diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/backport.yml | 2 | ||||
-rw-r--r-- | .github/workflows/basic-eval.yml | 6 | ||||
-rw-r--r-- | .github/workflows/check-by-name.yml | 36 | ||||
-rw-r--r-- | .github/workflows/check-cherry-picks.yml | 2 | ||||
-rw-r--r-- | .github/workflows/check-maintainers-sorted.yaml | 2 | ||||
-rw-r--r-- | .github/workflows/check-nix-format.yml | 11 | ||||
-rw-r--r-- | .github/workflows/editorconfig.yml | 2 | ||||
-rw-r--r-- | .github/workflows/manual-nixos.yml | 4 | ||||
-rw-r--r-- | .github/workflows/manual-nixpkgs.yml | 4 | ||||
-rw-r--r-- | .github/workflows/nix-parse.yml | 2 | ||||
-rw-r--r-- | .github/workflows/periodic-merge-24h.yml | 6 | ||||
-rw-r--r-- | .github/workflows/periodic-merge-6h.yml | 2 | ||||
-rw-r--r-- | .github/workflows/update-terraform-providers.yml | 4 |
13 files changed, 51 insertions, 32 deletions
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index d4e91e6a2a0c..188d2709740f 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs diff --git a/.github/workflows/basic-eval.yml b/.github/workflows/basic-eval.yml index 9008ca208e17..a5ada7a6e210 100644 --- a/.github/workflows/basic-eval.yml +++ b/.github/workflows/basic-eval.yml @@ -18,12 +18,12 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. name: nixpkgs-ci signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' # explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset - - run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]' + - run: nix-build pkgs/top-level/release.nix -A release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]' diff --git a/.github/workflows/check-by-name.yml b/.github/workflows/check-by-name.yml index bdc223e3d32c..ce7802f4aa8e 100644 --- a/.github/workflows/check-by-name.yml +++ b/.github/workflows/check-by-name.yml @@ -14,11 +14,16 @@ on: # While `edited` is also triggered when the PR title/body is changed, # this PR action is fairly quick, and PR's don't get edited that often, # so it shouldn't be a problem + # There is a feature request for adding a `base_changed` event: + # https://github.com/orgs/community/discussions/35058 types: [opened, synchronize, reopened, edited] -permissions: - # We need this permission to cancel the workflow run if there's a merge conflict - actions: write +permissions: {} + +# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit +# trigger), and contributers would get notified on any canceled run. +# There is a feature request for supressing notifications on concurrency-canceled runs: +# https://github.com/orgs/community/discussions/13015 jobs: check: @@ -39,7 +44,7 @@ jobs: # https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests # Retry the API query this many times - retryCount=3 + retryCount=5 # Start with 5 seconds, but double every retry retryInterval=5 while true; do @@ -72,31 +77,27 @@ jobs: if [[ "$mergeable" == "true" ]]; then echo "The PR can be merged, checking the merge commit $mergedSha" + echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" else - echo "The PR cannot be merged, it has a merge conflict, cancelling the workflow.." - gh api \ - --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/cancel - sleep 60 - # If it's still not canceled after a minute, something probably went wrong, just exit - exit 1 + echo "The PR cannot be merged, it has a merge conflict, skipping the rest.." fi - echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + if: env.mergedSha with: # pull_request_target checks out the base branch by default ref: ${{ env.mergedSha }} # Fetches the merge commit and its parents fetch-depth: 2 - name: Checking out base branch + if: env.mergedSha run: | base=$(mktemp -d) git worktree add "$base" "$(git rev-parse HEAD^1)" echo "base=$base" >> "$GITHUB_ENV" - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 + if: env.mergedSha - name: Fetching the pinned tool + if: env.mergedSha # Update the pinned version using pkgs/test/check-by-name/update-pinned-tool.sh run: | # The pinned version of the tooling to use @@ -107,6 +108,11 @@ jobs: # Adds a result symlink as a GC root nix-store --realise "$toolPath" --add-root result - name: Running nixpkgs-check-by-name + if: env.mergedSha + env: + # Force terminal colors to be enabled. The library that + # nixpkgs-check-by-name uses respects: https://bixense.com/clicolors/ + CLICOLOR_FORCE: 1 run: | if result/bin/nixpkgs-check-by-name --base "$base" .; then exit 0 diff --git a/.github/workflows/check-cherry-picks.yml b/.github/workflows/check-cherry-picks.yml index 8dfc3f6c0606..0bee949c3dbc 100644 --- a/.github/workflows/check-cherry-picks.yml +++ b/.github/workflows/check-cherry-picks.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 filter: blob:none diff --git a/.github/workflows/check-maintainers-sorted.yaml b/.github/workflows/check-maintainers-sorted.yaml index 74012e266365..8de3318589b8 100644 --- a/.github/workflows/check-maintainers-sorted.yaml +++ b/.github/workflows/check-maintainers-sorted.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/check-nix-format.yml b/.github/workflows/check-nix-format.yml index c1d87faca213..6003c9a0b841 100644 --- a/.github/workflows/check-nix-format.yml +++ b/.github/workflows/check-nix-format.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge @@ -32,11 +32,20 @@ jobs: # Each environment variable beginning with NIX_FMT_PATHS_ is a list of # paths to check with nixfmt. env: + NIX_FMT_PATHS_BSD: pkgs/os-specific/bsd + NIX_FMT_PATHS_MPVSCRIPTS: pkgs/applications/video/mpv/scripts # Format paths related to the Nixpkgs CUDA ecosystem. NIX_FMT_PATHS_CUDA: | pkgs/development/cuda-modules pkgs/test/cuda pkgs/top-level/cuda-packages.nix + NIX_FMT_PATHS_K3S: | + nixos/modules/services/cluster/k3s + nixos/tests/k3s + pkgs/applications/networking/cluster/k3s + NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions + NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages + NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php # Iterate over all environment variables beginning with NIX_FMT_PATHS_. run: | for env_var in "${!NIX_FMT_PATHS_@}"; do diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 168e5bccaea4..b2b96722993b 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -24,7 +24,7 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index 2ad091720511..f841fcadc500 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge @@ -22,7 +22,7 @@ jobs: with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. name: nixpkgs-ci diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index b56d89eccd61..7b2cef0e108b 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge @@ -24,7 +24,7 @@ jobs: with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. name: nixpkgs-ci diff --git a/.github/workflows/nix-parse.yml b/.github/workflows/nix-parse.yml index da2e942414e2..ffccf9d53de1 100644 --- a/.github/workflows/nix-parse.yml +++ b/.github/workflows/nix-parse.yml @@ -24,7 +24,7 @@ jobs: if [[ -s "$HOME/changed_files" ]]; then echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV" fi - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index 6adada59c5a5..261a2cdba45d 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -39,9 +39,13 @@ jobs: into: staging-next-23.11 - from: staging-next-23.11 into: staging-23.11 + - from: release-24.05 + into: staging-next-24.05 + - from: staging-next-24.05 + into: staging-24.05 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml index 6f188ee28d17..0a229052605e 100644 --- a/.github/workflows/periodic-merge-6h.yml +++ b/.github/workflows/periodic-merge-6h.yml @@ -39,7 +39,7 @@ jobs: into: staging name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 diff --git a/.github/workflows/update-terraform-providers.yml b/.github/workflows/update-terraform-providers.yml index 9b7ec5cc59b0..a1c949ba3770 100644 --- a/.github/workflows/update-terraform-providers.yml +++ b/.github/workflows/update-terraform-providers.yml @@ -16,7 +16,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 with: nix_path: nixpkgs=channel:nixpkgs-unstable @@ -46,7 +46,7 @@ jobs: run: | git clean -f - name: create PR - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 + uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4 with: body: | Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. |