diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/backport.yml | 29 | ||||
| -rw-r--r-- | .github/workflows/basic-eval.yml | 20 | ||||
| -rw-r--r-- | .github/workflows/direct-push.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/editorconfig.yml | 46 | ||||
| -rw-r--r-- | .github/workflows/labels.yml | 19 | ||||
| -rw-r--r-- | .github/workflows/manual-nixos.yml | 31 | ||||
| -rw-r--r-- | .github/workflows/manual-nixpkgs.yml | 31 | ||||
| -rw-r--r-- | .github/workflows/nixos-manual.yml | 26 | ||||
| -rw-r--r-- | .github/workflows/no-channel.yml | 21 | ||||
| -rw-r--r-- | .github/workflows/pending-clear.yml | 21 | ||||
| -rw-r--r-- | .github/workflows/pending-set.yml | 21 | ||||
| -rw-r--r-- | .github/workflows/periodic-merge-24h.yml | 49 | ||||
| -rw-r--r-- | .github/workflows/periodic-merge-6h.yml | 55 |
13 files changed, 371 insertions, 30 deletions
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 00000000000..0e3f315bb0d --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,29 @@ +name: Backport +on: + pull_request_target: + types: [closed, labeled] +jobs: + backport: + name: Backport Pull Request + if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # required to find all branches + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - name: Create backport PRs + # should be kept in sync with `version` + uses: zeebe-io/backport-action@v0.0.5 + with: + # Config README: https://github.com/zeebe-io/backport-action#backport-action + github_token: ${{ secrets.GITHUB_TOKEN }} + github_workspace: ${{ github.workspace }} + # should be kept in sync with `uses` + version: v0.0.5 + pull_description: |- + Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. + + * [ ] Before merging, ensure that this backport complies with the [Criteria for Backporting](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#criteria-for-backporting-changes). + * Even as a non-commiter, if you find that it does not comply, leave a comment. diff --git a/.github/workflows/basic-eval.yml b/.github/workflows/basic-eval.yml new file mode 100644 index 00000000000..3d12eda314f --- /dev/null +++ b/.github/workflows/basic-eval.yml @@ -0,0 +1,20 @@ +name: Basic evaluation checks + +on: + pull_request: + branches: + - master + - release-** + push: + branches: + - master + - release-** +jobs: + tests: + runs-on: ubuntu-latest + # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v13 + # explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset + - run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]' diff --git a/.github/workflows/direct-push.yml b/.github/workflows/direct-push.yml new file mode 100644 index 00000000000..459475c3c6b --- /dev/null +++ b/.github/workflows/direct-push.yml @@ -0,0 +1,32 @@ +name: "Direct Push Warning" +on: + push: + branches: + - master + - release-** +jobs: + build: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REPOSITORY: ${{ github.repository }} + steps: + - name: Check if commit is a merge commit + id: ismerge + run: | + ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any') + echo "::set-output name=ismerge::$ISMERGE" + # github events are eventually consistent, so wait until changes propagate to thier DB + - run: sleep 60 + if: steps.ismerge.outputs.ismerge != 'true' + - name: Warn if the commit was a direct push + if: steps.ismerge.outputs.ismerge != 'true' + uses: peter-evans/commit-comment@v1 + with: + body: | + @${{ github.actor }}, you pushed a commit directly to master/release branch + instead of going through a Pull Request. + + That's highly discouraged beyond the few exceptions listed + on https://github.com/NixOS/nixpkgs/issues/118661 diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml new file mode 100644 index 00000000000..4960e9fd3d2 --- /dev/null +++ b/.github/workflows/editorconfig.yml @@ -0,0 +1,46 @@ +name: "Checking EditorConfig" + +permissions: read-all + +on: + # avoids approving first time contributors + pull_request_target: + branches-ignore: + - 'release-**' + +jobs: + tests: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - name: Get list of changed files from PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo 'PR_DIFF<<EOF' >> $GITHUB_ENV + gh api \ + repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \ + | jq '.[] | select(.status != "removed") | .filename' \ + >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + if: env.PR_DIFF + - uses: cachix/install-nix-action@v13 + if: env.PR_DIFF + with: + # nixpkgs commit is pinned so that it doesn't break + nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/f93ecc4f6bc60414d8b73dbdf615ceb6a2c604df.tar.gz + - name: install editorconfig-checker + run: nix-env -iA editorconfig-checker -f '<nixpkgs>' + if: env.PR_DIFF + - name: Checking EditorConfig + if: env.PR_DIFF + run: | + echo "$PR_DIFF" | xargs editorconfig-checker -disable-indent-size + - if: ${{ failure() }} + run: | + echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again." + diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml new file mode 100644 index 00000000000..4d1e2a2a0f9 --- /dev/null +++ b/.github/workflows/labels.yml @@ -0,0 +1,19 @@ +name: "Label PR" + +on: + pull_request_target: + types: [edited, opened, synchronize, reopened] + +permissions: + contents: read + pull-requests: write + +jobs: + labels: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/labeler@v3 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + sync-labels: true diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml new file mode 100644 index 00000000000..edd2755302a --- /dev/null +++ b/.github/workflows/manual-nixos.yml @@ -0,0 +1,31 @@ +name: "Build NixOS manual" + +permissions: read-all + +on: + pull_request_target: + branches: + - master + paths: + - 'nixos/**' + +jobs: + nixos: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v13 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v10 + with: + # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building NixOS manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml new file mode 100644 index 00000000000..e27a281a933 --- /dev/null +++ b/.github/workflows/manual-nixpkgs.yml @@ -0,0 +1,31 @@ +name: "Build Nixpkgs manual" + +permissions: read-all + +on: + pull_request_target: + branches: + - master + paths: + - 'doc/**' + +jobs: + nixpkgs: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v13 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v10 + with: + # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building Nixpkgs manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual diff --git a/.github/workflows/nixos-manual.yml b/.github/workflows/nixos-manual.yml new file mode 100644 index 00000000000..2a1c1c29738 --- /dev/null +++ b/.github/workflows/nixos-manual.yml @@ -0,0 +1,26 @@ +name: NixOS manual checks + +permissions: read-all + +on: + pull_request_target: + branches-ignore: + - 'release-**' + paths: + - 'nixos/**/*.xml' + - 'nixos/**/*.md' + +jobs: + tests: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v12 + - name: Check DocBook files generated from Markdown are consistent + run: | + nixos/doc/manual/md-to-db.sh + git diff --exit-code diff --git a/.github/workflows/no-channel.yml b/.github/workflows/no-channel.yml new file mode 100644 index 00000000000..fb9a95851f0 --- /dev/null +++ b/.github/workflows/no-channel.yml @@ -0,0 +1,21 @@ +name: "No channel PR" + +on: + pull_request: + branches: + - 'nixos-**' + - 'nixpkgs-**' + +jobs: + fail: + name: "This PR is is targeting a channel branch" + runs-on: ubuntu-latest + steps: + - run: | + cat <<EOF + The nixos-* and nixpkgs-* branches are pushed to by the channel + release script and should not be merged into directly. + + Please target the equivalent release-* branch or master instead. + EOF + exit 1 diff --git a/.github/workflows/pending-clear.yml b/.github/workflows/pending-clear.yml index d888a414506..d06b1e2143f 100644 --- a/.github/workflows/pending-clear.yml +++ b/.github/workflows/pending-clear.yml @@ -12,19 +12,10 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.check_suite.app.name == 'OfBorg' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GSU_VERSION: "0.5.0" - GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download" run: | - curl -sSf -O -L -C - \ - "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \ - chmod +x github-status-updater_linux_amd64 && \ - ./github-status-updater_linux_amd64 \ - -action update_state \ - -token "$GITHUB_TOKEN" \ - -owner NixOS \ - -repo nixpkgs \ - -state success \ - -context "Wait for ofborg" \ - -description " " \ - -url " " \ - -ref "${{ github.event.check_suite.head_sha }}" + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_TOKEN" \ + -d '{"state": "success", "target_url": " ", "description": " ", "context": "Wait for ofborg"}' \ + "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.check_suite.head_sha }}" diff --git a/.github/workflows/pending-set.yml b/.github/workflows/pending-set.yml index ee1d537295c..944d1deefb9 100644 --- a/.github/workflows/pending-set.yml +++ b/.github/workflows/pending-set.yml @@ -11,19 +11,10 @@ jobs: if: github.repository_owner == 'NixOS' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GSU_VERSION: "0.5.0" - GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download" run: | - curl -sSf -O -L -C - \ - "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \ - chmod +x github-status-updater_linux_amd64 && \ - ./github-status-updater_linux_amd64 \ - -action update_state \ - -token "$GITHUB_TOKEN" \ - -owner NixOS \ - -repo nixpkgs \ - -state failure \ - -context "Wait for ofborg" \ - -description "This failed status will be cleared when ofborg finishes eval." \ - -url " " \ - -ref "${{ github.event.pull_request.head.sha }}" + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_TOKEN" \ + -d '{"state": "pending", "target_url": " ", "description": "This pending status will be cleared when ofborg starts eval.", "context": "Wait for ofborg"}' \ + "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.pull_request.head.sha }}" diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml new file mode 100644 index 00000000000..341656d9392 --- /dev/null +++ b/.github/workflows/periodic-merge-24h.yml @@ -0,0 +1,49 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges (24h)" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 24 hours + - cron: '0 0 * * *' + +jobs: + periodic-merge: + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: haskell-updates + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@v2 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@v1.3.1 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@v1 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml new file mode 100644 index 00000000000..8ec4da1d877 --- /dev/null +++ b/.github/workflows/periodic-merge-6h.yml @@ -0,0 +1,55 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges (6h)" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 6 hours + - cron: '0 */6 * * *' + +jobs: + periodic-merge: + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: staging-next + - from: staging-next + into: staging + - from: release-21.05 + into: staging-next-21.05 + - from: staging-next-21.05 + into: staging-21.05 + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@v2 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@v1.3.1 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@v1 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). |