Conversation
infinisil
force-pushed
the
check-description
branch
from
0d29312 to
423e536
Compare
|
This is pretty great Silvan. Let me know when you're complete in the work enough for a review. |
|
Mainly just drafted this because we depend on the nixpkgs-vet rename to be complete :) |
|
Asked about thoughts on this on Matrix, @adisbladis had a good one in that there's already meta checks in Nixpkgs, this completely separate implementation diverges the tooling, makes it confusing. I'm now thinking that such an external tool should only be used for things that can't be checked with Nix code directly. And @adisbladis mentioned that meta checks apparently aren't very expensive: NixOS/nixpkgs#273935 (comment) The one thing that's making me hesitant though is the need to implement the ratched check mechanism within Nix, which I'm really not too excited about, and it is working very well with this tool |
|
A neat idea that we discussed is to declare all the meta checks in Nixpkgs (like this), but implementing these checks in this tool (instead of here). This way, we can also implement checks that couldn't be done in Nix, and benefit from the ratchets, such as:
@adisbladis also suggested that perhaps using jsonschema, though this might not be able to represent all possible checks. |
2 participants
Kind of an experiment, implements almost all of https://github.com/NixOS/nixpkgs/blob/0abfc619bcb605299a0f3f01c1887bb65db61a6b/pkgs/README.md#L373-L381
Marking as a draft because #100 is a prerequisite (this check has nothing to do with
by-name)Ideally nixpkgs-vet had a configuration file, so we could specify which checks to run in Nixpkgs
This work is sponsored by Antithesis ✨