diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/CODEOWNERS | 26 | ||||
-rw-r--r-- | .github/CONTRIBUTING.md | 19 | ||||
-rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 5 | ||||
-rw-r--r-- | .github/workflows/nixos-manual.yml | 7 | ||||
-rw-r--r-- | .github/workflows/rebase.yml | 134 |
5 files changed, 42 insertions, 149 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index be54040ca2e..64719a7bc3a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -82,13 +82,13 @@ /pkgs/development/interpreters/python/conda @DavHau # Haskell -/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn -/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn -/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn -/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn -/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn -/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn -/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn +/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn @expipiplus1 +/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn @expipiplus1 +/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn @expipiplus1 +/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn @expipiplus1 +/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn @expipiplus1 +/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn @expipiplus1 +/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn @expipiplus1 # Perl /pkgs/development/interpreters/perl @volth @stigtsp @@ -196,12 +196,12 @@ /nixos/tests/prometheus-exporters.nix @WilliButz # PHP interpreter, packages, extensions, tests and documentation -/doc/languages-frameworks/php.section.md @NixOS/php -/nixos/tests/php @NixOS/php -/pkgs/build-support/build-pecl.nix @NixOS/php -/pkgs/development/interpreters/php @NixOS/php -/pkgs/development/php-packages @NixOS/php -/pkgs/top-level/php-packages.nix @NixOS/php +/doc/languages-frameworks/php.section.md @NixOS/php @aanderse @etu @globin @ma27 @talyz +/nixos/tests/php @NixOS/php @aanderse @etu @globin @ma27 @talyz +/pkgs/build-support/build-pecl.nix @NixOS/php @aanderse @etu @globin @ma27 @talyz +/pkgs/development/interpreters/php @jtojnar @NixOS/php @aanderse @etu @globin @ma27 @talyz +/pkgs/development/php-packages @NixOS/php @aanderse @etu @globin @ma27 @talyz +/pkgs/top-level/php-packages.nix @jtojnar @NixOS/php @aanderse @etu @globin @ma27 @talyz # Podman, CRI-O modules and related /nixos/modules/virtualisation/containers.nix @NixOS/podman @zowoq diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index bc43f80a060..159b9f84348 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -59,6 +59,25 @@ Follow these steps to backport a change into a release branch in compliance with 5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`. 6. When the backport pull request is merged and you have the necessary privileges you can also replace the label `9.needs: port to stable` with `8.has: port to stable` on the original pull request. This way maintainers can keep track of missing backports easier. +## Criteria for Backporting changes + +Anything that does not cause user or downstream dependency regressions can be backported. This includes: +- New Packages / Modules +- Security / Patch updates +- Version updates which include new functionality (but no breaking changes) +- Services which require a client to be up-to-date regardless. (E.g. `spotify`, `steam`, or `discord`) +- Security critical applications (E.g. `firefox`) + +## Generating 21.11 Release Notes + +Documentation in nixpkgs is transitioning to a markdown-centric workflow. Release notes now require a translation step to convert from markdown to a compatible docbook document. + +Steps for updating 21.11 Release notes: + +1. Edit `nixos/doc/manual/release-notes/rl-2111.section.md` with the desired changes +2. Run `./nixos/doc/manual/md-to-db.sh` to render `nixos/doc/manual/from_md/release-notes/rl-2111.section.xml` +3. Include changes to `rl-2111.section.md` and `rl-2111.section.xml` in the same commit. + ## Reviewing contributions See the nixpkgs manual for more details on how to [Review contributions](https://nixos.org/nixpkgs/manual/#chap-reviewing-contributions). diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 73783432037..1c4d7aa0668 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -23,5 +23,8 @@ Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing- - [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review wip"` - [ ] Tested execution of all binary files (usually in `./result/bin/`) -- [ ] Added a release notes entry if the change is major or breaking +- [21.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#generating-2111-release-notes) + - [ ] (Package updates) Added a release notes entry if the change is major or breaking + - [ ] (Module updates) Added a release notes entry if the change is significant + - [ ] (Module addition) Added a release notes entry if adding a new NixOS module - [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md). diff --git a/.github/workflows/nixos-manual.yml b/.github/workflows/nixos-manual.yml index 80ffc9c12be..2a1c1c29738 100644 --- a/.github/workflows/nixos-manual.yml +++ b/.github/workflows/nixos-manual.yml @@ -1,7 +1,9 @@ name: NixOS manual checks +permissions: read-all + on: - pull_request: + pull_request_target: branches-ignore: - 'release-**' paths: @@ -14,6 +16,9 @@ jobs: if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v12 - name: Check DocBook files generated from Markdown are consistent run: | diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml deleted file mode 100644 index 47e8f4e4e42..00000000000 --- a/.github/workflows/rebase.yml +++ /dev/null @@ -1,134 +0,0 @@ -on: - issue_comment: - types: - - created - -# This action allows people with write access to the repo to rebase a PRs base branch -# by commenting `/rebase ${branch}` on the PR while avoiding CODEOWNER notifications. - -jobs: - rebase: - runs-on: ubuntu-latest - if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') - steps: - - uses: peter-evans/create-or-update-comment@v1 - with: - comment-id: ${{ github.event.comment.id }} - reactions: eyes - - uses: scherermichael-oss/action-has-permission@1.0.6 - id: check-write-access - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: check permissions - run: | - echo "Commenter doesn't have write access to the repo" - exit 1 - if: "! steps.check-write-access.outputs.has-permission" - - name: setup - run: | - curl "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}" 2>/dev/null >pr.json - cat <<EOF >>"$GITHUB_ENV" - CAN_MODIFY=$(jq -r '.maintainer_can_modify' pr.json) - COMMITS=$(jq -r '.commits' pr.json) - CURRENT_BASE=$(jq -r '.base.ref' pr.json) - PR_BRANCH=$(jq -r '.head.ref' pr.json) - COMMENT_BRANCH=$(echo ${{ github.event.comment.body }} | awk "/^\/rebase / {print \$2}") - PULL_REQUEST=${{ github.event.issue.number }} - EOF - rm pr.json - - name: check branch - env: - PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging" - VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|release-21.05|staging|staging-20.09|staging-21.05|staging-next|staging-next-21.05" - run: | - message() { - cat <<EOF - Can't rebase $PR_BRANCH from $CURRENT_BASE onto $COMMENT_BRANCH (PR:$PULL_REQUEST COMMITS:$COMMITS) - EOF - } - if ! [[ "$COMMENT_BRANCH" =~ ^($VALID_BRANCHES)$ ]]; then - cat <<EOF - Check that the branch from the comment is valid: - - $(message) - - This action can only rebase onto these branches: - - $VALID_BRANCHES - - \`/rebase \${branch}\` must be at the start of the line - EOF - exit 1 - fi - if [[ "$COMMENT_BRANCH" == "$CURRENT_BASE" ]]; then - cat <<EOF - Check that the branch from the comment isn't the current base branch: - - $(message) - EOF - exit 1 - fi - if [[ "$COMMENT_BRANCH" == "$PR_BRANCH" ]]; then - cat <<EOF - Check that the branch from the comment isn't the current branch: - - $(message) - EOF - exit 1 - fi - if [[ "$PR_BRANCH" =~ ^($PERMANENT_BRANCHES) ]]; then - cat <<EOF - Check that the PR branch isn't a permanent branch: - - $(message) - EOF - exit 1 - fi - if [[ "$CAN_MODIFY" != "true" ]]; then - cat <<EOF - Check that maintainers can edit the PR branch: - - $(message) - EOF - exit 1 - fi - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: rebase pull request - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - git fetch origin - gh pr checkout "$PULL_REQUEST" - git rebase \ - --onto="$(git merge-base origin/"$CURRENT_BASE" origin/"$COMMENT_BRANCH")" \ - "HEAD~$COMMITS" - git push --force - curl \ - -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -d "{ \"base\": \"$COMMENT_BRANCH\" }" \ - "https://api.github.com/repos/${{ github.repository }}/pulls/$PULL_REQUEST" - curl \ - -X PATCH \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -d '{ "state": "closed" }' \ - "https://api.github.com/repos/${{ github.repository }}/pulls/$PULL_REQUEST" - - uses: peter-evans/create-or-update-comment@v1 - with: - issue-number: ${{ github.event.issue.number }} - body: | - Rebased, please reopen the pull request to restart CI - - uses: peter-evans/create-or-update-comment@v1 - if: failure() - with: - issue-number: ${{ github.event.issue.number }} - body: | - [Failed to rebase](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) |