[GitHub] Make release aduit more strict for LLVM 19 and beyond

Since 19, only release managers and the bot account can upload assets. Third party builds are posted on the Discourse thread instead.
llvm · Feb 5, 2025 · ac11ecf · ac11ecf
1 parent e596387
commit ac11ecf
Showing 1 changed file with 58 additions and 25 deletions.
diff --git a/.github/workflows/release-asset-audit.py b/.github/workflows/release-asset-audit.py
@@ -1,4 +1,5 @@
 import github
+import re
 import sys
 
 _SPECIAL_CASE_BINARIES = {
@@ -16,37 +17,69 @@ def _is_valid(uploader_name, valid_uploaders, asset_name):
     return False
 
 
-def main():
-    token = sys.argv[1]
-
-    gh = github.Github(login_or_token=token)
-    repo = gh.get_repo("llvm/llvm-project")
+def _get_uploaders(release_version):
+    # Until llvm 18, assets were uploaded by community members, the release managers
+    # and the GitHub Actions bot.
+    if release_version <= 18:
+        return set(
+            [
+                "DimitryAndric",
+                "stefanp-ibm",
+                "lei137",
+                "omjavaid",
+                "nicolerabjohn",
+                "amy-kwan",
+                "mandlebug",
+                "zmodem",
+                "androm3da",
+                "tru",
+                "rorth",
+                "quinnlp",
+                "kamaub",
+                "abrisco",
+                "jakeegan",
+                "maryammo",
+                "tstellar",
+                "github-actions[bot]",
+            ]
+        )
 
-    uploaders = set(
+    # llvm 19 and beyond, only the release managers and the GitHub Actions bot
+    # should be uploading assets.
+    return set(
         [
-            "DimitryAndric",
-            "stefanp-ibm",
-            "lei137",
-            "omjavaid",
-            "nicolerabjohn",
-            "amy-kwan",
-            "mandlebug",
-            "zmodem",
-            "androm3da",
             "tru",
-            "rovka",
-            "rorth",
-            "quinnlp",
-            "kamaub",
-            "abrisco",
-            "jakeegan",
-            "maryammo",
             "tstellar",
             "github-actions[bot]",
         ]
     )
 
+
+def _get_major_release_version(release_title):
+    # All release titles are of the form "LLVM X.Y.Z(-rcN)".
+    match = re.match("LLVM ([0-9]+)\.")
+    if match is None:
+        _write_comment_and_exit_with_error(
+            f'Could not parse release version from release title "{release_title}".'
+        )
+    else:
+        return int(match.groups(0))
+
+
+def _write_comment_and_exit_with_error(comment):
+    with open("comment", "w") as file:
+        file.write(comment)
+    sys.exit(1)
+
+
+def main():
+    token = sys.argv[1]
+
+    gh = github.Github(login_or_token=token)
+    repo = gh.get_repo("llvm/llvm-project")
+
     for release in repo.get_releases():
+        uploaders = _get_uploaders(release_version)
         print("Release:", release.title)
         for asset in release.get_assets():
             created_at = asset.created_at
@@ -57,9 +90,9 @@ def main():
                 f"{asset.name} : {asset.uploader.login} [{created_at} {updated_at}] ( {asset.download_count} )"
             )
             if not _is_valid(asset.uploader.login, uploaders, asset.name):
-                with open('comment', 'w') as file:
-                    file.write(f'@{asset.uploader.login} is not a valid uploader.')
-                sys.exit(1)
+                _write_comment_and_exit_with_error(
+                    f"@{asset.uploader.login} is not a valid uploader."
+                )
 
 
 if __name__ == "__main__":