2024-09-03 22:13:13 +01:00
# `nixpkgs-vet` is a tool to vet Nixpkgs: its architecture, package structure, and more.
# Among other checks, it makes sure that `pkgs/by-name` (see `../../pkgs/by-name/README.md`) follows the validity rules outlined in [RFC 140](https://github.com/NixOS/rfcs/pull/140).
2024-09-02 20:33:28 +01:00
# When you make changes to this workflow, please also update `ci/nixpkgs-vet.sh` to reflect the impact of your work to the CI.
2024-09-03 22:13:13 +01:00
# See https://github.com/NixOS/nixpkgs-vet for details on the tool and its checks.
name : Vet nixpkgs
2023-08-31 21:41:09 +01:00
2023-09-11 13:02:06 +01:00
on :
2024-09-02 20:33:28 +01:00
# Using pull_request_target instead of pull_request avoids having to approve first time contributors.
2024-01-21 21:47:10 +00:00
pull_request_target :
2024-09-02 20:33:28 +01:00
# This workflow depends on the base branch of the PR, but changing the base branch is not included in the default trigger events, which would be `opened`, `synchronize` or `reopened`.
# Instead it causes an `edited` event, so we need to add it explicitly here.
# While `edited` is also triggered when the PR title/body is changed, this PR action is fairly quick, and PRs don't get edited **that** often, so it shouldn't be a problem.
# There is a feature request for adding a `base_changed` event: https://github.com/orgs/community/discussions/35058
2024-01-21 21:47:10 +00:00
types : [ opened, synchronize, reopened, edited]
2023-08-31 21:41:09 +01:00
2024-04-26 21:59:58 +01:00
permissions : {}
2023-08-31 21:41:09 +01:00
2024-09-02 20:33:28 +01:00
# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit trigger), and contributors would get notified on any canceled run.
# There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015
2024-04-25 07:27:55 +01:00
2023-08-31 21:41:09 +01:00
jobs :
check :
2024-09-03 22:13:13 +01:00
name : nixpkgs-vet
2024-09-02 20:33:28 +01:00
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases.
2023-08-31 21:41:09 +01:00
runs-on : ubuntu-latest
2024-09-02 20:33:28 +01:00
# This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long.
2023-11-27 22:55:50 +00:00
timeout-minutes : 10
2023-08-31 21:41:09 +01:00
steps :
2024-10-10 19:01:46 +01:00
# This checks out the base branch because of pull_request_target
2024-10-28 11:50:56 +00:00
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2024-10-10 19:01:46 +01:00
with :
path : base
sparse-checkout : ci
2023-10-04 23:00:24 +01:00
- name : Resolving the merge commit
2023-10-18 00:12:06 +01:00
env :
GH_TOKEN : ${{ github.token }}
2023-10-04 23:00:24 +01:00
run : |
2024-10-10 19:01:46 +01:00
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
echo "Checking the merge commit $mergedSha"
2024-04-26 21:59:58 +01:00
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
2023-10-04 23:00:24 +01:00
else
2024-10-10 19:01:46 +01:00
echo "Skipping the rest..."
2023-10-04 23:00:24 +01:00
fi
2024-10-10 19:01:46 +01:00
rm -rf base
2024-10-28 11:50:56 +00:00
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2023-09-11 13:02:06 +01:00
with :
# pull_request_target checks out the base branch by default
2023-10-04 23:00:24 +01:00
ref : ${{ env.mergedSha }}
2023-09-28 00:20:16 +01:00
# Fetches the merge commit and its parents
fetch-depth : 2
2023-12-16 02:13:35 +00:00
- name : Checking out base branch
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2023-09-28 00:20:16 +01:00
run : |
2023-12-16 02:13:35 +00:00
base=$(mktemp -d)
git worktree add "$base" "$(git rev-parse HEAD^1)"
echo "base=$base" >> "$GITHUB_ENV"
2024-10-07 12:17:58 +01:00
- uses : cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2024-01-16 22:04:26 +00:00
- name : Fetching the pinned tool
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2024-09-02 20:33:28 +01:00
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh
2024-01-16 22:04:26 +00:00
run : |
2024-09-02 20:33:28 +01:00
# The pinned version of the tooling to use.
toolVersion=$(<ci/nixpkgs-vet/pinned-version.txt)
# Fetch the x86_64-linux-specific release artifact containing the gzipped NAR of the pre-built tool.
toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-vet/releases/download/"$toolVersion"/x86_64-linux.nar.gz \
2024-03-22 01:20:08 +00:00
| gzip -cd | nix-store --import | tail -1)
2024-09-02 20:33:28 +01:00
# Adds a result symlink as a GC root.
2024-01-16 22:04:26 +00:00
nix-store --realise "$toolPath" --add-root result
2024-09-02 20:33:28 +01:00
- name : Running nixpkgs-vet
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2024-04-22 02:23:06 +01:00
env :
2024-09-02 20:33:28 +01:00
# Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
2024-04-22 02:23:06 +01:00
CLICOLOR_FORCE : 1
2023-09-28 00:20:16 +01:00
run : |
2024-09-02 20:33:28 +01:00
if result/bin/nixpkgs-vet --base "$base" .; then
2023-12-16 02:13:35 +00:00
exit 0
2023-09-28 00:20:16 +01:00
else
2023-12-16 02:13:35 +00:00
exitCode=$?
2024-09-02 20:33:28 +01:00
echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
echo "If you're having trouble, ping @NixOS/nixpkgs-vet"
2023-12-16 02:13:35 +00:00
exit "$exitCode"
2023-09-28 00:20:16 +01:00
fi