Jörg Thalheim
c853ed50dc
workflows/eval: add eval summary to commit statuses ( #361973 )
2024-12-05 11:46:08 +01:00
Silvan Mosberger
fab3778dd1
workflows/check-nix-format: Improve error message ( #337577 )
2024-12-04 20:46:08 +01:00
John Titor
52acf63da4
ci/nixpkgs-vet: use the get-merge-commit workflow
2024-12-05 01:05:09 +05:30
John Titor
5ddb63fe13
ci/eval: use the get-merge-commit workflow
2024-12-05 01:05:08 +05:30
John Titor
b5a6aeb5df
ci: init get-merge-commit workflow
...
Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
2024-12-05 01:05:00 +05:30
Zhong Jianxin
26befe6e6e
workflows/eval: add eval summary to commit statuses
2024-12-04 20:03:48 +08:00
Jörg Thalheim
ae52e560c0
Revert "workflows/eval: Add the eval summary as a comment"
...
This reverts commit 38003ce53b
2024-12-03 10:01:45 +01:00
Jörg Thalheim
81662274a0
ci/eval: test aliases ( #360242 )
2024-12-03 07:46:11 +01:00
Jörg Thalheim
260aa262b8
workflows/eval: Add the eval summary as a comment ( #361061 )
2024-12-03 07:40:45 +01:00
Jörg Thalheim
dc19a018ee
Run GitHub Actions on automatic backport PRs ( #360260 )
2024-12-03 07:28:44 +01:00
Zhong Jianxin
38003ce53b
workflows/eval: Add the eval summary as a comment
2024-12-02 19:31:34 +08:00
Jörg Thalheim
b47354725f
ci/eval: test aliases
...
Aliases do not add new packages, so basic evaluation with nix-env should
be enough and fairly quick.
2024-12-01 19:47:05 +01:00
Jörg Thalheim
eaae909d2b
workflows/eval: add markdown of added, removed and changed ( #360339 )
2024-12-01 16:53:49 +01:00
Aleksana
e10cdab135
workflows/check-nix-format: reminder to rebase ( #356813 )
2024-12-01 18:55:31 +08:00
Noa Aarts
0e27bc3f9e
github/workflows/eval: add markdown of added, removed and changed
2024-11-30 13:47:49 +01:00
Pol Dellaiera
e012442a7e
workflows/eval: Clear unnecessary rebuild labels ( #360277 )
2024-11-30 09:20:53 +01:00
Pol Dellaiera
46fba61472
workflows/eval: Make sure to compare against the push run ( #360274 )
2024-11-30 09:19:42 +01:00
Zhong Jianxin
c318085efa
ci/check-shell: fix ci/** path
2024-11-30 10:32:54 +08:00
Silvan Mosberger
ea65e3038a
workflows/eval: Clear unnecessary rebuild labels
...
Previously the labels would never be removed, even if the number of
rebuilds changed
2024-11-30 03:00:58 +01:00
Silvan Mosberger
b3e8e251f3
workflows/eval: Make sure to compare against the push run
...
For PRs whose commits end up as HEAD of master like
bcc5c141bfhttps://github.com/NixOS/nixpkgs/actions/runs/12092053414/job/33721377179
This commit fixes that by ensuring that the push event result is
compared against
2024-11-30 02:08:53 +01:00
Silvan Mosberger
f31600fd0f
workflows/backport: Use GitHub App to create PRs to make GHA trigger on them
2024-11-30 00:58:53 +01:00
Jörg Thalheim
cb016f116b
ci/check-shell: only run if shell.nix or ./ci/** is changed
...
saves a bit of CI time
2024-11-29 23:34:33 +01:00
Silvan Mosberger
af1aa40e73
workflows/eval.yml: Run on dev branch pushes and apply rebuild labels
2024-11-28 22:24:23 +01:00
Jörg Thalheim
eeb87082a9
add actionlint script
2024-11-22 14:16:17 +01:00
Jörg Thalheim
2adf409581
ci/check-nixf-tidy: replace sed with variable substitution
...
Update .github/workflows/check-nixf-tidy.yml
Co-authored-by: Zhong Jianxin <azuwis@users.noreply.github.com>
2024-11-22 14:16:17 +01:00
Jörg Thalheim
b998723321
ci/editorconfig-v2: useless use of cat
2024-11-22 08:33:41 +01:00
Silvan Mosberger
19db54eda1
workflows/eval: Minor fixes, ensure the correct commit is checked out
...
- `env.mergedSha` is empty, so it checked out the master version by
default
- The process step used `needs.attrs.outputs.mergedSha`, but apparently
that's empty unless `attrs` is declared as a `needs`, even though
`outputs` implicitly depends on `attrs`
2024-11-21 20:01:18 +01:00
Zhong Jianxin
f80720823b
workflows/eval: avoid potential script injection attack
...
Although matrix.system is supposed to be generated from trusted code,
we'd better follow [Github Actions good practices][1].
[1]: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
2024-11-20 20:50:24 +08:00
Silvan Mosberger
fbbe972898
Parallel GH actions workflow for Nixpkgs eval
...
Motivated by ofborg struggling [1] and its evaluations taking too long,
inspired by Jörg's initial PR [2]
and Adam's previous attempt to parallelise Nixpkgs evaluation [3],
this PR contains initial work to relief ofborg from its evaluation duty
by using GitHub Actions to evaluate Nixpkgs.
For now this doesn't take care of all of what ofborg does, such as
requesting appropriate reviewers or labeling mass rebuilds, but this can
be follow-up work.
[1]: https://discourse.nixos.org/t/infrastructure-announcement-the-future-of-ofborg-your-help-needed/56025?u=infinisil
[2]: https://github.com/NixOS/nixpkgs/pull/352808
[3]: https://github.com/NixOS/nixpkgs/pull/269403
Co-Authored-By: Jörg Thalheim <joerg@thalheim.io>
Co-Authored-By: Adam Joseph <adam@westernsemico.com>
2024-11-20 10:35:56 +01:00
Arne Keller
088f1e641b
workflows/check-nix-format: reminder to rebase
2024-11-17 22:30:03 +01:00
Tristan Ross
90fcf3aa7e
25.05 is Warbler
2024-11-14 09:10:54 -08:00
dependabot[bot]
6baeff261f
build(deps): bump actions/checkout from 4.2.1 to 4.2.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901b
2024-10-28 11:50:56 +00:00
Silvan Mosberger
5bbbc3a30b
workflows: Rename after security fixes
...
In the previous two commits, security issues with these workflows were
fixed. In order for these to not be exploitable for PRs to branches that
don't have the fixes yet (including read-only branches like
nixos-unstable), these workflows are renamed, so that the old ones can
be turned off manually via GitHub interface.
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
2024-10-26 15:30:52 +02:00
Silvan Mosberger
6b8ce4aedf
workflows: Fix security issues
...
read-all permissions gives access to e.g. security-events, which these
don't need, and can easily lead to leaks
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
2024-10-26 15:03:37 +02:00
Silvan Mosberger
59aee1ca5d
workflows/codeowners: Fix security issue
...
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
2024-10-26 15:01:12 +02:00
Cole Helbling
705fdd9ccc
ci/basic-eval: check that flake outputs are valid
2024-10-16 08:49:28 -07:00
zowoq
f30a046672
.github/workflows: remove update-terraform-providers
...
semi-broken, will try using r-ryantm bot for updates instead
2024-10-16 17:20:57 +10:00
dependabot[bot]
f3143a7eda
build(deps): bump actions/checkout from 4.2.0 to 4.2.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9
2024-10-14 11:35:32 +00:00
Philip Taron
d6d9c6125a
Improve PR merge check for CI ( #347786 )
2024-10-12 09:11:24 -07:00
Silvan Mosberger
7f9d297838
workflows/nixpkgs-vet: Make merge check script reusable
...
This is useful for other workflows as well. Originally I thought it
couldn't be put in the repo, but it can (just needs another checkout)
2024-10-12 03:58:39 +02:00
Silvan Mosberger
f9b28d5678
workflows/codeowners: Cache codeowner validator build
...
The codeowner-validator build declared in ci/codeowners-validator was
not cached before and needed to be built for every PR, which is slow and
wasteful: https://github.com/NixOS/nixpkgs/actions/runs/11280533037/job/31373720922
2024-10-10 21:21:22 +02:00
Silvan Mosberger
b01ca00aed
CODEOWNERS: Switch to alternate mechanism
...
This effectively disables the native GitHub codeowners feature
and enables the new alternate codeowners mechanism introduced in
https://github.com/NixOS/nixpkgs/pull/336261
This means that:
- We can now declare users without write access as code owners!
- Targeting the wrong branch won't trigger mass pings anymore!
2024-10-10 01:40:05 +02:00
Silvan Mosberger
c1710f234c
workflows/codeowners: Dry mode for now
...
Apparently it started requesting reviews from code owners already
because the DRY_MODE from the global env was overridden in the local job
declaration: https://github.com/NixOS/nixpkgs/pull/347354#event-14570645380
2024-10-09 18:34:34 +02:00
Philip Taron
ecf10b087d
Alternate more flexible code owners mechanism, soon to avoid mass pings ( #336261 )
2024-10-08 13:58:11 -07:00
Silvan Mosberger
87a2986c1a
workflows/codeowners: init
2024-10-08 22:23:23 +02:00
dependabot[bot]
557d69a3d0
build(deps): bump cachix/install-nix-action from 29 to 30
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 29 to 30.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](9f70348d77...08dcb3a5e6
2024-10-07 11:17:58 +00:00
dependabot[bot]
b93144cbc0
build(deps): bump actions/checkout from 4.1.7 to 4.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-09-30 12:02:46 +00:00
dependabot[bot]
7816a35ee7
build(deps): bump cachix/install-nix-action from 27 to 29
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 27 to 29.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](ba0dd844c9...9f70348d77
2024-09-30 11:58:38 +00:00
dependabot[bot]
d8f973058b
build(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.3
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...6cd32fd936
2024-09-16 11:06:39 +00:00
dependabot[bot]
02e7ca9482
build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.1
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...8867c4aba1
2024-09-09 11:37:51 +00:00
