pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #281374 from tweag/by-name-check-pin

workflows/check-by-name: Pin nixpkgs-check-by-name tool

authored by Silvan Mosberger and committed by GitHub aaa6573e bf54848f

+87 -42
unified split
+1 -1
.github/workflows/check-by-name.yml
··· 92 92 echo "base=$base" >> "$GITHUB_ENV" 93 93 - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 94 94 - name: Fetching the tool 95 - run: pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh "$GITHUB_BASE_REF" result 95 + run: pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh result 96 96 - name: Running nixpkgs-check-by-name 97 97 run: | 98 98 if result/bin/nixpkgs-check-by-name --base "$base" .; then
+11 -4
pkgs/test/nixpkgs-check-by-name/scripts/README.md
··· 1 1 # CI-related Scripts 2 2 3 - This directory contains scripts used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). 3 + This directory contains scripts and files used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. 4 + See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). 4 5 5 6 ## `./run-local.sh BASE_BRANCH [REPOSITORY]` 6 7 ··· 15 16 - `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11 16 17 - `REPOSITORY`: The repository to fetch the base branch from, defaults to https://github.com/NixOS/nixpkgs.git 17 18 18 - ## `./fetch-tool.sh BASE_BRANCH OUTPUT_PATH` 19 + ## `./update-pinned-tool.sh` 20 + 21 + Updates the pinned CI tool in [`./pinned-tool.json`](./pinned-tool.json) to the 22 + [latest version from the `nixos-unstable` channel](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.tests.nixpkgs-check-by-name.x86_64-linux) 23 + 24 + This script is called manually once the CI tooling needs to be updated. 25 + 26 + ## `./fetch-pinned-tool.sh OUTPUT_PATH` 19 27 20 - Fetches the Hydra-prebuilt nixpkgs-check-by-name to use from the NixOS channel corresponding to the given base branch. 28 + Fetches the pinned tooling specified in [`./pinned-tool.json`](./pinned-tool.json). 21 29 22 30 This script is used both by [`./run-local.sh`](#run-local-sh-base-branch-repository) and CI. 23 31 24 32 Arguments: 25 - - `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11 26 33 - `OUTPUT_PATH`: The output symlink path for the tool
+30
pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh
··· 1 + #!/usr/bin/env bash 2 + # Try to not use nix-shell here to avoid fetching Nixpkgs, 3 + # especially since this is used in CI 4 + # The only dependency is `jq`, which in CI is implicitly available 5 + # And when run from ./run-local.sh is provided by that parent script 6 + 7 + set -o pipefail -o errexit -o nounset 8 + 9 + trace() { echo >&2 "$@"; } 10 + 11 + SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 12 + 13 + pin_file=$SCRIPT_DIR/pinned-tool.json 14 + 15 + if (( $# < 1 )); then 16 + trace "Usage: $0 fetch OUTPUT_PATH" 17 + trace "OUTPUT_PATH: The output symlink path for the tool" 18 + exit 1 19 + fi 20 + output=$1 21 + 22 + trace "Reading $pin_file.. " 23 + rev=$(jq -r .rev "$SCRIPT_DIR"/pinned-tool.json) 24 + trace -e "Git revision is \e[34m$rev\e[0m" 25 + path=$(jq -r .path "$SCRIPT_DIR"/pinned-tool.json) 26 + trace "Tooling path is $path" 27 + 28 + trace -n "Fetching the prebuilt version of nixpkgs-check-by-name.. " 29 + nix-store --add-root "$output" -r "$path" >/dev/null 30 + realpath "$output"
+7 -35
pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh
··· 1 1 #!/usr/bin/env bash 2 - # Fetches the prebuilt nixpkgs-check-by-name to use from 3 - # the NixOS channel corresponding to the given base branch 4 - 5 - set -o pipefail -o errexit -o nounset 2 + # Legacy script to make CI work for the PR that replaces this 3 + # Needed due to `.github/workflows/check-by-name.yml` using `pull_request_target`, 4 + # which uses the workflow from the base branch, which still uses this script. 5 + # This file can be removed after the PR replacing it is merged. 6 6 7 7 trace() { echo >&2 "$@"; } 8 8 9 9 if (( $# < 2 )); then 10 10 trace "Usage: $0 BASE_BRANCH OUTPUT_PATH" 11 - trace "BASE_BRANCH: The base branch to use, e.g. master or release-23.11" 11 + trace "BASE_BRANCH (unused): The base branch to use, e.g. master or release-23.11" 12 12 trace "OUTPUT_PATH: The output symlink path for the tool" 13 13 exit 1 14 14 fi 15 - baseBranch=$1 16 15 output=$2 17 16 18 - trace -n "Determining the channel to use for PR base branch $baseBranch.. " 19 - if [[ "$baseBranch" =~ ^(release|staging|staging-next)-([0-9][0-9]\.[0-9][0-9])$ ]]; then 20 - # Use the release channel for all PRs to release-XX.YY, staging-XX.YY and staging-next-XX.YY 21 - preferredChannel=nixos-${BASH_REMATCH[2]} 22 - else 23 - # Use the nixos-unstable channel for all other PRs 24 - preferredChannel=nixos-unstable 25 - fi 26 - 27 - # Check that the channel exists. It doesn't exist for fresh release branches 28 - if curl -fSs "https://channels.nixos.org/$preferredChannel"; then 29 - channel=$preferredChannel 30 - trace "$channel" 31 - else 32 - # Fall back to nixos-unstable, makes sense for fresh release branches 33 - channel=nixos-unstable 34 - trace -e "\e[33mWarning: Preferred channel $preferredChannel could not be fetched, using fallback: $channel\e[0m" 35 - fi 17 + SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 36 18 37 - trace -n "Fetching latest version of channel $channel.. " 38 - # This is probably the easiest way to get Nix to output the path to a downloaded channel! 39 - nixpkgs=$(nix-instantiate --find-file nixpkgs -I nixpkgs=channel:"$channel") 40 - trace "$nixpkgs" 41 - 42 - # This file only exists in channels 43 - trace -e "Git revision of channel $channel is \e[34m$(<"$nixpkgs/.git-revision")\e[0m" 44 - 45 - trace -n "Fetching the prebuilt version of nixpkgs-check-by-name.. " 46 - nix-build -o "$output" "$nixpkgs" -A tests.nixpkgs-check-by-name -j 0 >/dev/null 47 - realpath "$output" >&2 19 + "$SCRIPT_DIR"/fetch-pinned-tool.sh "$output"
+4
pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json
··· 1 + { 2 + "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d", 3 + "path": "/nix/store/qlls5ca8q88qpyygg9ddi60gl1nmvpij-nixpkgs-check-by-name" 4 + }
+3 -2
pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh
··· 1 - #!/usr/bin/env bash 1 + #!/usr/bin/env nix-shell 2 + #!nix-shell -i bash -p jq 2 3 3 4 set -o pipefail -o errexit -o nounset 4 5 ··· 61 62 git -C "$tmp/merged" merge -q --no-edit "$baseSha" 62 63 trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m" 63 64 64 - "$tmp/merged/pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh" "$baseBranch" "$tmp/tool" 65 + "$tmp/merged/pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh" "$tmp/tool" 65 66 66 67 trace "Running nixpkgs-check-by-name.." 67 68 "$tmp/tool/bin/nixpkgs-check-by-name" --base "$tmp/base" "$tmp/merged"
+31
pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh
··· 1 + #!/usr/bin/env nix-shell 2 + #!nix-shell -i bash -p jq 3 + 4 + set -o pipefail -o errexit -o nounset 5 + 6 + trace() { echo >&2 "$@"; } 7 + 8 + SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 9 + 10 + channel=nixos-unstable 11 + pin_file=$SCRIPT_DIR/pinned-tool.json 12 + 13 + trace -n "Fetching latest version of channel $channel.. " 14 + # This is probably the easiest way to get Nix to output the path to a downloaded channel! 15 + nixpkgs=$(nix-instantiate --find-file nixpkgs -I nixpkgs=channel:"$channel") 16 + trace "$nixpkgs" 17 + 18 + # This file only exists in channels 19 + rev=$(<"$nixpkgs/.git-revision") 20 + trace -e "Git revision of channel $channel is \e[34m$rev\e[0m" 21 + 22 + 23 + trace -n "Fetching the prebuilt version of nixpkgs-check-by-name.. " 24 + path=$(nix-build --no-out-link "$nixpkgs" -A tests.nixpkgs-check-by-name -j 0 | tee /dev/stderr) 25 + 26 + trace "Updating $pin_file" 27 + jq -n \ 28 + --arg rev "$rev" \ 29 + --arg path "$path" \ 30 + '$ARGS.named' \ 31 + > "$pin_file"