[llvm] [hlsl] Pin hlsl-test-all resusable workflow to main branch (PR #122518)

[Tom Stellard via llvm-commits]

https://github.com/tstellar updated https://github.com/llvm/llvm-project/pull/122518

>From ae4befe91cbeeea52faf8aae2b4a3b122797c568 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Fri, 10 Jan 2025 11:40:41 -0800
Subject: [PATCH 1/2] [hlsl] Pin hlsl-test-all resusable workflow to main
 branch

This will cause each hlsl test workflow to load the hlsl-test-all file
from the main branch instead of from the source branch of the PR.

PROs:
 * We can constrain use of the self-hosted Offload Runners to the
   hlsl-test-all workflow.
 * This will protect the runners from "Script Kiddie" attacks where
   someone submits a PR with a malicious workflow to many repositories
   at once.

CONs:
 * This *will not* protect the Offload Runners from someone submitting a
   PR that modifies the LLVM source to execute malicious code when built.
 * It will not be possible to test changes to the hlsl-test-all workflow
   in a PR.  We would need to set up some other process for doing this
   e.g. a special branch name that can be pushed to to test changes.
---
 .github/workflows/hlsl-matrix.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/hlsl-matrix.yaml b/.github/workflows/hlsl-matrix.yaml
index c63a32acd2b3e0..e0185d19637ee3 100644
--- a/.github/workflows/hlsl-matrix.yaml
+++ b/.github/workflows/hlsl-matrix.yaml
@@ -23,7 +23,7 @@ jobs:
         runs-on:
           - hlsl-macos
 
-    uses: ./.github/workflows/hlsl-test-all.yaml
+    uses: llvm/llvm-project/.github/workflows/hlsl-test-all.yaml at main
     with:
       SKU: hlsl-macos
       TestTarget: check-hlsl-clang-mtl # TODO: This target changes based on SKU

>From 4050bd2b3aaad7bf7086ddae1c92e6085b9fcfcd Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Fri, 10 Jan 2025 11:57:33 -0800
Subject: [PATCH 2/2] Update hlsl-matrix.yaml

Try running with local workflow.
---
 .github/workflows/hlsl-matrix.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/hlsl-matrix.yaml b/.github/workflows/hlsl-matrix.yaml
index e0185d19637ee3..87673c27bc72dc 100644
--- a/.github/workflows/hlsl-matrix.yaml
+++ b/.github/workflows/hlsl-matrix.yaml
@@ -23,8 +23,8 @@ jobs:
         runs-on:
           - hlsl-macos
 
-    uses: llvm/llvm-project/.github/workflows/hlsl-test-all.yaml at main
+    uses: ./.github/workflows/hlsl-test-all.yaml
     with:
       SKU: hlsl-macos
       TestTarget: check-hlsl-clang-mtl # TODO: This target changes based on SKU
-      LLVM-ref: ${{ github.ref }}
+      LLVM-ref: ${{ github.ref }}