Some checks failed
		
		
	
	Create OCI image(s) / Build and push images (push) Failing after 2m14s
				
			
		
			
				
	
	
		
			119 lines
		
	
	
		
			No EOL
		
	
	
		
			4.3 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			119 lines
		
	
	
		
			No EOL
		
	
	
		
			4.3 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| name: Lint
 | |
| 
 | |
| on:
 | |
|   workflow_call:
 | |
|     inputs:
 | |
|       mergedSha:
 | |
|         required: true
 | |
|         type: string
 | |
|       targetSha:
 | |
|         required: true
 | |
|         type: string
 | |
|     secrets:
 | |
|       CACHIX_AUTH_TOKEN:
 | |
|         required: true
 | |
| 
 | |
| permissions: {}
 | |
| 
 | |
| defaults:
 | |
|   run:
 | |
|     shell: bash
 | |
| 
 | |
| jobs:
 | |
|   treefmt:
 | |
|     runs-on: default
 | |
|     timeout-minutes: 10
 | |
|     steps:
 | |
|       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 | |
|         with:
 | |
|           sparse-checkout: .github/actions
 | |
|       - name: Checkout the merge commit
 | |
|         uses: ./.github/actions/checkout
 | |
|         with:
 | |
|           merged-as-untrusted-at: ${{ inputs.mergedSha }}
 | |
| 
 | |
|       - uses: cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8 # v31
 | |
| 
 | |
|       # TODO: Figure out how to best enable caching for the treefmt job. Cachix won't work well,
 | |
|       # because the cache would be invalidated on every commit - treefmt checks every file.
 | |
|       # Maybe we can cache treefmt's eval-cache somehow.
 | |
| 
 | |
|       - name: Check that files are formatted
 | |
|         run: |
 | |
|           # Note that it's fine to run this on untrusted code because:
 | |
|           # - There's no secrets accessible here
 | |
|           # - The build is sandboxed
 | |
|           if ! nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned -A fmt.check; then
 | |
|             echo "Some files are not properly formatted"
 | |
|             echo "Please format them by going to the Nixpkgs root directory and running one of:"
 | |
|             echo "  nix-shell --run treefmt"
 | |
|             echo "  nix develop --command treefmt"
 | |
|             echo "  nix fmt"
 | |
|             echo "Make sure your branch is up to date with master; rebase if not."
 | |
|             echo "If you're having trouble, please ping @NixOS/nix-formatting"
 | |
|             exit 1
 | |
|           fi
 | |
| 
 | |
|   parse:
 | |
|     runs-on: ubuntu-24.04-arm
 | |
|     timeout-minutes: 10
 | |
|     steps:
 | |
|       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 | |
|         with:
 | |
|           sparse-checkout: .github/actions
 | |
|       - name: Checkout the merge commit
 | |
|         uses: ./.github/actions/checkout
 | |
|         with:
 | |
|           merged-as-untrusted-at: ${{ inputs.mergedSha }}
 | |
| 
 | |
|       - uses: cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8 # v31
 | |
| 
 | |
|       - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
 | |
|         with:
 | |
|           # The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
 | |
|           name: ${{ vars.CACHIX_NAME || 'nixpkgs-ci' }}
 | |
|           extraPullNames: nixpkgs-ci
 | |
|           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
 | |
|           pushFilter: -source$
 | |
| 
 | |
|       - name: Parse all nix files
 | |
|         run: |
 | |
|           # Tests multiple versions at once, let's make sure all of them run, so keep-going.
 | |
|           nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned -A parse --keep-going
 | |
| 
 | |
|   nixpkgs-vet:
 | |
|     runs-on: ubuntu-24.04-arm
 | |
|     timeout-minutes: 10
 | |
|     steps:
 | |
|       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 | |
|         with:
 | |
|           sparse-checkout: .github/actions
 | |
|       - name: Checkout merge and target commits
 | |
|         uses: ./.github/actions/checkout
 | |
|         with:
 | |
|           merged-as-untrusted-at: ${{ inputs.mergedSha }}
 | |
|           target-as-trusted-at: ${{ inputs.targetSha }}
 | |
| 
 | |
|       - uses: cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8 # v31
 | |
| 
 | |
|       - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
 | |
|         with:
 | |
|           # The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
 | |
|           name: ${{ vars.CACHIX_NAME || 'nixpkgs-ci' }}
 | |
|           extraPullNames: nixpkgs-ci
 | |
|           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
 | |
|           pushFilter: -source$
 | |
| 
 | |
|       - name: Running nixpkgs-vet
 | |
|         env:
 | |
|           # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
 | |
|           CLICOLOR_FORCE: 1
 | |
|         run: |
 | |
|           if nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned -A nixpkgs-vet --arg base "./nixpkgs/trusted" --arg head "./nixpkgs/untrusted"; then
 | |
|             exit 0
 | |
|           else
 | |
|             exitCode=$?
 | |
|             echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
 | |
|             echo "If you're having trouble, ping @NixOS/nixpkgs-vet"
 | |
|             exit "$exitCode"
 | |
|           fi |