kaas

merge manifest create and add commands
2025-09-08 14:28:46 +02:00 · 2025-09-08 14:25:24 +02:00
2 changed files with 122 additions and 2 deletions
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -44,9 +44,10 @@ jobs:
      - name: Push image
        run: |
          set -o xtrace
          podman manifest rm localhost:${{ env.tag }} || true
-          podman manifest create localhost:${{ env.tag }}
+          podman manifest create localhost:${{ env.tag }} localhost/default:${{ env.tag }}
          podman manifest add localhost:${{ env.tag }} localhost/default:${{ env.tag }}
          podman manifest inspect localhost/:${{ env.tag }} > /tmp/manifest.json
          curl -sS @/tmp/forgejo_token -X PUT --data-binary @/tmp/manifest.json ${{ forge.server_url }}/v2/${{ forge.owner }}/amrth/runners/manifests/${{ env.tag }}
--- a/.forgejo/workflows/lint.yml
+++ b/.forgejo/workflows/lint.yml
@ -0,0 +1,119 @@
 name: Lint
 on:
  workflow_call:
    inputs:
      mergedSha:
        required: true
        type: string
      targetSha:
        required: true
        type: string
    secrets:
      CACHIX_AUTH_TOKEN:
        required: true
 permissions: {}
 defaults:
  run:
    shell: bash
 jobs:
  treefmt:
    runs-on: default
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          sparse-checkout: .github/actions
      - name: Checkout the merge commit
        uses: ./.github/actions/checkout
        with:
          merged-as-untrusted-at: ${{ inputs.mergedSha }}
      - uses: cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8 # v31
      # TODO: Figure out how to best enable caching for the treefmt job. Cachix won't work well,
      # because the cache would be invalidated on every commit - treefmt checks every file.
      # Maybe we can cache treefmt's eval-cache somehow.
      - name: Check that files are formatted
        run: |
          # Note that it's fine to run this on untrusted code because:
          # - There's no secrets accessible here
          # - The build is sandboxed
          if ! nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned -A fmt.check; then
            echo "Some files are not properly formatted"
            echo "Please format them by going to the Nixpkgs root directory and running one of:"
            echo "  nix-shell --run treefmt"
            echo "  nix develop --command treefmt"
            echo "  nix fmt"
            echo "Make sure your branch is up to date with master; rebase if not."
            echo "If you're having trouble, please ping @NixOS/nix-formatting"
            exit 1
          fi
  parse:
    runs-on: ubuntu-24.04-arm
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          sparse-checkout: .github/actions
      - name: Checkout the merge commit
        uses: ./.github/actions/checkout
        with:
          merged-as-untrusted-at: ${{ inputs.mergedSha }}
      - uses: cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8 # v31
      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
        with:
          # The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
          name: ${{ vars.CACHIX_NAME || 'nixpkgs-ci' }}
          extraPullNames: nixpkgs-ci
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
          pushFilter: -source$
      - name: Parse all nix files
        run: |
          # Tests multiple versions at once, let's make sure all of them run, so keep-going.
          nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned -A parse --keep-going
  nixpkgs-vet:
    runs-on: ubuntu-24.04-arm
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          sparse-checkout: .github/actions
      - name: Checkout merge and target commits
        uses: ./.github/actions/checkout
        with:
          merged-as-untrusted-at: ${{ inputs.mergedSha }}
          target-as-trusted-at: ${{ inputs.targetSha }}
      - uses: cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8 # v31
      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
        with:
          # The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
          name: ${{ vars.CACHIX_NAME || 'nixpkgs-ci' }}
          extraPullNames: nixpkgs-ci
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
          pushFilter: -source$
      - name: Running nixpkgs-vet
        env:
          # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
          CLICOLOR_FORCE: 1
        run: |
          if nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned -A nixpkgs-vet --arg base "./nixpkgs/trusted" --arg head "./nixpkgs/untrusted"; then
            exit 0
          else
            exitCode=$?
            echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
            echo "If you're having trouble, ping @NixOS/nixpkgs-vet"
            exit "$exitCode"
          fi
Author	SHA1	Message	Date
Chris Kruining	de783d03df	kaas Some checks failed Create OCI image(s) / Build and push images (push) Failing after 2m14s Details	2025-09-08 14:28:46 +02:00
Chris Kruining	585f179118	merge manifest create and add commands	2025-09-08 14:25:24 +02:00