From ab026a7e56f4ebded348ff50bdcf9db6b1283548 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Wed, 11 Dec 2024 20:37:21 +0100 Subject: [PATCH 1/2] workflows: Condition all merge-dependent workflows on a merge commit After the introduction of the reusable get-merge-commit.yml workflow, this now applies it on all remaining workflows that depend on a merge commit. This ensures that CI doesn't fail for those PRs, which would cause notifications to be sent, and the CI run to be marked as failed in the list of runs. (cherry picked from commit 83d4c9d28db493e2b11d6684858966acf137752e) --- .github/workflows/check-nix-format.yml | 8 ++++++-- .github/workflows/codeowners-v2.yml | 7 ++++++- .github/workflows/editorconfig-v2.yml | 8 ++++++-- .github/workflows/nix-parse-v2.yml | 8 ++++++-- 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/.github/workflows/check-nix-format.yml b/.github/workflows/check-nix-format.yml index 81bc083b3c649..501f1823b3a86 100644 --- a/.github/workflows/check-nix-format.yml +++ b/.github/workflows/check-nix-format.yml @@ -13,15 +13,19 @@ permissions: contents: read jobs: + get-merge-commit: + uses: ./.github/workflows/get-merge-commit.yml + nixos: name: nixfmt-check runs-on: ubuntu-latest - if: "!contains(github.event.pull_request.title, '[skip treewide]')" + needs: get-merge-commit + if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')" steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # pull_request_target checks out the base branch by default - ref: refs/pull/${{ github.event.pull_request.number }}/merge + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} # Fetches the merge commit and its parents fetch-depth: 2 - name: Checking out base branch diff --git a/.github/workflows/codeowners-v2.yml b/.github/workflows/codeowners-v2.yml index 3c64675a8fe1e..5cfeafa8489e2 100644 --- a/.github/workflows/codeowners-v2.yml +++ b/.github/workflows/codeowners-v2.yml @@ -33,10 +33,15 @@ env: DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }} jobs: + get-merge-commit: + uses: ./.github/workflows/get-merge-commit.yml + # Check that code owners is valid check: name: Check runs-on: ubuntu-latest + needs: get-merge-commit + if: needs.get-merge-commit.outputs.mergedSha steps: - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 @@ -65,7 +70,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: refs/pull/${{ github.event.number }}/merge + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} path: pr - name: Validate codeowners diff --git a/.github/workflows/editorconfig-v2.yml b/.github/workflows/editorconfig-v2.yml index b14f76637458c..99bee8b301228 100644 --- a/.github/workflows/editorconfig-v2.yml +++ b/.github/workflows/editorconfig-v2.yml @@ -11,10 +11,14 @@ on: - 'release-**' jobs: + get-merge-commit: + uses: ./.github/workflows/get-merge-commit.yml + tests: name: editorconfig-check runs-on: ubuntu-latest - if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + needs: get-merge-commit + if: "needs.get-merge-commit.outputs.mergedSha && github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" steps: - name: Get list of changed files from PR env: @@ -30,7 +34,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # pull_request_target checks out the base branch by default - ref: refs/pull/${{ github.event.pull_request.number }}/merge + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 with: # nixpkgs commit is pinned so that it doesn't break diff --git a/.github/workflows/nix-parse-v2.yml b/.github/workflows/nix-parse-v2.yml index be4bad5f2748e..b6bb8fe28197f 100644 --- a/.github/workflows/nix-parse-v2.yml +++ b/.github/workflows/nix-parse-v2.yml @@ -11,10 +11,14 @@ on: - 'release-**' jobs: + get-merge-commit: + uses: ./.github/workflows/get-merge-commit.yml + tests: name: nix-files-parseable-check runs-on: ubuntu-latest - if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + needs: get-merge-commit + if: "needs.get-merge-commit.outputs.mergedSha && github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" steps: - name: Get list of changed files from PR env: @@ -30,7 +34,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # pull_request_target checks out the base branch by default - ref: refs/pull/${{ github.event.pull_request.number }}/merge + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }} - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 with: From 2c4a720683e6399d9d45df28b790d87dd787a139 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Wed, 11 Dec 2024 20:46:31 +0100 Subject: [PATCH 2/2] workflows: Consistently condition on merge commit Before the get-merge-commit was put into a separate workflow job, it ran as a step, which then required skipping all subsequent steps individually. This is not necessary anymore, because entire workflow jobs can be skipped. This commit consistently applies that change throughout all workflows. (cherry picked from commit 4e6b5639ac0b752dbac9a992894bcb2eb678e04b) --- .github/workflows/eval-lib-tests.yml | 2 +- .github/workflows/eval.yml | 25 +++++++++---------------- .github/workflows/nixpkgs-vet.yml | 6 +----- 3 files changed, 11 insertions(+), 22 deletions(-) diff --git a/.github/workflows/eval-lib-tests.yml b/.github/workflows/eval-lib-tests.yml index 3ca5707e09b4c..9321783c79960 100644 --- a/.github/workflows/eval-lib-tests.yml +++ b/.github/workflows/eval-lib-tests.yml @@ -15,9 +15,9 @@ jobs: name: nixpkgs-lib-tests runs-on: ubuntu-latest needs: get-merge-commit + if: needs.get-merge-commit.outputs.mergedSha steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - if: needs.get-merge-commit.outputs.mergedSha with: # pull_request_target checks out the base branch by default ref: ${{ needs.get-merge-commit.outputs.mergedSha }} diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 43d336441308a..0e857e185e379 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -23,22 +23,21 @@ jobs: name: Attributes runs-on: ubuntu-latest needs: get-merge-commit + # Skip this and dependent steps if the PR can't be merged + if: needs.get-merge-commit.outputs.mergedSha outputs: - mergedSha: ${{ needs.get-merge-commit.outputs.mergedSha }} baseSha: ${{ steps.baseSha.outputs.baseSha }} systems: ${{ steps.systems.outputs.systems }} steps: - name: Check out the PR at the test merge commit uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - # Add this to _all_ subsequent steps to skip them - if: needs.get-merge-commit.outputs.mergedSha with: ref: ${{ needs.get-merge-commit.outputs.mergedSha }} fetch-depth: 2 path: nixpkgs - name: Determine base commit - if: github.event_name == 'pull_request_target' && needs.get-merge-commit.outputs.mergedSha + if: github.event_name == 'pull_request_target' id: baseSha run: | baseSha=$(git -C nixpkgs rev-parse HEAD^1) @@ -46,18 +45,15 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 - if: needs.get-merge-commit.outputs.mergedSha - name: Evaluate the list of all attributes and get the systems matrix id: systems - if: needs.get-merge-commit.outputs.mergedSha run: | nix-build nixpkgs/ci -A eval.attrpathsSuperset echo "systems=$(> "$GITHUB_OUTPUT" - name: Upload the list of all attributes uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - if: needs.get-merge-commit.outputs.mergedSha with: name: paths path: result/* @@ -65,12 +61,12 @@ jobs: eval-aliases: name: Eval nixpkgs with aliases enabled runs-on: ubuntu-latest - needs: attrs + needs: [ attrs, get-merge-commit ] steps: - name: Check out the PR at the test merge commit uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: ${{ needs.attrs.outputs.mergedSha }} + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} path: nixpkgs - name: Install Nix @@ -83,9 +79,7 @@ jobs: outpaths: name: Outpaths runs-on: ubuntu-latest - needs: attrs - # Skip this and future steps if the PR can't be merged - if: needs.attrs.outputs.mergedSha + needs: [ attrs, get-merge-commit ] strategy: matrix: system: ${{ fromJSON(needs.attrs.outputs.systems) }} @@ -99,7 +93,7 @@ jobs: - name: Check out the PR at the test merge commit uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: ${{ needs.attrs.outputs.mergedSha }} + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} path: nixpkgs - name: Install Nix @@ -117,7 +111,6 @@ jobs: - name: Upload the output paths and eval stats uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - if: needs.attrs.outputs.mergedSha with: name: intermediate-${{ matrix.system }} path: result/* @@ -125,7 +118,7 @@ jobs: process: name: Process runs-on: ubuntu-latest - needs: [ outpaths, attrs ] + needs: [ outpaths, attrs, get-merge-commit ] outputs: baseRunId: ${{ steps.baseRunId.outputs.baseRunId }} steps: @@ -138,7 +131,7 @@ jobs: - name: Check out the PR at the test merge commit uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: ${{ needs.attrs.outputs.mergedSha }} + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} path: nixpkgs - name: Install Nix diff --git a/.github/workflows/nixpkgs-vet.yml b/.github/workflows/nixpkgs-vet.yml index 6d39efc3e26a2..65c1028f1059e 100644 --- a/.github/workflows/nixpkgs-vet.yml +++ b/.github/workflows/nixpkgs-vet.yml @@ -29,24 +29,21 @@ jobs: # This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long. timeout-minutes: 10 needs: get-merge-commit + if: needs.get-merge-commit.outputs.mergedSha steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - if: needs.get-merge-commit.outputs.mergedSha with: # pull_request_target checks out the base branch by default ref: ${{ needs.get-merge-commit.outputs.mergedSha }} # Fetches the merge commit and its parents fetch-depth: 2 - name: Checking out base branch - if: needs.get-merge-commit.outputs.mergedSha run: | base=$(mktemp -d) git worktree add "$base" "$(git rev-parse HEAD^1)" echo "base=$base" >> "$GITHUB_ENV" - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 - if: needs.get-merge-commit.outputs.mergedSha - name: Fetching the pinned tool - if: needs.get-merge-commit.outputs.mergedSha # Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh run: | # The pinned version of the tooling to use. @@ -59,7 +56,6 @@ jobs: # Adds a result symlink as a GC root. nix-store --realise "$toolPath" --add-root result - name: Running nixpkgs-vet - if: needs.get-merge-commit.outputs.mergedSha env: # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/ CLICOLOR_FORCE: 1