxygen.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-lit:
name: Release Lit
needs: validate-tag
uses: ./.github/workflows/release-lit.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-binaries:
name: Build Release Binaries
permissions:
contents: write
id-token: write
attestations: write
needs:
- validate-tag
- release-create
strategy:
fail-fast: false
matrix:
runs-on:
- ubuntu-22.04
- windows-2022
- macos-13
- macos-14
uses: ./.github/workflows/release-binaries.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
upload: true
runs-on: ${{ matrix.runs-on }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
release-sources:
name: Package Release Sources
permissions:
contents: read
id-token: write
attestations: write
needs:
- validate-tag
uses: ./.github/workflows/release-sources.yml
with:
release-version: ${{ needs.validate-tag.outputs.release-version }}
# Called workflows don't have access to secrets by default, so we need to explicitly pass secrets that we use.
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
Codebase Browser
llvm