pyrox.dev / nixpkgs
lol
fork atom

workflows: rename baseSha to targetSha

We currently use two different "base" commits, but the same name. One of
them is the commit in which context the pull_request_target runs. The
other is the parent of the merge commit. Those are **not** necessarily
the same - see README introduced in the next commit for details.

Renaming one of them for clarity. Since the pull_request_target related
base commit is also called like that in GitHub Actions terminology, we
rename the other. The best I could come up with is "target".

Wolfgang Walther 3e9f5c05 ba09688d

options
unified split
Changed files
+48 -48
.github
workflows
check-nix-format.yml
check-nixf-tidy.yml
eval.yml
nixpkgs-vet.yml
+9 -9
.github/workflows/check-nix-format.yml 
···

       
31

       
31

       
 

       
          # Fetches the merge commit and its parents


     

       
32

       
32

       
 

       
          fetch-depth: 2


     

       
33

       
33

       
 

       



     

       
34

       

       
-

       
      - name: Checking out base branch


     

       

       
34

       
+

       
      - name: Checking out target branch


     

       
35

       
35

       
 

       
        run: |


     

       
36

       

       
-

       
          base=$(mktemp -d)


     

       
37

       

       
-

       
          baseRev=$(git rev-parse HEAD^1)


     

       
38

       

       
-

       
          git worktree add "$base" "$baseRev"


     

       
39

       

       
-

       
          echo "baseRev=$baseRev" >> "$GITHUB_ENV"


     

       
40

       

       
-

       
          echo "base=$base" >> "$GITHUB_ENV"


     

       

       
36

       
+

       
          target=$(mktemp -d)


     

       

       
37

       
+

       
          targetRev=$(git rev-parse HEAD^1)


     

       

       
38

       
+

       
          git worktree add "$target" "$targetRev"


     

       

       
39

       
+

       
          echo "targetRev=$targetRev" >> "$GITHUB_ENV"


     

       

       
40

       
+

       
          echo "target=$target" >> "$GITHUB_ENV"


     

       
41

       
41

       
 

       



     

       
42

       
42

       
 

       
      - name: Get Nixpkgs revision for nixfmt


     

       
43

       
43

       
 

       
        run: |


     
···

       
85

       
85

       
 

       
            esac


     

       
86

       
86

       
 

       



     

       
87

       
87

       
 

       
            # Ignore files that weren't already formatted


     

       
88

       

       
-

       
            if [[ -n "$source" ]] && ! nixfmt --check ${{ env.base }}/"$source" 2>/dev/null; then


     

       
89

       

       
-

       
              echo "Ignoring file $file because it's not formatted in the base commit"


     

       

       
88

       
+

       
            if [[ -n "$source" ]] && ! nixfmt --check ${{ env.target }}/"$source" 2>/dev/null; then


     

       

       
89

       
+

       
              echo "Ignoring file $file because it's not formatted in the target commit"


     

       
90

       
90

       
 

       
            elif ! nixfmt --check "$dest"; then


     

       
91

       
91

       
 

       
              unformattedFiles+=("$dest")


     

       
92

       
92

       
 

       
            fi


     

       
93

       

       
-

       
          done < <(git diff -z --name-status ${{ env.baseRev }} -- '*.nix')


     

       

       
93

       
+

       
          done < <(git diff -z --name-status ${{ env.targetRev }} -- '*.nix')


     

       
94

       
94

       
 

       



     

       
95

       
95

       
 

       
          if (( "${#unformattedFiles[@]}" > 0 )); then


     

       
96

       
96

       
 

       
            echo "Some new/changed Nix files are not properly formatted"
+9 -9
.github/workflows/check-nixf-tidy.yml 
···

       
20

       
20

       
 

       
          # Fetches the merge commit and its parents


     

       
21

       
21

       
 

       
          fetch-depth: 2


     

       
22

       
22

       
 

       



     

       
23

       

       
-

       
      - name: Checking out base branch


     

       

       
23

       
+

       
      - name: Checking out target branch


     

       
24

       
24

       
 

       
        run: |


     

       
25

       

       
-

       
          base=$(mktemp -d)


     

       
26

       

       
-

       
          baseRev=$(git rev-parse HEAD^1)


     

       
27

       

       
-

       
          git worktree add "$base" "$baseRev"


     

       
28

       

       
-

       
          echo "baseRev=$baseRev" >> "$GITHUB_ENV"


     

       
29

       

       
-

       
          echo "base=$base" >> "$GITHUB_ENV"


     

       

       
25

       
+

       
          target=$(mktemp -d)


     

       

       
26

       
+

       
          targetRev=$(git rev-parse HEAD^1)


     

       

       
27

       
+

       
          git worktree add "$target" "$targetRev"


     

       

       
28

       
+

       
          echo "targetRev=$targetRev" >> "$GITHUB_ENV"


     

       

       
29

       
+

       
          echo "target=$target" >> "$GITHUB_ENV"


     

       
30

       
30

       
 

       



     

       
31

       
31

       
 

       
      - name: Get Nixpkgs revision for nixf


     

       
32

       
32

       
 

       
        run: |


     
···

       
91

       
91

       
 

       
                continue


     

       
92

       
92

       
 

       
            esac


     

       
93

       
93

       
 

       



     

       
94

       

       
-

       
            if [[ -n "$source" ]] && [[ "$(nixf_wrapper ${{ env.base }}/"$source")" != '[]' ]] 2>/dev/null; then


     

       
95

       

       
-

       
              echo "Ignoring file $file because it doesn't pass nixf-tidy in the base commit"


     

       

       
94

       
+

       
            if [[ -n "$source" ]] && [[ "$(nixf_wrapper ${{ env.target }}/"$source")" != '[]' ]] 2>/dev/null; then


     

       

       
95

       
+

       
              echo "Ignoring file $file because it doesn't pass nixf-tidy in the target commit"


     

       
96

       
96

       
 

       
              echo # insert blank line


     

       
97

       
97

       
 

       
            else


     

       
98

       
98

       
 

       
              nixf_report="$(nixf_wrapper "$dest")"


     
···

       
119

       
119

       
 

       
                failedFiles+=("$dest")


     

       
120

       
120

       
 

       
              fi


     

       
121

       
121

       
 

       
            fi


     

       
122

       

       
-

       
          done < <(git diff -z --name-status ${{ env.baseRev }} -- '*.nix')


     

       

       
122

       
+

       
          done < <(git diff -z --name-status ${{ env.targetRev }} -- '*.nix')


     

       
123

       
123

       
 

       



     

       
124

       
124

       
 

       
          if [[ -n "$DONT_REPORT_ERROR" ]]; then


     

       
125

       
125

       
 

       
            echo "Edited the PR but didn't change the base branch, only the description/title."
+25 -25
.github/workflows/eval.yml 
···

       
26

       
26

       
 

       
    # Skip this and dependent steps if the PR can't be merged


     

       
27

       
27

       
 

       
    if: needs.get-merge-commit.outputs.mergedSha


     

       
28

       
28

       
 

       
    outputs:


     

       
29

       

       
-

       
      baseSha: ${{ steps.baseSha.outputs.baseSha }}


     

       

       
29

       
+

       
      targetSha: ${{ steps.targetSha.outputs.targetSha }}


     

       
30

       
30

       
 

       
      systems: ${{ steps.systems.outputs.systems }}


     

       
31

       
31

       
 

       
    steps:


     

       
32

       
32

       
 

       
      - name: Check out the PR at the test merge commit


     
···

       
36

       
36

       
 

       
          fetch-depth: 2


     

       
37

       
37

       
 

       
          path: nixpkgs


     

       
38

       
38

       
 

       



     

       
39

       

       
-

       
      - name: Determine base commit


     

       

       
39

       
+

       
      - name: Determine target commit


     

       
40

       
40

       
 

       
        if: github.event_name == 'pull_request_target'


     

       
41

       

       
-

       
        id: baseSha


     

       

       
41

       
+

       
        id: targetSha


     

       
42

       
42

       
 

       
        run: |


     

       
43

       

       
-

       
          baseSha=$(git -C nixpkgs rev-parse HEAD^1)


     

       
44

       

       
-

       
          echo "baseSha=$baseSha" >> "$GITHUB_OUTPUT"


     

       

       
43

       
+

       
          targetSha=$(git -C nixpkgs rev-parse HEAD^1)


     

       

       
44

       
+

       
          echo "targetSha=$targetSha" >> "$GITHUB_OUTPUT"


     

       
45

       
45

       
 

       



     

       
46

       
46

       
 

       
      - name: Install Nix


     

       
47

       
47

       
 

       
        uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30


     
···

       
128

       
128

       
 

       
    runs-on: ubuntu-24.04


     

       
129

       
129

       
 

       
    needs: [ outpaths, attrs, get-merge-commit ]


     

       
130

       
130

       
 

       
    outputs:


     

       
131

       

       
-

       
      baseRunId: ${{ steps.baseRunId.outputs.baseRunId }}


     

       

       
131

       
+

       
      targetRunId: ${{ steps.targetRunId.outputs.targetRunId }}


     

       
132

       
132

       
 

       
    steps:


     

       
133

       
133

       
 

       
      - name: Download output paths and eval stats for all systems


     

       
134

       
134

       
 

       
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8


     
···

       
158

       
158

       
 

       
          name: result


     

       
159

       
159

       
 

       
          path: prResult/*


     

       
160

       
160

       
 

       



     

       
161

       

       
-

       
      - name: Get base run id


     

       
162

       

       
-

       
        if: needs.attrs.outputs.baseSha


     

       
163

       

       
-

       
        id: baseRunId


     

       

       
161

       
+

       
      - name: Get target run id


     

       

       
162

       
+

       
        if: needs.attrs.outputs.targetSha


     

       

       
163

       
+

       
        id: targetRunId


     

       
164

       
164

       
 

       
        run: |


     

       
165

       

       
-

       
          # Get the latest eval.yml workflow run for the PR's base commit


     

       

       
165

       
+

       
          # Get the latest eval.yml workflow run for the PR's target commit


     

       
166

       
166

       
 

       
          if ! run=$(gh api --method GET /repos/"$REPOSITORY"/actions/workflows/eval.yml/runs \


     

       
167

       
167

       
 

       
            -f head_sha="$BASE_SHA" -f event=push \


     

       
168

       
168

       
 

       
            --jq '.workflow_runs | sort_by(.run_started_at) | .[-1]') \


     
···

       
185

       
185

       
 

       
            exit 0


     

       
186

       
186

       
 

       
          fi


     

       
187

       
187

       
 

       



     

       
188

       

       
-

       
          echo "baseRunId=$runId" >> "$GITHUB_OUTPUT"


     

       

       
188

       
+

       
          echo "targetRunId=$runId" >> "$GITHUB_OUTPUT"


     

       
189

       
189

       
 

       
        env:


     

       
190

       
190

       
 

       
          REPOSITORY: ${{ github.repository }}


     

       
191

       

       
-

       
          BASE_SHA: ${{ needs.attrs.outputs.baseSha }}


     

       

       
191

       
+

       
          BASE_SHA: ${{ needs.attrs.outputs.targetSha }}


     

       
192

       
192

       
 

       
          GH_TOKEN: ${{ github.token }}


     

       
193

       
193

       
 

       



     

       
194

       
194

       
 

       
      - uses: actions/download-artifact@v4


     

       
195

       

       
-

       
        if: steps.baseRunId.outputs.baseRunId


     

       

       
195

       
+

       
        if: steps.targetRunId.outputs.targetRunId


     

       
196

       
196

       
 

       
        with:


     

       
197

       
197

       
 

       
          name: result


     

       
198

       

       
-

       
          path: baseResult


     

       

       
198

       
+

       
          path: targetResult


     

       
199

       
199

       
 

       
          github-token: ${{ github.token }}


     

       
200

       

       
-

       
          run-id: ${{ steps.baseRunId.outputs.baseRunId }}


     

       

       
200

       
+

       
          run-id: ${{ steps.targetRunId.outputs.targetRunId }}


     

       
201

       
201

       
 

       



     

       
202

       

       
-

       
      - name: Compare against the base branch


     

       
203

       

       
-

       
        if: steps.baseRunId.outputs.baseRunId


     

       

       
202

       
+

       
      - name: Compare against the target branch


     

       

       
203

       
+

       
        if: steps.targetRunId.outputs.targetRunId


     

       
204

       
204

       
 

       
        run: |


     

       
205

       

       
-

       
          git -C nixpkgs worktree add ../base ${{ needs.attrs.outputs.baseSha }}


     

       
206

       

       
-

       
          git -C nixpkgs diff --name-only ${{ needs.attrs.outputs.baseSha }} \


     

       

       
205

       
+

       
          git -C nixpkgs worktree add ../target ${{ needs.attrs.outputs.targetSha }}


     

       

       
206

       
+

       
          git -C nixpkgs diff --name-only ${{ needs.attrs.outputs.targetSha }} \


     

       
207

       
207

       
 

       
            | jq --raw-input --slurp 'split("\n")[:-1]' > touched-files.json


     

       
208

       
208

       
 

       



     

       
209

       

       
-

       
          # Use the base branch to get accurate maintainer info


     

       
210

       

       
-

       
          nix-build base/ci -A eval.compare \


     

       
211

       

       
-

       
            --arg beforeResultDir ./baseResult \


     

       

       
209

       
+

       
          # Use the target branch to get accurate maintainer info


     

       

       
210

       
+

       
          nix-build target/ci -A eval.compare \


     

       

       
211

       
+

       
            --arg beforeResultDir ./targetResult \


     

       
212

       
212

       
 

       
            --arg afterResultDir ./prResult \


     

       
213

       
213

       
 

       
            --arg touchedFilesJson ./touched-files.json \


     

       
214

       
214

       
 

       
            -o comparison


     
···

       
216

       
216

       
 

       
          cat comparison/step-summary.md >> "$GITHUB_STEP_SUMMARY"


     

       
217

       
217

       
 

       



     

       
218

       
218

       
 

       
      - name: Upload the combined results


     

       
219

       

       
-

       
        if: steps.baseRunId.outputs.baseRunId


     

       

       
219

       
+

       
        if: steps.targetRunId.outputs.targetRunId


     

       
220

       
220

       
 

       
        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0


     

       
221

       
221

       
 

       
        with:


     

       
222

       
222

       
 

       
          name: comparison


     
···

       
227

       
227

       
 

       
    name: Tag


     

       
228

       
228

       
 

       
    runs-on: ubuntu-24.04


     

       
229

       
229

       
 

       
    needs: [ attrs, process ]


     

       
230

       

       
-

       
    if: needs.process.outputs.baseRunId


     

       

       
230

       
+

       
    if: needs.process.outputs.targetRunId


     

       
231

       
231

       
 

       
    permissions:


     

       
232

       
232

       
 

       
      pull-requests: write


     

       
233

       
233

       
 

       
      statuses: write


     
···

       
254

       
254

       
 

       
      - name: Check out Nixpkgs at the base commit


     

       
255

       
255

       
 

       
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2


     

       
256

       
256

       
 

       
        with:


     

       
257

       

       
-

       
          ref: ${{ needs.attrs.outputs.baseSha }}


     

       

       
257

       
+

       
          ref: ${{ needs.attrs.outputs.targetSha }}


     

       
258

       
258

       
 

       
          path: base


     

       
259

       
259

       
 

       
          sparse-checkout: ci


     

       
260

       
260
+5 -5
.github/workflows/nixpkgs-vet.yml 
···

       
39

       
39

       
 

       
          # Fetches the merge commit and its parents


     

       
40

       
40

       
 

       
          fetch-depth: 2


     

       
41

       
41

       
 

       



     

       
42

       

       
-

       
      - name: Checking out base branch


     

       

       
42

       
+

       
      - name: Checking out target branch


     

       
43

       
43

       
 

       
        run: |


     

       
44

       

       
-

       
          base=$(mktemp -d)


     

       
45

       

       
-

       
          git worktree add "$base" "$(git rev-parse HEAD^1)"


     

       
46

       

       
-

       
          echo "base=$base" >> "$GITHUB_ENV"


     

       

       
44

       
+

       
          target=$(mktemp -d)


     

       

       
45

       
+

       
          git worktree add "$target" "$(git rev-parse HEAD^1)"


     

       

       
46

       
+

       
          echo "target=$target" >> "$GITHUB_ENV"


     

       
47

       
47

       
 

       



     

       
48

       
48

       
 

       
      - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30


     

       
49

       
49

       
 

       



     
···

       
65

       
65

       
 

       
          # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/


     

       
66

       
66

       
 

       
          CLICOLOR_FORCE: 1


     

       
67

       
67

       
 

       
        run: |


     

       
68

       

       
-

       
          if result/bin/nixpkgs-vet --base "$base" .; then


     

       

       
68

       
+

       
          if result/bin/nixpkgs-vet --base "$target" .; then


     

       
69

       
69

       
 

       
            exit 0


     

       
70

       
70

       
 

       
          else


     

       
71

       
71

       
 

       
            exitCode=$?