From b32e55df246e26f3ea8edc65e92e4c19d2658f0c Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Wed, 29 Jan 2025 16:51:19 -0800 Subject: [PATCH] workflows/release-binaries: Stop using ccache (#124415) Using ccache relies on the GitHub Actions Cache, which may be susceptible to cache poisoning. See https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/ Even though these attacks may be difficult, it's better to err on the side of caution and ensure that the build environment for our releases is as isolated as possible. Additionally, ccache was only being used for the stage1 build, which is a small part of the overall build, so the speed up from using it was not that large. --- .github/workflows/release-binaries.yml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 2ca4aea8a3b0..c49939ea48c5 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -226,14 +226,6 @@ jobs: id: setup-stage uses: ./workflows-main/.github/workflows/release-binaries-setup-stage - - name: Setup sccache - uses: hendrikmuhs/ccache-action@ca3acd2731eef11f1572ccb126356c2f9298d35e # v1.2.9 - with: - # Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174 - max-size: 2G - key: ${{ needs.prepare.outputs.ccache }}-${{ runner.os }}-${{ runner.arch }}-release - variant: ${{ needs.prepare.outputs.ccache }} - - name: Configure id: build shell: bash @@ -246,9 +238,8 @@ jobs: ${{ needs.prepare.outputs.target-cmake-flags }} \ -C clang/cmake/caches/Release.cmake \ -DBOOTSTRAP_LLVM_PARALLEL_LINK_JOBS=1 \ - -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" \ - -DCMAKE_C_COMPILER_LAUNCHER=$CCACHE_BIN \ - -DCMAKE_CXX_COMPILER_LAUNCHER=$CCACHE_BIN + -DBOOTSTRAP_CPACK_PACKAGE_FILE_NAME="${{ needs.prepare.outputs.release-binary-basename }}" + - name: Build shell: bash run: |