[llvm] workflows/release-binaries: Stop using ccache (PR #124415)

Tom Stellard via llvm-commits llvm-commits at lists.llvm.org
Sat Jan 25 08:30:14 PST 2025 

https://github.com/tstellar created https://github.com/llvm/llvm-project/pull/124415

Using ccache is a potential security risk, because the GitHub Actions cache is writable by pull requests, which means that any GitHub user could upload malicious data to the cache.

>From 2365109fe12fb6c40c405db2f1fa6dc8d413f980 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 25 Jan 2025 08:24:16 -0800
Subject: [PATCH] workflows/release-binaries: Stop using ccache

Using ccache is a potential security risk, because the GitHub Actions
cache is writable by pull requests, which means that any GitHub user
could upload malicious data to the cache.
---
 .github/workflows/release-binaries.yml | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
index f9a264e7cf48f1..9e74610723f156 100644
--- a/.github/workflows/release-binaries.yml
+++ b/.github/workflows/release-binaries.yml
@@ -216,14 +216,6 @@ jobs:
       id: setup-stage
       uses: ./workflows-main/.github/workflows/release-binaries-setup-stage
 
-    - name: Setup sccache
-      uses: hendrikmuhs/ccache-action at ca3acd2731eef11f1572ccb126356c2f9298d35e # v1.2.9
-      with:
-        # Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174
-        max-size: 2G
-        key: sccache-${{ runner.os }}-${{ runner.arch }}-release
-        variant: sccache
-
     - name: Configure
       id: build
       shell: bash
@@ -234,9 +226,7 @@ jobs:
             ${{ needs.prepare.outputs.target-cmake-flags }} \
             -C clang/cmake/caches/Release.cmake \
             -DBOOTSTRAP_LLVM_PARALLEL_LINK_JOBS=1 \
-            -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" \
-            -DCMAKE_C_COMPILER_LAUNCHER=sccache \
-            -DCMAKE_CXX_COMPILER_LAUNCHER=sccache
+            -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}"
     - name: Build
       shell: bash
       run: |

More information about the llvm-commits mailing list