mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-09 17:46:29 +09:00
workflows: checkout nixpkgs in get-merge-commit action
This makes checking out the nixpkgs repo even more consistent and almost forces us to use the trusted/untrusted path pattern.
This commit is contained in:
parent
942c377476
commit
0e1c284b13
10 changed files with 48 additions and 74 deletions
31
.github/actions/get-merge-commit/action.yml
vendored
31
.github/actions/get-merge-commit/action.yml
vendored
|
@ -1,19 +1,27 @@
|
|||
name: Get merge commit
|
||||
|
||||
description: 'Checks whether the Pull Request is mergeable and returns two commit hashes: The result of a temporary merge of the head branch into the target branch ("merged"), and the parent of that commit on the target branch ("target"). Handles push events and merge conflicts gracefully.'
|
||||
description: 'Checks whether the Pull Request is mergeable and checks out the repo at up to two commits: The result of a temporary merge of the head branch into the target branch ("merged"), and the parent of that commit on the target branch ("target"). Handles push events and merge conflicts gracefully.'
|
||||
|
||||
inputs:
|
||||
merged-as-untrusted:
|
||||
description: "Whether to checkout the merge commit in the ./untrusted folder."
|
||||
type: boolean
|
||||
target-as-trusted:
|
||||
description: "Whether to checkout the target commit in the ./trusted folder."
|
||||
type: boolean
|
||||
|
||||
outputs:
|
||||
mergedSha:
|
||||
description: "The merge commit SHA"
|
||||
value: ${{ steps.merged.outputs.mergedSha }}
|
||||
value: ${{ steps.commits.outputs.mergedSha }}
|
||||
targetSha:
|
||||
description: "The target commit SHA"
|
||||
value: ${{ steps.merged.outputs.targetSha }}
|
||||
value: ${{ steps.commits.outputs.targetSha }}
|
||||
|
||||
runs:
|
||||
using: composite
|
||||
steps:
|
||||
- id: merged
|
||||
- id: commits
|
||||
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
||||
with:
|
||||
script: |
|
||||
|
@ -63,3 +71,18 @@ runs:
|
|||
return
|
||||
}
|
||||
throw new Error("Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com.")
|
||||
|
||||
# Would be great to do the checkouts in git worktrees of the existing spare checkout instead,
|
||||
# but Nix is broken with them:
|
||||
# https://github.com/NixOS/nix/issues/6073
|
||||
- if: inputs.merged-as-untrusted && steps.commits.outputs.mergedSha
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.commits.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
|
||||
- if: inputs.target-as-trusted && steps.commits.outputs.targetSha
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.commits.outputs.targetSha }}
|
||||
path: trusted
|
||||
|
|
8
.github/workflows/check-format.yml
vendored
8
.github/workflows/check-format.yml
vendored
|
@ -16,14 +16,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
with:
|
||||
|
|
8
.github/workflows/check-shell.yml
vendored
8
.github/workflows/check-shell.yml
vendored
|
@ -33,14 +33,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
|
||||
|
|
19
.github/workflows/codeowners-v2.yml
vendored
19
.github/workflows/codeowners-v2.yml
vendored
|
@ -46,9 +46,11 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge and target commits
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
with:
|
||||
merged-as-untrusted: true
|
||||
target-as-trusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
|
||||
|
@ -58,14 +60,6 @@ jobs:
|
|||
name: nixpkgs-ci
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
|
||||
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR itself.
|
||||
# We later build and run code from the base branch with access to secrets,
|
||||
# so it's important this is not the PRs code.
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.targetSha }}
|
||||
path: trusted
|
||||
|
||||
- name: Build codeowners validator
|
||||
run: nix-build trusted/ci -A codeownersValidator
|
||||
|
||||
|
@ -78,11 +72,6 @@ jobs:
|
|||
permission-administration: read
|
||||
permission-members: read
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
|
||||
- name: Validate codeowners
|
||||
if: steps.app-token.outputs.token
|
||||
env:
|
||||
|
|
9
.github/workflows/eval-aliases.yml
vendored
9
.github/workflows/eval-aliases.yml
vendored
|
@ -16,15 +16,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- name: Check out the PR at the test merge commit
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
|
|
8
.github/workflows/lib-tests.yml
vendored
8
.github/workflows/lib-tests.yml
vendored
|
@ -19,14 +19,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
with:
|
||||
|
|
8
.github/workflows/manual-nixos-v2.yml
vendored
8
.github/workflows/manual-nixos-v2.yml
vendored
|
@ -35,14 +35,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
with:
|
||||
|
|
8
.github/workflows/manual-nixpkgs-v2.yml
vendored
8
.github/workflows/manual-nixpkgs-v2.yml
vendored
|
@ -22,14 +22,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
with:
|
||||
|
|
8
.github/workflows/nix-parse-v2.yml
vendored
8
.github/workflows/nix-parse-v2.yml
vendored
|
@ -17,14 +17,10 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout the merge commit
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
path: untrusted
|
||||
merged-as-untrusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
with:
|
||||
|
|
15
.github/workflows/nixpkgs-vet.yml
vendored
15
.github/workflows/nixpkgs-vet.yml
vendored
|
@ -26,20 +26,11 @@ jobs:
|
|||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
sparse-checkout: .github/actions
|
||||
- name: Check if the PR can be merged and get the test merge commit
|
||||
- name: Check if the PR can be merged and checkout merged and target commits
|
||||
uses: ./.github/actions/get-merge-commit
|
||||
id: get-merge-commit
|
||||
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
ref: ${{ steps.get-merge-commit.outputs.mergedSha }}
|
||||
# Fetches the merge commit and its parents
|
||||
fetch-depth: 2
|
||||
path: untrusted
|
||||
|
||||
- name: Checking out target branch
|
||||
run: |
|
||||
git -C untrusted worktree add ../trusted ${{ steps.get-merge-commit.outputs.targetSha }}
|
||||
merged-as-untrusted: true
|
||||
target-as-trusted: true
|
||||
|
||||
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue