[llvm-branch-commits] [llvm] release/19.x: workflows/release-binaries-all: Pass secrets on to release-binaries workflow (#101866) (PR #102068)

via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Mon Aug 5 14:46:05 PDT 2024 

https://github.com/llvmbot created https://github.com/llvm/llvm-project/pull/102068

Backport 1fb1a5d8e2c5a0cbaeb39ead68352e5e55752a6d

Requested by: @tstellar

>From 8bf7b8c4cc425b750e08119a33ac311c0217c014 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Mon, 5 Aug 2024 14:40:46 -0700
Subject: [PATCH] workflows/release-binaries-all: Pass secrets on to
 release-binaries workflow (#101866)

A called workflow does not have access to secrets by default, so we need
to explicitly pass any secret that we want to use.

(cherry picked from commit 1fb1a5d8e2c5a0cbaeb39ead68352e5e55752a6d)
---
 .github/workflows/release-binaries-all.yml | 6 +++++-
 .github/workflows/release-binaries.yml     | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-binaries-all.yml b/.github/workflows/release-binaries-all.yml
index 73c9d96946e33..394b0c74d24ed 100644
--- a/.github/workflows/release-binaries-all.yml
+++ b/.github/workflows/release-binaries-all.yml
@@ -91,4 +91,8 @@ jobs:
       release-version: "${{ needs.setup-variables.outputs.release-version }}"
       upload: ${{ needs.setup-variables.outputs.upload == 'true'}}
       runs-on: "${{ matrix.runs-on }}"
-
+    secrets:
+      # This will be empty for pull_request events, but that's fine, because
+      # the release-binaries workflow does not use this secret for the
+      # pull_request event.
+      RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
index 7cc8b7a1e56e8..847fe000c19a3 100644
--- a/.github/workflows/release-binaries.yml
+++ b/.github/workflows/release-binaries.yml
@@ -37,6 +37,11 @@ on:
         description: "Runner to use for the build"
         required: true
         type: string
+    secrets:
+      RELEASE_TASKS_USER_TOKEN:
+        description: "Secret used to check user permissions."
+        required: false
+
 
 permissions:
   contents: read # Default everything to read-only

More information about the llvm-branch-commits mailing list