[llvm-branch-commits] [llvm] release/19.x: workflows/release-documentation: Submit a pull request with changes (#108247) (PR #110665)

via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Tue Oct 1 06:17:56 PDT 2024 

https://github.com/llvmbot created https://github.com/llvm/llvm-project/pull/110665

Backport 9cd289fa4a7355e1bfd3129ba9c755f979fd0a72

Requested by: @tstellar

>From abb161a4a11b2d0077e028a7a40cb570fcc9845a Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Tue, 1 Oct 2024 06:12:03 -0700
Subject: [PATCH] workflows/release-documentation: Submit a pull request with
 changes (#108247)

This is instead of pushing directly. Creating a pull request is slightly
more work for the release manager, but it is more secure as we no longer
need a secret with write access to the www-releases repo.

(cherry picked from commit 9cd289fa4a7355e1bfd3129ba9c755f979fd0a72)
---
 .github/workflows/release-documentation.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml
index 70e5f08b6f72e2..922c5093f13579 100644
--- a/.github/workflows/release-documentation.yml
+++ b/.github/workflows/release-documentation.yml
@@ -72,17 +72,20 @@ jobs:
           ref: main
           fetch-depth: 0
           path: www-releases
+          persist-credentials: false
 
       - name: Upload Release Notes
         if: env.upload
         env:
-          WWW_RELEASES_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }}
+          GH_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }}
         run: |
-          mkdir -p ../www-releases/${{ inputs.release-version }}
-          mv ./docs-build/html-export/* ../www-releases/${{ inputs.release-version }}
-          cd ../www-releases
+          mkdir -p www-releases/${{ inputs.release-version }}
+          mv ./docs-build/html-export/* www-releases/${{ inputs.release-version }}
+          cd www-releases
+          git checkout -b ${{ inputs.release-version }}
           git add ${{ inputs.release-version }}
           git config user.email "llvmbot at llvm.org"
           git config user.name "llvmbot"
           git commit -a -m "Add ${{ inputs.release-version }} documentation"
-          git push "https://$WWW_RELEASES_TOKEN@github.com/${{ github.repository_owner }}/www-releases" main:main
+          git push --force  "https://$GH_TOKEN@github.com/llvmbot/www-releases.git" HEAD:refs/heads/${{ inputs.release-version }}
+          gh pr create -f -B main -H ${{ inputs.release-version }} -R llvmbot/www-releases

More information about the llvm-branch-commits mailing list