[clang] [llvm] workflows/release-binaries: Enable Windows x86 builds (PR #128274)

via cfe-commits cfe-commits at lists.llvm.org
Wed Oct 8 08:02:08 PDT 2025 

================
@@ -194,41 +201,46 @@
     runs-on: ${{ needs.prepare.outputs.build-runs-on }}
     steps:
 
-    - name: Checkout Actions
-      uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      with:
-        ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
-        sparse-checkout: |
-          .github/workflows/
-        sparse-checkout-cone-mode: false
-        # Check out outside of working directory so the source checkout doesn't
-        # remove it.
-        path: workflows
-
-    # actions/checkout does not support paths outside of the GITHUB_WORKSPACE.
-    # Also, anything that we put inside of GITHUB_WORKSPACE will be overwritten
-    # by future actions/checkout steps.  Therefore, in order to checkout the
-    # latest actions from main, we need to first checkout out the actions inside of
-    # GITHUB_WORKSPACE (see previous step), then use actions/checkout to checkout
-    # the code being built and the move the actions from main back into GITHUB_WORKSPACE,
-    # becasue the uses on composite actions only reads workflows from inside GITHUB_WORKSPACE.
-    - shell: bash
-      run: mv workflows  ../workflows-main
-
     - name: Checkout LLVM
       uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         ref: ${{ needs.prepare.outputs.ref }}
 
-    - name: Copy main workflows
-      shell: bash
+    - name: Install Ninja
+      uses: llvm/actions/install-ninja at a1ea791b03c8e61f53a0e66f2f73db283aa0f01e # main
+
+    - name: Setup Windows
+      if: startsWith(runner.os, 'Windows')
+      uses: llvm/actions/setup-windows at main
----------------
github-advanced-security[bot] wrote:

## Unpinned tag for a non-immutable Action in workflow

Unpinned 3rd party Action 'Release Binaries' step [Uses Step](1) uses 'llvm/actions/setup-windows' with ref 'main', not a pinned commit hash

[Show more details](https://github.com/llvm/llvm-project/security/code-scanning/1477)

https://github.com/llvm/llvm-project/pull/128274

More information about the cfe-commits mailing list