This workflow should only be triggering on PRs that touch Github
workflows. This is not the case currently because I forgot to add path
filtering in the original implementation.
These workflows are currently using a custom checkout action in
llvm/actions. This does the same thing as actions/checkout, but incurs a
maintenance cost that we have not really been paying. Switch over to the
Github supported workflow so someone else is paying the maintenance
cost.
There was one action dependency that was not hash pinned and this
workflow also allowed code injection as the input might not be properly
escaped when dumped into the run script.
Some of the older versions have security issues. Upgrade to v5 to remedy
that and get ahead of the v5 upgrade cycle rather than updating to a
later v4.x release.
Updated mechanically using the following command:
find .github -exec sed -i -e
"s/actions\/download-artifact@.*/actions\/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
# v5.0.0/g" {} \;
We were using the step security fork after the tj-actions/changed-files
supply chain attack given Github disabled the repo and all our actions
were failing during that time. Switch away from the fork back to the
main repository to avoid an extra level of indirection until we can
probably just stop using this action/roll our own.
Dependabot cannot configure the branch prefix, which means it fails
everytime it tries to run because we only allow user/ branches.
This is in preparation for using Renovate which supports custom branch
prefixes and has other advantages, like the ability to run/get setup
without any assisstance from a repository admin unlike dependabot. This
makes it significantly more hackable for the rest of the community.
In docker-compose.yml, add *image_versions arguments for the
android-buildkite-builder service, so that ACTIONS_BASE_IMAGE is set (to
builder-base). This will also set the BASE_IMAGE, which we don't really
want, because this service uses ubuntu:noble instead of the ubuntu:jammy
default, but that's OK because the setting is successfully overridden.
In vendor/android/run-buildbot-container, use the correct ghcr.io Docker
path (ghcr.io/llvm/libcxx-android-builder).
Reenable the build-and-push of ghcr.io/llvm/libcxx-android-builder in
the libcxx-build-containers.yml workflow.
This patch saves the sccache logs to the artifacts. If sccache dies and
the server prints logs, we currently do not collect them anywhere and
they do not get dumped to STDOUT/STDERR. If the process is directly
getting killed (SIGTERM), it seems like it doesn't dump anything, but in
most other cases we should be able to see something.
Related to #155442.
Some CI runs are seeing issues with failures running the artifact upload
step. They seem related to
https://github.com/actions/upload-artifact/issues/569. We should
continue the workflow and ignore errors in the upload artifact step if
it fails so that users do not see a red CI that is not due to their
changes.
Fixes#154155.
This allows for removing llvm-project-tests.yml. This significantly
reduces the complexity of this workflow (including the complexity of
llvm-project-tests.yml) at the cost of a little bit of duplication with
the other workflows that were also using llvm-project-tests.yml.
Reviewers: tstellar, DeinAlptraum
Reviewed By: DeinAlptraum
Pull Request: https://github.com/llvm/llvm-project/pull/153876
This will eventually allow for removing llvm-project-tests.yml. This
should significantly reduce the complexity of this workflow (including
the complexity of llvm-project-tests.yml) at the cost of a little bit of
duplication.
Reviewers: IgWod-IMG, kuhar
Reviewed By: kuhar
Pull Request: https://github.com/llvm/llvm-project/pull/153871
This will eventually allow for removing llvm-project-tests.yml. This
should significantly reduce the complexity of these workflows at the
cost of a little bit of duplication standard to github actions.
Reviewers: michalpaszkowski, sudonatalie
Reviewed By: sudonatalie
Pull Request: https://github.com/llvm/llvm-project/pull/153869
As a member of github.com/orgs/llvm/teams/pr-subscribers-llvm-mc , I was
not notified about PR #149935.
This commit introduces the `llvm:mc` label to cover the generic MC
interface, excluding target-specific MCTargetDesc files.
- Rename the `mc` label to `llvm:mc` for consistency with other LLVM
subdirectory labels.
- Exclude `llvm/test/MC` from the label scope, as it contains many
target-specific directories.
Admin: please change the name of
https://github.com/orgs/llvm/teams/pr-subscribers-llvm-mc
to "pr-subscribers-llvm:mc", similar to pr-subscribers-llvm:ir
Having basic checks (like running buildifier) on the upstream bazel
files would be helpful for contributors maintaining the bazel build. Add
basic checks (currently just buildifier) to a workflow that runs
whenever the bazel build files change.
https://github.com/actions/checkout/releases/tag/v5.0.0 was released a
couple of days ago (still new, sufficient bake time that there probably
is not a significant security issue). There are few changes, with the
most notable ones being dependency bumps, specifically the node version
bump to v24. This requires actions runner v2.327.1. I will land this
after all of the infrastructure has been moved over to the new runner
version.
Clang tip of tree is now v22, so bump the versions based on that now
that we have an updated container image.
---------
Co-authored-by: Nikolas Klauser <nikolasklauser@berlin.de>
5fc3e76ec4 made the pipelines fail on
errors and also removed the TODO comments, but did not remove the
explanatory comments on why things were set up that way. Given things no
longer succeed on error, these comments are outdated and should be
removed.
This should execute also the MLIR SPIRV Target tests which require the
SPIRV-Tools validator
---------
Signed-off-by: Davide Grohmann <davide.grohmann@arm.com>
This patch adds the python-is-python3 package to the CI container.
Windows by default uses python instead of python3, which prevents
code sharing without additionaly hackery. This should fix that and
allow for #152199 to land.
Currently the check-ci workflow runs on the push event as well
regardless of the branch which means the workflow runs twice on stacked
PRs. Not a big deal, but a bit weird to see the same workflow running
twice in a PR.
Update clang-cl/LLVM to 20.1.8.
Update to llvm-mingw 20250709 (with also is built on LLVM 20.1.8). This
release of llvm-mingw is the first release to be built with PGO, making
it significantly faster for the CI runs (on par with the clang-cl
cases); running the current tests in around 1 h rather than 1 h 20 min.
This adds download links to the GitHub release pages for common
platforms. The automatically built packages' links are automatically
revealed once the builds are complete. For packages built by hand,
hidden links are included in the text for release uploaders to reveal
later.
The approach taken:
* "LLVM x.y.z Release" becomes the title for this links section.
* Automatically built packages are commented out with special markers so
we can find them to uncomment them later.
* There is placeholder text for the time between release creation and
release tasks finishing.
* Hand built packages have release links but these will need to be
un-commented by release uploaders.
* I have used vendor names for the architectures, that casual users
would recognise.
* Their signature file is linked as well. I expect most will ignore this
but better to show it to remind people it exists.
* I called it "signature" as a generic term to cover the .jsonl and .sig
files. Instructions to use these were added to the text in a previous
change.
