commit 82434f382c30a7e0f72c5053ea1bcc9c85407238 · pyrox.dev/nixpkgs

+120 -16

.github/workflows/eval.yml

···

       1
        
       name: Eval

     

       2
        
       

     

       3
       -
       on: pull_request_target

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       4
        
       

     

       5
        
       permissions:

     

       6
        
         contents: read

     
···

       11
        
           runs-on: ubuntu-latest

     

       12
        
           outputs:

     

       13
        
             mergedSha: ${{ steps.merged.outputs.mergedSha }}

     

       0
        
       
     

       14
        
             systems: ${{ steps.systems.outputs.systems }}

     

       15
        
           steps:

     

       16
        
             # Important: Because of `pull_request_target`, this doesn't check out the PR,

     
···

       24
        
               id: merged

     

       25
        
               env:

     

       26
        
                 GH_TOKEN: ${{ github.token }}

     

       0
        
       
     

       27
        
               run: |

     

       28
       -
                 if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then

     

       29
       -
                   echo "Checking the merge commit $mergedSha"

     

       30
       -
                   echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT"

     

       31
       -
                 else

     

       32
       -
                   # Skipping so that no notifications are sent

     

       33
       -
                   echo "Skipping the rest..."

     

       34
       -
                 fi

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       35
        
                 rm -rf base

     

       36
        
             - name: Check out the PR at the test merge commit

     

       37
        
               uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

     
···

       39
        
               if: steps.merged.outputs.mergedSha

     

       40
        
               with:

     

       41
        
                 ref: ${{ steps.merged.outputs.mergedSha }}

     

       0
        
       
     

       42
        
                 path: nixpkgs

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       43
        
       

     

       44
        
             - name: Install Nix

     

       45
        
               uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30

     
···

       105
        
           name: Process

     

       106
        
           runs-on: ubuntu-latest

     

       107
        
           needs: [ outpaths, attrs ]

     

       0
        
       
     

       0
        
       
     

       108
        
           steps:

     

       109
        
             - name: Download output paths and eval stats for all systems

     

       110
        
               uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8

     
···

       124
        
             - name: Combine all output paths and eval stats

     

       125
        
               run: |

     

       126
        
                 nix-build nixpkgs/ci -A eval.combine \

     

       127
       -
                   --arg resultsDir ./intermediate

     

       0
        
       
     

       128
        
       

     

       129
        
             - name: Upload the combined results

     

       130
        
               uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3

     

       131
        
               with:

     

       132
        
                 name: result

     

       133
       -
                 path: result/*

     

       134
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       135
        
       

     

       136
       -
             # TODO: Run this workflow also on `push` (on at least the main development branches)

     

       137
       -
             # Then add an extra step here that waits for the base branch (not the merge base, because that could be very different)

     

       138
       -
             # to have completed the eval, then use

     

       139
       -
             # gh api --method GET /repos/NixOS/nixpkgs/actions/workflows/eval.yml/runs -f head_sha=<BASE>

     

       140
       -
             # and follow it to the artifact results, where you can then download the outpaths.json from the base branch

     

       141
       -
             # That can then be used to compare the number of changed paths, get evaluation stats and ping appropriate reviewers

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       1
        
       name: Eval

     

       2
        
       

     

       3
       +
       on:

     

       4
       +
         pull_request_target:

     

       5
       +
         push:

     

       6
       +
           # Keep this synced with ci/request-reviews/dev-branches.txt

     

       7
       +
           branches:

     

       8
       +
             - master

     

       9
       +
             - staging

     

       10
       +
             - release-*

     

       11
       +
             - staging-*

     

       12
       +
             - haskell-updates

     

       13
       +
             - python-updates

     

       14
        
       

     

       15
        
       permissions:

     

       16
        
         contents: read

     
···

       21
        
           runs-on: ubuntu-latest

     

       22
        
           outputs:

     

       23
        
             mergedSha: ${{ steps.merged.outputs.mergedSha }}

     

       24
       +
             baseSha: ${{ steps.baseSha.outputs.baseSha }}

     

       25
        
             systems: ${{ steps.systems.outputs.systems }}

     

       26
        
           steps:

     

       27
        
             # Important: Because of `pull_request_target`, this doesn't check out the PR,

     
···

       35
        
               id: merged

     

       36
        
               env:

     

       37
        
                 GH_TOKEN: ${{ github.token }}

     

       38
       +
                 GH_EVENT: ${{ github.event_name }}

     

       39
        
               run: |

     

       40
       +
                 case "$GH_EVENT" in

     

       41
       +
                   push)

     

       42
       +
                     echo "mergedSha=${{ github.sha }}" >> "$GITHUB_OUTPUT"

     

       43
       +
                     ;;

     

       44
       +
                   pull_request_target)

     

       45
       +
                     if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then

     

       46
       +
                       echo "Checking the merge commit $mergedSha"

     

       47
       +
                       echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT"

     

       48
       +
                     else

     

       49
       +
                       # Skipping so that no notifications are sent

     

       50
       +
                       echo "Skipping the rest..."

     

       51
       +
                     fi

     

       52
       +
                     ;;

     

       53
       +
                 esac

     

       54
        
                 rm -rf base

     

       55
        
             - name: Check out the PR at the test merge commit

     

       56
        
               uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

     
···

       58
        
               if: steps.merged.outputs.mergedSha

     

       59
        
               with:

     

       60
        
                 ref: ${{ steps.merged.outputs.mergedSha }}

     

       61
       +
                 fetch-depth: 2

     

       62
        
                 path: nixpkgs

     

       63
       +
       

     

       64
       +
             - name: Determine base commit

     

       65
       +
               if: github.event_name == 'pull_request_target' && steps.merged.outputs.mergedSha

     

       66
       +
               id: baseSha

     

       67
       +
               run: |

     

       68
       +
                 baseSha=$(git -C nixpkgs rev-parse HEAD^1)

     

       69
       +
                 echo "baseSha=$baseSha" >> "$GITHUB_OUTPUT"

     

       70
        
       

     

       71
        
             - name: Install Nix

     

       72
        
               uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30

     
···

       132
        
           name: Process

     

       133
        
           runs-on: ubuntu-latest

     

       134
        
           needs: [ outpaths, attrs ]

     

       135
       +
           outputs:

     

       136
       +
             baseRunId: ${{ steps.baseRunId.outputs.baseRunId }}

     

       137
        
           steps:

     

       138
        
             - name: Download output paths and eval stats for all systems

     

       139
        
               uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8

     
···

       153
        
             - name: Combine all output paths and eval stats

     

       154
        
               run: |

     

       155
        
                 nix-build nixpkgs/ci -A eval.combine \

     

       156
       +
                   --arg resultsDir ./intermediate \

     

       157
       +
                   -o prResult

     

       158
        
       

     

       159
        
             - name: Upload the combined results

     

       160
        
               uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3

     

       161
        
               with:

     

       162
        
                 name: result

     

       163
       +
                 path: prResult/*

     

       164
        
       

     

       165
       +
             - name: Get base run id

     

       166
       +
               if: needs.attrs.outputs.baseSha

     

       167
       +
               id: baseRunId

     

       168
       +
               run: |

     

       169
       +
                 # Get the latest eval.yml workflow run for the PR's base commit

     

       170
       +
                 if ! run=$(gh api --method GET /repos/"$REPOSITORY"/actions/workflows/eval.yml/runs \

     

       171
       +
                   -f head_sha="$BASE_SHA" \

     

       172
       +
                   --jq '.workflow_runs | sort_by(.run_started_at) | .[-1]') \

     

       173
       +
                   || [[ -z "$run" ]]; then

     

       174
       +
                   echo "Could not find an eval.yml workflow run for $BASE_SHA, cannot make comparison"

     

       175
       +
                   exit 0

     

       176
       +
                 fi

     

       177
       +
                 echo "Comparing against $(jq .html_url <<< "$run")"

     

       178
       +
                 runId=$(jq .id <<< "$run")

     

       179
       +
                 conclusion=$(jq -r .conclusion <<< "$run")

     

       180
        
       

     

       181
       +
                 while [[ "$conclusion" == null ]]; do

     

       182
       +
                   echo "Workflow not done, waiting 10 seconds before checking again"

     

       183
       +
                   sleep 10

     

       184
       +
                   conclusion=$(gh api /repos/"$REPOSITORY"/actions/runs/"$runId" --jq '.conclusion')

     

       185
       +
                 done

     

       186
       +
       

     

       187
       +
                 if [[ "$conclusion" != "success" ]]; then

     

       188
       +
                   echo "Workflow was not successful, cannot make comparison"

     

       189
       +
                   exit 0

     

       190
       +
                 fi

     

       191
       +
       

     

       192
       +
                 echo "baseRunId=$runId" >> "$GITHUB_OUTPUT"

     

       193
       +
               env:

     

       194
       +
                 REPOSITORY: ${{ github.repository }}

     

       195
       +
                 BASE_SHA: ${{ needs.attrs.outputs.baseSha }}

     

       196
       +
                 GH_TOKEN: ${{ github.token }}

     

       197
       +
       

     

       198
       +
             - uses: actions/download-artifact@v4

     

       199
       +
               if: steps.baseRunId.outputs.baseRunId

     

       200
       +
               with:

     

       201
       +
                 name: result

     

       202
       +
                 path: baseResult

     

       203
       +
                 github-token: ${{ github.token }}

     

       204
       +
                 run-id: ${{ steps.baseRunId.outputs.baseRunId }}

     

       205
       +
       

     

       206
       +
             - name: Compare against the base branch

     

       207
       +
               if: steps.baseRunId.outputs.baseRunId

     

       208
       +
               run: |

     

       209
       +
                 nix-build nixpkgs/ci -A eval.compare \

     

       210
       +
                   --arg beforeResultDir ./baseResult \

     

       211
       +
                   --arg afterResultDir ./prResult \

     

       212
       +
                   -o comparison

     

       213
       +
       

     

       214
       +
                 # TODO: Request reviews from maintainers for packages whose files are modified in the PR

     

       215
       +
       

     

       216
       +
             - name: Upload the combined results

     

       217
       +
               if: steps.baseRunId.outputs.baseRunId

     

       218
       +
               uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3

     

       219
       +
               with:

     

       220
       +
                 name: comparison

     

       221
       +
                 path: comparison/*

     

       222
       +
       

     

       223
       +
         # Separate job to have a very tightly scoped PR write token

     

       224
       +
         tag:

     

       225
       +
           name: Tag

     

       226
       +
           runs-on: ubuntu-latest

     

       227
       +
           needs: process

     

       228
       +
           if: needs.process.outputs.baseRunId

     

       229
       +
           permissions:

     

       230
       +
             pull-requests: write

     

       231
       +
           steps:

     

       232
       +
             - name: Download process result

     

       233
       +
               uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8

     

       234
       +
               with:

     

       235
       +
                 name: comparison

     

       236
       +
                 path: comparison

     

       237
       +
       

     

       238
       +
             - name: Tagging pull request

     

       239
       +
               run: |

     

       240
       +
                 gh api \

     

       241
       +
                   --method POST \

     

       242
       +
                   /repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \

     

       243
       +
                   --input <(jq -c '{ labels: .labels }' comparison/changed-paths.json)

     

       244
       +
               env:

     

       245
       +
                 GH_TOKEN: ${{ github.token }}

+152

ci/eval/compare.jq

···

       1
       +
       # Turns

     

       2
       +
       #

     

       3
       +
       #   {

     

       4
       +
       #     "hello.aarch64-linux": "a",

     

       5
       +
       #     "hello.x86_64-linux": "b",

     

       6
       +
       #     "hello.aarch64-darwin": "c",

     

       7
       +
       #     "hello.x86_64-darwin": "d"

     

       8
       +
       #   }

     

       9
       +
       #

     

       10
       +
       # into

     

       11
       +
       #

     

       12
       +
       #   {

     

       13
       +
       #     "hello": {

     

       14
       +
       #       "linux": {

     

       15
       +
       #         "aarch64": "a",

     

       16
       +
       #         "x86_64": "b"

     

       17
       +
       #       },

     

       18
       +
       #       "darwin": {

     

       19
       +
       #         "aarch64": "c",

     

       20
       +
       #         "x86_64": "d"

     

       21
       +
       #       }

     

       22
       +
       #     }

     

       23
       +
       #   }

     

       24
       +
       #

     

       25
       +
       # while filtering out any attribute paths that don't match this pattern

     

       26
       +
       def expand_system:

     

       27
       +
         to_entries

     

       28
       +
         | map(

     

       29
       +
           .key |= split(".")

     

       30
       +
           | select(.key | length > 1)

     

       31
       +
           | .double = (.key[-1] | split("-"))

     

       32
       +
           | select(.double | length == 2)

     

       33
       +
         )

     

       34
       +
         | group_by(.key[0:-1])

     

       35
       +
         | map(

     

       36
       +
           {

     

       37
       +
             key: .[0].key[0:-1] | join("."),

     

       38
       +
             value:

     

       39
       +
               group_by(.double[1])

     

       40
       +
               | map(

     

       41
       +
                 {

     

       42
       +
                   key: .[0].double[1],

     

       43
       +
                   value: map(.key = .double[0]) | from_entries

     

       44
       +
                 }

     

       45
       +
               )

     

       46
       +
               | from_entries

     

       47
       +
           })

     

       48
       +
         | from_entries

     

       49
       +
         ;

     

       50
       +
       

     

       51
       +
       # Transposes

     

       52
       +
       #

     

       53
       +
       #   {

     

       54
       +
       #     "a": [ "x", "y" ],

     

       55
       +
       #     "b": [ "x" ],

     

       56
       +
       #   }

     

       57
       +
       #

     

       58
       +
       # into

     

       59
       +
       #

     

       60
       +
       #   {

     

       61
       +
       #     "x": [ "a", "b" ],

     

       62
       +
       #     "y": [ "a" ]

     

       63
       +
       #   }

     

       64
       +
       def transpose:

     

       65
       +
         [

     

       66
       +
           to_entries[]

     

       67
       +
           | {

     

       68
       +
             key: .key,

     

       69
       +
             value: .value[]

     

       70
       +
           }

     

       71
       +
         ]

     

       72
       +
         | group_by(.value)

     

       73
       +
         | map({

     

       74
       +
           key: .[0].value,

     

       75
       +
           value: map(.key)

     

       76
       +
         })

     

       77
       +
         | from_entries

     

       78
       +
         ;

     

       79
       +
       

     

       80
       +
       # Computes the key difference for two objects:

     

       81
       +
       # {

     

       82
       +
       #   added: [ <keys only in the second object> ],

     

       83
       +
       #   removed: [ <keys only in the first object> ],

     

       84
       +
       #   changed: [ <keys with different values between the two objects> ],

     

       85
       +
       # }

     

       86
       +
       #

     

       87
       +
       def diff($before; $after):

     

       88
       +
         {

     

       89
       +
           added: $after | delpaths($before | keys | map([.])) | keys,

     

       90
       +
           removed: $before | delpaths($after | keys | map([.])) | keys,

     

       91
       +
           changed:

     

       92
       +
             $before

     

       93
       +
             | to_entries

     

       94
       +
             | map(

     

       95
       +
               $after."\(.key)" as $after2

     

       96
       +
               | select(

     

       97
       +
                 # Filter out attributes that don't exist anymore

     

       98
       +
                 ($after2 != null)

     

       99
       +
                 and

     

       100
       +
                 # Filter out attributes that are the same as the new value

     

       101
       +
                 (.value != $after2)

     

       102
       +
               )

     

       103
       +
               | .key

     

       104
       +
             )

     

       105
       +
         }

     

       106
       +
         ;

     

       107
       +
       

     

       108
       +
       ($before[0] | expand_system) as $before

     

       109
       +
       | ($after[0] | expand_system) as $after

     

       110
       +
       | .attrdiff = diff($before; $after)

     

       111
       +
       | .rebuildsByKernel = (

     

       112
       +
         .attrdiff.changed

     

       113
       +
         | map({

     

       114
       +
           key: .,

     

       115
       +
           value: diff($before."\(.)"; $after."\(.)").changed

     

       116
       +
         })

     

       117
       +
         | from_entries

     

       118
       +
         | transpose

     

       119
       +
       )

     

       120
       +
       | .rebuildCountByKernel = (

     

       121
       +
         .rebuildsByKernel

     

       122
       +
         | with_entries(.value |= length)

     

       123
       +
         | pick(.linux, .darwin)

     

       124
       +
         | {

     

       125
       +
           linux: (.linux // 0),

     

       126
       +
           darwin: (.darwin // 0),

     

       127
       +
         }

     

       128
       +
       )

     

       129
       +
       | .labels = (

     

       130
       +
         .rebuildCountByKernel

     

       131
       +
         | to_entries

     

       132
       +
         | map(

     

       133
       +
           "10.rebuild-\(.key): " +

     

       134
       +
             if .value == 0 then

     

       135
       +
               "0"

     

       136
       +
             elif .value <= 10 then

     

       137
       +
               "1-10"

     

       138
       +
             elif .value <= 100 then

     

       139
       +
               "11-100"

     

       140
       +
             elif .value <= 500 then

     

       141
       +
               "101-500"

     

       142
       +
             elif .value <= 1000 then

     

       143
       +
               "501-1000"

     

       144
       +
             elif .value <= 2500 then

     

       145
       +
               "1001-2500"

     

       146
       +
             elif .value <= 5000 then

     

       147
       +
               "2501-5000"

     

       148
       +
             else

     

       149
       +
               "5000+"

     

       150
       +
             end

     

       151
       +
         )

     

       152
       +
       )

+19

ci/eval/default.nix

···

       246
        
                 jq -s from_entries > $out/stats.json

     

       247
        
             '';

     

       248
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       249
        
         full =

     

       250
        
           {

     

       251
        
             # Whether to evaluate just a single system, by default all are evaluated

     
···

       276
        
           attrpathsSuperset

     

       277
        
           singleSystem

     

       278
        
           combine

     

       0
        
       
     

       279
        
           # The above three are used by separate VMs in a GitHub workflow,

     

       280
        
           # while the below is intended for testing on a single local machine

     

       281
        
           full

···

       246
        
                 jq -s from_entries > $out/stats.json

     

       247
        
             '';

     

       248
        
       

     

       249
       +
         compare =

     

       250
       +
           { beforeResultDir, afterResultDir }:

     

       251
       +
           runCommand "compare"

     

       252
       +
             {

     

       253
       +
               nativeBuildInputs = [

     

       254
       +
                 jq

     

       255
       +
               ];

     

       256
       +
             }

     

       257
       +
             ''

     

       258
       +
               mkdir $out

     

       259
       +
               jq -n -f ${./compare.jq} \

     

       260
       +
                 --slurpfile before ${beforeResultDir}/outpaths.json \

     

       261
       +
                 --slurpfile after ${afterResultDir}/outpaths.json \

     

       262
       +
                 > $out/changed-paths.json

     

       263
       +
       

     

       264
       +
               # TODO: Compare eval stats

     

       265
       +
             '';

     

       266
       +
       

     

       267
        
         full =

     

       268
        
           {

     

       269
        
             # Whether to evaluate just a single system, by default all are evaluated

     
···

       294
        
           attrpathsSuperset

     

       295
        
           singleSystem

     

       296
        
           combine

     

       297
       +
           compare

     

       298
        
           # The above three are used by separate VMs in a GitHub workflow,

     

       299
        
           # while the below is intended for testing on a single local machine

     

       300
        
           full

ci/request-reviews/dev-branches.txt

···

       1
        
       # Trusted development branches:

     

       2
        
       # These generally require PRs to update and are built by Hydra.

     

       0
        
       
     

       3
        
       master

     

       4
        
       staging

     

       5
        
       release-*

···

       1
        
       # Trusted development branches:

     

       2
        
       # These generally require PRs to update and are built by Hydra.

     

       3
       +
       # Keep this synced with the branches in .github/workflows/eval.yml

     

       4
        
       master

     

       5
        
       staging

     

       6
        
       release-*