commit b51e104439587fabc53e3f644bcef0af43f10c23 · pyrox.dev/nixpkgs

+54

.github/actions/checkout/action.yml

···

       1
       1
       +
       name: Checkout

     

       2
       2
       +
       

     

       3
       3
       +
       description: 'Checkout into trusted / untrusted / pinned folders consistently.'

     

       4
       4
       +
       

     

       5
       5
       +
       inputs:

     

       6
       6
       +
         merged-as-untrusted-at:

     

       7
       7
       +
           description: "Whether and which SHA to checkout for the merge commit in the ./untrusted folder."

     

       8
       8
       +
           type: boolean

     

       9
       9
       +
         pinnedFrom:

     

       10
       10
       +
           description: "Whether to checkout the pinned nixpkgs for CI and from where (trusted, untrusted)."

     

       11
       11
       +
           type: string

     

       12
       12
       +
         target-as-trusted-at:

     

       13
       13
       +
           description: "Whether and which SHA to checkout for the target commit in the ./trusted folder."

     

       14
       14
       +
           type: boolean

     

       15
       15
       +
       

     

       16
       16
       +
       runs:

     

       17
       17
       +
         using: composite

     

       18
       18
       +
         steps:

     

       19
       19
       +
           - if: inputs.merged-as-untrusted-at

     

       20
       20
       +
             # Would be great to do the checkouts in git worktrees of the existing spare checkout instead,

     

       21
       21
       +
             # but Nix is broken with them:

     

       22
       22
       +
             # https://github.com/NixOS/nix/issues/6073

     

       23
       23
       +
             uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       24
       24
       +
             with:

     

       25
       25
       +
               ref: ${{ inputs.merged-as-untrusted-at }}

     

       26
       26
       +
               path: untrusted

     

       27
       27
       +
       

     

       28
       28
       +
           - if: inputs.target-as-trusted-at

     

       29
       29
       +
             uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       30
       30
       +
             with:

     

       31
       31
       +
               ref: ${{ inputs.target-as-trusted-at }}

     

       32
       32
       +
               path: trusted

     

       33
       33
       +
       

     

       34
       34
       +
           - if: inputs.pinnedFrom

     

       35
       35
       +
             id: pinned

     

       36
       36
       +
             uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1

     

       37
       37
       +
             env:

     

       38
       38
       +
               PINNED_FROM: ${{ inputs.pinnedFrom }}

     

       39
       39
       +
             with:

     

       40
       40
       +
               script: |

     

       41
       41
       +
                 const path = require('node:path')

     

       42
       42
       +
                 const pinned = require(path.resolve(path.join(process.env.PINNED_FROM, 'ci', 'pinned.json')))

     

       43
       43
       +
                 core.setOutput('pinnedSha', pinned.pins.nixpkgs.revision)

     

       44
       44
       +
       

     

       45
       45
       +
           - if: steps.pinned.outputs.pinnedSha

     

       46
       46
       +
             uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       47
       47
       +
             with:

     

       48
       48
       +
               ref: ${{ steps.pinned.outputs.pinnedSha }}

     

       49
       49
       +
               path: pinned

     

       50
       50
       +
               sparse-checkout: |

     

       51
       51
       +
                 lib

     

       52
       52
       +
                 maintainers

     

       53
       53
       +
                 nixos/lib

     

       54
       54
       +
                 pkgs

-80

.github/actions/get-merge-commit/action.yml

···

       1
       1
       -
       name: Get merge commit

     

       2
       2
       -
       

     

       3
       3
       -
       description: 'Checks whether the Pull Request is mergeable and checks out the repo at up to two commits: The result of a temporary merge of the head branch into the target branch ("merged"), and the parent of that commit on the target branch ("target"). Handles push events and merge conflicts gracefully.'

     

       4
       4
       -
       

     

       5
       5
       -
       inputs:

     

       6
       6
       -
         mergedSha:

     

       7
       7
       -
           description: "The merge commit SHA, previously collected."

     

       8
       8
       -
           type: string

     

       9
       9
       -
         merged-as-untrusted:

     

       10
       10
       -
           description: "Whether to checkout the merge commit in the ./untrusted folder."

     

       11
       11
       -
           type: boolean

     

       12
       12
       -
         pinnedFrom:

     

       13
       13
       -
           description: "Whether to checkout the pinned nixpkgs for CI and from where (trusted, untrusted)."

     

       14
       14
       -
           type: string

     

       15
       15
       -
         targetSha:

     

       16
       16
       -
           description: "The target commit SHA, previously collected."

     

       17
       17
       -
           type: string

     

       18
       18
       -
         target-as-trusted:

     

       19
       19
       -
           description: "Whether to checkout the target commit in the ./trusted folder."

     

       20
       20
       -
           type: boolean

     

       21
       21
       -
       

     

       22
       22
       -
       outputs:

     

       23
       23
       -
         mergedSha:

     

       24
       24
       -
           description: "The merge commit SHA"

     

       25
       25
       -
           value: ${{ steps.commits.outputs.mergedSha }}

     

       26
       26
       -
         targetSha:

     

       27
       27
       -
           description: "The target commit SHA"

     

       28
       28
       -
           value: ${{ steps.commits.outputs.targetSha }}

     

       29
       29
       -
       

     

       30
       30
       -
       runs:

     

       31
       31
       -
         using: composite

     

       32
       32
       -
         steps:

     

       33
       33
       -
           - id: commits

     

       34
       34
       -
             if: ${{ !inputs.mergedSha && !inputs.targetSha }}

     

       35
       35
       -
             uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1

     

       36
       36
       -
             with:

     

       37
       37
       -
               script: |

     

       38
       38
       -
                 require('./ci/github-script/prepare.js')({

     

       39
       39
       -
                   github,

     

       40
       40
       -
                   context,

     

       41
       41
       -
                   core,

     

       42
       42
       -
                 })

     

       43
       43
       -
       

     

       44
       44
       -
           - if: inputs.merged-as-untrusted && (inputs.mergedSha || steps.commits.outputs.mergedSha)

     

       45
       45
       -
             # Would be great to do the checkouts in git worktrees of the existing spare checkout instead,

     

       46
       46
       -
             # but Nix is broken with them:

     

       47
       47
       -
             # https://github.com/NixOS/nix/issues/6073

     

       48
       48
       -
             uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       49
       49
       -
             with:

     

       50
       50
       -
               ref: ${{ inputs.mergedSha || steps.commits.outputs.mergedSha }}

     

       51
       51
       -
               path: untrusted

     

       52
       52
       -
       

     

       53
       53
       -
           - if: inputs.target-as-trusted && (inputs.targetSha || steps.commits.outputs.targetSha)

     

       54
       54
       -
             uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       55
       55
       -
             with:

     

       56
       56
       -
               ref: ${{ inputs.targetSha || steps.commits.outputs.targetSha }}

     

       57
       57
       -
               path: trusted

     

       58
       58
       -
       

     

       59
       59
       -
           - if: inputs.pinnedFrom

     

       60
       60
       -
             id: pinned

     

       61
       61
       -
             uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1

     

       62
       62
       -
             env:

     

       63
       63
       -
               PINNED_FROM: ${{ inputs.pinnedFrom }}

     

       64
       64
       -
             with:

     

       65
       65
       -
               script: |

     

       66
       66
       -
                 const path = require('node:path')

     

       67
       67
       -
                 const pinned = require(path.resolve(path.join(process.env.PINNED_FROM, 'ci', 'pinned.json')))

     

       68
       68
       -
                 core.setOutput('pinnedSha', pinned.pins.nixpkgs.revision)

     

       69
       69
       -
       

     

       70
       70
       -
           - if: steps.pinned.outputs.pinnedSha

     

       71
       71
       -
             uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       72
       72
       -
             with:

     

       73
       73
       -
               ref: ${{ steps.pinned.outputs.pinnedSha }}

     

       74
       74
       -
               path: pinned

     

       75
       75
       -
               sparse-checkout: |

     

       76
       76
       -
                 lib

     

       77
       77
       -
                 maintainers

     

       78
       78
       -
                 nixos/lib

     

       79
       79
       -
                 pkgs

     

       80
       80
       -

+1 -1

.github/workflows/README.md

···

       17
       17
        
         This is a temporary commit that GitHub creates automatically as "what would happen, if this PR was merged into the base branch now?".

     

       18
       18
        
         The checkout could be done via the virtual branch `refs/pull/<pr-number>/merge`, but doing so would cause failures when this virtual branch doesn't exist (anymore).

     

       19
       19
        
         This can happen when the PR has conflicts, in which case the virtual branch is not created, or when the PR is getting merged while workflows are still running, in which case the branch won't exist anymore at the time of checkout.

     

       20
       20
       -
         Thus, we use the `get-merge-commit.yml` workflow to check whether the PR is mergeable and the test merge commit exists and only then run the relevant jobs.

     

       20
       20
       +
         Thus, we use the `prepare` job to check whether the PR is mergeable and the test merge commit exists and only then run the relevant jobs.

     

       21
       21
        
       

     

       22
       22
        
       - Various workflows need to make comparisons against the base branch.

     

       23
       23
        
         In this case, we checkout the parent of the "test merge commit" for best results.

+3 -4

.github/workflows/build.yml

···

       47
       47
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       48
       48
        
               with:

     

       49
       49
        
                 sparse-checkout: .github/actions

     

       50
       50
       -
             - name: Check if the PR can be merged and checkout the merge commit

     

       51
       51
       -
               uses: ./.github/actions/get-merge-commit

     

       50
       50
       +
             - name: Checkout the merge commit

     

       51
       51
       +
               uses: ./.github/actions/checkout

     

       52
       52
        
               with:

     

       53
       53
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       54
       54
       -
                 merged-as-untrusted: true

     

       53
       53
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       55
       54
        
                 pinnedFrom: untrusted

     

       56
       55
        
       

     

       57
       56
        
             - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31

+4 -6

.github/workflows/check.yml

···

       99
       99
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       100
       100
        
               with:

     

       101
       101
        
                 sparse-checkout: .github/actions

     

       102
       102
       -
             - name: Check if the PR can be merged and checkout the merge and target commits

     

       103
       103
       -
               uses: ./.github/actions/get-merge-commit

     

       102
       102
       +
             - name: Checkout merge and target commits

     

       103
       103
       +
               uses: ./.github/actions/checkout

     

       104
       104
        
               with:

     

       105
       105
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       106
       106
       -
                 merged-as-untrusted: true

     

       105
       105
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       107
       106
        
                 pinnedFrom: trusted

     

       108
       108
       -
                 targetSha: ${{ inputs.targetSha }}

     

       109
       109
       -
                 target-as-trusted: true

     

       107
       107
       +
                 target-as-trusted-at: ${{ inputs.targetSha }}

     

       110
       108
        
       

     

       111
       109
        
             - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31

     

       112
       110

+7 -10

.github/workflows/eval.yml

···

       88
       88
        
               with:

     

       89
       89
        
                 sparse-checkout: .github/actions

     

       90
       90
        
             - name: Check out the PR at the test merge commit

     

       91
       91
       -
               uses: ./.github/actions/get-merge-commit

     

       91
       91
       +
               uses: ./.github/actions/checkout

     

       92
       92
        
               with:

     

       93
       93
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       94
       94
       -
                 merged-as-untrusted: true

     

       93
       93
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       95
       94
        
                 pinnedFrom: untrusted

     

       96
       95
        
       

     

       97
       96
        
             - name: Install Nix

     
···

       206
       205
        
               with:

     

       207
       206
        
                 sparse-checkout: .github/actions

     

       208
       207
        
             - name: Check out the PR at the target commit

     

       209
       209
       -
               uses: ./.github/actions/get-merge-commit

     

       208
       208
       +
               uses: ./.github/actions/checkout

     

       210
       209
        
               with:

     

       211
       211
       -
                 targetSha: ${{ inputs.targetSha }}

     

       212
       212
       -
                 target-as-trusted: true

     

       210
       210
       +
                 target-as-trusted-at: ${{ inputs.targetSha }}

     

       213
       211
        
                 pinnedFrom: trusted

     

       214
       212
        
       

     

       215
       213
        
             - name: Download output paths and eval stats for all systems

     
···

       375
       373
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       376
       374
        
               with:

     

       377
       375
        
                 sparse-checkout: .github/actions

     

       378
       378
       -
             - name: Check if the PR can be merged and checkout the merge commit

     

       379
       379
       -
               uses: ./.github/actions/get-merge-commit

     

       376
       376
       +
             - name: Checkout the merge commit

     

       377
       377
       +
               uses: ./.github/actions/checkout

     

       380
       378
        
               with:

     

       381
       381
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       382
       382
       -
                 merged-as-untrusted: true

     

       379
       379
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       383
       380
        
       

     

       384
       381
        
             - name: Install Nix

     

       385
       382
        
               uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31

+10 -14

.github/workflows/lint.yml

···

       24
       24
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       25
       25
        
               with:

     

       26
       26
        
                 sparse-checkout: .github/actions

     

       27
       27
       -
             - name: Check if the PR can be merged and checkout the merge commit

     

       28
       28
       -
               uses: ./.github/actions/get-merge-commit

     

       27
       27
       +
             - name: Checkout the merge commit

     

       28
       28
       +
               uses: ./.github/actions/checkout

     

       29
       29
        
               with:

     

       30
       30
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       31
       31
       -
                 merged-as-untrusted: true

     

       30
       30
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       32
       31
        
                 pinnedFrom: untrusted

     

       33
       32
        
       

     

       34
       33
        
             - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31

     
···

       56
       55
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       57
       56
        
               with:

     

       58
       57
        
                 sparse-checkout: .github/actions

     

       59
       59
       -
             - name: Check if the PR can be merged and checkout the merge commit

     

       60
       60
       -
               uses: ./.github/actions/get-merge-commit

     

       58
       58
       +
             - name: Checkout the merge commit

     

       59
       59
       +
               uses: ./.github/actions/checkout

     

       61
       60
        
               with:

     

       62
       62
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       63
       63
       -
                 merged-as-untrusted: true

     

       61
       61
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       64
       62
        
                 pinnedFrom: untrusted

     

       65
       63
        
       

     

       66
       64
        
             - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31

     
···

       77
       75
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       78
       76
        
               with:

     

       79
       77
        
                 sparse-checkout: .github/actions

     

       80
       80
       -
             - name: Check if the PR can be merged and checkout merged and target commits

     

       81
       81
       -
               uses: ./.github/actions/get-merge-commit

     

       78
       78
       +
             - name: Checkout merge and target commits

     

       79
       79
       +
               uses: ./.github/actions/checkout

     

       82
       80
        
               with:

     

       83
       83
       -
                 mergedSha: ${{ inputs.mergedSha }}

     

       84
       84
       -
                 merged-as-untrusted: true

     

       81
       81
       +
                 merged-as-untrusted-at: ${{ inputs.mergedSha }}

     

       85
       82
        
                 pinnedFrom: untrusted

     

       86
       86
       -
                 targetSha: ${{ inputs.targetSha }}

     

       87
       87
       -
                 target-as-trusted: true

     

       83
       83
       +
                 target-as-trusted-at: ${{ inputs.targetSha }}

     

       88
       84
        
       

     

       89
       85
        
             - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31

     

       90
       86

+12 -9

.github/workflows/pr.yml

···

       3
       3
        
       on:

     

       4
       4
        
         pull_request:

     

       5
       5
        
           paths:

     

       6
       6
       -
             - .github/actions/get-merge-commit/action.yml

     

       6
       6
       +
             - .github/actions/checkout/action.yml

     

       7
       7
        
             - .github/workflows/build.yml

     

       8
       8
        
             - .github/workflows/check.yml

     

       9
       9
        
             - .github/workflows/eval.yml

     
···

       25
       25
        
           outputs:

     

       26
       26
        
             baseBranch: ${{ steps.branches.outputs.base }}

     

       27
       27
        
             headBranch: ${{ steps.branches.outputs.head }}

     

       28
       28
       -
             mergedSha: ${{ steps.get-merge-commit.outputs.mergedSha }}

     

       29
       29
       -
             targetSha: ${{ steps.get-merge-commit.outputs.targetSha }}

     

       28
       28
       +
             mergedSha: ${{ steps.prepare.outputs.mergedSha }}

     

       29
       29
       +
             targetSha: ${{ steps.prepare.outputs.targetSha }}

     

       30
       30
        
             systems: ${{ steps.systems.outputs.systems }}

     

       31
       31
        
             touched: ${{ steps.files.outputs.touched }}

     

       32
       32
        
           steps:

     

       33
       33
        
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     

       34
       34
        
               with:

     

       35
       35
        
                 sparse-checkout: |

     

       36
       36
       -
                   .github/actions

     

       37
       36
        
                   ci/github-script

     

       38
       38
       -
                   ci/supportedBranches.js

     

       39
       39
       -
                   ci/supportedSystems.json

     

       40
       40
       -
             - name: Check if the PR can be merged and get the test merge commit

     

       41
       41
       -
               uses: ./.github/actions/get-merge-commit

     

       42
       42
       -
               id: get-merge-commit

     

       37
       37
       +
             - id: prepare

     

       38
       38
       +
               uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1

     

       39
       39
       +
               with:

     

       40
       40
       +
                 script: |

     

       41
       41
       +
                   require('./ci/github-script/prepare.js')({

     

       42
       42
       +
                     github,

     

       43
       43
       +
                     context,

     

       44
       44
       +
                     core,

     

       45
       45
       +
                   })

     

       43
       46
        
       

     

       44
       47
        
             - name: Load supported systems

     

       45
       48
        
               id: systems