[llvm] workflows/release-binaries-all: Pass secrets on to release-binaries workflow (PR #101866)

Tom Stellard via llvm-commits llvm-commits at lists.llvm.org
Sat Aug 3 22:50:21 PDT 2024 

https://github.com/tstellar created https://github.com/llvm/llvm-project/pull/101866

A called workflow does not have access to secrets by default, so we need to explicitly pass any secret that we want to use.

>From 1c01e41b9d014f7031f04c61074b900f3674bd0f Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 3 Aug 2024 22:45:40 -0700
Subject: [PATCH] workflows/release-binaries-all: Pass secrets on to
 release-binaries workflow

A called workflow does not have access to secrets by default, so we need
to explicitly pass any secret that we want to use.
---
 .github/workflows/release-binaries-all.yml | 6 +++++-
 .github/workflows/release-binaries.yml     | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-binaries-all.yml b/.github/workflows/release-binaries-all.yml
index 73c9d96946e33..394b0c74d24ed 100644
--- a/.github/workflows/release-binaries-all.yml
+++ b/.github/workflows/release-binaries-all.yml
@@ -91,4 +91,8 @@ jobs:
       release-version: "${{ needs.setup-variables.outputs.release-version }}"
       upload: ${{ needs.setup-variables.outputs.upload == 'true'}}
       runs-on: "${{ matrix.runs-on }}"
-
+    secrets:
+      # This will be empty for pull_request events, but that's fine, because
+      # the release-binaries workflow does not use this secret for the
+      # pull_request event.
+      RELEASE_TASKS_USER_TOKEN: ${{ secrets.RELEASE_TASKS_USER_TOKEN }}
diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
index 7cc8b7a1e56e8..847fe000c19a3 100644
--- a/.github/workflows/release-binaries.yml
+++ b/.github/workflows/release-binaries.yml
@@ -37,6 +37,11 @@ on:
         description: "Runner to use for the build"
         required: true
         type: string
+    secrets:
+      RELEASE_TASKS_USER_TOKEN:
+        description: "Secret used to check user permissions."
+        required: false
+
 
 permissions:
   contents: read # Default everything to read-only

More information about the llvm-commits mailing list