CI: Update repository owner conditions across CI workflows

[plfj]

Summary by Sourcery

Update GitHub Actions workflows to target the forked zrsx/llvm-project repository instead of the upstream llvm/llvm-project, including owner checks and repository references.

CI:

• Adjust workflow if conditions to run only when the repository owner is zrsx or the repository is zrsx/llvm-project across all CI pipelines.
• Update LLVM source checkout and ABI test configuration to reference zrsx/llvm-project instead of llvm/llvm-project where applicable.

Summary by CodeRabbit

• Chores
  • Updated repository ownership and repository name conditions across 35+ GitHub Actions workflow files from llvm to zrsx and from llvm/llvm-project to zrsx/llvm-project.
  • Updated job execution conditions to control when workflows run based on the new repository configuration.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9face0e6-57fd-402d-8eed-bc482c927880

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's Guide

Updates CI workflow conditions and repository references to target the 'zrsx' fork instead of the upstream 'llvm' organization, ensuring all guarded jobs and repo-specific operations run only on the forked repository.

File-Level Changes

Change	Details	Files
Retarget ABI test workflows to run only on the 'zrsx' repository and use the forked llvm-project for baseline builds.	Changed job-level if conditions from checking github.repository_owner == 'llvm' to github.repository_owner == 'zrsx' in llvm-abi-tests and libclang-abi-tests workflows. Updated the repository parameter in the ABI baseline build step to use zrsx/llvm-project instead of llvm/llvm-project.	.github/workflows/llvm-abi-tests.yml .github/workflows/libclang-abi-tests.yml
Constrain premerge and release workflows to the 'zrsx' owner and repository namespace.	Updated premerge job conditions to gate execution on github.repository_owner == 'zrsx'. Changed various workflow if conditions comparing github.repository or github.repository_owner from llvm/llvm-project or 'llvm' to zrsx/llvm-project or 'zrsx'. Adjusted issue-release workflow checkout to pull from zrsx/llvm-project rather than llvm/llvm-project.	.github/workflows/premerge.yaml .github/workflows/issue-release-workflow.yml .github/workflows/release-asset-audit.yml .github/workflows/release-binaries.yml .github/workflows/release-sources.yml
Update miscellaneous CI, automation, and tooling workflows to be active only for the 'zrsx' fork.	Changed owner- and repo-based if conditions in test, container build, metrics, documentation, email, subscription, PR/issue automation, release validation, security scorecard, and SPIR-V-related workflows from llvm/llvm-project or 'llvm' to zrsx/llvm-project or 'zrsx'. Ensured all affected jobs now check for the forked repository before running to avoid executing on upstream or other forks.	.github/workflows/test-unprivileged-download-artifact.yml .github/workflows/bazel-checks.yml .github/workflows/build-ci-container-tooling.yml .github/workflows/build-metrics-container.yml .github/workflows/check-ci.yml .github/workflows/ci-post-commit-analyzer.yml .github/workflows/commit-access-greeter.yml .github/workflows/commit-access-review.yml .github/workflows/docs.yml .github/workflows/email-check.yaml .github/workflows/issue-subscriber.yml .github/workflows/libclang-python-tests.yml .github/workflows/libcxx-build-containers.yml .github/workflows/llvm-bugs.yml .github/workflows/merged-prs.yml .github/workflows/mlir-spirv-tests.yml .github/workflows/new-issues.yml .github/workflows/new-prs.yml .github/workflows/pr-code-format.yml .github/workflows/pr-code-lint.yml .github/workflows/pr-subscriber.yml .github/workflows/release-tasks.yml .github/workflows/scorecard.yml .github/workflows/spirv-tests.yml .github/workflows/version-check.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• There are many repeated if conditions hardcoding zrsx or zrsx/llvm-project; consider centralizing these as reusable expressions (e.g., via a global env variable or composite/reusable workflows) so changing the target owner/repo in the future is less error-prone.
• The workflows mix github.repository_owner == 'zrsx' and github.repository == 'zrsx/llvm-project'; it may be worth standardizing on one style where possible to make the triggering behavior easier to reason about and audit.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- There are many repeated `if` conditions hardcoding `zrsx` or `zrsx/llvm-project`; consider centralizing these as reusable expressions (e.g., via a global `env` variable or composite/reusable workflows) so changing the target owner/repo in the future is less error-prone.
- The workflows mix `github.repository_owner == 'zrsx'` and `github.repository == 'zrsx/llvm-project'`; it may be worth standardizing on one style where possible to make the triggering behavior easier to reason about and audit.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/bazel-checks.yml:
- Line 22: The workflow still contains a mismatched repository condition: update
the remaining conditional that uses "github.repository == 'llvm/llvm-project'"
to the new owner "github.repository == 'zrsx/llvm-project'" so the bazel-build
job runs for the migrated repo; search for the string "github.repository ==
'llvm/llvm-project'" in .github/workflows/bazel-checks.yml and replace it with
"github.repository == 'zrsx/llvm-project'" (the other condition already uses
"github.repository == 'zrsx/llvm-project'").

In @.github/workflows/libcxx-build-containers.yml:
- Line 28: The workflow gate was changed to github.repository_owner == 'zrsx'
but image references still point to ghcr.io/llvm/... which will fail to push
using secrets.GITHUB_TOKEN from the fork; update the image registry references
(the ghcr.io/llvm/... usages) to use the dynamic owner (e.g. ghcr.io/${{
github.repository_owner }}/...) or otherwise derive the namespace from
github.repository_owner, and ensure publish/save steps that use
secrets.GITHUB_TOKEN or a PAT are wired to the correct repo/owner; look for and
update the image names used in the publish/save steps to match the owner gate
and confirm the token/permission source used for pushing images.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b26a5993-a4e8-4555-ac1b-454ead55f5cf

📥 Commits

Reviewing files that changed from the base of the PR and between f80f9ad and 1956c76.

📒 Files selected for processing (32)

• .github/workflows/bazel-checks.yml
• .github/workflows/build-ci-container-tooling.yml
• .github/workflows/build-metrics-container.yml
• .github/workflows/check-ci.yml
• .github/workflows/ci-post-commit-analyzer.yml
• .github/workflows/commit-access-greeter.yml
• .github/workflows/commit-access-review.yml
• .github/workflows/docs.yml
• .github/workflows/email-check.yaml
• .github/workflows/issue-release-workflow.yml
• .github/workflows/issue-subscriber.yml
• .github/workflows/libclang-abi-tests.yml
• .github/workflows/libclang-python-tests.yml
• .github/workflows/libcxx-build-containers.yml
• .github/workflows/llvm-abi-tests.yml
• .github/workflows/llvm-bugs.yml
• .github/workflows/merged-prs.yml
• .github/workflows/mlir-spirv-tests.yml
• .github/workflows/new-issues.yml
• .github/workflows/new-prs.yml
• .github/workflows/pr-code-format.yml
• .github/workflows/pr-code-lint.yml
• .github/workflows/pr-subscriber.yml
• .github/workflows/premerge.yaml
• .github/workflows/release-asset-audit.yml
• .github/workflows/release-binaries.yml
• .github/workflows/release-sources.yml
• .github/workflows/release-tasks.yml
• .github/workflows/scorecard.yml
• .github/workflows/spirv-tests.yml
• .github/workflows/test-unprivileged-download-artifact.yml
• .github/workflows/version-check.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Incomplete owner migration leaves Bazel build/test disabled for the target repo.

Line 41 still uses github.repository == 'llvm/llvm-project', so bazel-build won’t run in zrsx/llvm-project even though Line 22 was migrated. This breaks CI coverage for the main Bazel validation path.

Suggested fix

-    if: github.repository == 'llvm/llvm-project'
+    if: github.repository == 'zrsx/llvm-project'

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/bazel-checks.yml at line 22, The workflow still contains a
mismatched repository condition: update the remaining conditional that uses
"github.repository == 'llvm/llvm-project'" to the new owner "github.repository
== 'zrsx/llvm-project'" so the bazel-build job runs for the migrated repo;
search for the string "github.repository == 'llvm/llvm-project'" in
.github/workflows/bazel-checks.yml and replace it with "github.repository ==
'zrsx/llvm-project'" (the other condition already uses "github.repository ==
'zrsx/llvm-project'").

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Registry namespace is now inconsistent with the new owner gate.

With Line 28 switched to zrsx, this workflow runs in the fork, but image references at Lines 75-77 still use ghcr.io/llvm/.... Using secrets.GITHUB_TOKEN from zrsx/llvm-project is unlikely to have push rights there, so publish/save steps can fail.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/libcxx-build-containers.yml at line 28, The workflow gate
was changed to github.repository_owner == 'zrsx' but image references still
point to ghcr.io/llvm/... which will fail to push using secrets.GITHUB_TOKEN
from the fork; update the image registry references (the ghcr.io/llvm/...
usages) to use the dynamic owner (e.g. ghcr.io/${{ github.repository_owner
}}/...) or otherwise derive the namespace from github.repository_owner, and
ensure publish/save steps that use secrets.GITHUB_TOKEN or a PAT are wired to
the correct repo/owner; look for and update the image names used in the
publish/save steps to match the owner gate and confirm the token/permission
source used for pushing images.

[Aasyaco]

@coderabbitai Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/libcxx-build-containers.yml at line 28, The workflow gate
was changed to github.repository_owner == 'zrsx' but image references still
point to ghcr.io/llvm/... which will fail to push using secrets.GITHUB_TOKEN
from the fork; update the image registry references (the ghcr.io/llvm/...
usages) to use the dynamic owner (e.g. ghcr.io/${{ github.repository_owner
}}/...) or otherwise derive the namespace from github.repository_owner, and
ensure publish/save steps that use secrets.GITHUB_TOKEN or a PAT are wired to
the correct repo/owner; look for and update the image names used in the
publish/save steps to match the owner gate and confirm the token/permission
source used for pushing images.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
cat .github/workflows/libcxx-build-containers.yml

Length of output: 3355

---

🏁 Script executed:

#!/bin/bash
cat libcxx/utils/ci/docker/docker-compose.yml 2>/dev/null || echo "FILE NOT FOUND"
# Also search broadly for any ghcr.io/llvm references in the workflow
rg "ghcr\.io/llvm" .github/workflows/libcxx-build-containers.yml -n

Length of output: 2043

---

---

The finding is fully valid. Two locations are broken:

1. libcxx/utils/ci/docker/docker-compose.yml — all three image: fields are hardcoded to ghcr.io/llvm/…. Since docker compose push uses these image names as the push target, it will attempt to push to ghcr.io/llvm/… even when running under zrsx, which will fail with a 403 (the secrets.GITHUB_TOKEN is scoped to the current repo owner, zrsx).

2. .github/workflows/libcxx-build-containers.yml lines 75-77 — docker image save ghcr.io/llvm/… is also hardcoded.

The secrets.GITHUB_TOKEN / permissions: packages: write wiring is already correct — no change needed there.

• Pass REPO_OWNER env var from the workflow into every docker compose step so compose can interpolate it
• Update all three image: values in docker-compose.yml to use ${REPO_OWNER:-llvm} (safe fallback for local use)
• Update the three docker image save lines in the workflow to use ${{ github.repository_owner }}

---

Failed to handle agent chat message. Please try again.