From 54eebd7fc876999a6e29e7f8a3e2cc684a8f3dad Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Thu, 29 May 2025 22:14:02 +0200 Subject: [PATCH] workflows/lint: run all the static lints in same workflow They still run in separate jobs, but they give us a nice consistent appearance in the check list: All of them are starting with "Lint / ...". (cherry picked from commit 7de034555644ba323a89633d69ebbd887ba4dc03) --- .github/workflows/check-format.yml | 50 -------------- .github/workflows/lint.yml | 101 +++++++++++++++++++++++++++++ .github/workflows/nix-parse-v2.yml | 41 ------------ .github/workflows/nixpkgs-vet.yml | 54 --------------- 4 files changed, 101 insertions(+), 145 deletions(-) delete mode 100644 .github/workflows/check-format.yml create mode 100644 .github/workflows/lint.yml delete mode 100644 .github/workflows/nix-parse-v2.yml delete mode 100644 .github/workflows/nixpkgs-vet.yml diff --git a/.github/workflows/check-format.yml b/.github/workflows/check-format.yml deleted file mode 100644 index ef1e3e1a74563..0000000000000 --- a/.github/workflows/check-format.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Check that files are formatted - -on: - pull_request: - paths: - - .github/workflows/check-format.yml - pull_request_target: - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - nixos: - name: fmt-check - runs-on: ubuntu-24.04-arm - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - sparse-checkout: .github/actions - - name: Check if the PR can be merged and checkout the merge commit - uses: ./.github/actions/get-merge-commit - with: - merged-as-untrusted: true - - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 - with: - extra_nix_config: sandbox = true - - - name: Check that files are formatted - run: | - # Note that it's fine to run this on untrusted code because: - # - There's no secrets accessible here - # - The build is sandboxed - if ! nix-build untrusted/ci -A fmt.check; then - echo "Some files are not properly formatted" - echo "Please format them by going to the Nixpkgs root directory and running one of:" - echo " nix-shell --run treefmt" - echo " nix develop --command treefmt" - echo " nix fmt" - echo "Make sure your branch is up to date with master; rebase if not." - echo "If you're having trouble, please ping @NixOS/nix-formatting" - exit 1 - fi diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000000000..c26160ba8f07d --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,101 @@ +name: Lint + +on: + pull_request: + paths: + - .github/workflows/lint.yml + pull_request_target: + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: {} + +defaults: + run: + shell: bash + +jobs: + treefmt: + runs-on: ubuntu-24.04-arm + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + sparse-checkout: .github/actions + - name: Check if the PR can be merged and checkout the merge commit + uses: ./.github/actions/get-merge-commit + with: + merged-as-untrusted: true + + - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 + with: + extra_nix_config: sandbox = true + + - name: Check that files are formatted + run: | + # Note that it's fine to run this on untrusted code because: + # - There's no secrets accessible here + # - The build is sandboxed + if ! nix-build untrusted/ci -A fmt.check; then + echo "Some files are not properly formatted" + echo "Please format them by going to the Nixpkgs root directory and running one of:" + echo " nix-shell --run treefmt" + echo " nix develop --command treefmt" + echo " nix fmt" + echo "Make sure your branch is up to date with master; rebase if not." + echo "If you're having trouble, please ping @NixOS/nix-formatting" + exit 1 + fi + + parse: + runs-on: ubuntu-24.04-arm + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + sparse-checkout: .github/actions + - name: Check if the PR can be merged and checkout the merge commit + uses: ./.github/actions/get-merge-commit + with: + merged-as-untrusted: true + + - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 + with: + extra_nix_config: sandbox = true + + - name: Parse all nix files + run: | + # Tests multiple versions at once, let's make sure all of them run, so keep-going. + nix-build untrusted/ci -A parse --keep-going + + nixpkgs-vet: + runs-on: ubuntu-24.04-arm + # This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long. + timeout-minutes: 10 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + sparse-checkout: .github/actions + - name: Check if the PR can be merged and checkout merged and target commits + uses: ./.github/actions/get-merge-commit + with: + merged-as-untrusted: true + target-as-trusted: true + + - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 + with: + extra_nix_config: sandbox = true + + - name: Running nixpkgs-vet + env: + # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/ + CLICOLOR_FORCE: 1 + run: | + if nix-build untrusted/ci -A nixpkgs-vet --arg base "./trusted" --arg head "./untrusted"; then + exit 0 + else + exitCode=$? + echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git" + echo "If you're having trouble, ping @NixOS/nixpkgs-vet" + exit "$exitCode" + fi diff --git a/.github/workflows/nix-parse-v2.yml b/.github/workflows/nix-parse-v2.yml deleted file mode 100644 index bd920bd1e7a06..0000000000000 --- a/.github/workflows/nix-parse-v2.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "Check whether nix files are parseable v2" - -on: - pull_request: - paths: - - .github/workflows/nix-parse-v2.yml - pull_request_target: - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - tests: - name: nix-files-parseable-check - runs-on: ubuntu-24.04-arm - if: "!contains(github.event.pull_request.title, '[skip treewide]')" - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - sparse-checkout: .github/actions - - name: Check if the PR can be merged and checkout the merge commit - uses: ./.github/actions/get-merge-commit - with: - merged-as-untrusted: true - - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 - with: - extra_nix_config: sandbox = true - nix_path: nixpkgs=channel:nixpkgs-unstable - - - name: Parse all nix files - run: | - # Tests multiple versions at once, let's make sure all of them run, so keep-going. - nix-build untrusted/ci -A parse --keep-going diff --git a/.github/workflows/nixpkgs-vet.yml b/.github/workflows/nixpkgs-vet.yml deleted file mode 100644 index 0843117e14c70..0000000000000 --- a/.github/workflows/nixpkgs-vet.yml +++ /dev/null @@ -1,54 +0,0 @@ -# `nixpkgs-vet` is a tool to vet Nixpkgs: its architecture, package structure, and more. -# Among other checks, it makes sure that `pkgs/by-name` (see `../../pkgs/by-name/README.md`) follows the validity rules outlined in [RFC 140](https://github.com/NixOS/rfcs/pull/140). -# When you make changes to this workflow, please also update `ci/nixpkgs-vet.sh` to reflect the impact of your work to the CI. -# See https://github.com/NixOS/nixpkgs-vet for details on the tool and its checks. - -name: Vet nixpkgs - -on: - pull_request: - paths: - - .github/workflows/nixpkgs-vet.yml - pull_request_target: - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - check: - name: nixpkgs-vet - runs-on: ubuntu-24.04-arm - # This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long. - timeout-minutes: 10 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - sparse-checkout: .github/actions - - name: Check if the PR can be merged and checkout merged and target commits - uses: ./.github/actions/get-merge-commit - with: - merged-as-untrusted: true - target-as-trusted: true - - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 - - - name: Running nixpkgs-vet - env: - # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/ - CLICOLOR_FORCE: 1 - run: | - if nix-build untrusted/ci -A nixpkgs-vet --arg base "./trusted" --arg head "./untrusted"; then - exit 0 - else - exitCode=$? - echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git" - echo "If you're having trouble, ping @NixOS/nixpkgs-vet" - exit "$exitCode" - fi