[llvm-branch-commits] [llvm] release/22.x: workflows/release-lit: Update workflow and enable trusted publishing with pypi (#174907) (PR #176846)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Mon Jan 19 17:18:54 PST 2026
https://github.com/llvmbot created https://github.com/llvm/llvm-project/pull/176846
Backport bc3066bb22323032469f0a69f673b4e5b1d86df3
Requested by: @tstellar
>From eecafb10777d58cb51e2129345056d412626a010 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Mon, 19 Jan 2026 17:11:17 -0800
Subject: [PATCH] workflows/release-lit: Update workflow and enable trusted
publishing with pypi (#174907)
This makes some small improvements to the workflow including using some
more modern python packaging modules and also enables the trusted
publishing for pypi. This will allow us to publish lit packages to pypi
without needing to use an access token.
This action also now uses the pypi environment which will only publish
files when triggered by an llvm-* tag.
(cherry picked from commit bc3066bb22323032469f0a69f673b4e5b1d86df3)
---
.github/workflows/release-tasks.yml | 57 +++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml
index 1258121182069..036e58215e53a 100644
--- a/.github/workflows/release-tasks.yml
+++ b/.github/workflows/release-tasks.yml
@@ -73,6 +73,63 @@ jobs:
secrets:
RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
+ # The pypi trusted publishing does not support called workflows, so we
+ # can't use them here.
+ release-lit:
+ name: Release Lit
+ runs-on: ubuntu-24.04
+ permissions:
+ id-token: write # Requred for pypi publishing
+ environment: pypi
+ steps:
+ - name: Checkout LLVM
+ uses: actions/checkout at 8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+ with:
+ ref: "llvmorg-${{ needs.validate-tag.outputs.release-version }}"
+
+ - name: Install dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y python3-build python3-psutil python3-github
+
+ - name: Check Permissions
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
+ run: |
+ ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
+
+ - name: Test lit
+ run: |
+ mkdir build && cd build
+ export FILECHECK_OPTS='-dump-input-filter=all -vv -color'
+ cmake ../llvm -DCMAKE_BUILD_TYPE=Release -G Ninja
+ ninja -v -j $(nproc) check-lit
+
+ - name: Package lit
+ run: |
+ cd llvm/utils/lit
+ # Remove 'dev' suffix from lit version.
+ sed -i 's/ + "dev"//g' lit/__init__.py
+ python3 -m build
+
+ - uses: actions/upload-artifact at b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ with:
+ name: lit-${{ inputs.release-version }}-release-binary
+ path: |
+ llvm/utils/lit/dist
+
+ - name: Upload lit to test.pypi.org
+ uses: pypa/gh-action-pypi-publish at ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+ with:
+ repository-url: https://test.pypi.org/legacy/
+ packages-dir: llvm/utils/lit/dist/
+
+ - name: Upload lit to pypi.org
+ uses: pypa/gh-action-pypi-publish at ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+ with:
+ packages-dir: llvm/utils/lit/dist/
+
release-binaries:
name: Build Release Binaries
permissions:
More information about the llvm-branch-commits
mailing list