pyrox.dev
Merge pull request #281374 from tweag/by-name-check-pin
workflows/check-by-name: Pin nixpkgs-check-by-name tool
authored by Silvan Mosberger and committed by GitHub aaa6573e bf54848f
+1
-1
.github/workflows/check-by-name.yml
+1
-1
.github/workflows/check-by-name.yml
···
92
echo "base=$base" >> "$GITHUB_ENV"
93
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
94
- name: Fetching the tool
95
-
run: pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh "$GITHUB_BASE_REF" result
96
- name: Running nixpkgs-check-by-name
97
run: |
98
if result/bin/nixpkgs-check-by-name --base "$base" .; then
···
92
echo "base=$base" >> "$GITHUB_ENV"
93
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
94
- name: Fetching the tool
95
+
run: pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh result
96
- name: Running nixpkgs-check-by-name
97
run: |
98
if result/bin/nixpkgs-check-by-name --base "$base" .; then
+11
-4
pkgs/test/nixpkgs-check-by-name/scripts/README.md
+11
-4
pkgs/test/nixpkgs-check-by-name/scripts/README.md
···
1
# CI-related Scripts
2
3
-
This directory contains scripts used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml).
4
5
## `./run-local.sh BASE_BRANCH [REPOSITORY]`
6
···
15
- `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11
16
- `REPOSITORY`: The repository to fetch the base branch from, defaults to https://github.com/NixOS/nixpkgs.git
17
18
-
## `./fetch-tool.sh BASE_BRANCH OUTPUT_PATH`
19
20
-
Fetches the Hydra-prebuilt nixpkgs-check-by-name to use from the NixOS channel corresponding to the given base branch.
21
22
This script is used both by [`./run-local.sh`](#run-local-sh-base-branch-repository) and CI.
23
24
Arguments:
25
-
- `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11
26
- `OUTPUT_PATH`: The output symlink path for the tool
···
1
# CI-related Scripts
2
3
+
This directory contains scripts and files used and related to the CI running the `pkgs/by-name` checks in Nixpkgs.
4
+
See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml).
5
6
## `./run-local.sh BASE_BRANCH [REPOSITORY]`
7
···
16
- `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11
17
- `REPOSITORY`: The repository to fetch the base branch from, defaults to https://github.com/NixOS/nixpkgs.git
18
19
+
## `./update-pinned-tool.sh`
20
+
21
+
Updates the pinned CI tool in [`./pinned-tool.json`](./pinned-tool.json) to the
22
+
[latest version from the `nixos-unstable` channel](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.tests.nixpkgs-check-by-name.x86_64-linux)
23
+
24
+
This script is called manually once the CI tooling needs to be updated.
25
+
26
+
## `./fetch-pinned-tool.sh OUTPUT_PATH`
27
28
+
Fetches the pinned tooling specified in [`./pinned-tool.json`](./pinned-tool.json).
29
30
This script is used both by [`./run-local.sh`](#run-local-sh-base-branch-repository) and CI.
31
32
Arguments:
33
- `OUTPUT_PATH`: The output symlink path for the tool
+30
pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh
+30
pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh
···
···
1
+
#!/usr/bin/env bash
2
+
# Try to not use nix-shell here to avoid fetching Nixpkgs,
3
+
# especially since this is used in CI
4
+
# The only dependency is `jq`, which in CI is implicitly available
5
+
# And when run from ./run-local.sh is provided by that parent script
6
+
7
+
set -o pipefail -o errexit -o nounset
8
+
9
+
trace() { echo >&2 "$@"; }
10
+
11
+
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
12
+
13
+
pin_file=$SCRIPT_DIR/pinned-tool.json
14
+
15
+
if (( $# < 1 )); then
16
+
trace "Usage: $0 fetch OUTPUT_PATH"
17
+
trace "OUTPUT_PATH: The output symlink path for the tool"
18
+
exit 1
19
+
fi
20
+
output=$1
21
+
22
+
trace "Reading $pin_file.. "
23
+
rev=$(jq -r .rev "$SCRIPT_DIR"/pinned-tool.json)
24
+
trace -e "Git revision is \e[34m$rev\e[0m"
25
+
path=$(jq -r .path "$SCRIPT_DIR"/pinned-tool.json)
26
+
trace "Tooling path is $path"
27
+
28
+
trace -n "Fetching the prebuilt version of nixpkgs-check-by-name.. "
29
+
nix-store --add-root "$output" -r "$path" >/dev/null
30
+
realpath "$output"
+7
-35
pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh
+7
-35
pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh
···
1
#!/usr/bin/env bash
2
-
# Fetches the prebuilt nixpkgs-check-by-name to use from
3
-
# the NixOS channel corresponding to the given base branch
4
-
5
-
set -o pipefail -o errexit -o nounset
6
7
trace() { echo >&2 "$@"; }
8
9
if (( $# < 2 )); then
10
trace "Usage: $0 BASE_BRANCH OUTPUT_PATH"
11
-
trace "BASE_BRANCH: The base branch to use, e.g. master or release-23.11"
12
trace "OUTPUT_PATH: The output symlink path for the tool"
13
exit 1
14
fi
15
-
baseBranch=$1
16
output=$2
17
18
-
trace -n "Determining the channel to use for PR base branch $baseBranch.. "
19
-
if [[ "$baseBranch" =~ ^(release|staging|staging-next)-([0-9][0-9]\.[0-9][0-9])$ ]]; then
20
-
# Use the release channel for all PRs to release-XX.YY, staging-XX.YY and staging-next-XX.YY
21
-
preferredChannel=nixos-${BASH_REMATCH[2]}
22
-
else
23
-
# Use the nixos-unstable channel for all other PRs
24
-
preferredChannel=nixos-unstable
25
-
fi
26
-
27
-
# Check that the channel exists. It doesn't exist for fresh release branches
28
-
if curl -fSs "https://channels.nixos.org/$preferredChannel"; then
29
-
channel=$preferredChannel
30
-
trace "$channel"
31
-
else
32
-
# Fall back to nixos-unstable, makes sense for fresh release branches
33
-
channel=nixos-unstable
34
-
trace -e "\e[33mWarning: Preferred channel $preferredChannel could not be fetched, using fallback: $channel\e[0m"
35
-
fi
36
37
-
trace -n "Fetching latest version of channel $channel.. "
38
-
# This is probably the easiest way to get Nix to output the path to a downloaded channel!
39
-
nixpkgs=$(nix-instantiate --find-file nixpkgs -I nixpkgs=channel:"$channel")
40
-
trace "$nixpkgs"
41
-
42
-
# This file only exists in channels
43
-
trace -e "Git revision of channel $channel is \e[34m$(<"$nixpkgs/.git-revision")\e[0m"
44
-
45
-
trace -n "Fetching the prebuilt version of nixpkgs-check-by-name.. "
46
-
nix-build -o "$output" "$nixpkgs" -A tests.nixpkgs-check-by-name -j 0 >/dev/null
47
-
realpath "$output" >&2
···
1
#!/usr/bin/env bash
2
+
# Legacy script to make CI work for the PR that replaces this
3
+
# Needed due to `.github/workflows/check-by-name.yml` using `pull_request_target`,
4
+
# which uses the workflow from the base branch, which still uses this script.
5
+
# This file can be removed after the PR replacing it is merged.
6
7
trace() { echo >&2 "$@"; }
8
9
if (( $# < 2 )); then
10
trace "Usage: $0 BASE_BRANCH OUTPUT_PATH"
11
+
trace "BASE_BRANCH (unused): The base branch to use, e.g. master or release-23.11"
12
trace "OUTPUT_PATH: The output symlink path for the tool"
13
exit 1
14
fi
15
output=$2
16
17
+
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
18
19
+
"$SCRIPT_DIR"/fetch-pinned-tool.sh "$output"
+4
pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json
+4
pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json
+3
-2
pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh
+3
-2
pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh
···
1
-
#!/usr/bin/env bash
2
3
set -o pipefail -o errexit -o nounset
4
···
61
git -C "$tmp/merged" merge -q --no-edit "$baseSha"
62
trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m"
63
64
-
"$tmp/merged/pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh" "$baseBranch" "$tmp/tool"
65
66
trace "Running nixpkgs-check-by-name.."
67
"$tmp/tool/bin/nixpkgs-check-by-name" --base "$tmp/base" "$tmp/merged"
···
1
+
#!/usr/bin/env nix-shell
2
+
#!nix-shell -i bash -p jq
3
4
set -o pipefail -o errexit -o nounset
5
···
62
git -C "$tmp/merged" merge -q --no-edit "$baseSha"
63
trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m"
64
65
+
"$tmp/merged/pkgs/test/nixpkgs-check-by-name/scripts/fetch-pinned-tool.sh" "$tmp/tool"
66
67
trace "Running nixpkgs-check-by-name.."
68
"$tmp/tool/bin/nixpkgs-check-by-name" --base "$tmp/base" "$tmp/merged"
+31
pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh
+31
pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh
···
···
1
+
#!/usr/bin/env nix-shell
2
+
#!nix-shell -i bash -p jq
3
+
4
+
set -o pipefail -o errexit -o nounset
5
+
6
+
trace() { echo >&2 "$@"; }
7
+
8
+
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
9
+
10
+
channel=nixos-unstable
11
+
pin_file=$SCRIPT_DIR/pinned-tool.json
12
+
13
+
trace -n "Fetching latest version of channel $channel.. "
14
+
# This is probably the easiest way to get Nix to output the path to a downloaded channel!
15
+
nixpkgs=$(nix-instantiate --find-file nixpkgs -I nixpkgs=channel:"$channel")
16
+
trace "$nixpkgs"
17
+
18
+
# This file only exists in channels
19
+
rev=$(<"$nixpkgs/.git-revision")
20
+
trace -e "Git revision of channel $channel is \e[34m$rev\e[0m"
21
+
22
+
23
+
trace -n "Fetching the prebuilt version of nixpkgs-check-by-name.. "
24
+
path=$(nix-build --no-out-link "$nixpkgs" -A tests.nixpkgs-check-by-name -j 0 | tee /dev/stderr)
25
+
26
+
trace "Updating $pin_file"
27
+
jq -n \
28
+
--arg rev "$rev" \
29
+
--arg path "$path" \
30
+
'$ARGS.named' \
31
+
> "$pin_file"