[llvm] workflows: Fix permissions for release-sources job (PR #100750)

Tom Stellard via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 26 07:26:19 PDT 2024 

https://github.com/tstellar updated https://github.com/llvm/llvm-project/pull/100750

>From ebc16279af14fcba3f51ee0b19cc90f68546dcc1 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Fri, 26 Jul 2024 07:06:09 -0700
Subject: [PATCH 1/2] workflows: Fix permissions for release-sources job

For reusable workflows, the called workflow cannot upgrade it's
permissions, and since the default permission is none, we need to
explicitly declare 'contents: read' when calling the release-sources
workflow.

Fixes the error:
The workflow is requesting 'contents: read', but is only allowed 'contents: none'.
---
 .github/workflows/release-tasks.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml
index 2ed56dace1d4c..116261f8e76b7 100644
--- a/.github/workflows/release-tasks.yml
+++ b/.github/workflows/release-tasks.yml
@@ -89,6 +89,7 @@ jobs:
   release-sources:
     name: Package Release Sources
     permissions:
+      contents: read
       id-token: write
       attestations: write
     needs:

>From e036e2b6082f5400f58c51442e911ae74d48ee23 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Fri, 26 Jul 2024 07:25:32 -0700
Subject: [PATCH 2/2] workflows: Fix tag name for release sources job

---
 .github/workflows/release-sources.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-sources.yml b/.github/workflows/release-sources.yml
index 9c5b1a9f01709..b0c0b652f3758 100644
--- a/.github/workflows/release-sources.yml
+++ b/.github/workflows/release-sources.yml
@@ -47,7 +47,7 @@ jobs:
     steps:
       - id: inputs
         run: |
-          ref=${{ inputs.release-version || github.sha }}
+          ref=${{ (inputs.release-version && format('llvmorg-{0}', inputs.release-version)) || github.sha }}
           if [ -n "${{ inputs.release-version }}" ]; then
             export_args="-release ${{ inputs.release-version }} -final"
           else

More information about the llvm-commits mailing list