From c5dc3692b8ce0037c7004f9e7aec3af206056244 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 26 Aug 2020 12:24:22 +1000 Subject: .github/workflow/pending-{set,clear}: check hash --- .github/workflows/pending-clear.yml | 5 +++++ .github/workflows/pending-set.yml | 5 +++++ 2 files changed, 10 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/pending-clear.yml b/.github/workflows/pending-clear.yml index d888a414506..e9eb9395bc4 100644 --- a/.github/workflows/pending-clear.yml +++ b/.github/workflows/pending-clear.yml @@ -13,10 +13,15 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GSU_VERSION: "0.5.0" + GSU_HASH: "49df54dc0ed5eaa037400b66be8114bd62fa0af51ed36565f6203dc312711cc6" GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download" run: | curl -sSf -O -L -C - \ "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \ + if [ "$(shasum -a 256 github-status-updater_linux_amd64 | cut -c1-64)" != "$GSU_HASH" ]; then + echo "checksum mismatch" + exit 1 + fi chmod +x github-status-updater_linux_amd64 && \ ./github-status-updater_linux_amd64 \ -action update_state \ diff --git a/.github/workflows/pending-set.yml b/.github/workflows/pending-set.yml index ee1d537295c..36104706b6f 100644 --- a/.github/workflows/pending-set.yml +++ b/.github/workflows/pending-set.yml @@ -12,10 +12,15 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GSU_VERSION: "0.5.0" + GSU_HASH: "49df54dc0ed5eaa037400b66be8114bd62fa0af51ed36565f6203dc312711cc6" GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download" run: | curl -sSf -O -L -C - \ "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \ + if [ "$(shasum -a 256 github-status-updater_linux_amd64 | cut -c1-64)" != "$GSU_HASH" ]; then + echo "checksum mismatch" + exit 1 + fi chmod +x github-status-updater_linux_amd64 && \ ./github-status-updater_linux_amd64 \ -action update_state \ -- cgit 1.4.1 From 64a2de1fc0c16b1a5ff9afe8c85aeb4dcfa019bb Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 26 Aug 2020 22:03:45 +1000 Subject: .github/workflow/pending-{set,clear}: switch to curl --- .github/workflows/pending-clear.yml | 26 ++++++-------------------- .github/workflows/pending-set.yml | 26 ++++++-------------------- 2 files changed, 12 insertions(+), 40 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/pending-clear.yml b/.github/workflows/pending-clear.yml index e9eb9395bc4..d06b1e2143f 100644 --- a/.github/workflows/pending-clear.yml +++ b/.github/workflows/pending-clear.yml @@ -12,24 +12,10 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.check_suite.app.name == 'OfBorg' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GSU_VERSION: "0.5.0" - GSU_HASH: "49df54dc0ed5eaa037400b66be8114bd62fa0af51ed36565f6203dc312711cc6" - GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download" run: | - curl -sSf -O -L -C - \ - "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \ - if [ "$(shasum -a 256 github-status-updater_linux_amd64 | cut -c1-64)" != "$GSU_HASH" ]; then - echo "checksum mismatch" - exit 1 - fi - chmod +x github-status-updater_linux_amd64 && \ - ./github-status-updater_linux_amd64 \ - -action update_state \ - -token "$GITHUB_TOKEN" \ - -owner NixOS \ - -repo nixpkgs \ - -state success \ - -context "Wait for ofborg" \ - -description " " \ - -url " " \ - -ref "${{ github.event.check_suite.head_sha }}" + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_TOKEN" \ + -d '{"state": "success", "target_url": " ", "description": " ", "context": "Wait for ofborg"}' \ + "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.check_suite.head_sha }}" diff --git a/.github/workflows/pending-set.yml b/.github/workflows/pending-set.yml index 36104706b6f..f59ac9439ea 100644 --- a/.github/workflows/pending-set.yml +++ b/.github/workflows/pending-set.yml @@ -11,24 +11,10 @@ jobs: if: github.repository_owner == 'NixOS' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GSU_VERSION: "0.5.0" - GSU_HASH: "49df54dc0ed5eaa037400b66be8114bd62fa0af51ed36565f6203dc312711cc6" - GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download" run: | - curl -sSf -O -L -C - \ - "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \ - if [ "$(shasum -a 256 github-status-updater_linux_amd64 | cut -c1-64)" != "$GSU_HASH" ]; then - echo "checksum mismatch" - exit 1 - fi - chmod +x github-status-updater_linux_amd64 && \ - ./github-status-updater_linux_amd64 \ - -action update_state \ - -token "$GITHUB_TOKEN" \ - -owner NixOS \ - -repo nixpkgs \ - -state failure \ - -context "Wait for ofborg" \ - -description "This failed status will be cleared when ofborg finishes eval." \ - -url " " \ - -ref "${{ github.event.pull_request.head.sha }}" + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_TOKEN" \ + -d '{"state": "failure", "target_url": " ", "description": "This failed status will be cleared when ofborg finishes eval.", "context": "Wait for ofborg"}' \ + "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.pull_request.head.sha }}" -- cgit 1.4.1 From d5fe18167deddc850d0aa5cac9fbec32250b3bb2 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 23 Aug 2020 19:22:58 +1000 Subject: .github/workflows: re-add editorconfig --- .github/workflows/editorconfig.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/editorconfig.yml (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml new file mode 100644 index 00000000000..98c7afbab78 --- /dev/null +++ b/.github/workflows/editorconfig.yml @@ -0,0 +1,27 @@ +name: "Checking EditorConfig" + +on: + pull_request: + +jobs: + tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: technote-space/get-diff-action@v3.1.0 + - name: Fetch editorconfig-checker + if: env.GIT_DIFF + env: + ECC_VERSION: "2.1.0" + ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" + run: | + curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \ + tar xzf ec-linux-amd64.tar.gz && \ + mv ./bin/ec-linux-amd64 ./bin/editorconfig-checker + - name: Checking EditorConfig + if: env.GIT_DIFF + run: | + ./bin/editorconfig-checker -disable-indentation \ + ${{ env.GIT_DIFF }} -- cgit 1.4.1 From b3d674549f29211cac2c322e4f3669a7a612f55c Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 2 Oct 2020 22:46:49 +1000 Subject: .github/workflows: build NixOS/Nixpkgs manuals (#88488) --- .github/workflows/manual-nixos.yml | 19 +++++++++++++++++++ .github/workflows/manual-nixpkgs.yml | 19 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 .github/workflows/manual-nixos.yml create mode 100644 .github/workflows/manual-nixpkgs.yml (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml new file mode 100644 index 00000000000..b28e1f98995 --- /dev/null +++ b/.github/workflows/manual-nixos.yml @@ -0,0 +1,19 @@ +name: "Build NixOS manual" + +on: + pull_request_target: + paths: + - 'nixos/**' + +jobs: + nixos: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v11 + - uses: cachix/cachix-action@v6 + with: + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building NixOS manual + run: nix-build nixos/release.nix -A manual.x86_64-linux diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml new file mode 100644 index 00000000000..05b29b10752 --- /dev/null +++ b/.github/workflows/manual-nixpkgs.yml @@ -0,0 +1,19 @@ +name: "Build Nixpkgs manual" + +on: + pull_request_target: + paths: + - 'doc/**' + +jobs: + nixpkgs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v11 + - uses: cachix/cachix-action@v6 + with: + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building Nixpkgs manual + run: nix-build pkgs/top-level/release.nix -A manual -- cgit 1.4.1 From 4e71acfe0032d6240fc7c261fb4007e72df82b4a Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 3 Oct 2020 20:23:18 +1000 Subject: Revert ".github/workflows: build NixOS/Nixpkgs manuals (#88488)" This reverts commit b3d674549f29211cac2c322e4f3669a7a612f55c. --- .github/workflows/manual-nixos.yml | 19 ------------------- .github/workflows/manual-nixpkgs.yml | 19 ------------------- 2 files changed, 38 deletions(-) delete mode 100644 .github/workflows/manual-nixos.yml delete mode 100644 .github/workflows/manual-nixpkgs.yml (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml deleted file mode 100644 index b28e1f98995..00000000000 --- a/.github/workflows/manual-nixos.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "Build NixOS manual" - -on: - pull_request_target: - paths: - - 'nixos/**' - -jobs: - nixos: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v11 - - uses: cachix/cachix-action@v6 - with: - name: nixpkgs-ci - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - - name: Building NixOS manual - run: nix-build nixos/release.nix -A manual.x86_64-linux diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml deleted file mode 100644 index 05b29b10752..00000000000 --- a/.github/workflows/manual-nixpkgs.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "Build Nixpkgs manual" - -on: - pull_request_target: - paths: - - 'doc/**' - -jobs: - nixpkgs: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v11 - - uses: cachix/cachix-action@v6 - with: - name: nixpkgs-ci - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - - name: Building Nixpkgs manual - run: nix-build pkgs/top-level/release.nix -A manual -- cgit 1.4.1 From 153fae45aa0968da2180c46486ff06463d5a9095 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 13 Oct 2020 09:07:23 +1000 Subject: .github/workflows/editorconfig.yml: get-diff-action 3.1.0 -> 4.0.0 --- .github/workflows/editorconfig.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 98c7afbab78..7f1808d35f2 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -10,7 +10,7 @@ jobs: - uses: actions/checkout@v2 with: fetch-depth: 0 - - uses: technote-space/get-diff-action@v3.1.0 + - uses: technote-space/get-diff-action@v4.0.0 - name: Fetch editorconfig-checker if: env.GIT_DIFF env: -- cgit 1.4.1 From a920bf43082e35faad01a5cc43d5212dfc3c9f26 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 20 Oct 2020 20:30:28 +1000 Subject: .github/workflows/editorconfig.yml: 2.1.0 -> 2.2.0 --- .github/workflows/editorconfig.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 7f1808d35f2..d61882c5040 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -14,7 +14,7 @@ jobs: - name: Fetch editorconfig-checker if: env.GIT_DIFF env: - ECC_VERSION: "2.1.0" + ECC_VERSION: "2.2.0" ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" run: | curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \ -- cgit 1.4.1 From 652195179a09d7ab5518680386f62bcaa10665dd Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 24 Oct 2020 12:23:38 +1000 Subject: .github/workflows/editorconfig.yml: check indent_style --- .github/workflows/editorconfig.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index d61882c5040..962f3ced398 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -23,5 +23,5 @@ jobs: - name: Checking EditorConfig if: env.GIT_DIFF run: | - ./bin/editorconfig-checker -disable-indentation \ + ./bin/editorconfig-checker -disable-indent-size \ ${{ env.GIT_DIFF }} -- cgit 1.4.1 From 4b5c6c8a58a164faaa9347957081fae36c8dc474 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 24 Oct 2020 12:24:25 +1000 Subject: .github/workflows/editorconfig.yml: disable for release branches --- .github/workflows/editorconfig.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 962f3ced398..be7a4ba02b6 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -2,6 +2,8 @@ name: "Checking EditorConfig" on: pull_request: + branches-ignore: + - 'release-**' jobs: tests: -- cgit 1.4.1 From 24884e5aac7c095ec2c8a895f8825a3f675088ec Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Fri, 27 Nov 2020 15:48:27 +0100 Subject: GH Action: merge staging(-next) periodically Automate the merging of `master` -> `staging-next` -> `staging`. Our main development branch is `master`. Large rebuilds go to `staging`. Periodically, `staging` is merged into `staging-next` for stabilization. When considered sufficiently stable, `staging-next` is merged into `master`. As changes arrive on these branches, it is important that they're all updated regularly with eachothers changes. This commit automates that part. --- .github/CODEOWNERS | 1 + .github/workflows/merge-staging.yml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 .github/workflows/merge-staging.yml (limited to '.github/workflows') diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 20668760d2d..9835b765461 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -12,6 +12,7 @@ # GitHub actions /.github/workflows @Mic92 @zowoq +/.github/workflows/merge-staging @FRidh # EditorConfig /.editorconfig @Mic92 @zowoq diff --git a/.github/workflows/merge-staging.yml b/.github/workflows/merge-staging.yml new file mode 100644 index 00000000000..a3dd1911370 --- /dev/null +++ b/.github/workflows/merge-staging.yml @@ -0,0 +1,30 @@ +name: "merge staging(-next)" + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 6 hours + - cron: '* */6 * * *' + +jobs: + sync-branch: + if: github.repository == 'NixOS/nixpkgs' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Merge master into staging-next + uses: devmasx/merge-branch@v1.3.1 + with: + type: now + from_branch: master + target_branch: staging-next + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Merge staging-next into staging + uses: devmasx/merge-branch@v1.3.1 + with: + type: now + from_branch: staging-next + target_branch: staging + github_token: ${{ secrets.GITHUB_TOKEN }} -- cgit 1.4.1 From 318f9290475f7fd295a7b6b1df0be907e24b63f9 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sat, 28 Nov 2020 15:53:17 +0100 Subject: GH Action: merge staging(-next): comment on failure Comment on the designated issue in case of a failure. Whoever wants to help out resolving merge conflicts can simply follow this issue. --- .github/workflows/merge-staging.yml | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/merge-staging.yml b/.github/workflows/merge-staging.yml index a3dd1911370..c76c66713cf 100644 --- a/.github/workflows/merge-staging.yml +++ b/.github/workflows/merge-staging.yml @@ -28,3 +28,12 @@ jobs: from_branch: staging-next target_branch: staging github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@v1 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + An automatic merge [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). + -- cgit 1.4.1 From d24639b341b2b17df1e48122ec61e8e5abb27d4c Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 2 Dec 2020 14:25:06 +0100 Subject: GH action: merge staging(-next): fix cron It went every minute past every 6th hour, which was too often. Now it should go on the zeroth minute every 6th hour. --- .github/workflows/merge-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/merge-staging.yml b/.github/workflows/merge-staging.yml index c76c66713cf..1aadef16328 100644 --- a/.github/workflows/merge-staging.yml +++ b/.github/workflows/merge-staging.yml @@ -4,7 +4,7 @@ on: schedule: # * is a special character in YAML so you have to quote this string # Merge every 6 hours - - cron: '* */6 * * *' + - cron: '0 */6 * * *' jobs: sync-branch: -- cgit 1.4.1 From 3f73b922700b6a8427e82702452a374d4719b52b Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 27 Dec 2020 18:30:10 +1000 Subject: .github/workflows/editorconfig.yml: use api for list of changed files faster than doing a full clone and using git diff --- .github/workflows/editorconfig.yml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index be7a4ba02b6..6935d0bbd21 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -8,13 +8,22 @@ on: jobs: tests: runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' steps: + - name: Get list of changed files from PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo 'PR_DIFF<> $GITHUB_ENV + gh api \ + repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \ + | jq '.[] | select(.status != "removed") | .filename' \ + >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: technote-space/get-diff-action@v4.0.0 + if: env.PR_DIFF - name: Fetch editorconfig-checker - if: env.GIT_DIFF + if: env.PR_DIFF env: ECC_VERSION: "2.2.0" ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" @@ -23,7 +32,6 @@ jobs: tar xzf ec-linux-amd64.tar.gz && \ mv ./bin/ec-linux-amd64 ./bin/editorconfig-checker - name: Checking EditorConfig - if: env.GIT_DIFF + if: env.PR_DIFF run: | - ./bin/editorconfig-checker -disable-indent-size \ - ${{ env.GIT_DIFF }} + echo "$PR_DIFF" | xargs ./bin/editorconfig-checker -disable-indent-size -- cgit 1.4.1 From 32ee74c0c9ad1f6d1563a15acd1dd942728d67d0 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 24 Dec 2020 13:02:34 +1000 Subject: .github/workflows: add rebase-staging.yml --- .github/workflows/rebase-staging.yml | 56 ++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/rebase-staging.yml (limited to '.github/workflows') diff --git a/.github/workflows/rebase-staging.yml b/.github/workflows/rebase-staging.yml new file mode 100644 index 00000000000..8214787778e --- /dev/null +++ b/.github/workflows/rebase-staging.yml @@ -0,0 +1,56 @@ +on: + issue_comment: + types: + - created + +# This action allows people with write access to the repo to rebase a PRs base branch from +# master to staging by commenting `/rebase-staging` on the PR while avoiding CODEOWNER notifications. + +jobs: + rebase: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase-staging') + steps: + - uses: scherermichael-oss/action-has-permission@1.0.6 + id: check-write-access + with: + required-permission: write + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: check base branch is master + if: steps.check-write-access.outputs.has-permission + run: | + if [ "$(curl https://api.github.com/repos/NixOS/nixpkgs/pulls/${{ github.event.issue.number }} | jq -r '.base.ref')" != "master" ]; then + echo "This action only works when the current base branch is master." + exit 1 + fi + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + if: steps.check-write-access.outputs.has-permission + - name: rebase pull request + if: steps.check-write-access.outputs.has-permission + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PULL_REQUEST: ${{ github.event.issue.number }} + run: | + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + git fetch origin + gh pr checkout "$PULL_REQUEST" + git rebase \ + --onto="$(git merge-base origin/master origin/staging)" \ + "HEAD~$(git rev-list --count HEAD ^master)" + git push --force + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_TOKEN" \ + -d '{ "base": "staging" }' \ + "https://api.github.com/repos/NixOS/nixpkgs/pulls/$PULL_REQUEST" + - uses: peter-evans/create-or-update-comment@v1 + if: ${{ failure() }} + with: + issue-number: ${{ github.event.issue.number }} + body: | + [Failed to rebase on `staging`](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}) -- cgit 1.4.1 From 84b57757ad488263b39e2fae80cbd48cf8d00130 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 6 Dec 2020 10:53:21 +1000 Subject: .github/workflows: build NixOS/Nixpkgs manuals with PR ref, restrict-eval and sandbox --- .github/workflows/manual-nixos.yml | 28 ++++++++++++++++++++++++++++ .github/workflows/manual-nixpkgs.yml | 28 ++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 .github/workflows/manual-nixos.yml create mode 100644 .github/workflows/manual-nixpkgs.yml (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml new file mode 100644 index 00000000000..341ff06db8a --- /dev/null +++ b/.github/workflows/manual-nixos.yml @@ -0,0 +1,28 @@ +name: "Build NixOS manual" + +on: + pull_request_target: + branches: + - master + paths: + - 'nixos/**' + +jobs: + nixos: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v12 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v8 + with: + # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building NixOS manual + run: nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml new file mode 100644 index 00000000000..b07563c9fcf --- /dev/null +++ b/.github/workflows/manual-nixpkgs.yml @@ -0,0 +1,28 @@ +name: "Build Nixpkgs manual" + +on: + pull_request_target: + branches: + - master + paths: + - 'doc/**' + +jobs: + nixpkgs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v12 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v8 + with: + # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building Nixpkgs manual + run: nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -- cgit 1.4.1 From 9304aa0fd47c6de4afd8ff7c4c38798d90d0f1ac Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 3 Jan 2021 09:45:19 +1000 Subject: .github/workflows/rebase-staging.yml: add reaction to the comment that started the job --- .github/workflows/rebase-staging.yml | 4 ++++ 1 file changed, 4 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/rebase-staging.yml b/.github/workflows/rebase-staging.yml index 8214787778e..61d60970610 100644 --- a/.github/workflows/rebase-staging.yml +++ b/.github/workflows/rebase-staging.yml @@ -11,6 +11,10 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase-staging') steps: + - uses: peter-evans/create-or-update-comment@v1 + with: + comment-id: ${{ github.event.commit.id }} + reactions: eyes - uses: scherermichael-oss/action-has-permission@1.0.6 id: check-write-access with: -- cgit 1.4.1 From e6f00abb561103bf62fe1f5968072da62394b1b4 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 3 Jan 2021 10:00:07 +1000 Subject: .github/workflows/rebase-staging.yml: commit -> comment --- .github/workflows/rebase-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/rebase-staging.yml b/.github/workflows/rebase-staging.yml index 61d60970610..41b06f95668 100644 --- a/.github/workflows/rebase-staging.yml +++ b/.github/workflows/rebase-staging.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: peter-evans/create-or-update-comment@v1 with: - comment-id: ${{ github.event.commit.id }} + comment-id: ${{ github.event.comment.id }} reactions: eyes - uses: scherermichael-oss/action-has-permission@1.0.6 id: check-write-access -- cgit 1.4.1 From 376b48b6040300550931d4425b8822c87a32bafe Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 3 Jan 2021 11:34:37 +1000 Subject: .github/workflows/manual-{nixos,nixpkgs}.yml: fix restrict eval needs an explicit NIX_PATH --- .github/workflows/manual-nixos.yml | 2 +- .github/workflows/manual-nixpkgs.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index 341ff06db8a..a75e8402930 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -25,4 +25,4 @@ jobs: name: nixpkgs-ci signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - name: Building NixOS manual - run: nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index b07563c9fcf..7596719d9b5 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -25,4 +25,4 @@ jobs: name: nixpkgs-ci signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - name: Building Nixpkgs manual - run: nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -- cgit 1.4.1 From 084fc49bf382455033a2f0faf9ae1e01c88a6ded Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 10 Jan 2021 06:55:15 +1000 Subject: .github/workflows/editorconfig.yml: 2.2.0 -> 2.3.1 --- .github/workflows/editorconfig.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 6935d0bbd21..270728a61c6 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -25,7 +25,7 @@ jobs: - name: Fetch editorconfig-checker if: env.PR_DIFF env: - ECC_VERSION: "2.2.0" + ECC_VERSION: "2.3.1" ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" run: | curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \ -- cgit 1.4.1 From ac98f9973f5c9af5e00c477af9b6d2d1b2ccdd2d Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Mon, 31 Aug 2020 09:40:30 +1000 Subject: .github/workflows/pending-set.yml: failed -> pending --- .github/workflows/pending-set.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/pending-set.yml b/.github/workflows/pending-set.yml index f59ac9439ea..944d1deefb9 100644 --- a/.github/workflows/pending-set.yml +++ b/.github/workflows/pending-set.yml @@ -16,5 +16,5 @@ jobs: -X POST \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: token $GITHUB_TOKEN" \ - -d '{"state": "failure", "target_url": " ", "description": "This failed status will be cleared when ofborg finishes eval.", "context": "Wait for ofborg"}' \ + -d '{"state": "pending", "target_url": " ", "description": "This pending status will be cleared when ofborg starts eval.", "context": "Wait for ofborg"}' \ "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.pull_request.head.sha }}" -- cgit 1.4.1 From fc3b385a4f1ec284f57fd8539eb90b7afb96add5 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 26 Jan 2021 17:48:46 +1000 Subject: .github/workflows/rebase.yml: rebase for multiple branches - Error if the commenter doesn't have write access or maintainers can't edit the PR branch. - Close and comment on PR after rebase so that actions are run when it's reopened. This doesn't happen currently as we're using the default github token which isn't allowed to trigger other actions. - Disallow unwanted rebases. e.g. invalid branches, redundant rebases or rebasing permanent branches onto permanent branches. --- .github/workflows/rebase-staging.yml | 60 ---------------- .github/workflows/rebase.yml | 134 +++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 60 deletions(-) delete mode 100644 .github/workflows/rebase-staging.yml create mode 100644 .github/workflows/rebase.yml (limited to '.github/workflows') diff --git a/.github/workflows/rebase-staging.yml b/.github/workflows/rebase-staging.yml deleted file mode 100644 index 41b06f95668..00000000000 --- a/.github/workflows/rebase-staging.yml +++ /dev/null @@ -1,60 +0,0 @@ -on: - issue_comment: - types: - - created - -# This action allows people with write access to the repo to rebase a PRs base branch from -# master to staging by commenting `/rebase-staging` on the PR while avoiding CODEOWNER notifications. - -jobs: - rebase: - runs-on: ubuntu-latest - if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase-staging') - steps: - - uses: peter-evans/create-or-update-comment@v1 - with: - comment-id: ${{ github.event.comment.id }} - reactions: eyes - - uses: scherermichael-oss/action-has-permission@1.0.6 - id: check-write-access - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: check base branch is master - if: steps.check-write-access.outputs.has-permission - run: | - if [ "$(curl https://api.github.com/repos/NixOS/nixpkgs/pulls/${{ github.event.issue.number }} | jq -r '.base.ref')" != "master" ]; then - echo "This action only works when the current base branch is master." - exit 1 - fi - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - if: steps.check-write-access.outputs.has-permission - - name: rebase pull request - if: steps.check-write-access.outputs.has-permission - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PULL_REQUEST: ${{ github.event.issue.number }} - run: | - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - git fetch origin - gh pr checkout "$PULL_REQUEST" - git rebase \ - --onto="$(git merge-base origin/master origin/staging)" \ - "HEAD~$(git rev-list --count HEAD ^master)" - git push --force - curl \ - -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -d '{ "base": "staging" }' \ - "https://api.github.com/repos/NixOS/nixpkgs/pulls/$PULL_REQUEST" - - uses: peter-evans/create-or-update-comment@v1 - if: ${{ failure() }} - with: - issue-number: ${{ github.event.issue.number }} - body: | - [Failed to rebase on `staging`](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}) diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml new file mode 100644 index 00000000000..50d066dd754 --- /dev/null +++ b/.github/workflows/rebase.yml @@ -0,0 +1,134 @@ +on: + issue_comment: + types: + - created + +# This action allows people with write access to the repo to rebase a PRs base branch +# by commenting `/rebase ${branch}` on the PR while avoiding CODEOWNER notifications. + +jobs: + rebase: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') + steps: + - uses: peter-evans/create-or-update-comment@v1 + with: + comment-id: ${{ github.event.comment.id }} + reactions: eyes + - uses: scherermichael-oss/action-has-permission@1.0.6 + id: check-write-access + with: + required-permission: write + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: check permissions + run: | + echo "Commenter doesn't have write access to the repo" + exit 1 + if: "! steps.check-write-access.outputs.has-permission" + - name: setup + run: | + curl "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}" 2>/dev/null >pr.json + cat <>"$GITHUB_ENV" + CAN_MODIFY=$(jq -r '.maintainer_can_modify' pr.json) + COMMITS=$(jq -r '.commits' pr.json) + CURRENT_BASE=$(jq -r '.base.ref' pr.json) + PR_BRANCH=$(jq -r '.head.ref' pr.json) + COMMENT_BRANCH=$(echo ${{ github.event.comment.body }} | awk "/^\/rebase / {print \$2}") + PULL_REQUEST=${{ github.event.issue.number }} + EOF + rm pr.json + - name: check branch + env: + PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging" + VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|staging|staging-20.09|staging-next" + run: | + message() { + cat < Date: Sat, 30 Jan 2021 14:41:31 +1000 Subject: .github/workflows/labels.yml: label PRs --- .github/labeler.yml | 149 +++++++++++++++++++++++++++++++++++++++++++ .github/workflows/labels.yml | 14 ++++ 2 files changed, 163 insertions(+) create mode 100644 .github/labeler.yml create mode 100644 .github/workflows/labels.yml (limited to '.github/workflows') diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 00000000000..7bb2552cf7a --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,149 @@ +"6.topic: agda": + - doc/languages-frameworks/agda.section.md + - nixos/tests/agda.nix + - pkgs/build-support/agda/**/* + - pkgs/development/libraries/agda/**/* + - pkgs/top-level/agda-packages.nix + +"6.topic: emacs": + - nixos/modules/services/editors/emacs.nix + - nixos/modules/services/editors/emacs.xml + - nixos/tests/emacs-daemon.nix + - pkgs/applications/editors/emacs-modes/**/* + - pkgs/applications/editors/emacs/**/* + - pkgs/build-support/emacs/**/* + - pkgs/top-level/emacs-packages.nix + +"6.topic: erlang": + - doc/languages-frameworks/beam.xml + - pkgs/development/beam-modules/**/* + - pkgs/development/interpreters/elixir/**/* + - pkgs/development/interpreters/erlang/**/* + - pkgs/development/tools/build-managers/rebar/**/* + - pkgs/development/tools/build-managers/rebar3/**/* + - pkgs/development/tools/erlang/**/* + - pkgs/development/tools/elixir/**/* + - pkgs/top-level/beam-packages.nix + +"6.topic: fetch": + - pkgs/build-support/fetch/**/* + +"6.topic: GNOME": + - pkgs/desktops/gnome-3/**/* + - nixos/modules/services/x11/desktop-managers/gnome3.nix + - nixos/tests/gnome3.nix + - nixos/tests/gnome3-xorg.nix + - nixos/modules/services/desktops/gnome3/**/* + - doc/languages-frameworks/gnome.xml + +"6.topic: golang": + - pkgs/development/compilers/go/**/* + - pkgs/development/go-modules/**/* + - doc/languages-frameworks/go.xml + +"6.topic: haskell": + - pkgs/development/compilers/ghc/**/* + - pkgs/development/tools/haskell/**/* + - pkgs/development/haskell-modules/**/* + - pkgs/top-level/haskell-packages.nix + - doc/languages-frameworks/haskell.md + +"6.topic: kernel": + - pkgs/build-support/linux/kernel/**/* + +"6.topic: lua": + - pkgs/development/lua-modules/**/* + - pkgs/top-level/lua-packages.nix + - pkgs/development/interpreters/lua-5/**/* + - pkgs/development/interpreters/luajit/**/* + +"6.topic: nixos": + - nixos/**/* + +"6.topic: ocaml": + - doc/languages-frameworks/ocaml.section.md + - pkgs/top-level/ocaml-packages.nix + - pkgs/development/ocaml-modules/**/* + - pkgs/development/compilers/ocaml/**/* + - pkgs/development/tools/ocaml/**/* + - pkgs/development/compilers/reason/**/* + +"6.topic: pantheon": + - pkgs/desktops/pantheon/**/* + - nixos/tests/pantheon.nix + - nixos/modules/services/x11/desktop-managers/pantheon.nix + - nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix + - nixos/modules/services/desktops/pantheon/**/* + +"6.topic: policy discussion": + - .github/**/* + +"6.topic: printing": + - pkgs/misc/cups/**/* + - nixos/modules/services/printing/cupsd.nix + +"6.topic: python": + - pkgs/top-level/python-packages.nix + - pkgs/development/interpreters/python/**/* + - pkgs/development/python-modules/**/* + - doc/languages-frameworks/python.md + +"6.topic: qt/kde": + - pkgs/applications/kde/**/* + - pkgs/desktops/plasma-5/**/* + - pkgs/development/libraries/kde-frameworks/**/* + - pkgs/development/libraries/qt-5/**/* + - doc/languages-frameworks/qt.xml + - nixos/modules/services/x11/desktop-managers/plasma5.nix + - nixos/tests/plasma5.nix + +"6.topic: ruby": + - pkgs/development/interpreters/ruby/**/* + - pkgs/development/ruby-modules/**/* + - doc/languages-frameworks/ruby.xml + +"6.topic: rust": + - pkgs/development/compilers/rust/**/* + - pkgs/build-support/rust/**/* + - doc/languages-frameworks/rust.md + +"6.topic: stdenv": + - pkgs/stdenv/**/* + +"6.topic: steam": + - pkgs/games/steam/**/* + +"6.topic: systemd": + - pkgs/os-specific/linux/systemd/**/* + - nixos/modules/system/boot/systemd/**/* + +"6.topic: TeX": + - pkgs/tools/typesetting/tex/**/* + - doc/languages-frameworks/texlive.xml + +"6.topic: vim": + - pkgs/applications/editors/vim/**/* + - pkgs/misc/vim-plugins/**/* + - doc/languages-frameworks/vim.md + +"6.topic: xfce": + - pkgs/desktops/xfce/**/* + - pkgs/destkops/xfce4-14/**/* + - nixos/doc/manual/configuration/xfce.xml + - nixos/modules/services/x11/desktop-managers/xfce4-14.nix + - nixos/modules/services/x11/desktop-managers/xfce.nix + - nixos/tests/xfce.nix + - nixos/tests/xfce4-14.nix + +"6.topic: cinnamon": + - pkgs/desktops/cinnamon/**/* + +"8.has: changelog": + - doc/manual/release-notes/**/* + +"8.has: documentation": + - doc/**/* + - nixos/doc/**/* + +"8.has: module (update)": + - nixos/modules/**/* diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml new file mode 100644 index 00000000000..1139807753d --- /dev/null +++ b/.github/workflows/labels.yml @@ -0,0 +1,14 @@ +name: "Label PR" + +on: + pull_request_target: + +jobs: + labels: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/labeler@v3 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + sync-labels: true -- cgit 1.4.1 From b83b95e37f96b4b8e158575d50a78d865849d181 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 30 Mar 2021 05:43:33 +1000 Subject: .github/workflows/editorconfig.yml: 2.3.1 -> 2.3.5 --- .github/workflows/editorconfig.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 270728a61c6..c20ed3ab768 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -25,7 +25,7 @@ jobs: - name: Fetch editorconfig-checker if: env.PR_DIFF env: - ECC_VERSION: "2.3.1" + ECC_VERSION: "2.3.5" ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" run: | curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \ -- cgit 1.4.1 From 574c4a7468cc4d3621a62378ece6959a8b51a4bf Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 3 Apr 2021 06:06:00 +1000 Subject: .github/workflows/labels.yml: set event types opened, synchronize, reopened are the defaults for `pull_request_target`, `edited` will trigger the label action if the PRs base branch is changed. --- .github/workflows/labels.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github/workflows') diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 1139807753d..4232ceb6236 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -2,6 +2,7 @@ name: "Label PR" on: pull_request_target: + types: [edited, opened, synchronize, reopened] jobs: labels: -- cgit 1.4.1 From dd2f61d22dc77bfd30a0c6d3ab8687c72f438653 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:08:21 +1000 Subject: .github/workflows/manual-*.yml: update cachix / install-nix actions --- .github/workflows/manual-nixos.yml | 4 ++-- .github/workflows/manual-nixpkgs.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index a75e8402930..fa1f8fc6911 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -15,11 +15,11 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v12 + - uses: cachix/install-nix-action@v13 with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@v8 + - uses: cachix/cachix-action@v9 with: # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. name: nixpkgs-ci diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index 7596719d9b5..192a4c6868a 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -15,11 +15,11 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v12 + - uses: cachix/install-nix-action@v13 with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@v8 + - uses: cachix/cachix-action@v9 with: # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. name: nixpkgs-ci -- cgit 1.4.1 From c9911f91ae02473f4c4616ff2c69a14c8beb5b01 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Mon, 19 Apr 2021 13:35:15 +0200 Subject: Add a warning comment on commits that violate https://github.com/NixOS/nixpkgs/issues/118661 --- .github/workflows/direct-push.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/direct-push.yml (limited to '.github/workflows') diff --git a/.github/workflows/direct-push.yml b/.github/workflows/direct-push.yml new file mode 100644 index 00000000000..db9da761760 --- /dev/null +++ b/.github/workflows/direct-push.yml @@ -0,0 +1,28 @@ +name: "Direct Push Warning" +on: + push: + branches: + - master + - release-** +jobs: + build: + runs-on: ubuntu-latest + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REPOSITORY: ${{ github.repository }} + steps: + - name: Check if commit is a merge commit + id: ismerge + run: | + ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any') + echo "::set-output name=ismerge::$ISMERGE" + - name: Warn if the commit was a direct push + if: steps.ismerge.outputs.ismerge != 'true' + uses: peter-evans/commit-comment@v1 + with: + body: | + @${{ github.actor }} pushed a commit directly to master/release branch + instead of going through a Pull Request. + + That's highly discouraged beyond the few exceptions listed + on https://github.com/NixOS/nixpkgs/issues/118661. -- cgit 1.4.1 From 932ffcd08d82b11a507c3a5d93f950f6036765c2 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Mon, 19 Apr 2021 14:06:54 +0200 Subject: Update .github/workflows/direct-push.yml Co-authored-by: Alyssa Ross --- .github/workflows/direct-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/direct-push.yml b/.github/workflows/direct-push.yml index db9da761760..554cffa3a99 100644 --- a/.github/workflows/direct-push.yml +++ b/.github/workflows/direct-push.yml @@ -21,7 +21,7 @@ jobs: uses: peter-evans/commit-comment@v1 with: body: | - @${{ github.actor }} pushed a commit directly to master/release branch + @${{ github.actor }}, you pushed a commit directly to master/release branch instead of going through a Pull Request. That's highly discouraged beyond the few exceptions listed -- cgit 1.4.1 From 436161a2b83cf747af18389d0f0520488b449c4c Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Tue, 20 Apr 2021 08:13:07 +0100 Subject: Update .github/workflows/direct-push.yml Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com> --- .github/workflows/direct-push.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/direct-push.yml b/.github/workflows/direct-push.yml index 554cffa3a99..6177004295f 100644 --- a/.github/workflows/direct-push.yml +++ b/.github/workflows/direct-push.yml @@ -7,6 +7,7 @@ on: jobs: build: runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' env: GITHUB_SHA: ${{ github.sha }} GITHUB_REPOSITORY: ${{ github.repository }} @@ -25,4 +26,4 @@ jobs: instead of going through a Pull Request. That's highly discouraged beyond the few exceptions listed - on https://github.com/NixOS/nixpkgs/issues/118661. + on https://github.com/NixOS/nixpkgs/issues/118661 -- cgit 1.4.1 From 9d95ba3dd6aaf60082e040f7762a81fb9cc23c67 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Sat, 24 Apr 2021 13:05:17 -0400 Subject: actions: add some permission restrictions --- .github/workflows/labels.yml | 4 ++++ .github/workflows/manual-nixos.yml | 2 ++ .github/workflows/manual-nixpkgs.yml | 2 ++ 3 files changed, 8 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 4232ceb6236..4d1e2a2a0f9 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -4,6 +4,10 @@ on: pull_request_target: types: [edited, opened, synchronize, reopened] +permissions: + contents: read + pull-requests: write + jobs: labels: runs-on: ubuntu-latest diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index fa1f8fc6911..c885f6f7665 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -1,5 +1,7 @@ name: "Build NixOS manual" +permissions: read-all + on: pull_request_target: branches: diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index 192a4c6868a..6f7ad10efd9 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -1,5 +1,7 @@ name: "Build Nixpkgs manual" +permissions: read-all + on: pull_request_target: branches: -- cgit 1.4.1 From 5ba2e4e9c65d32ea3d7def475655227a3835d2dc Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 28 Apr 2021 09:50:54 +1000 Subject: .github/workflows/editorconfig.yml: switch to pull_request_target - use pull_request_target to avoid having to manually approve the action - use nixpkgs editorconfig-checker rather than external binary --- .github/workflows/editorconfig.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index c20ed3ab768..2d7b9d7ce84 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -1,7 +1,9 @@ name: "Checking EditorConfig" +permissions: read-all + on: - pull_request: + pull_request_target: branches-ignore: - 'release-**' @@ -21,17 +23,19 @@ jobs: >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge if: env.PR_DIFF - - name: Fetch editorconfig-checker + - uses: cachix/install-nix-action@v13 if: env.PR_DIFF - env: - ECC_VERSION: "2.3.5" - ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" + - name: install editorconfig-checker from unstable channel run: | - curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \ - tar xzf ec-linux-amd64.tar.gz && \ - mv ./bin/ec-linux-amd64 ./bin/editorconfig-checker + nix-channel --add https://nixos.org/channels/nixpkgs-unstable + nix-channel --update + nix-env -iA nixpkgs.editorconfig-checker + if: env.PR_DIFF - name: Checking EditorConfig if: env.PR_DIFF run: | - echo "$PR_DIFF" | xargs ./bin/editorconfig-checker -disable-indent-size + echo "$PR_DIFF" | xargs editorconfig-checker -disable-indent-size -- cgit 1.4.1 From 433df32ddb83a90f95c7b37c6fd6b68d46cb9100 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Wed, 28 Apr 2021 19:58:29 +0200 Subject: editorconfig check: instruct user what to do --- .github/workflows/editorconfig.yml | 4 ++++ 1 file changed, 4 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 2d7b9d7ce84..a6e9eb8718b 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -39,3 +39,7 @@ jobs: if: env.PR_DIFF run: | echo "$PR_DIFF" | xargs editorconfig-checker -disable-indent-size + - if: ${{ failure() }} + run: | + echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again." + -- cgit 1.4.1 From 77215825ded540a994c5299b016d2e2c010c3940 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Wed, 28 Apr 2021 20:07:05 +0200 Subject: editorconfig check: avoid channels as they might break one day --- .github/workflows/editorconfig.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index a6e9eb8718b..4960e9fd3d2 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -3,6 +3,7 @@ name: "Checking EditorConfig" permissions: read-all on: + # avoids approving first time contributors pull_request_target: branches-ignore: - 'release-**' @@ -29,11 +30,11 @@ jobs: if: env.PR_DIFF - uses: cachix/install-nix-action@v13 if: env.PR_DIFF - - name: install editorconfig-checker from unstable channel - run: | - nix-channel --add https://nixos.org/channels/nixpkgs-unstable - nix-channel --update - nix-env -iA nixpkgs.editorconfig-checker + with: + # nixpkgs commit is pinned so that it doesn't break + nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/f93ecc4f6bc60414d8b73dbdf615ceb6a2c604df.tar.gz + - name: install editorconfig-checker + run: nix-env -iA editorconfig-checker -f '' if: env.PR_DIFF - name: Checking EditorConfig if: env.PR_DIFF -- cgit 1.4.1 From 6225647cfc829df39c46e4d02c28cea1f029b7db Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Thu, 13 May 2021 12:46:41 +0200 Subject: .github/workflows/merge-staging.yml: Include branch in comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If I receive the mail notification that staging(-next) merge failed, I either need to check `git log staging-next` or click the action run link to find out where should I resolve the conflict. To save time, let’s include the information about which step failed right in the comment. --- .github/workflows/merge-staging.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/merge-staging.yml b/.github/workflows/merge-staging.yml index 1aadef16328..f28c2ddfc78 100644 --- a/.github/workflows/merge-staging.yml +++ b/.github/workflows/merge-staging.yml @@ -14,6 +14,7 @@ jobs: - uses: actions/checkout@v2 - name: Merge master into staging-next + id: staging_next uses: devmasx/merge-branch@v1.3.1 with: type: now @@ -22,6 +23,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Merge staging-next into staging + id: staging uses: devmasx/merge-branch@v1.3.1 with: type: now @@ -35,5 +37,5 @@ jobs: with: issue-number: 105153 body: | - An automatic merge [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). + An automatic merge${{ (steps.staging_next.outcome == 'failure' && ' from master to staging-next') || ((steps.staging.outcome == 'failure' && ' from staging-next to staging') || '') }} [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). -- cgit 1.4.1 From 6c14851943fe55da9df88a502d1e1fe2271d9666 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 22 Dec 2020 21:56:46 -0800 Subject: nixos/doc: add md-to-db.sh, convert "Building Your Own NixOS CD" to CommonMark --- .github/workflows/nixos-manual.yml | 20 +++++++++++++ .../manual/development/building-nixos.chapter.md | 18 ++++++++++++ nixos/doc/manual/development/building-nixos.xml | 33 ---------------------- nixos/doc/manual/development/development.xml | 2 +- nixos/doc/manual/from_md/README.md | 5 ++++ .../from_md/development/building-nixos.chapter.xml | 33 ++++++++++++++++++++++ nixos/doc/manual/md-to-db.sh | 32 +++++++++++++++++++++ 7 files changed, 109 insertions(+), 34 deletions(-) create mode 100644 .github/workflows/nixos-manual.yml create mode 100644 nixos/doc/manual/development/building-nixos.chapter.md delete mode 100644 nixos/doc/manual/development/building-nixos.xml create mode 100644 nixos/doc/manual/from_md/README.md create mode 100644 nixos/doc/manual/from_md/development/building-nixos.chapter.xml create mode 100755 nixos/doc/manual/md-to-db.sh (limited to '.github/workflows') diff --git a/.github/workflows/nixos-manual.yml b/.github/workflows/nixos-manual.yml new file mode 100644 index 00000000000..101cd3906be --- /dev/null +++ b/.github/workflows/nixos-manual.yml @@ -0,0 +1,20 @@ +name: NixOS manual checks + +on: + pull_request: + branches-ignore: + - 'release-**' + paths: + - 'nixos/**/*.xml' + - 'nixos/**/*.md' + +jobs: + tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v12 + - name: Check DocBook files generated from Markdown are consistent + run: | + nixos/doc/manual/md-to-db.sh + git diff --exit-code diff --git a/nixos/doc/manual/development/building-nixos.chapter.md b/nixos/doc/manual/development/building-nixos.chapter.md new file mode 100644 index 00000000000..699a75f4115 --- /dev/null +++ b/nixos/doc/manual/development/building-nixos.chapter.md @@ -0,0 +1,18 @@ +# Building Your Own NixOS CD {#sec-building-cd} +Building a NixOS CD is as easy as configuring your own computer. The idea is to use another module which will replace your `configuration.nix` to configure the system that would be installed on the CD. + +Default CD/DVD configurations are available inside `nixos/modules/installer/cd-dvd` + +```ShellSession +$ git clone https://github.com/NixOS/nixpkgs.git +$ cd nixpkgs/nixos +$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix +``` + +Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command: + +```ShellSession +# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso +``` + +If you want to customize your NixOS CD in more detail, or generate other kinds of images, you might want to check out [nixos-generators](https://github.com/nix-community/nixos-generators). This can also be a good starting point when you want to use Nix to build a 'minimal' image that doesn't include a NixOS installation. diff --git a/nixos/doc/manual/development/building-nixos.xml b/nixos/doc/manual/development/building-nixos.xml deleted file mode 100644 index d58b6354d1d..00000000000 --- a/nixos/doc/manual/development/building-nixos.xml +++ /dev/null @@ -1,33 +0,0 @@ - - Building Your Own NixOS CD - - Building a NixOS CD is as easy as configuring your own computer. The idea is - to use another module which will replace your - configuration.nix to configure the system that would be - installed on the CD. - - - Default CD/DVD configurations are available inside - nixos/modules/installer/cd-dvd. - -$ git clone https://github.com/NixOS/nixpkgs.git -$ cd nixpkgs/nixos -$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix - - - Before burning your CD/DVD, you can check the content of the image by - mounting anywhere like suggested by the following command: - -# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso - - - If you want to customize your NixOS CD in more detail, or generate other kinds - of images, you might want to check out nixos-generators. This can also be a good starting point when you want to use Nix to build a - 'minimal' image that doesn't include a NixOS installation. - - diff --git a/nixos/doc/manual/development/development.xml b/nixos/doc/manual/development/development.xml index 43f511b3e96..78763a73505 100644 --- a/nixos/doc/manual/development/development.xml +++ b/nixos/doc/manual/development/development.xml @@ -13,7 +13,7 @@ - + diff --git a/nixos/doc/manual/from_md/README.md b/nixos/doc/manual/from_md/README.md new file mode 100644 index 00000000000..cc6d08ca0a1 --- /dev/null +++ b/nixos/doc/manual/from_md/README.md @@ -0,0 +1,5 @@ +This directory is temporarily needed while we transition the manual to CommonMark. It stores the output of the ../md-to-db.sh script that converts CommonMark files back to DocBook. + +We are choosing to convert the Markdown to DocBook at authoring time instead of manual building time, because we do not want the pandoc toolchain to become part of the NixOS closure. + +Do not edit the DocBook files inside this directory or its subdirectories. Instead, edit the corresponding .md file in the normal manual directories, and run ../md-to-db.sh to update the file here. diff --git a/nixos/doc/manual/from_md/development/building-nixos.chapter.xml b/nixos/doc/manual/from_md/development/building-nixos.chapter.xml new file mode 100644 index 00000000000..ceb744447da --- /dev/null +++ b/nixos/doc/manual/from_md/development/building-nixos.chapter.xml @@ -0,0 +1,33 @@ + + Building Your Own NixOS CD + + Building a NixOS CD is as easy as configuring your own computer. The + idea is to use another module which will replace your + configuration.nix to configure the system that + would be installed on the CD. + + + Default CD/DVD configurations are available inside + nixos/modules/installer/cd-dvd + + +$ git clone https://github.com/NixOS/nixpkgs.git +$ cd nixpkgs/nixos +$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix + + + Before burning your CD/DVD, you can check the content of the image + by mounting anywhere like suggested by the following command: + + +# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen> + + + If you want to customize your NixOS CD in more detail, or generate + other kinds of images, you might want to check out + nixos-generators. + This can also be a good starting point when you want to use Nix to + build a minimal image that doesn’t include a NixOS + installation. + + diff --git a/nixos/doc/manual/md-to-db.sh b/nixos/doc/manual/md-to-db.sh new file mode 100755 index 00000000000..a29d981d457 --- /dev/null +++ b/nixos/doc/manual/md-to-db.sh @@ -0,0 +1,32 @@ +#! /usr/bin/env nix-shell +#! nix-shell -I nixpkgs=channel:nixpkgs-unstable -i bash -p pandoc + +# This script is temporarily needed while we transition the manual to +# CommonMark. It converts the .md files in the regular manual folder +# into DocBook files in the from_md folder. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +pushd $DIR + +OUT="$DIR/from_md" +mapfile -t MD_FILES < <(find . -type f -regex '.*\.md$') + +for mf in ${MD_FILES[*]}; do + mkdir -p $(dirname "$OUT/$mf") + if [ "${mf: -11}" == ".section.md" ]; then + pandoc "$mf" -t docbook \ + --extract-media=media \ + -f markdown+smart \ + | cat > "$OUT/${mf%".section.md"}.section.xml" + fi + + if [ "${mf: -11}" == ".chapter.md" ]; then + pandoc "$mf" -t docbook \ + --top-level-division=chapter \ + --extract-media=media \ + -f markdown+smart \ + | cat > "$OUT/${mf%".chapter.md"}.chapter.xml" + fi +done + +popd -- cgit 1.4.1 From 031ea8124ced3bb2bd5522933140713d0c4d8362 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Mon, 24 May 2021 17:42:28 +0200 Subject: Add backporting action If "backport " label is applied to a PR, once the PR is merged, github-actions bot will create another PR targeting and cherry-picking commits. --- .github/workflows/backport.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/backport.yml (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 00000000000..375132133ca --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,20 @@ +name: Backport +on: + pull_request: + types: [closed] +jobs: + backport: + name: Create backport PRs + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.4 + with: + # required to find all branches + fetch-depth: 0 + - name: Create backport PRs + uses: zeebe-io/backport-action@9b8949dcd4295d364b0939f07d0c7593598d26cd + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + github_workspace: ${{ github.workspace }} + version: 9b8949dcd4295d364b0939f07d0c7593598d26cd -- cgit 1.4.1 From 8cb51f8c7424aaa1293e68e3b58680df1b831ec2 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 25 May 2021 08:33:32 +1000 Subject: .github/workflows/nixos-manual.yml: add repository_owner condition We have this set in the other actions, it prevents the action from running in PRs made against forks. --- .github/workflows/nixos-manual.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github/workflows') diff --git a/.github/workflows/nixos-manual.yml b/.github/workflows/nixos-manual.yml index 101cd3906be..80ffc9c12be 100644 --- a/.github/workflows/nixos-manual.yml +++ b/.github/workflows/nixos-manual.yml @@ -11,6 +11,7 @@ on: jobs: tests: runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v2 - uses: cachix/install-nix-action@v12 -- cgit 1.4.1 From fb3da87aa39f6786e808521a821e0fd24aae2743 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Tue, 25 May 2021 07:14:12 +0200 Subject: Update .github/workflows/backport.yml Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com> --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 375132133ca..591867c8399 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -5,7 +5,7 @@ on: jobs: backport: name: Create backport PRs - if: github.event.pull_request.merged == true + if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.3.4 -- cgit 1.4.1 From 68e65592e32117e7c15e87ec60d4147f37d7b0a6 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Tue, 25 May 2021 09:41:07 +0200 Subject: Update .github/workflows/backport.yml Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com> --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 591867c8399..9c1ddfadfca 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -8,7 +8,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v2 with: # required to find all branches fetch-depth: 0 -- cgit 1.4.1 From b26fc090cb4b35c923fc636cbdfd6b7346319587 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Tue, 25 May 2021 09:44:35 +0200 Subject: backport action: comment to keep pin in sync --- .github/workflows/backport.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 9c1ddfadfca..69da652ba59 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -13,8 +13,10 @@ jobs: # required to find all branches fetch-depth: 0 - name: Create backport PRs + # should be kept in sync with `version` uses: zeebe-io/backport-action@9b8949dcd4295d364b0939f07d0c7593598d26cd with: github_token: ${{ secrets.GITHUB_TOKEN }} github_workspace: ${{ github.workspace }} + # should be kept in sync with `uses` version: 9b8949dcd4295d364b0939f07d0c7593598d26cd -- cgit 1.4.1 From 4f6b97f2ac8c41a45b2672af6aac9dc48ec75f25 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 26 May 2021 05:02:50 +0200 Subject: .github/workflows/rebase.yml: update for 21.05 Adds three more valid branches to the rebase action. --- .github/workflows/rebase.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index 50d066dd754..47e8f4e4e42 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -41,7 +41,7 @@ jobs: - name: check branch env: PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging" - VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|staging|staging-20.09|staging-next" + VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|release-21.05|staging|staging-20.09|staging-21.05|staging-next|staging-next-21.05" run: | message() { cat < Date: Thu, 27 May 2021 10:10:50 +1000 Subject: .github/workflows/manual-{nixos,nixpkgs}.yml: add `repository_owner` condition We have this set in the other actions, it prevents the action from running in PRs made against forks. --- .github/workflows/manual-nixos.yml | 1 + .github/workflows/manual-nixpkgs.yml | 1 + 2 files changed, 2 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index c885f6f7665..032a456569d 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -12,6 +12,7 @@ on: jobs: nixos: runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v2 with: diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index 6f7ad10efd9..77655c494e0 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -12,6 +12,7 @@ on: jobs: nixpkgs: runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v2 with: -- cgit 1.4.1 From 8917ffe7232e1e9db23ec9405248fd1944d0b36f Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 27 May 2021 10:13:55 +1000 Subject: .github/workflows/merge-staging.yml: change condition to `repository_owner` This is consistent with the other actions. --- .github/workflows/merge-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/merge-staging.yml b/.github/workflows/merge-staging.yml index f28c2ddfc78..e499630a083 100644 --- a/.github/workflows/merge-staging.yml +++ b/.github/workflows/merge-staging.yml @@ -8,7 +8,7 @@ on: jobs: sync-branch: - if: github.repository == 'NixOS/nixpkgs' + if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 -- cgit 1.4.1 From 95fa2dda186b637fd4e798fa5bac5f24bf4fda61 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Fri, 28 May 2021 16:35:13 +0200 Subject: backport: set correct permissions --- .github/workflows/backport.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 69da652ba59..39c8a34bf9d 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -1,10 +1,10 @@ name: Backport on: - pull_request: + pull_request_target: types: [closed] jobs: backport: - name: Create backport PRs + name: Backport Pull Request if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: @@ -12,6 +12,7 @@ jobs: with: # required to find all branches fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs # should be kept in sync with `version` uses: zeebe-io/backport-action@9b8949dcd4295d364b0939f07d0c7593598d26cd -- cgit 1.4.1 From 9a80dbab1fdd6715662a9097f2cafa8fa1c6b4b5 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Fri, 28 May 2021 16:36:02 +0200 Subject: backport: trigger also if label is set after the merge --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 39c8a34bf9d..766b5aa831a 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -1,7 +1,7 @@ name: Backport on: pull_request_target: - types: [closed] + types: [closed, labeled] jobs: backport: name: Backport Pull Request -- cgit 1.4.1 From 0d2757302c75375dffe4dfec347d014559f7fcff Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Thu, 27 May 2021 06:49:11 -0700 Subject: .github/workflows/nixos-manual.yml: add permisssions so action runs don't require approval --- .github/workflows/nixos-manual.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/nixos-manual.yml b/.github/workflows/nixos-manual.yml index 80ffc9c12be..2a1c1c29738 100644 --- a/.github/workflows/nixos-manual.yml +++ b/.github/workflows/nixos-manual.yml @@ -1,7 +1,9 @@ name: NixOS manual checks +permissions: read-all + on: - pull_request: + pull_request_target: branches-ignore: - 'release-**' paths: @@ -14,6 +16,9 @@ jobs: if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v12 - name: Check DocBook files generated from Markdown are consistent run: | -- cgit 1.4.1 From 1ea409a4f01b4adf115fd798afe369a760240256 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 8 Jun 2021 20:35:39 +1000 Subject: .github/workflows/rebase.yml: remove It only works sometimes and we're unable to fix it. --- .github/workflows/rebase.yml | 134 ------------------------------------------- 1 file changed, 134 deletions(-) delete mode 100644 .github/workflows/rebase.yml (limited to '.github/workflows') diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml deleted file mode 100644 index 47e8f4e4e42..00000000000 --- a/.github/workflows/rebase.yml +++ /dev/null @@ -1,134 +0,0 @@ -on: - issue_comment: - types: - - created - -# This action allows people with write access to the repo to rebase a PRs base branch -# by commenting `/rebase ${branch}` on the PR while avoiding CODEOWNER notifications. - -jobs: - rebase: - runs-on: ubuntu-latest - if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') - steps: - - uses: peter-evans/create-or-update-comment@v1 - with: - comment-id: ${{ github.event.comment.id }} - reactions: eyes - - uses: scherermichael-oss/action-has-permission@1.0.6 - id: check-write-access - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: check permissions - run: | - echo "Commenter doesn't have write access to the repo" - exit 1 - if: "! steps.check-write-access.outputs.has-permission" - - name: setup - run: | - curl "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}" 2>/dev/null >pr.json - cat <>"$GITHUB_ENV" - CAN_MODIFY=$(jq -r '.maintainer_can_modify' pr.json) - COMMITS=$(jq -r '.commits' pr.json) - CURRENT_BASE=$(jq -r '.base.ref' pr.json) - PR_BRANCH=$(jq -r '.head.ref' pr.json) - COMMENT_BRANCH=$(echo ${{ github.event.comment.body }} | awk "/^\/rebase / {print \$2}") - PULL_REQUEST=${{ github.event.issue.number }} - EOF - rm pr.json - - name: check branch - env: - PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging" - VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|release-21.05|staging|staging-20.09|staging-21.05|staging-next|staging-next-21.05" - run: | - message() { - cat < Date: Mon, 14 Jun 2021 13:41:10 +0200 Subject: backport action: run only when the label starts with 'backport' --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 766b5aa831a..79af5835463 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -5,7 +5,7 @@ on: jobs: backport: name: Backport Pull Request - if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true + if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 -- cgit 1.4.1 From b390b929bd454cec2a291b6bdcf8bee7946a87b7 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Mon, 14 Jun 2021 13:47:22 +0200 Subject: direct-push action: delay to workaround eventually consistent DB --- .github/workflows/direct-push.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to '.github/workflows') diff --git a/.github/workflows/direct-push.yml b/.github/workflows/direct-push.yml index 6177004295f..459475c3c6b 100644 --- a/.github/workflows/direct-push.yml +++ b/.github/workflows/direct-push.yml @@ -17,6 +17,9 @@ jobs: run: | ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any') echo "::set-output name=ismerge::$ISMERGE" + # github events are eventually consistent, so wait until changes propagate to thier DB + - run: sleep 60 + if: steps.ismerge.outputs.ismerge != 'true' - name: Warn if the commit was a direct push if: steps.ismerge.outputs.ismerge != 'true' uses: peter-evans/commit-comment@v1 -- cgit 1.4.1 From f93aa9b94b0c025c6f531f243a2a13723959168a Mon Sep 17 00:00:00 2001 From: Niklas Hambüchen Date: Sat, 26 Jun 2021 04:33:03 +0200 Subject: backporting action: Link to backporting criteria. Automation tools should instruct their users clearly what tasks are still on the user. Updates the bot's version to get the `pull_description` feature: https://github.com/zeebe-io/backport-action/pull/64 --- .github/workflows/backport.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 79af5835463..5b38b94bd6d 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -15,9 +15,15 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs # should be kept in sync with `version` - uses: zeebe-io/backport-action@9b8949dcd4295d364b0939f07d0c7593598d26cd + uses: zeebe-io/backport-action@2b994724142df0774855690db56bc6308fb99ffa with: + # Config README: https://github.com/zeebe-io/backport-action#backport-action github_token: ${{ secrets.GITHUB_TOKEN }} github_workspace: ${{ github.workspace }} # should be kept in sync with `uses` - version: 9b8949dcd4295d364b0939f07d0c7593598d26cd + version: 2b994724142df0774855690db56bc6308fb99ffa + pull_description: |- + Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. + + * [ ] Before merging, ensure that this backport complies with the [Criteria for Backporting](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#criteria-for-backporting-changes). + * Even as a non-commiter, if you find that it does not comply, leave a comment. -- cgit 1.4.1 From 3c29ced243cc032806f680ae67845b9b3a879183 Mon Sep 17 00:00:00 2001 From: Niklas Hambüchen Date: Sat, 26 Jun 2021 04:37:39 +0200 Subject: CONTRIBUTING.md: Move to repo root, where it is more visible. We found that many users found it difficult to locate this document. Github supports it in the root, see: https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors --- .github/CONTRIBUTING.md | 85 -------------------------- .github/PULL_REQUEST_TEMPLATE.md | 4 +- .github/workflows/backport.yml | 2 +- CONTRIBUTING.md | 85 ++++++++++++++++++++++++++ README.md | 2 +- doc/contributing/submitting-changes.chapter.md | 4 +- 6 files changed, 91 insertions(+), 91 deletions(-) delete mode 100644 .github/CONTRIBUTING.md create mode 100644 CONTRIBUTING.md (limited to '.github/workflows') diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md deleted file mode 100644 index 5cf674ab10a..00000000000 --- a/.github/CONTRIBUTING.md +++ /dev/null @@ -1,85 +0,0 @@ -# How to contribute - -Note: contributing implies licensing those contributions -under the terms of [COPYING](../COPYING), which is an MIT-like license. - -## Opening issues - -* Make sure you have a [GitHub account](https://github.com/signup/free) -* Make sure there is no open issue on the topic -* [Submit a new issue](https://github.com/NixOS/nixpkgs/issues/new/choose) by choosing the kind of topic and fill out the template - -## Submitting changes - -* Format the commit messages in the following way: - - ``` - (pkg-name | nixos/): (from -> to | init at version | refactor | etc) - - (Motivation for change. Additional information.) - ``` - - For consistency, there should not be a period at the end of the commit message's summary line (the first line of the commit message). - - Examples: - - * nginx: init at 2.0.1 - * firefox: 54.0.1 -> 55.0 - * nixos/hydra: add bazBaz option - - Dual baz behavior is needed to do foo. - * nixos/nginx: refactor config generation - - The old config generation system used impure shell scripts and could break in specific circumstances (see #1234). - -* `meta.description` should: - * Be capitalized. - * Not start with the package name. - * Not have a period at the end. -* `meta.license` must be set and fit the upstream license. - * If there is no upstream license, `meta.license` should default to `lib.licenses.unfree`. -* `meta.maintainers` must be set. - -See the nixpkgs manual for more details on [standard meta-attributes](https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes) and on how to [submit changes to nixpkgs](https://nixos.org/nixpkgs/manual/#chap-submitting-changes). - -## Writing good commit messages - -In addition to writing properly formatted commit messages, it's important to include relevant information so other developers can later understand *why* a change was made. While this information usually can be found by digging code, mailing list/Discourse archives, pull request discussions or upstream changes, it may require a lot of work. - -For package version upgrades and such a one-line commit message is usually sufficient. - -## Backporting changes - -Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches). - -1. Take note of the commits in which the change was introduced into `master` branch. -2. Check out the target _release branch_, e.g. `release-20.09`. Do not use a _channel branch_ like `nixos-20.09` or `nixpkgs-20.09`. -3. Create a branch for your change, e.g. `git checkout -b backport`. -4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe ` and add a reason. Otherwise use `git cherry-pick -x `. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request. -5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`. -6. When the backport pull request is merged and you have the necessary privileges you can also replace the label `9.needs: port to stable` with `8.has: port to stable` on the original pull request. This way maintainers can keep track of missing backports easier. - -## Criteria for Backporting changes - -Anything that does not cause user or downstream dependency regressions can be backported. This includes: -- New Packages / Modules -- Security / Patch updates -- Version updates which include new functionality (but no breaking changes) -- Services which require a client to be up-to-date regardless. (E.g. `spotify`, `steam`, or `discord`) -- Security critical applications (E.g. `firefox`) - -## Generating 21.11 Release Notes - -(This section also applies to backporting 21.05 release notes: substitute "rl-2111" for "rl-2105".) - -Documentation in nixpkgs is transitioning to a markdown-centric workflow. Release notes now require a translation step to convert from markdown to a compatible docbook document. - -Steps for updating 21.11 Release notes: - -1. Edit `nixos/doc/manual/release-notes/rl-2111.section.md` with the desired changes -2. Run `./nixos/doc/manual/md-to-db.sh` to render `nixos/doc/manual/from_md/release-notes/rl-2111.section.xml` -3. Include changes to `rl-2111.section.md` and `rl-2111.section.xml` in the same commit. - -## Reviewing contributions - -See the nixpkgs manual for more details on how to [Review contributions](https://nixos.org/nixpkgs/manual/#chap-reviewing-contributions). diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 51a9e8bb21f..27d959410b6 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -23,8 +23,8 @@ Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing- - [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review wip"` - [ ] Tested execution of all binary files (usually in `./result/bin/`) -- [21.11 Release Notes (or backporting 21.05 Relase notes)](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#generating-2111-release-notes) +- [21.11 Release Notes (or backporting 21.05 Relase notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2111-release-notes) - [ ] (Package updates) Added a release notes entry if the change is major or breaking - [ ] (Module updates) Added a release notes entry if the change is significant - [ ] (Module addition) Added a release notes entry if adding a new NixOS module -- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md). +- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 5b38b94bd6d..bea970f02d4 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -25,5 +25,5 @@ jobs: pull_description: |- Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. - * [ ] Before merging, ensure that this backport complies with the [Criteria for Backporting](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#criteria-for-backporting-changes). + * [ ] Before merging, ensure that this backport complies with the [Criteria for Backporting](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#criteria-for-backporting-changes). * Even as a non-commiter, if you find that it does not comply, leave a comment. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000000..5cf674ab10a --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,85 @@ +# How to contribute + +Note: contributing implies licensing those contributions +under the terms of [COPYING](../COPYING), which is an MIT-like license. + +## Opening issues + +* Make sure you have a [GitHub account](https://github.com/signup/free) +* Make sure there is no open issue on the topic +* [Submit a new issue](https://github.com/NixOS/nixpkgs/issues/new/choose) by choosing the kind of topic and fill out the template + +## Submitting changes + +* Format the commit messages in the following way: + + ``` + (pkg-name | nixos/): (from -> to | init at version | refactor | etc) + + (Motivation for change. Additional information.) + ``` + + For consistency, there should not be a period at the end of the commit message's summary line (the first line of the commit message). + + Examples: + + * nginx: init at 2.0.1 + * firefox: 54.0.1 -> 55.0 + * nixos/hydra: add bazBaz option + + Dual baz behavior is needed to do foo. + * nixos/nginx: refactor config generation + + The old config generation system used impure shell scripts and could break in specific circumstances (see #1234). + +* `meta.description` should: + * Be capitalized. + * Not start with the package name. + * Not have a period at the end. +* `meta.license` must be set and fit the upstream license. + * If there is no upstream license, `meta.license` should default to `lib.licenses.unfree`. +* `meta.maintainers` must be set. + +See the nixpkgs manual for more details on [standard meta-attributes](https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes) and on how to [submit changes to nixpkgs](https://nixos.org/nixpkgs/manual/#chap-submitting-changes). + +## Writing good commit messages + +In addition to writing properly formatted commit messages, it's important to include relevant information so other developers can later understand *why* a change was made. While this information usually can be found by digging code, mailing list/Discourse archives, pull request discussions or upstream changes, it may require a lot of work. + +For package version upgrades and such a one-line commit message is usually sufficient. + +## Backporting changes + +Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches). + +1. Take note of the commits in which the change was introduced into `master` branch. +2. Check out the target _release branch_, e.g. `release-20.09`. Do not use a _channel branch_ like `nixos-20.09` or `nixpkgs-20.09`. +3. Create a branch for your change, e.g. `git checkout -b backport`. +4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe ` and add a reason. Otherwise use `git cherry-pick -x `. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request. +5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`. +6. When the backport pull request is merged and you have the necessary privileges you can also replace the label `9.needs: port to stable` with `8.has: port to stable` on the original pull request. This way maintainers can keep track of missing backports easier. + +## Criteria for Backporting changes + +Anything that does not cause user or downstream dependency regressions can be backported. This includes: +- New Packages / Modules +- Security / Patch updates +- Version updates which include new functionality (but no breaking changes) +- Services which require a client to be up-to-date regardless. (E.g. `spotify`, `steam`, or `discord`) +- Security critical applications (E.g. `firefox`) + +## Generating 21.11 Release Notes + +(This section also applies to backporting 21.05 release notes: substitute "rl-2111" for "rl-2105".) + +Documentation in nixpkgs is transitioning to a markdown-centric workflow. Release notes now require a translation step to convert from markdown to a compatible docbook document. + +Steps for updating 21.11 Release notes: + +1. Edit `nixos/doc/manual/release-notes/rl-2111.section.md` with the desired changes +2. Run `./nixos/doc/manual/md-to-db.sh` to render `nixos/doc/manual/from_md/release-notes/rl-2111.section.xml` +3. Include changes to `rl-2111.section.md` and `rl-2111.section.xml` in the same commit. + +## Reviewing contributions + +See the nixpkgs manual for more details on how to [Review contributions](https://nixos.org/nixpkgs/manual/#chap-reviewing-contributions). diff --git a/README.md b/README.md index 3a03be0d449..4519e85b2a8 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ Most contributions are based on and merged into these branches: deemed of sufficiently high quality For more information about contributing to the project, please visit -the [contributing page](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md). +the [contributing page](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). # Donations diff --git a/doc/contributing/submitting-changes.chapter.md b/doc/contributing/submitting-changes.chapter.md index 29b8ec493e7..221ba300619 100644 --- a/doc/contributing/submitting-changes.chapter.md +++ b/doc/contributing/submitting-changes.chapter.md @@ -62,7 +62,7 @@ - Push your changes to your fork of nixpkgs. - Create the pull request -- Follow [the contribution guidelines](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#submitting-changes). +- Follow [the contribution guidelines](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#submitting-changes). ## Submitting security fixes {#submitting-changes-submitting-security-fixes} @@ -193,7 +193,7 @@ It’s important to test any executables generated by a build when you change or ### Meets Nixpkgs contribution standards {#submitting-changes-contribution-standards} -The last checkbox is fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md). The contributing document has detailed information on standards the Nix community has for commit messages, reviews, licensing of contributions you make to the project, etc\... Everyone should read and understand the standards the community has for contributing before submitting a pull request. +The last checkbox is fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). The contributing document has detailed information on standards the Nix community has for commit messages, reviews, licensing of contributions you make to the project, etc\... Everyone should read and understand the standards the community has for contributing before submitting a pull request. ## Hotfixing pull requests {#submitting-changes-hotfixing-pull-requests} -- cgit 1.4.1 From 3f40ca48bc556da618cd8eb8aa802f91135d4c4a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 27 Jun 2021 13:10:34 +0200 Subject: .github/workflows/periodic-merge: generalize from merge-staging By generalizing the previous merge-staging action we can support a large number of branch pairs that need to be merged periodically. Provide two intervals, daily and every six hours, to accomodate different needs. Co-Authored-By: Malte Brandy --- .github/workflows/merge-staging.yml | 41 ------------------------ .github/workflows/periodic-merge-24h.yml | 49 ++++++++++++++++++++++++++++ .github/workflows/periodic-merge-6h.yml | 55 ++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+), 41 deletions(-) delete mode 100644 .github/workflows/merge-staging.yml create mode 100644 .github/workflows/periodic-merge-24h.yml create mode 100644 .github/workflows/periodic-merge-6h.yml (limited to '.github/workflows') diff --git a/.github/workflows/merge-staging.yml b/.github/workflows/merge-staging.yml deleted file mode 100644 index e499630a083..00000000000 --- a/.github/workflows/merge-staging.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "merge staging(-next)" - -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Merge every 6 hours - - cron: '0 */6 * * *' - -jobs: - sync-branch: - if: github.repository_owner == 'NixOS' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Merge master into staging-next - id: staging_next - uses: devmasx/merge-branch@v1.3.1 - with: - type: now - from_branch: master - target_branch: staging-next - github_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Merge staging-next into staging - id: staging - uses: devmasx/merge-branch@v1.3.1 - with: - type: now - from_branch: staging-next - target_branch: staging - github_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Comment on failure - uses: peter-evans/create-or-update-comment@v1 - if: ${{ failure() }} - with: - issue-number: 105153 - body: | - An automatic merge${{ (steps.staging_next.outcome == 'failure' && ' from master to staging-next') || ((steps.staging.outcome == 'failure' && ' from staging-next to staging') || '') }} [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). - diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml new file mode 100644 index 00000000000..3ad8f5cf5be --- /dev/null +++ b/.github/workflows/periodic-merge-24h.yml @@ -0,0 +1,49 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 6 hours + - cron: '0 */24 * * *' + +jobs: + periodic-merge: + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: haskell-updates + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@v2 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@v1.3.1 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@v1 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml new file mode 100644 index 00000000000..bbf62cb5dbc --- /dev/null +++ b/.github/workflows/periodic-merge-6h.yml @@ -0,0 +1,55 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 6 hours + - cron: '0 */6 * * *' + +jobs: + periodic-merge: + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: staging-next + - from: staging-next + into: staging + - from: release-21.05 + into: staging-next-21.05 + - from: staging-next-21.05 + into: staging-21.05 + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@v2 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@v1.3.1 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@v1 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). -- cgit 1.4.1 From 4acf281f00accf0533a78eff7f2f876aff1195b2 Mon Sep 17 00:00:00 2001 From: Malte Brandy Date: Thu, 1 Jul 2021 00:44:37 +0200 Subject: .github/workflows/periodic-merge-*: Tiny improvements --- .github/workflows/periodic-merge-24h.yml | 4 ++-- .github/workflows/periodic-merge-6h.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index 3ad8f5cf5be..adc8fa1e3ea 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -5,14 +5,14 @@ # * and make sure that all major rebuilds happen before the staging # branch get’s merged back into its base branch. -name: "Periodic Merges" +name: "Periodic Merges (24h)" on: schedule: # * is a special character in YAML so you have to quote this string # Merge every 6 hours - - cron: '0 */24 * * *' + - cron: '0 0 * * *' jobs: periodic-merge: diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml index bbf62cb5dbc..8ec4da1d877 100644 --- a/.github/workflows/periodic-merge-6h.yml +++ b/.github/workflows/periodic-merge-6h.yml @@ -5,7 +5,7 @@ # * and make sure that all major rebuilds happen before the staging # branch get’s merged back into its base branch. -name: "Periodic Merges" +name: "Periodic Merges (6h)" on: -- cgit 1.4.1 From 4b16b8c76bfbc33f082c980b21d2e7f2a605a5cd Mon Sep 17 00:00:00 2001 From: Dennis Gosnell Date: Thu, 1 Jul 2021 20:16:36 +0900 Subject: workflows: fix documentation for periodic 24 hours merge --- .github/workflows/periodic-merge-24h.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index adc8fa1e3ea..341656d9392 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -11,7 +11,7 @@ name: "Periodic Merges (24h)" on: schedule: # * is a special character in YAML so you have to quote this string - # Merge every 6 hours + # Merge every 24 hours - cron: '0 0 * * *' jobs: -- cgit 1.4.1 From 7904fffeefcdb673753defbc03564e9627f50531 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Tue, 6 Jul 2021 13:05:32 +0200 Subject: GHA: add basic eval checks --- .github/workflows/basic-eval.yml | 20 +++++++++ pkgs/top-level/make-tarball.nix | 54 ++++--------------------- pkgs/top-level/nixpkgs-basic-release-checks.nix | 53 ++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 47 deletions(-) create mode 100644 .github/workflows/basic-eval.yml create mode 100644 pkgs/top-level/nixpkgs-basic-release-checks.nix (limited to '.github/workflows') diff --git a/.github/workflows/basic-eval.yml b/.github/workflows/basic-eval.yml new file mode 100644 index 00000000000..3d12eda314f --- /dev/null +++ b/.github/workflows/basic-eval.yml @@ -0,0 +1,20 @@ +name: Basic evaluation checks + +on: + pull_request: + branches: + - master + - release-** + push: + branches: + - master + - release-** +jobs: + tests: + runs-on: ubuntu-latest + # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v13 + # explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset + - run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]' diff --git a/pkgs/top-level/make-tarball.nix b/pkgs/top-level/make-tarball.nix index d0728c5d1b2..ac6648374ab 100644 --- a/pkgs/top-level/make-tarball.nix +++ b/pkgs/top-level/make-tarball.nix @@ -10,9 +10,7 @@ , lib-tests ? import ../../lib/tests/release.nix { inherit pkgs; } }: -with pkgs; - -releaseTools.sourceTarball { +pkgs.releaseTools.sourceTarball { name = "nixpkgs-tarball"; src = nixpkgs; @@ -23,7 +21,7 @@ releaseTools.sourceTarball { then builtins.substring 0 8 (nixpkgs.lastModifiedDate or nixpkgs.lastModified) else toString nixpkgs.revCount}.${nixpkgs.shortRev or "dirty"}"; - buildInputs = [ nix.out jq lib-tests pkgs.brotli ]; + buildInputs = with pkgs; [ nix.out jq lib-tests pkgs.brotli ]; configurePhase = '' eval "$preConfigure" @@ -34,6 +32,9 @@ releaseTools.sourceTarball { echo "git-revision is $(cat .git-revision)" ''; + nixpkgs-basic-release-checks = import ./nixpkgs-basic-release-checks.nix + { inherit nix pkgs nixpkgs supportedSystems; }; + dontBuild = false; doCheck = true; @@ -46,47 +47,6 @@ releaseTools.sourceTarball { opts=(--option build-users-group "") nix-store --init - echo 'abort "Illegal use of in Nixpkgs."' > $TMPDIR/barf.nix - - # Make sure that Nixpkgs does not use . - badFiles=$(find pkgs -type f -name '*.nix' -print | xargs grep -l '^[^#]* to refer to itself." - echo "The offending files: $badFiles" - exit 1 - fi - - # Make sure that derivation paths do not depend on the Nixpkgs path. - mkdir $TMPDIR/foo - ln -s $(readlink -f .) $TMPDIR/foo/bar - p1=$(nix-instantiate ./. --dry-run -A firefox --show-trace) - p2=$(nix-instantiate $TMPDIR/foo/bar --dry-run -A firefox --show-trace) - if [ "$p1" != "$p2" ]; then - echo "Nixpkgs evaluation depends on Nixpkgs path ($p1 vs $p2)!" - exit 1 - fi - - # Check that all-packages.nix evaluates on a number of platforms without any warnings. - for platform in ${pkgs.lib.concatStringsSep " " supportedSystems}; do - header "checking Nixpkgs on $platform" - - nix-env -f . \ - --show-trace --argstr system "$platform" \ - -qa --drv-path --system-filter \* --system \ - "''${opts[@]}" 2>&1 >/dev/null | tee eval-warnings.log - - if [ -s eval-warnings.log ]; then - echo "Nixpkgs on $platform evaluated with warnings, aborting" - exit 1 - fi - rm eval-warnings.log - - nix-env -f . \ - --show-trace --argstr system "$platform" \ - -qa --drv-path --system-filter \* --system --meta --xml \ - "''${opts[@]}" > /dev/null - done - header "checking eval-release.nix" nix-instantiate --eval --strict --show-trace ./maintainers/scripts/eval-release.nix > /dev/null @@ -104,7 +64,7 @@ releaseTools.sourceTarball { header "generating packages.json" mkdir -p $out/nix-support echo -n '{"version":2,"packages":' > tmp - nix-env -f . -I nixpkgs=${src} -qa --json --arg config 'import ${./packages-config.nix}' "''${opts[@]}" >> tmp + nix-env -f . -I nixpkgs=$src -qa --json --arg config 'import ${./packages-config.nix}' "''${opts[@]}" >> tmp echo -n '}' >> tmp packages=$out/packages.json.br < tmp sed "s|$(pwd)/||g" | jq -c | brotli -9 > $packages @@ -121,6 +81,6 @@ releaseTools.sourceTarball { ''; meta = { - maintainers = [ lib.maintainers.all ]; + maintainers = [ pkgs.lib.maintainers.all ]; }; } diff --git a/pkgs/top-level/nixpkgs-basic-release-checks.nix b/pkgs/top-level/nixpkgs-basic-release-checks.nix new file mode 100644 index 00000000000..ffd92d587ba --- /dev/null +++ b/pkgs/top-level/nixpkgs-basic-release-checks.nix @@ -0,0 +1,53 @@ +{ supportedSystems, nixpkgs, pkgs, nix }: + +pkgs.runCommand "nixpkgs-release-checks" { src = nixpkgs; buildInputs = [nix]; } '' + set -o pipefail + + export NIX_STATE_DIR=$TMPDIR + export NIX_PATH=nixpkgs=$TMPDIR/barf.nix + opts=(--option build-users-group "") + nix-store --init + + echo 'abort "Illegal use of in Nixpkgs."' > $TMPDIR/barf.nix + + # Make sure that Nixpkgs does not use . + badFiles=$(find $src/pkgs -type f -name '*.nix' -print | xargs grep -l '^[^#]* to refer to itself." + echo "The offending files: $badFiles" + exit 1 + fi + + # Make sure that derivation paths do not depend on the Nixpkgs path. + mkdir $TMPDIR/foo + ln -s $(readlink -f $src) $TMPDIR/foo/bar + p1=$(nix-instantiate $src --dry-run -A firefox --show-trace) + p2=$(nix-instantiate $TMPDIR/foo/bar --dry-run -A firefox --show-trace) + if [ "$p1" != "$p2" ]; then + echo "Nixpkgs evaluation depends on Nixpkgs path ($p1 vs $p2)!" + exit 1 + fi + + # Check that all-packages.nix evaluates on a number of platforms without any warnings. + for platform in ${pkgs.lib.concatStringsSep " " supportedSystems}; do + header "checking Nixpkgs on $platform" + + nix-env -f $src \ + --show-trace --argstr system "$platform" \ + -qa --drv-path --system-filter \* --system \ + "''${opts[@]}" 2>&1 >/dev/null | tee eval-warnings.log + + if [ -s eval-warnings.log ]; then + echo "Nixpkgs on $platform evaluated with warnings, aborting" + exit 1 + fi + rm eval-warnings.log + + nix-env -f $src \ + --show-trace --argstr system "$platform" \ + -qa --drv-path --system-filter \* --system --meta --xml \ + "''${opts[@]}" > /dev/null + done + + touch $out +'' -- cgit 1.4.1 From b8297c00c97f91c163b004c686948cfb0eb80d11 Mon Sep 17 00:00:00 2001 From: Jonas Chevalier Date: Wed, 21 Jul 2021 08:22:37 +0200 Subject: ci: add no-channel check (#109543) * ci: add no-channel check * Update .github/workflows/no-channel.yml Co-authored-by: Cole Helbling Co-authored-by: Cole Helbling --- .github/workflows/no-channel.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/no-channel.yml (limited to '.github/workflows') diff --git a/.github/workflows/no-channel.yml b/.github/workflows/no-channel.yml new file mode 100644 index 00000000000..fb9a95851f0 --- /dev/null +++ b/.github/workflows/no-channel.yml @@ -0,0 +1,21 @@ +name: "No channel PR" + +on: + pull_request: + branches: + - 'nixos-**' + - 'nixpkgs-**' + +jobs: + fail: + name: "This PR is is targeting a channel branch" + runs-on: ubuntu-latest + steps: + - run: | + cat < Date: Sun, 25 Jul 2021 11:45:43 +0000 Subject: build(deps): bump cachix/cachix-action from 9 to 10 Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 9 to 10. - [Release notes](https://github.com/cachix/cachix-action/releases) - [Commits](https://github.com/cachix/cachix-action/compare/v9...v10) --- updated-dependencies: - dependency-name: cachix/cachix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/manual-nixos.yml | 2 +- .github/workflows/manual-nixpkgs.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index 032a456569d..edd2755302a 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -22,7 +22,7 @@ jobs: with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@v9 + - uses: cachix/cachix-action@v10 with: # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. name: nixpkgs-ci diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index 77655c494e0..e27a281a933 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -22,7 +22,7 @@ jobs: with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@v9 + - uses: cachix/cachix-action@v10 with: # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. name: nixpkgs-ci -- cgit 1.4.1 From 2f9cf506dd12c86a322ace5ae74b4eafee172cc2 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sun, 25 Jul 2021 19:22:26 +0100 Subject: build(deps): bump zeebe-io/backport-action (#131466) * build(deps): bump zeebe-io/backport-action Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 2b994724142df0774855690db56bc6308fb99ffa to 0.0.5. This release includes the previously tagged commit. - [Release notes](https://github.com/zeebe-io/backport-action/releases) - [Commits](https://github.com/zeebe-io/backport-action/compare/2b994724142df0774855690db56bc6308fb99ffa...e5d4d7c39c94b65670847d11d259b2f574fa3d30) --- updated-dependencies: - dependency-name: zeebe-io/backport-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com> --- .github/workflows/backport.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index bea970f02d4..0e3f315bb0d 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -15,13 +15,13 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs # should be kept in sync with `version` - uses: zeebe-io/backport-action@2b994724142df0774855690db56bc6308fb99ffa + uses: zeebe-io/backport-action@v0.0.5 with: # Config README: https://github.com/zeebe-io/backport-action#backport-action github_token: ${{ secrets.GITHUB_TOKEN }} github_workspace: ${{ github.workspace }} # should be kept in sync with `uses` - version: 2b994724142df0774855690db56bc6308fb99ffa + version: v0.0.5 pull_description: |- Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. -- cgit 1.4.1