2024-09-03 22:13:13 +01:00
# `nixpkgs-vet` is a tool to vet Nixpkgs: its architecture, package structure, and more.
# Among other checks, it makes sure that `pkgs/by-name` (see `../../pkgs/by-name/README.md`) follows the validity rules outlined in [RFC 140](https://github.com/NixOS/rfcs/pull/140).
2024-09-02 20:33:28 +01:00
# When you make changes to this workflow, please also update `ci/nixpkgs-vet.sh` to reflect the impact of your work to the CI.
2024-09-03 22:13:13 +01:00
# See https://github.com/NixOS/nixpkgs-vet for details on the tool and its checks.
name : Vet nixpkgs
2023-08-31 21:41:09 +01:00
2023-09-11 13:02:06 +01:00
on :
2024-09-02 20:33:28 +01:00
# Using pull_request_target instead of pull_request avoids having to approve first time contributors.
2024-01-21 21:47:10 +00:00
pull_request_target :
2024-09-02 20:33:28 +01:00
# This workflow depends on the base branch of the PR, but changing the base branch is not included in the default trigger events, which would be `opened`, `synchronize` or `reopened`.
# Instead it causes an `edited` event, so we need to add it explicitly here.
# While `edited` is also triggered when the PR title/body is changed, this PR action is fairly quick, and PRs don't get edited **that** often, so it shouldn't be a problem.
# There is a feature request for adding a `base_changed` event: https://github.com/orgs/community/discussions/35058
2024-01-21 21:47:10 +00:00
types : [ opened, synchronize, reopened, edited]
2023-08-31 21:41:09 +01:00
2024-04-26 21:59:58 +01:00
permissions : {}
2023-08-31 21:41:09 +01:00
2024-09-02 20:33:28 +01:00
# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit trigger), and contributors would get notified on any canceled run.
# There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015
2024-04-25 07:27:55 +01:00
2023-08-31 21:41:09 +01:00
jobs :
check :
2024-09-03 22:13:13 +01:00
name : nixpkgs-vet
2024-09-02 20:33:28 +01:00
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases.
2023-08-31 21:41:09 +01:00
runs-on : ubuntu-latest
2024-09-02 20:33:28 +01:00
# This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long.
2023-11-27 22:55:50 +00:00
timeout-minutes : 10
2023-08-31 21:41:09 +01:00
steps :
2024-09-02 20:33:28 +01:00
# This step has to be in this file, because it's needed to determine which revision of the repository to fetch, and we can only use other files from the repository once it's fetched.
2023-10-04 23:00:24 +01:00
- name : Resolving the merge commit
2023-10-18 00:12:06 +01:00
env :
GH_TOKEN : ${{ github.token }}
2023-10-04 23:00:24 +01:00
run : |
2023-10-18 00:12:06 +01:00
# This checks for mergeability of a pull request as recommended in
# https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
2023-11-27 21:42:17 +00:00
# Retry the API query this many times
2024-04-24 13:15:18 +01:00
retryCount=5
2023-11-27 21:42:17 +00:00
# Start with 5 seconds, but double every retry
retryInterval=5
2023-10-18 00:12:06 +01:00
while true; do
echo "Checking whether the pull request can be merged"
prInfo=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }})
mergeable=$(jq -r .mergeable <<< "$prInfo")
mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo")
if [[ "$mergeable" == "null" ]]; then
2023-11-27 21:42:17 +00:00
if (( retryCount == 0 )); then
2024-06-28 19:37:55 +01:00
echo "Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com/"
2023-11-27 21:42:17 +00:00
exit 1
else
(( retryCount -= 1 )) || true
# null indicates that GitHub is still computing whether it's mergeable
# Wait a couple seconds before trying again
echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)"
sleep "$retryInterval"
(( retryInterval *= 2 )) || true
fi
2023-10-18 00:12:06 +01:00
else
break
fi
done
if [[ "$mergeable" == "true" ]]; then
echo "The PR can be merged, checking the merge commit $mergedSha"
2024-04-26 21:59:58 +01:00
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
2023-10-04 23:00:24 +01:00
else
2024-04-26 21:59:58 +01:00
echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
2023-10-04 23:00:24 +01:00
fi
2024-06-29 23:01:52 +01:00
- uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2023-09-11 13:02:06 +01:00
with :
# pull_request_target checks out the base branch by default
2023-10-04 23:00:24 +01:00
ref : ${{ env.mergedSha }}
2023-09-28 00:20:16 +01:00
# Fetches the merge commit and its parents
fetch-depth : 2
2023-12-16 02:13:35 +00:00
- name : Checking out base branch
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2023-09-28 00:20:16 +01:00
run : |
2023-12-16 02:13:35 +00:00
base=$(mktemp -d)
git worktree add "$base" "$(git rev-parse HEAD^1)"
echo "base=$base" >> "$GITHUB_ENV"
2024-07-27 00:59:48 +01:00
- uses : cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2024-01-16 22:04:26 +00:00
- name : Fetching the pinned tool
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2024-09-02 20:33:28 +01:00
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh
2024-01-16 22:04:26 +00:00
run : |
2024-09-02 20:33:28 +01:00
# The pinned version of the tooling to use.
toolVersion=$(<ci/nixpkgs-vet/pinned-version.txt)
# Fetch the x86_64-linux-specific release artifact containing the gzipped NAR of the pre-built tool.
toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-vet/releases/download/"$toolVersion"/x86_64-linux.nar.gz \
2024-03-22 01:20:08 +00:00
| gzip -cd | nix-store --import | tail -1)
2024-09-02 20:33:28 +01:00
# Adds a result symlink as a GC root.
2024-01-16 22:04:26 +00:00
nix-store --realise "$toolPath" --add-root result
2024-09-02 20:33:28 +01:00
- name : Running nixpkgs-vet
2024-04-26 21:59:58 +01:00
if : env.mergedSha
2024-04-22 02:23:06 +01:00
env :
2024-09-02 20:33:28 +01:00
# Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
2024-04-22 02:23:06 +01:00
CLICOLOR_FORCE : 1
2023-09-28 00:20:16 +01:00
run : |
2024-09-02 20:33:28 +01:00
if result/bin/nixpkgs-vet --base "$base" .; then
2023-12-16 02:13:35 +00:00
exit 0
2023-09-28 00:20:16 +01:00
else
2023-12-16 02:13:35 +00:00
exitCode=$?
2024-09-02 20:33:28 +01:00
echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
echo "If you're having trouble, ping @NixOS/nixpkgs-vet"
2023-12-16 02:13:35 +00:00
exit "$exitCode"
2023-09-28 00:20:16 +01:00
fi