[GitHub] Make release aduit more strict for LLVM 19 and beyond

DavidSpickett · DavidSpickett · commit 9872d043cb9c · 2025-02-05T11:40:10.000Z
Since 19, only release managers and the bot account can upload
assets. Third party builds are posted on the Discourse thread
instead.
diff --git a/.github/workflows/release-asset-audit.py b/.github/workflows/release-asset-audit.py
@@ -1,4 +1,5 @@
 import github
+import re
 import sys
 
 _SPECIAL_CASE_BINARIES = {
@@ -16,38 +17,70 @@ def _is_valid(uploader_name, valid_uploaders, asset_name):
     return False
 
 
-def main():
-    token = sys.argv[1]
-
-    gh = github.Github(login_or_token=token)
-    repo = gh.get_repo("llvm/llvm-project")
+def _get_uploaders(release_version):
+    # Until llvm 18, assets were uploaded by community members, the release managers
+    # and the GitHub Actions bot.
+    if release_version <= 18:
+        return set(
+            [
+                "DimitryAndric",
+                "stefanp-ibm",
+                "lei137",
+                "omjavaid",
+                "nicolerabjohn",
+                "amy-kwan",
+                "mandlebug",
+                "zmodem",
+                "androm3da",
+                "tru",
+                "rorth",
+                "quinnlp",
+                "kamaub",
+                "abrisco",
+                "jakeegan",
+                "maryammo",
+                "tstellar",
+                "github-actions[bot]",
+            ]
+        )
 
-    uploaders = set(
+    # llvm 19 and beyond, only the release managers and the GitHub Actions bot
+    # should be uploading assets.
+    return set(
         [
-            "DimitryAndric",
-            "stefanp-ibm",
-            "lei137",
-            "omjavaid",
-            "nicolerabjohn",
-            "amy-kwan",
-            "mandlebug",
-            "zmodem",
-            "androm3da",
             "tru",
-            "rovka",
-            "rorth",
-            "quinnlp",
-            "kamaub",
-            "abrisco",
-            "jakeegan",
-            "maryammo",
             "tstellar",
             "github-actions[bot]",
         ]
     )
 
+
+def _get_major_release_version(release_title):
+    # All release titles are of the form "LLVM X.Y.Z(-rcN)".
+    match = re.match("LLVM ([0-9]+)\.")
+    if match is None:
+        _write_comment_and_exit_with_error(
+            f'Could not parse release version from release title "{release_title}".'
+        )
+    else:
+        return int(match.groups(0))
+
+
+def _write_comment_and_exit_with_error(comment):
+    with open("comment", "w") as file:
+        file.write(comment)
+    sys.exit(1)
+
+
+def main():
+    token = sys.argv[1]
+
+    gh = github.Github(login_or_token=token)
+    repo = gh.get_repo("llvm/llvm-project")
+
     for release in repo.get_releases():
         print("Release:", release.title)
+        uploaders = _get_uploaders(release.title)
         for asset in release.get_assets():
             created_at = asset.created_at
             updated_at = (
@@ -57,9 +90,9 @@ def main():
                 f"{asset.name} : {asset.uploader.login} [{created_at} {updated_at}] ( {asset.download_count} )"
             )
             if not _is_valid(asset.uploader.login, uploaders, asset.name):
-                with open('comment', 'w') as file:
-                    file.write(f'@{asset.uploader.login} is not a valid uploader.')
-                sys.exit(1)
+                _write_comment_and_exit_with_error(
+                    f"@{asset.uploader.login} is not a valid uploader."
+                )
 
 
 if __name__ == "__main__":
