···
3
-
on: pull_request_target
6
+
# Keep this synced with ci/request-reviews/dev-branches.txt
···
mergedSha: ${{ steps.merged.outputs.mergedSha }}
24
+
baseSha: ${{ steps.baseSha.outputs.baseSha }}
systems: ${{ steps.systems.outputs.systems }}
# Important: Because of `pull_request_target`, this doesn't check out the PR,
···
GH_TOKEN: ${{ github.token }}
38
+
GH_EVENT: ${{ github.event_name }}
28
-
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
29
-
echo "Checking the merge commit $mergedSha"
30
-
echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT"
32
-
# Skipping so that no notifications are sent
33
-
echo "Skipping the rest..."
42
+
echo "mergedSha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
44
+
pull_request_target)
45
+
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
46
+
echo "Checking the merge commit $mergedSha"
47
+
echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT"
49
+
# Skipping so that no notifications are sent
50
+
echo "Skipping the rest..."
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
···
if: steps.merged.outputs.mergedSha
ref: ${{ steps.merged.outputs.mergedSha }}
64
+
- name: Determine base commit
65
+
if: github.event_name == 'pull_request_target' && steps.merged.outputs.mergedSha
68
+
baseSha=$(git -C nixpkgs rev-parse HEAD^1)
69
+
echo "baseSha=$baseSha" >> "$GITHUB_OUTPUT"
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
···
needs: [ outpaths, attrs ]
136
+
baseRunId: ${{ steps.baseRunId.outputs.baseRunId }}
- name: Download output paths and eval stats for all systems
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
···
- name: Combine all output paths and eval stats
nix-build nixpkgs/ci -A eval.combine \
127
-
--arg resultsDir ./intermediate
156
+
--arg resultsDir ./intermediate \
- name: Upload the combined results
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
165
+
- name: Get base run id
166
+
if: needs.attrs.outputs.baseSha
169
+
# Get the latest eval.yml workflow run for the PR's base commit
170
+
if ! run=$(gh api --method GET /repos/"$REPOSITORY"/actions/workflows/eval.yml/runs \
171
+
-f head_sha="$BASE_SHA" \
172
+
--jq '.workflow_runs | sort_by(.run_started_at) | .[-1]') \
173
+
|| [[ -z "$run" ]]; then
174
+
echo "Could not find an eval.yml workflow run for $BASE_SHA, cannot make comparison"
177
+
echo "Comparing against $(jq .html_url <<< "$run")"
178
+
runId=$(jq .id <<< "$run")
179
+
conclusion=$(jq -r .conclusion <<< "$run")
136
-
# TODO: Run this workflow also on `push` (on at least the main development branches)
137
-
# Then add an extra step here that waits for the base branch (not the merge base, because that could be very different)
138
-
# to have completed the eval, then use
139
-
# gh api --method GET /repos/NixOS/nixpkgs/actions/workflows/eval.yml/runs -f head_sha=<BASE>
140
-
# and follow it to the artifact results, where you can then download the outpaths.json from the base branch
141
-
# That can then be used to compare the number of changed paths, get evaluation stats and ping appropriate reviewers
181
+
while [[ "$conclusion" == null ]]; do
182
+
echo "Workflow not done, waiting 10 seconds before checking again"
184
+
conclusion=$(gh api /repos/"$REPOSITORY"/actions/runs/"$runId" --jq '.conclusion')
187
+
if [[ "$conclusion" != "success" ]]; then
188
+
echo "Workflow was not successful, cannot make comparison"
192
+
echo "baseRunId=$runId" >> "$GITHUB_OUTPUT"
194
+
REPOSITORY: ${{ github.repository }}
195
+
BASE_SHA: ${{ needs.attrs.outputs.baseSha }}
196
+
GH_TOKEN: ${{ github.token }}
198
+
- uses: actions/download-artifact@v4
199
+
if: steps.baseRunId.outputs.baseRunId
203
+
github-token: ${{ github.token }}
204
+
run-id: ${{ steps.baseRunId.outputs.baseRunId }}
206
+
- name: Compare against the base branch
207
+
if: steps.baseRunId.outputs.baseRunId
209
+
nix-build nixpkgs/ci -A eval.compare \
210
+
--arg beforeResultDir ./baseResult \
211
+
--arg afterResultDir ./prResult \
214
+
# TODO: Request reviews from maintainers for packages whose files are modified in the PR
216
+
- name: Upload the combined results
217
+
if: steps.baseRunId.outputs.baseRunId
218
+
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
223
+
# Separate job to have a very tightly scoped PR write token
226
+
runs-on: ubuntu-latest
228
+
if: needs.process.outputs.baseRunId
230
+
pull-requests: write
232
+
- name: Download process result
233
+
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
238
+
- name: Tagging pull request
242
+
/repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \
243
+
--input <(jq -c '{ labels: .labels }' comparison/changed-paths.json)
245
+
GH_TOKEN: ${{ github.token }}
pyrox.dev