https://github.com/llvmbot created https://github.com/llvm/llvm-project/pull/125009
Backport b32e55df246e26f3ea8edc65e92e4c19d2658f0c Requested by: @tstellar >From 6e5ca597033d31c0661e41f7829a9918460bcf33 Mon Sep 17 00:00:00 2001 From: Tom Stellard <tstel...@redhat.com> Date: Wed, 29 Jan 2025 16:51:19 -0800 Subject: [PATCH] workflows/release-binaries: Stop using ccache (#124415) Using ccache relies on the GitHub Actions Cache, which may be susceptible to cache poisoning. See https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/ Even though these attacks may be difficult, it's better to err on the side of caution and ensure that the build environment for our releases is as isolated as possible. Additionally, ccache was only being used for the stage1 build, which is a small part of the overall build, so the speed up from using it was not that large. (cherry picked from commit b32e55df246e26f3ea8edc65e92e4c19d2658f0c) --- .github/workflows/release-binaries.yml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 2ca4aea8a3b0ee8..c49939ea48c5f30 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -226,14 +226,6 @@ jobs: id: setup-stage uses: ./workflows-main/.github/workflows/release-binaries-setup-stage - - name: Setup sccache - uses: hendrikmuhs/ccache-action@ca3acd2731eef11f1572ccb126356c2f9298d35e # v1.2.9 - with: - # Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174 - max-size: 2G - key: ${{ needs.prepare.outputs.ccache }}-${{ runner.os }}-${{ runner.arch }}-release - variant: ${{ needs.prepare.outputs.ccache }} - - name: Configure id: build shell: bash @@ -246,9 +238,8 @@ jobs: ${{ needs.prepare.outputs.target-cmake-flags }} \ -C clang/cmake/caches/Release.cmake \ -DBOOTSTRAP_LLVM_PARALLEL_LINK_JOBS=1 \ - -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" \ - -DCMAKE_C_COMPILER_LAUNCHER=$CCACHE_BIN \ - -DCMAKE_CXX_COMPILER_LAUNCHER=$CCACHE_BIN + -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" + - name: Build shell: bash run: | _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
