[llvm] [hlsl] Pin hlsl-test-all resusable workflow to main branch (PR #122518)
Tom Stellard via llvm-commits
llvm-commits at lists.llvm.org
Fri Jan 10 12:15:34 PST 2025
https://github.com/tstellar updated https://github.com/llvm/llvm-project/pull/122518
>From ae4befe91cbeeea52faf8aae2b4a3b122797c568 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Fri, 10 Jan 2025 11:40:41 -0800
Subject: [PATCH] [hlsl] Pin hlsl-test-all resusable workflow to main branch
This will cause each hlsl test workflow to load the hlsl-test-all file
from the main branch instead of from the source branch of the PR.
PROs:
* We can constrain use of the self-hosted Offload Runners to the
hlsl-test-all workflow.
* This will protect the runners from "Script Kiddie" attacks where
someone submits a PR with a malicious workflow to many repositories
at once.
CONs:
* This *will not* protect the Offload Runners from someone submitting a
PR that modifies the LLVM source to execute malicious code when built.
* It will not be possible to test changes to the hlsl-test-all workflow
in a PR. We would need to set up some other process for doing this
e.g. a special branch name that can be pushed to to test changes.
---
.github/workflows/hlsl-matrix.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/hlsl-matrix.yaml b/.github/workflows/hlsl-matrix.yaml
index c63a32acd2b3e0..e0185d19637ee3 100644
--- a/.github/workflows/hlsl-matrix.yaml
+++ b/.github/workflows/hlsl-matrix.yaml
@@ -23,7 +23,7 @@ jobs:
runs-on:
- hlsl-macos
- uses: ./.github/workflows/hlsl-test-all.yaml
+ uses: llvm/llvm-project/.github/workflows/hlsl-test-all.yaml at main
with:
SKU: hlsl-macos
TestTarget: check-hlsl-clang-mtl # TODO: This target changes based on SKU
More information about the llvm-commits
mailing list