commit b46cb23251b43bd963ea48fd414fd2cf9ac739f6 · pyrox.dev/nixpkgs

+10 -27

.github/workflows/check.yml

···

       45
       45
        
                 filter: tree:0

     

       46
       46
        
                 path: trusted

     

       47
       47
        
       

     

       48
       48
       -
             - name: Check cherry-picks

     

       49
       49
       -
               id: check

     

       50
       50
       -
               continue-on-error: true

     

       51
       51
       -
               env:

     

       52
       52
       -
                 BASE_SHA: ${{ github.event.pull_request.base.sha }}

     

       53
       53
       -
                 HEAD_SHA: ${{ github.event.pull_request.head.sha }}

     

       54
       54
       -
               run: |

     

       55
       55
       -
                 ./trusted/ci/check-cherry-picks.sh "$BASE_SHA" "$HEAD_SHA" checked-cherry-picks.md

     

       48
       48
       +
             - name: Install dependencies

     

       49
       49
       +
               run: npm install bottleneck

     

       56
       50
        
       

     

       57
       51
        
             - name: Log current API rate limits

     

       58
       52
        
               env:

     

       59
       53
        
                 GH_TOKEN: ${{ github.token }}

     

       60
       54
        
               run: gh api /rate_limit | jq

     

       61
       55
        
       

     

       62
       62
       -
             - name: Prepare review

     

       63
       63
       -
               if: steps.check.outcome == 'failure'

     

       56
       56
       +
             - name: Check cherry-picks

     

       57
       57
       +
               id: check

     

       58
       58
       +
               continue-on-error: true

     

       64
       59
        
               uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1

     

       65
       60
        
               with:

     

       66
       61
        
                 script: |

     

       67
       67
       -
                   const { readFile, writeFile } = require('node:fs/promises')

     

       68
       68
       -
       

     

       69
       69
       -
                   const job_url = (await github.rest.actions.listJobsForWorkflowRun({

     

       70
       70
       -
                     owner: context.repo.owner,

     

       71
       71
       -
                     repo: context.repo.repo,

     

       72
       72
       -
                     run_id: context.runId

     

       73
       73
       -
                   })).data.jobs[0].html_url + '?pr=' + context.payload.pull_request.number

     

       74
       74
       -
       

     

       75
       75
       -
                   const header = await readFile('trusted/ci/check-cherry-picks.md')

     

       76
       76
       -
                   const body = await readFile('checked-cherry-picks.md')

     

       77
       77
       -
                   const footer =

     

       78
       78
       -
                     `\n_Hint: The full diffs are also available in the [runner logs](${job_url}) with slightly better highlighting._`

     

       79
       79
       -
       

     

       80
       80
       -
                   const review = header + body + footer

     

       81
       81
       -
                   await writeFile('review.md', review)

     

       82
       82
       -
                   core.summary.addRaw(review)

     

       83
       83
       -
                   core.summary.write()

     

       62
       62
       +
                   require('./trusted/ci/github-script/commits.js')({

     

       63
       63
       +
                     github,

     

       64
       64
       +
                     context,

     

       65
       65
       +
                     core,

     

       66
       66
       +
                   })

     

       84
       67
        
       

     

       85
       68
        
             - name: Request changes

     

       86
       69
        
               if: ${{ github.event_name == 'pull_request_target' && steps.check.outcome == 'failure' }}

ci/check-cherry-picks.md ci/github-script/check-cherry-picks.md

-152

ci/check-cherry-picks.sh

···

       1
       1
       -
       #!/usr/bin/env bash

     

       2
       2
       -
       # Find alleged cherry-picks

     

       3
       3
       -
       

     

       4
       4
       -
       set -euo pipefail

     

       5
       5
       -
       

     

       6
       6
       -
       if [[ $# != "2" && $# != "3" ]] ; then

     

       7
       7
       -
         echo "usage: check-cherry-picks.sh base_rev head_rev [markdown_file]"

     

       8
       8
       -
         exit 2

     

       9
       9
       -
       fi

     

       10
       10
       -
       

     

       11
       11
       -
       markdown_file="$(realpath ${3:-/dev/null})"

     

       12
       12
       -
       [ -v 3 ] && rm -f "$markdown_file"

     

       13
       13
       -
       

     

       14
       14
       -
       # Make sure we are inside the nixpkgs repo, even when called from outside

     

       15
       15
       -
       cd "$(dirname "${BASH_SOURCE[0]}")"

     

       16
       16
       -
       

     

       17
       17
       -
       PICKABLE_BRANCHES="master staging release-??.?? staging-??.?? haskell-updates python-updates staging-next staging-next-??.??"

     

       18
       18
       -
       problem=0

     

       19
       19
       -
       

     

       20
       20
       -
       # Not everyone calls their remote "origin"

     

       21
       21
       -
       remote="$(git remote -v | grep -i 'NixOS/nixpkgs' | head -n1 | cut -f1 || true)"

     

       22
       22
       -
       

     

       23
       23
       -
       commits="$(git rev-list --reverse "$1..$2")"

     

       24
       24
       -
       

     

       25
       25
       -
       log() {

     

       26
       26
       -
         type="$1"

     

       27
       27
       -
         shift 1

     

       28
       28
       -
       

     

       29
       29
       -
         local -A prefix

     

       30
       30
       -
         prefix[success]="  ✔ "

     

       31
       31
       -
         if [ -v GITHUB_ACTIONS ]; then

     

       32
       32
       -
           prefix[warning]="::warning::"

     

       33
       33
       -
           prefix[error]="::error::"

     

       34
       34
       -
         else

     

       35
       35
       -
           prefix[warning]="  ⚠ "

     

       36
       36
       -
           prefix[error]="  ✘ "

     

       37
       37
       -
         fi

     

       38
       38
       -
       

     

       39
       39
       -
         echo "${prefix[$type]}$@"

     

       40
       40
       -
       

     

       41
       41
       -
         # Only logging errors and warnings, which allows comparing the markdown file

     

       42
       42
       -
         # between pushes to the PR. Even if a new, proper cherry-pick, commit is added

     

       43
       43
       -
         # it won't change the markdown file's content and thus not trigger another comment.

     

       44
       44
       -
         if [ "$type" != "success" ]; then

     

       45
       45
       -
           local -A alert

     

       46
       46
       -
           alert[warning]="WARNING"

     

       47
       47
       -
           alert[error]="CAUTION"

     

       48
       48
       -
           echo >> $markdown_file

     

       49
       49
       -
           echo "> [!${alert[$type]}]" >> $markdown_file

     

       50
       50
       -
           echo "> $@" >> $markdown_file

     

       51
       51
       -
         fi

     

       52
       52
       -
       }

     

       53
       53
       -
       

     

       54
       54
       -
       endgroup() {

     

       55
       55
       -
         if [ -v GITHUB_ACTIONS ] ; then

     

       56
       56
       -
           echo ::endgroup::

     

       57
       57
       -
         fi

     

       58
       58
       -
       }

     

       59
       59
       -
       

     

       60
       60
       -
       while read -r new_commit_sha ; do

     

       61
       61
       -
         if [ -v GITHUB_ACTIONS ] ; then

     

       62
       62
       -
           echo "::group::Commit $new_commit_sha"

     

       63
       63
       -
         else

     

       64
       64
       -
           echo "================================================="

     

       65
       65
       -
         fi

     

       66
       66
       -
         git rev-list --max-count=1 --format=medium "$new_commit_sha"

     

       67
       67
       -
         echo "-------------------------------------------------"

     

       68
       68
       -
       

     

       69
       69
       -
         # Using the last line with "cherry" + hash, because a chained backport

     

       70
       70
       -
         # can result in multiple of those lines. Only the last one counts.

     

       71
       71
       -
         original_commit_sha=$(

     

       72
       72
       -
           git rev-list --max-count=1 --format=format:%B "$new_commit_sha" \

     

       73
       73
       -
           | grep -Ei "cherry.*[0-9a-f]{40}" | tail -n1 \

     

       74
       74
       -
           | grep -Eoi -m1 '[0-9a-f]{40}' || true

     

       75
       75
       -
         )

     

       76
       76
       -
         if [ -z "$original_commit_sha" ] ; then

     

       77
       77
       -
           endgroup

     

       78
       78
       -
           log warning "Couldn't locate original commit hash in message of $new_commit_sha."

     

       79
       79
       -
           problem=1

     

       80
       80
       -
           continue

     

       81
       81
       -
         fi

     

       82
       82
       -
       

     

       83
       83
       -
         set -f # prevent pathname expansion of patterns

     

       84
       84
       -
         for pattern in $PICKABLE_BRANCHES ; do

     

       85
       85
       -
           set +f # re-enable pathname expansion

     

       86
       86
       -
       

     

       87
       87
       -
           # Reverse sorting by refname and taking one match only means we can only backport

     

       88
       88
       -
           # from unstable and the latest stable. That makes sense, because even right after

     

       89
       89
       -
           # branch-off, when we have two supported stable branches, we only ever want to cherry-pick

     

       90
       90
       -
           # **to** the older one, but never **from** it.

     

       91
       91
       -
           # This makes the job significantly faster in the case when commits can't be found,

     

       92
       92
       -
           # because it doesn't need to iterate through 20+ branches, which all need to be fetched.

     

       93
       93
       -
           branches="$(git for-each-ref --sort=-refname --format="%(refname)" \

     

       94
       94
       -
             "refs/remotes/${remote:-origin}/$pattern" | head -n1)"

     

       95
       95
       -
       

     

       96
       96
       -
           while read -r picked_branch ; do

     

       97
       97
       -
             if git merge-base --is-ancestor "$original_commit_sha" "$picked_branch" ; then

     

       98
       98
       -
               range_diff_common='git --no-pager range-diff

     

       99
       99
       -
                 --no-notes

     

       100
       100
       -
                 --creation-factor=100

     

       101
       101
       -
                 '"$original_commit_sha~..$original_commit_sha"'

     

       102
       102
       -
                 '"$new_commit_sha~..$new_commit_sha"'

     

       103
       103
       -
               '

     

       104
       104
       -
       

     

       105
       105
       -
               if $range_diff_common --no-color 2> /dev/null | grep -E '^ {4}[+-]{2}' > /dev/null ; then

     

       106
       106
       -
                 log success "$original_commit_sha present in branch $picked_branch"

     

       107
       107
       -
                 endgroup

     

       108
       108
       -
                 log warning "Difference between $new_commit_sha and original $original_commit_sha may warrant inspection."

     

       109
       109
       -
       

     

       110
       110
       -
                 # First line contains commit SHAs, which we already printed.

     

       111
       111
       -
                 $range_diff_common --color | tail -n +2

     

       112
       112
       -
       

     

       113
       113
       -
                 echo -e "> <details><summary>Show diff</summary>\n>" >> $markdown_file

     

       114
       114
       -
                 echo '> ```diff' >> $markdown_file

     

       115
       115
       -
                 # The output of `git range-diff` is indented with 4 spaces, which we need to match with the

     

       116
       116
       -
                 # code blocks indent to get proper syntax highlighting on GitHub.

     

       117
       117
       -
                 diff="$($range_diff_common | tail -n +2 | sed -Ee 's/^ {4}/> /g')"

     

       118
       118
       -
                 # Also limit the output to 10k bytes (and remove the last, potentially incomplete line), because

     

       119
       119
       -
                 # GitHub comments are limited in length. The value of 10k is arbitrary with the assumption, that

     

       120
       120
       -
                 # after the range-diff becomes a certain size, a reviewer is better off reviewing the regular diff

     

       121
       121
       -
                 # in GitHub's UI anyway, thus treating the commit as "new" and not cherry-picked.

     

       122
       122
       -
                 # Note: This could still lead to a too lengthy comment with multiple commits touching the limit. We

     

       123
       123
       -
                 # consider this too unlikely to happen, to deal with explicitly.

     

       124
       124
       -
                 max_length=10000

     

       125
       125
       -
                 if [ "${#diff}" -gt $max_length ]; then

     

       126
       126
       -
                   printf -v diff "%s\n>\n> [...truncated...]" "$(echo "$diff" | head -c $max_length | head -n-1)"

     

       127
       127
       -
                 fi

     

       128
       128
       -
                 echo "$diff" >> $markdown_file

     

       129
       129
       -
                 echo '> ```' >> $markdown_file

     

       130
       130
       -
                 echo "> </details>" >> $markdown_file

     

       131
       131
       -
       

     

       132
       132
       -
                 problem=1

     

       133
       133
       -
               else

     

       134
       134
       -
                 log success "$original_commit_sha present in branch $picked_branch"

     

       135
       135
       -
                 log success "$original_commit_sha highly similar to $new_commit_sha"

     

       136
       136
       -
                 $range_diff_common --color

     

       137
       137
       -
                 endgroup

     

       138
       138
       -
               fi

     

       139
       139
       -
       

     

       140
       140
       -
               # move on to next commit

     

       141
       141
       -
               continue 3

     

       142
       142
       -
             fi

     

       143
       143
       -
           done <<< "$branches"

     

       144
       144
       -
         done

     

       145
       145
       -
       

     

       146
       146
       -
         endgroup

     

       147
       147
       -
         log error "$original_commit_sha given in $new_commit_sha not found in any pickable branch."

     

       148
       148
       -
       

     

       149
       149
       -
         problem=1

     

       150
       150
       -
       done <<< "$commits"

     

       151
       151
       -
       

     

       152
       152
       -
       exit $problem

ci/github-script/.gitignore

···

       1
       1
        
       node_modules

     

       2
       2
       +
       step-summary.md

ci/github-script/README.md

···

       8
       8
        
       - Enter `nix-shell` in `./ci/github-script`.

     

       9
       9
        
       - Ensure `gh` is authenticated.

     

       10
       10
        
       

     

       11
       11
       +
       ## Check commits

     

       12
       12
       +
       

     

       13
       13
       +
       Run `./run commits OWNER REPO PR`, where OWNER is your username or "NixOS", REPO is the name of your fork or "nixpkgs" and PR is the number of the pull request to check.

     

       14
       14
       +
       

     

       11
       15
        
       ## Labeler

     

       12
       16
        
       

     

       13
       17
        
       Run `./run labels OWNER REPO`, where OWNER is your username or "NixOS" and REPO the name of your fork or "nixpkgs".

+199

ci/github-script/commits.js

···

       1
       1
       +
       module.exports = async function ({ github, context, core }) {

     

       2
       2
       +
         const { execFileSync } = require('node:child_process')

     

       3
       3
       +
         const { readFile, writeFile } = require('node:fs/promises')

     

       4
       4
       +
         const { join } = require('node:path')

     

       5
       5
       +
         const { classify } = require('../supportedBranches.js')

     

       6
       6
       +
         const withRateLimit = require('./withRateLimit.js')

     

       7
       7
       +
       

     

       8
       8
       +
         await withRateLimit({ github, core }, async (stats) => {

     

       9
       9
       +
           stats.prs = 1

     

       10
       10
       +
       

     

       11
       11
       +
           const job_url =

     

       12
       12
       +
             context.runId &&

     

       13
       13
       +
             (

     

       14
       14
       +
               await github.rest.actions.listJobsForWorkflowRun({

     

       15
       15
       +
                 ...context.repo,

     

       16
       16
       +
                 run_id: context.runId,

     

       17
       17
       +
               })

     

       18
       18
       +
             ).data.jobs[0].html_url +

     

       19
       19
       +
               '?pr=' +

     

       20
       20
       +
               context.payload.pull_request.number

     

       21
       21
       +
       

     

       22
       22
       +
           async function handle({ sha, commit }) {

     

       23
       23
       +
             // Using the last line with "cherry" + hash, because a chained backport

     

       24
       24
       +
             // can result in multiple of those lines. Only the last one counts.

     

       25
       25
       +
             const match = Array.from(

     

       26
       26
       +
               commit.message.matchAll(/cherry.*([0-9a-f]{40})/g),

     

       27
       27
       +
             ).at(-1)

     

       28
       28
       +
       

     

       29
       29
       +
             if (!match)

     

       30
       30
       +
               return {

     

       31
       31
       +
                 sha,

     

       32
       32
       +
                 commit,

     

       33
       33
       +
                 severity: 'warning',

     

       34
       34
       +
                 message: `Couldn't locate original commit hash in message of ${sha}.`,

     

       35
       35
       +
               }

     

       36
       36
       +
       

     

       37
       37
       +
             const original_sha = match[1]

     

       38
       38
       +
       

     

       39
       39
       +
             let branches

     

       40
       40
       +
             try {

     

       41
       41
       +
               branches = (

     

       42
       42
       +
                 await github.request({

     

       43
       43
       +
                   // This is an undocumented endpoint to fetch the branches a commit is part of.

     

       44
       44
       +
                   // There is no equivalent in neither the REST nor the GraphQL API.

     

       45
       45
       +
                   // The endpoint itself is unlikely to go away, because GitHub uses it to display

     

       46
       46
       +
                   // the list of branches on the detail page of a commit.

     

       47
       47
       +
                   url: `https://github.com/${context.repo.owner}/${context.repo.repo}/branch_commits/${original_sha}`,

     

       48
       48
       +
                   headers: {

     

       49
       49
       +
                     accept: 'application/json',

     

       50
       50
       +
                   },

     

       51
       51
       +
                 })

     

       52
       52
       +
               ).data.branches

     

       53
       53
       +
                 .map(({ branch }) => branch)

     

       54
       54
       +
                 .filter((branch) => classify(branch).type.includes('development'))

     

       55
       55
       +
             } catch (e) {

     

       56
       56
       +
               // For some unknown reason a 404 error comes back as 500 without any more details in a GitHub Actions runner.

     

       57
       57
       +
               // Ignore these to return a regular error message below.

     

       58
       58
       +
               if (![404, 500].includes(e.status)) throw e

     

       59
       59
       +
             }

     

       60
       60
       +
             if (!branches?.length)

     

       61
       61
       +
               return {

     

       62
       62
       +
                 sha,

     

       63
       63
       +
                 commit,

     

       64
       64
       +
                 severity: 'error',

     

       65
       65
       +
                 message: `${original_sha} given in ${sha} not found in any pickable branch.`,

     

       66
       66
       +
               }

     

       67
       67
       +
       

     

       68
       68
       +
             const diff = execFileSync('git', [

     

       69
       69
       +
               '-C',

     

       70
       70
       +
               __dirname,

     

       71
       71
       +
               'range-diff',

     

       72
       72
       +
               '--no-color',

     

       73
       73
       +
               '--no-notes',

     

       74
       74
       +
               '--creation-factor=100',

     

       75
       75
       +
               `${original_sha}~..${original_sha}`,

     

       76
       76
       +
               `${sha}~..${sha}`,

     

       77
       77
       +
             ])

     

       78
       78
       +
               .toString()

     

       79
       79
       +
               .split('\n')

     

       80
       80
       +
               // First line contains commit SHAs, which we'll print separately.

     

       81
       81
       +
               .slice(1)

     

       82
       82
       +
               // # The output of `git range-diff` is indented with 4 spaces, but we'll control indentation manually.

     

       83
       83
       +
               .map((line) => line.replace(/^ {4}/, ''))

     

       84
       84
       +
       

     

       85
       85
       +
             if (!diff.some((line) => line.match(/^[+-]{2}/)))

     

       86
       86
       +
               return {

     

       87
       87
       +
                 sha,

     

       88
       88
       +
                 commit,

     

       89
       89
       +
                 severity: 'info',

     

       90
       90
       +
                 message: `✔ ${original_sha} is highly similar to ${sha}.`,

     

       91
       91
       +
               }

     

       92
       92
       +
       

     

       93
       93
       +
             const colored_diff = execFileSync('git', [

     

       94
       94
       +
               '-C',

     

       95
       95
       +
               __dirname,

     

       96
       96
       +
               'range-diff',

     

       97
       97
       +
               '--color',

     

       98
       98
       +
               '--no-notes',

     

       99
       99
       +
               '--creation-factor=100',

     

       100
       100
       +
               `${original_sha}~..${original_sha}`,

     

       101
       101
       +
               `${sha}~..${sha}`,

     

       102
       102
       +
             ]).toString()

     

       103
       103
       +
       

     

       104
       104
       +
             return {

     

       105
       105
       +
               sha,

     

       106
       106
       +
               commit,

     

       107
       107
       +
               diff,

     

       108
       108
       +
               colored_diff,

     

       109
       109
       +
               severity: 'warning',

     

       110
       110
       +
               message: `Difference between ${sha} and original ${original_sha} may warrant inspection.`,

     

       111
       111
       +
             }

     

       112
       112
       +
           }

     

       113
       113
       +
       

     

       114
       114
       +
           const commits = await github.paginate(github.rest.pulls.listCommits, {

     

       115
       115
       +
             ...context.repo,

     

       116
       116
       +
             pull_number: context.payload.pull_request.number,

     

       117
       117
       +
           })

     

       118
       118
       +
       

     

       119
       119
       +
           const results = await Promise.all(commits.map(handle))

     

       120
       120
       +
       

     

       121
       121
       +
           // Log all results without truncation and with better highlighting to the job log.

     

       122
       122
       +
           results.forEach(({ sha, commit, severity, message, colored_diff }) => {

     

       123
       123
       +
             core.startGroup(`Commit ${sha}`)

     

       124
       124
       +
             core.info(`Author: ${commit.author.name} ${commit.author.email}`)

     

       125
       125
       +
             core.info(`Date: ${new Date(commit.author.date)}`)

     

       126
       126
       +
             core[severity](message)

     

       127
       127
       +
             core.endGroup()

     

       128
       128
       +
             if (colored_diff) core.info(colored_diff)

     

       129
       129
       +
           })

     

       130
       130
       +
       

     

       131
       131
       +
           // Only create step summary below in case of warnings or errors.

     

       132
       132
       +
           if (results.every(({ severity }) => severity == 'info')) return

     

       133
       133
       +
           else process.exitCode = 1

     

       134
       134
       +
       

     

       135
       135
       +
           core.summary.addRaw(

     

       136
       136
       +
             await readFile(join(__dirname, 'check-cherry-picks.md'), 'utf-8'),

     

       137
       137
       +
             true,

     

       138
       138
       +
           )

     

       139
       139
       +
           results.forEach(({ severity, message, diff }) => {

     

       140
       140
       +
             if (severity == 'info') return

     

       141
       141
       +
       

     

       142
       142
       +
             // The docs for markdown alerts only show examples with markdown blockquote syntax, like this:

     

       143
       143
       +
             //   > [!WARNING]

     

       144
       144
       +
             //   > message

     

       145
       145
       +
             // However, our testing shows that this also works with a `<blockquote>` html tag, as long as there

     

       146
       146
       +
             // is an empty line:

     

       147
       147
       +
             //   <blockquote>

     

       148
       148
       +
             //

     

       149
       149
       +
             //   [!WARNING]

     

       150
       150
       +
             //   message

     

       151
       151
       +
             //   </blockquote>

     

       152
       152
       +
             // Whether this is intended or just an implementation detail is unclear.

     

       153
       153
       +
             core.summary.addRaw('<blockquote>')

     

       154
       154
       +
             core.summary.addRaw(

     

       155
       155
       +
               `\n\n[!${severity == 'warning' ? 'WARNING' : 'CAUTION'}]`,

     

       156
       156
       +
               true,

     

       157
       157
       +
             )

     

       158
       158
       +
             core.summary.addRaw(`${message}`, true)

     

       159
       159
       +
       

     

       160
       160
       +
             if (diff) {

     

       161
       161
       +
               // Limit the output to 10k bytes and remove the last, potentially incomplete line, because GitHub

     

       162
       162
       +
               // comments are limited in length. The value of 10k is arbitrary with the assumption, that after

     

       163
       163
       +
               // the range-diff becomes a certain size, a reviewer is better off reviewing the regular diff in

     

       164
       164
       +
               // GitHub's UI anyway, thus treating the commit as "new" and not cherry-picked.

     

       165
       165
       +
               // Note: if multiple commits are close to the limit, this approach could still lead to a comment

     

       166
       166
       +
               // that's too long. We think this is unlikely to happen, and so don't deal with it explicitly.

     

       167
       167
       +
               const truncated = []

     

       168
       168
       +
               let total_length = 0

     

       169
       169
       +
               for (line of diff) {

     

       170
       170
       +
                 total_length += line.length

     

       171
       171
       +
                 if (total_length > 10000) {

     

       172
       172
       +
                   truncated.push('', '[...truncated...]')

     

       173
       173
       +
                   break

     

       174
       174
       +
                 } else {

     

       175
       175
       +
                   truncated.push(line)

     

       176
       176
       +
                 }

     

       177
       177
       +
               }

     

       178
       178
       +
       

     

       179
       179
       +
               core.summary.addRaw('<details><summary>Show diff</summary>')

     

       180
       180
       +
               core.summary.addRaw('\n\n```diff', true)

     

       181
       181
       +
               core.summary.addRaw(truncated.join('\n'), true)

     

       182
       182
       +
               core.summary.addRaw('```', true)

     

       183
       183
       +
               core.summary.addRaw('</details>')

     

       184
       184
       +
             }

     

       185
       185
       +
       

     

       186
       186
       +
             core.summary.addRaw('</blockquote>')

     

       187
       187
       +
           })

     

       188
       188
       +
       

     

       189
       189
       +
           if (job_url)

     

       190
       190
       +
             core.summary.addRaw(

     

       191
       191
       +
               `\n\n_Hint: The full diffs are also available in the [runner logs](${job_url}) with slightly better highlighting._`,

     

       192
       192
       +
             )

     

       193
       193
       +
       

     

       194
       194
       +
           // Write to disk temporarily for next step in GHA.

     

       195
       195
       +
           await writeFile('review.md', core.summary.stringify())

     

       196
       196
       +
       

     

       197
       197
       +
           core.summary.write()

     

       198
       198
       +
         })

     

       199
       199
       +
       }

+36 -22

ci/github-script/run

···

       1
       1
        
       #!/usr/bin/env -S node --import ./run

     

       2
       2
        
       import { execSync } from 'node:child_process'

     

       3
       3
       -
       import { mkdtempSync, rmSync } from 'node:fs'

     

       3
       3
       +
       import { closeSync, mkdtempSync, openSync, rmSync } from 'node:fs'

     

       4
       4
        
       import { tmpdir } from 'node:os'

     

       5
       5
        
       import { join } from 'node:path'

     

       6
       6
        
       import { program } from 'commander'

     

       7
       7
        
       import * as core from '@actions/core'

     

       8
       8
        
       import { getOctokit } from '@actions/github'

     

       9
       9
        
       

     

       10
       10
       -
       async function run(action, owner, repo, pull_number, dry) {

     

       10
       10
       +
       async function run(action, owner, repo, pull_number, dry = true) {

     

       11
       11
        
         const token = execSync('gh auth token', { encoding: 'utf-8' }).trim()

     

       12
       12
        
       

     

       13
       13
        
         const github = getOctokit(token)

     
···

       20
       20
        
           })).data

     

       21
       21
        
         }

     

       22
       22
        
       

     

       23
       23
       -
         const tmp = mkdtempSync(join(tmpdir(), 'github-script-'))

     

       24
       24
       -
         try {

     

       25
       25
       -
           process.env.GITHUB_WORKSPACE = tmp

     

       26
       26
       -
           process.env['INPUT_GITHUB-TOKEN'] = token

     

       27
       27
       -
           process.chdir(tmp)

     

       23
       23
       +
         process.env['INPUT_GITHUB-TOKEN'] = token

     

       24
       24
       +
       

     

       25
       25
       +
         closeSync(openSync('step-summary.md', 'w'))

     

       26
       26
       +
         process.env.GITHUB_STEP_SUMMARY = 'step-summary.md'

     

       28
       27
        
       

     

       29
       29
       -
           await action({

     

       30
       30
       -
             github,

     

       31
       31
       -
             context: {

     

       32
       32
       -
               payload,

     

       33
       33
       -
               repo: {

     

       34
       34
       -
                 owner,

     

       35
       35
       -
                 repo,

     

       36
       36
       -
               },

     

       28
       28
       +
         await action({

     

       29
       29
       +
           github,

     

       30
       30
       +
           context: {

     

       31
       31
       +
             payload,

     

       32
       32
       +
             repo: {

     

       33
       33
       +
               owner,

     

       34
       34
       +
               repo,

     

       37
       35
        
             },

     

       38
       38
       -
             core,

     

       39
       39
       -
             dry,

     

       40
       40
       -
           })

     

       41
       41
       -
         } finally {

     

       42
       42
       -
           rmSync(tmp, { recursive: true })

     

       43
       43
       -
         }

     

       36
       36
       +
           },

     

       37
       37
       +
           core,

     

       38
       38
       +
           dry,

     

       39
       39
       +
         })

     

       44
       40
        
       }

     

       45
       41
        
       

     

       46
       42
        
       program

     

       43
       43
       +
         .command('commits')

     

       44
       44
       +
         .description('Check commit structure of a pull request.')

     

       45
       45
       +
         .argument('<owner>', 'Owner of the GitHub repository to check (Example: NixOS)')

     

       46
       46
       +
         .argument('<repo>', 'Name of the GitHub repository to check (Example: nixpkgs)')

     

       47
       47
       +
         .argument('<pr>', 'Number of the Pull Request to check')

     

       48
       48
       +
         .action(async (owner, repo, pr) => {

     

       49
       49
       +
           const commits = (await import('./commits.js')).default

     

       50
       50
       +
           run(commits, owner, repo, pr)

     

       51
       51
       +
         })

     

       52
       52
       +
       

     

       53
       53
       +
       program

     

       47
       54
        
         .command('labels')

     

       48
       55
        
         .description('Manage labels on pull requests.')

     

       49
       56
        
         .argument('<owner>', 'Owner of the GitHub repository to label (Example: NixOS)')

     
···

       52
       59
        
         .option('--no-dry', 'Make actual modifications')

     

       53
       60
        
         .action(async (owner, repo, pr, options) => {

     

       54
       61
        
           const labels = (await import('./labels.js')).default

     

       55
       55
       -
           run(labels, owner, repo, pr, options.dry)

     

       62
       62
       +
           const tmp = mkdtempSync(join(tmpdir(), 'github-script-'))

     

       63
       63
       +
           try {

     

       64
       64
       +
             process.env.GITHUB_WORKSPACE = tmp

     

       65
       65
       +
             process.chdir(tmp)

     

       66
       66
       +
             run(labels, owner, repo, pr, options.dry)

     

       67
       67
       +
           } finally {

     

       68
       68
       +
             rmSync(tmp, { recursive: true })

     

       69
       69
       +
           }

     

       56
       70
        
         })

     

       57
       71
        
       

     

       58
       72
        
       await program.parse()

ci/github-script/withRateLimit.js

···

       20
       20
        
         // Pause between mutative requests

     

       21
       21
        
         const writeLimits = new Bottleneck({ minTime: 1000 }).chain(allLimits)

     

       22
       22
        
         github.hook.wrap('request', async (request, options) => {

     

       23
       23
       +
           // Requests to a different host do not count against the rate limit.

     

       24
       24
       +
           if (options.url.startsWith('https://github.com')) return request(options)

     

       23
       25
        
           // Requests to the /rate_limit endpoint do not count against the rate limit.

     

       24
       26
        
           if (options.url == '/rate_limit') return request(options)

     

       25
       27
        
           // Search requests are in a different resource group, which allows 30 requests / minute.