name: Release Binaries
on:
workflow_dispatch:
inputs:
release-version:
description: 'Release Version'
required: false
type: string
upload:
description: 'Upload binaries to the release page'
required: true
default: false
type: boolean
runs-on:
description: "Runner to use for the build"
required: true
type: choice
options:
- ubuntu-22.04
- windows-2022
- macos-13
- macos-14
workflow_call:
inputs:
release-version:
description: 'Release Version'
required: false
type: string
upload:
description: 'Upload binaries to the release page'
required: true
default: false
type: boolean
runs-on:
description: "Runner to use for the build"
required: true
type: string
secrets:
RELEASE_TASKS_USER_TOKEN:
description: "Secret used to check user permissions."
required: false
permissions:
contents: read # Default everything to read-only
jobs:
prepare:
name: Prepare to build binaries
runs-on: ${{ inputs.runs-on }}
if: github.repository == 'llvm/llvm-project'
outputs:
release-version: ${{ steps.vars.outputs.release-version }}
ref: ${{ steps.vars.outputs.ref }}
upload: ${{ steps.vars.outputs.upload }}
target-cmake-flags: ${{ steps.vars.outputs.target-cmake-flags }}
build-flang: ${{ steps.vars.outputs.build-flang }}
enable-pgo: ${{ steps.vars.outputs.enable-pgo }}
release-binary-basename: ${{ steps.vars.outputs.release-binary-basename }}
release-binary-filename: ${{ steps.vars.outputs.release-binary-filename }}
steps:
# It's good practice to use setup-python, but this is also required on macos-14
# due to https://github.com/actions/runner-images/issues/10385
- uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
with:
python-version: '3.12'
- name: Checkout LLVM
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Dependencies
shell: bash
run: |
pip install --require-hashes -r ./llvm/utils/git/requirements.txt
- name: Check Permissions
if: github.event_name != 'pull_request'
env:
GITHUB_TOKEN: ${{ github.token }}
USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
shell: bash
run: |
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
- name: Collect Variables
id: vars
shell: bash
# In order for the test-release.sh script to run correctly, the LLVM
# source needs to be at the following location relative to the build dir:
# | X.Y.Z-rcN | ./rcN/llvm-project
# | X.Y.Z | ./final/llvm-project
#
# We also need to set divergent flags based on the release version:
# | X.Y.Z-rcN | -rc N -test-asserts
# | X.Y.Z | -final
run: |
trimmed=$(echo ${{ inputs.release-version }} | xargs)
if [ -n "$trimmed" ]; then
release_version="$trimmed"
ref="llvmorg-$release_version"
else
release_version="${{ (github.event_name == 'pull_request' && format('PR{0}', github.event.pull_request.number)) || 'CI'}}-${{ github.sha }}"
ref=${{ github.sha }}
fi
if [ -n "${{ inputs.upload }}" ]; then
upload="${{ inputs.upload }}"
else
upload="false"
fi
echo "release-version=$release_version">> $GITHUB_OUTPUT
echo "ref=$ref" >> $GITHUB_OUTPUT
echo "upload=$upload" >> $GITHUB_OUTPUT
release_binary_basename="LLVM-$release_version-${{ runner.os }}-${{ runner.arch }}"
echo "release-binary-basename=$release_binary_basename" >> $GITHUB_OUTPUT
echo "release-binary-filename=$release_binary_basename.tar.xz" >> $GITHUB_OUTPUT
# Detect necessary CMake flags
target="${{ runner.os }}-${{ runner.arch }}"
echo "enable-pgo=false" >> $GITHUB_OUTPUT
target_cmake_flags="-DLLVM_RELEASE_ENABLE_PGO=OFF"
# The macOS builds try to cross compile some libraries so we need to
# add extra CMake args to disable them.
# See https://github.com/llvm/llvm-project/issues/99767
if [ "${{ runner.os }}" = "macOS" ]; then
target_cmake_flags="$target_cmake_flags -DBOOTSTRAP_COMPILER_RT_ENABLE_IOS=OFF"
if [ "${{ runner.arch }}" = "ARM64" ]; then
arches=arm64
else
arches=x86_64
fi
target_cmake_flags="$target_cmake_flags -DBOOTSTRAP_DARWIN_osx_ARCHS=$arches -DBOOTSTRAP_DARWIN_osx_BUILTIN_ARCHS=$arches"
fi
build_flang="true"
if [ "${{ runner.os }}" = "Windows" ]; then
# The build times out on Windows, so we need to disable LTO.
target_cmake_flags="$target_cmake_flags -DLLVM_RELEASE_ENABLE_LTO=OFF"
fi
echo "target-cmake-flags=$target_cmake_flags" >> $GITHUB_OUTPUT
echo "build-flang=$build_flang" >> $GITHUB_OUTPUT
build-stage1:
name: "Build Stage 1"
needs: prepare
if: github.repository == 'llvm/llvm-project'
runs-on: ${{ inputs.runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |
.github/workflows/
sparse-checkout-cone-mode: false
# Check out outside of working directory so the source checkout doesn't
# remove it.
path: workflows
# actions/checkout does not support paths outside of the GITHUB_WORKSPACE.
# Also, anything that we put inside of GITHUB_WORKSPACE will be overwritten
# by future actions/checkout steps. Therefore, in order to checkout the
# latest actions from main, we need to first checkout out the actions inside of
# GITHUB_WORKSPACE (see previous step), then use actions/checkout to checkout
# the code being built and the move the actions from main back into GITHUB_WORKSPACE,
# becasue the uses on composite actions only reads workflows from inside GITHUB_WORKSPACE.
- shell: bash
run: mv workflows ../workflows-main
- name: Checkout LLVM
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ needs.prepare.outputs.ref }}
- name: Copy main workflows
shell: bash
run: |
mv ../workflows-main .
- name: Setup Stage
id: setup-stage
uses: ./workflows-main/.github/workflows/release-binaries-setup-stage
- name: Setup sccache
uses: hendrikmuhs/ccache-action@ca3acd2731eef11f1572ccb126356c2f9298d35e # v1.2.9
with:
# Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174
max-size: 2G
key: sccache-${{ runner.os }}-${{ runner.arch }}-release
variant: sccache
- name: Build Stage 1 Clang
id: build
shell: bash
run: |
# There were some issues on the ARM64 MacOS runners with trying to build x86 object,
# so we need to set some extra cmake flags to disable this.
cmake -G Ninja -S llvm -B ${{ steps.setup-stage.outputs.build-prefix }}/build \
${{ needs.prepare.outputs.target-cmake-flags }} \
-C clang/cmake/caches/Release.cmake \
-DBOOTSTRAP_LLVM_PARALLEL_LINK_JOBS=1 \
-DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" \
-DCMAKE_C_COMPILER_LAUNCHER=sccache \
-DCMAKE_CXX_COMPILER_LAUNCHER=sccache
ninja -v -C ${{ steps.setup-stage.outputs.build-prefix }}/build
# There is a race condition on the MacOS builders and this command is here
# to help debug that when it happens.
ls -ltr ${{ steps.setup-stage.outputs.build-prefix }}/build
- name: Save Stage
uses: ./workflows-main/.github/workflows/release-binaries-save-stage
with:
build-prefix: ${{ steps.setup-stage.outputs.build-prefix }}
build-stage2:
name: "Build Stage 2"
needs:
- prepare
- build-stage1
if: github.repository == 'llvm/llvm-project'
runs-on: ${{ inputs.runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |
.github/workflows/
sparse-checkout-cone-mode: false
path: workflows
- name: Setup Stage
id: setup-stage
uses: ./workflows/.github/workflows/release-binaries-setup-stage
with:
previous-artifact: build-stage1
- name: Build Stage 2
# Re-enable once PGO builds are supported.
if: needs.prepare.outputs.enable-pgo == 'true'
shell: bash
run: |
ninja -C ${{ steps.setup-stage.outputs.build-prefix}}/build stage2-instrumented
- name: Save Stage
uses: ./workflows/.github/workflows/release-binaries-save-stage
with:
build-prefix: ${{ steps.setup-stage.outputs.build-prefix }}
build-stage3-clang:
name: "Build Stage 3 LLVM/Clang"
needs:
- prepare
- build-stage2
if: github.repository == 'llvm/llvm-project'
runs-on: ${{ inputs.runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |
.github/workflows/
sparse-checkout-cone-mode: false
path: workflows
- name: Setup Stage
id: setup-stage
uses: ./workflows/.github/workflows/release-binaries-setup-stage
with:
previous-artifact: build-stage2
- name: Build LLVM/Clang
shell: bash
run: |
# There is a race condition on the MacOS builders and this command is here
# to help debug that when it happens.
ls -ltr ${{ steps.setup-stage.outputs.build-prefix }}/build
ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build stage2-clang
# Build some of the larger binaries here too.
ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/ \
clang-scan-deps \
modularize clangd \
clangd-indexer \
clang-check \
${{ (runner.os == 'Linux' && 'clangd-fuzzer') || '' }} \
clang-tidy \
llc \
lli \
llvm-exegesis \
llvm-opt-fuzzer \
llvm-reduce \
llvm-lto \
dsymutil
- name: Save Stage
uses: ./workflows/.github/workflows/release-binaries-save-stage
with:
build-prefix: ${{ steps.setup-stage.outputs.build-prefix }}
build-stage3-flang:
name: "Build Stage 3 Flang/MLIR/Bolt"
needs:
- prepare
- build-stage3-clang
runs-on: ${{ inputs.runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |
.github/workflows/
sparse-checkout-cone-mode: false
path: workflows
- name: Setup Stage
id: setup-stage
uses: ./workflows/.github/workflows/release-binaries-setup-stage
with:
previous-artifact: build-stage3-clang
- name: Build Flang / MLIR / Bolt
shell: bash
run: |
# Build some of the mlir tools that take a long time to link
if [ "${{ needs.prepare.outputs.build-flang }}" = "true" ]; then
ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/ -j2 flang-new bbc
fi
ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/ \
mlir-bytecode-parser-fuzzer \
mlir-cpu-runner \
mlir-lsp-server \
mlir-opt \
mlir-query \
mlir-reduce \
mlir-text-parser-fuzzer \
mlir-translate \
mlir-transform-opt \
mlir-cat \
mlir-minimal-opt \
mlir-minimal-opt-canonicalize \
mlir-pdll-lsp-server \
llvm-bolt \
llvm-bolt-heatmap
- name: Save Stage
uses: ./workflows/.github/workflows/release-binaries-save-stage
with:
build-prefix: ${{ steps.setup-stage.outputs.build-prefix }}
build-stage3-all:
name: "Build Stage 3"
needs:
- prepare
- build-stage3-flang
runs-on: ${{ inputs.runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |
.github/workflows/
sparse-checkout-cone-mode: false
path: workflows
- name: Setup Stage
id: setup-stage
uses: ./workflows/.github/workflows/release-binaries-setup-stage
with:
previous-artifact: build-stage3-flang
- name: Build Release Package
shell: bash
run: |
which cmake
ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build stage2-package
# Copy Release artifact to the workspace so it is easier to upload.
# This is necessary, because on Windows, the build-prefix path can
# only be used on bash steps, because it uses the form of /d/files/
# and other steps expect D:\files.
mv ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/${{ needs.prepare.outputs.release-binary-filename }} .
- uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
with:
name: ${{ runner.os }}-${{ runner.arch }}-release-binary
# Due to path differences on Windows when running in bash vs running on node,
# we need to search for files in the current workspace.
path: |
${{ needs.prepare.outputs.release-binary-filename }}
# Clean up some build files to reduce size of artifact.
- name: Clean Up Build Directory
shell: bash
run: |
find ${{ steps.setup-stage.outputs.build-prefix }}/build -iname ${{ needs.prepare.outputs.release-binary-filename }} -delete
rm -Rf ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/_CPack_Packages
- name: Save Stage
uses: ./workflows/.github/workflows/release-binaries-save-stage
with:
build-prefix: ${{ steps.setup-stage.outputs.build-prefix }}
upload-release-binaries:
name: "Upload Release Binaries"
needs:
- prepare
- build-stage3-all
if: >-
always() &&
github.event_name != 'pull_request' &&
needs.prepare.outputs.upload == 'true'
runs-on: ubuntu-22.04
permissions:
contents: write # For release uploads
id-token: write # For artifact attestations
attestations: write # For artifact attestations
steps:
- name: 'Download artifact'
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
with:
pattern: '*-release-binary'
merge-multiple: true
- name: Attest Build Provenance
id: provenance
uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
with:
subject-path: ${{ needs.prepare.outputs.release-binary-filename }}
- name: Rename attestation file
run:
mv ${{ steps.provenance.outputs.bundle-path }} ${{ needs.prepare.outputs.release-binary-filename }}.jsonl
- name: Upload Build Provenance
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #v4.3.3
with:
name: ${{ needs.prepare.outputs.release-binary-filename }}-attestation
path: ${{ needs.prepare.outputs.release-binary-filename }}.jsonl
- name: Checkout Release Scripts
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
sparse-checkout: |
llvm/utils/release/github-upload-release.py
llvm/utils/git/requirements.txt
sparse-checkout-cone-mode: false
- name: Install Python Requirements
run: |
pip install --require-hashes -r ./llvm/utils/git/requirements.txt
- name: Upload Release
shell: bash
run: |
./llvm/utils/release/github-upload-release.py \
--token ${{ github.token }} \
--release ${{ needs.prepare.outputs.release-version }} \
upload \
--files ${{ needs.prepare.outputs.release-binary-filename }}*
test-stage3:
name: "Test Stage 3"
needs:
- prepare
- build-stage3-all
if: >-
github.repository == 'llvm/llvm-project'
runs-on: ${{ inputs.runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |
.github/workflows/
sparse-checkout-cone-mode: false
path: workflows
- name: Setup Stage
id: setup-stage
uses: ./workflows/.github/workflows/release-binaries-setup-stage
with:
previous-artifact: build-stage3-all
- name: Run Tests
shell: bash
run: |
ninja -C ${{ steps.setup-stage.outputs.build-prefix }}/build stage2-check-all