+10 -10

.github/workflows/check-by-name.yml

··· 1 1 # Checks pkgs/by-name (see pkgs/by-name/README.md) 2 2 - # using the nixpkgs-check-by-name tool (see pkgs/test/nixpkgs-check-by-name) 2 2 + # using the nixpkgs-check-by-name tool (see https://github.com/NixOS/nixpkgs-check-by-name) 3 3 # 4 4 - # When you make changes to this workflow, also update pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh adequately 4 4 + # When you make changes to this workflow, also update pkgs/test/check-by-name/run-local.sh adequately 5 5 name: Check pkgs/by-name 6 6 7 7 - # The tool is pinned to a pre-built version on Hydra, 8 8 - # see pkgs/test/nixpkgs-check-by-name/scripts/README.md 9 7 on: 10 8 # Using pull_request_target instead of pull_request avoids having to approve first time contributors 11 9 pull_request_target: ··· 24 22 25 23 jobs: 26 24 check: 27 27 - # This is x86_64-linux, for which the tool is always prebuilt on the nixos-* channels, 28 28 - # as specified in nixos/release-combined.nix 25 25 + # This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases 29 26 runs-on: ubuntu-latest 30 27 # This should take 1 minute at most, but let's be generous. 31 28 # The default of 6 hours is definitely too long ··· 100 97 echo "base=$base" >> "$GITHUB_ENV" 101 98 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 102 99 - name: Fetching the pinned tool 103 103 - # Update the pinned version using pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh 100 100 + # Update the pinned version using pkgs/test/check-by-name/update-pinned-tool.sh 104 101 run: | 105 105 - # Get the direct /nix/store path from the pin to avoid having to evaluate Nixpkgs 106 106 - toolPath=$(jq -r '."ci-path"' pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json) 107 107 - # This asks the substituter for the path, which should be there because Hydra will have pre-built and pushed it 102 102 + # The pinned version of the tooling to use 103 103 + toolVersion=$(<pkgs/test/check-by-name/pinned-version.txt) 104 104 + # Fetch the x86_64-linux-specific release artifact containing the Gzipped NAR of the pre-built tool 105 105 + toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-check-by-name/releases/download/"$toolVersion"/x86_64-linux.nar.gz \ 106 106 + | gzip -cd | nix-store --import | tail -1) 107 107 + # Adds a result symlink as a GC root 108 108 nix-store --realise "$toolPath" --add-root result 109 109 - name: Running nixpkgs-check-by-name 110 110 run: |

+1 -1

maintainers/scripts/README.md

··· 11 11 12 12 ### `check-by-name.sh` 13 13 14 14 - An alias for `pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh`, see [documentation](../../pkgs/test/nixpkgs-check-by-name/scripts/README.md). 14 14 + An alias for `pkgs/test/check-by-name/run-local.sh`, see [documentation](../../pkgs/test/check-by-name/README.md). 15 15 16 16 ### `get-maintainer.sh` 17 17

+1 -1

maintainers/scripts/check-by-name.sh

··· 1 1 - ../../pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh 1 1 + ../../pkgs/test/check-by-name/run-local.sh

-5

nixos/release-combined.nix

··· 169 169 (onFullSupported "nixpkgs.jdk") 170 170 (onSystems ["x86_64-linux"] "nixpkgs.mesa_i686") # i686 sanity check + useful 171 171 ["nixpkgs.tarball"] 172 172 - 173 173 - # Ensure that nixpkgs-check-by-name is available in nixos-unstable, 174 174 - # so that a pre-built version can be used in CI for PR's 175 175 - # See ../pkgs/test/nixpkgs-check-by-name/README.md 176 176 - (onSystems ["x86_64-linux"] "nixpkgs.tests.nixpkgs-check-by-name") 177 172 ]; 178 173 }; 179 174 }

+3 -3

pkgs/by-name/README.md

··· 108 108 109 109 ## Validation 110 110 111 111 - CI performs [certain checks](../test/nixpkgs-check-by-name/README.md#validity-checks) on the `pkgs/by-name` structure. 112 112 - This is done using the [`nixpkgs-check-by-name` tool](../test/nixpkgs-check-by-name). 111 111 + CI performs [certain checks](https://github.com/NixOS/nixpkgs-check-by-name?tab=readme-ov-file#validity-checks) on the `pkgs/by-name` structure. 112 112 + This is done using the [`nixpkgs-check-by-name` tool](https://github.com/NixOS/nixpkgs-check-by-name). 113 113 114 114 You can locally emulate the CI check using 115 115 116 116 ``` 117 117 - $ ./pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh master 117 117 + $ ./maintainers/scripts/check-by-name.sh master 118 118 ``` 119 119 120 120 See [here](../../.github/workflows/check-by-name.yml) for more info.

+1

pkgs/test/check-by-name/pinned-version.txt

··· 1 1 + 0.1.0

+73

pkgs/test/check-by-name/run-local.sh

··· 1 1 + #!/usr/bin/env nix-shell 2 2 + #!nix-shell -i bash -p jq 3 3 + 4 4 + set -o pipefail -o errexit -o nounset 5 5 + 6 6 + trace() { echo >&2 "$@"; } 7 7 + 8 8 + tmp=$(mktemp -d) 9 9 + cleanup() { 10 10 + # Don't exit early if anything fails to cleanup 11 11 + set +o errexit 12 12 + 13 13 + trace -n "Cleaning up.. " 14 14 + 15 15 + [[ -e "$tmp/base" ]] && git worktree remove --force "$tmp/base" 16 16 + [[ -e "$tmp/merged" ]] && git worktree remove --force "$tmp/merged" 17 17 + 18 18 + rm -rf "$tmp" 19 19 + 20 20 + trace "Done" 21 21 + } 22 22 + trap cleanup exit 23 23 + 24 24 + 25 25 + repo=https://github.com/NixOS/nixpkgs.git 26 26 + 27 27 + if (( $# != 0 )); then 28 28 + baseBranch=$1 29 29 + shift 30 30 + else 31 31 + trace "Usage: $0 BASE_BRANCH [REPOSITORY]" 32 32 + trace "BASE_BRANCH: The base branch to use, e.g. master or release-23.11" 33 33 + trace "REPOSITORY: The repository to fetch the base branch from, defaults to $repo" 34 34 + exit 1 35 35 + fi 36 36 + 37 37 + if (( $# != 0 )); then 38 38 + repo=$1 39 39 + shift 40 40 + fi 41 41 + 42 42 + if [[ -n "$(git status --porcelain)" ]]; then 43 43 + trace -e "\e[33mWarning: Dirty tree, uncommitted changes won't be taken into account\e[0m" 44 44 + fi 45 45 + headSha=$(git rev-parse HEAD) 46 46 + trace -e "Using HEAD commit \e[34m$headSha\e[0m" 47 47 + 48 48 + trace -n "Creating Git worktree for the HEAD commit in $tmp/merged.. " 49 49 + git worktree add --detach -q "$tmp/merged" HEAD 50 50 + trace "Done" 51 51 + 52 52 + trace -n "Fetching base branch $baseBranch to compare against.. " 53 53 + git fetch -q "$repo" refs/heads/"$baseBranch" 54 54 + baseSha=$(git rev-parse FETCH_HEAD) 55 55 + trace -e "\e[34m$baseSha\e[0m" 56 56 + 57 57 + trace -n "Creating Git worktree for the base branch in $tmp/base.. " 58 58 + git worktree add -q "$tmp/base" "$baseSha" 59 59 + trace "Done" 60 60 + 61 61 + trace -n "Merging base branch into the HEAD commit in $tmp/merged.. " 62 62 + git -C "$tmp/merged" merge -q --no-edit "$baseSha" 63 63 + trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m" 64 64 + 65 65 + trace -n "Reading pinned nixpkgs-check-by-name version from pinned-version.txt.. " 66 66 + toolVersion=$(<"$tmp/merged/pkgs/test/check-by-name/pinned-version.txt") 67 67 + trace -e "\e[34m$toolVersion\e[0m" 68 68 + 69 69 + trace -n "Building tool.. " 70 70 + nix-build https://github.com/NixOS/nixpkgs-check-by-name/tarball/"$toolVersion" -o "$tmp/tool" -A build 71 71 + 72 72 + trace "Running nixpkgs-check-by-name.." 73 73 + "$tmp/tool/bin/nixpkgs-check-by-name" --base "$tmp/base" "$tmp/merged"

+22

pkgs/test/check-by-name/update-pinned-tool.sh

··· 1 1 + #!/usr/bin/env nix-shell 2 2 + #!nix-shell -i bash -p jq curl 3 3 + 4 4 + set -o pipefail -o errexit -o nounset 5 5 + 6 6 + trace() { echo >&2 "$@"; } 7 7 + 8 8 + SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 9 9 + 10 10 + repository=NixOS/nixpkgs-check-by-name 11 11 + pin_file=$SCRIPT_DIR/pinned-version.txt 12 12 + 13 13 + trace -n "Fetching latest release of $repository.. " 14 14 + latestRelease=$(curl -sSfL \ 15 15 + -H "Accept: application/vnd.github+json" \ 16 16 + -H "X-GitHub-Api-Version: 2022-11-28" \ 17 17 + https://api.github.com/repos/"$repository"/releases/latest) 18 18 + latestVersion=$(jq .tag_name -r <<< "$latestRelease") 19 19 + trace "$latestVersion" 20 20 + 21 21 + trace "Updating $pin_file" 22 22 + echo "$latestVersion" > "$pin_file"

+5 -12

pkgs/test/nixpkgs-check-by-name/scripts/README.md pkgs/test/check-by-name/README.md

··· 1 1 - # CI-related Scripts 1 1 + # `pkgs/by-name` check CI scripts 2 2 3 3 This directory contains scripts and files used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. 4 4 - See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). 4 4 + See also the [CI GitHub Action](../../../.github/workflows/check-by-name.yml). 5 5 6 6 ## `./run-local.sh BASE_BRANCH [REPOSITORY]` 7 7 ··· 18 18 19 19 ## `./update-pinned-tool.sh` 20 20 21 21 - Updates the pinned CI tool in [`./pinned-tool.json`](./pinned-tool.json) to the 22 22 - [latest version from the `nixos-unstable` channel](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.tests.nixpkgs-check-by-name.x86_64-linux). 21 21 + Updates the pinned [nixpkgs-check-by-name tool](https://github.com/NixOS/nixpkgs-check-by-name) in [`./pinned-version.txt`](./pinned-version.txt) to the latest [release](https://github.com/NixOS/nixpkgs-check-by-name/releases). 22 22 + Each release contains a pre-built x86_64-linux version of the tool which is used by CI. 23 23 24 24 - This script needs to be called manually when the CI tooling needs to be updated. 25 25 - 26 26 - The `pinned-tool.json` file gets populated with both: 27 27 - - The `/nix/store` path for `x86_64-linux`, such that CI doesn't have to evaluate Nixpkgs and can directly fetch it from the cache instead. 28 28 - - The Nixpkgs revision, such that the `./run-local.sh` script can be used to run the checks locally on any system. 29 29 - 30 30 - To ensure that the tool is always pre-built for `x86_64-linux` in the `nixos-unstable` channel, 31 31 - it's included in the `tested` jobset description in [`nixos/release-combined.nix`](../../../nixos/release-combined.nix). 24 24 + This script currently needs to be called manually when the CI tooling needs to be updated. 32 25 33 26 Why not just build the tooling right from the PRs Nixpkgs version? 34 27 - Because it allows CI to check all PRs, even if they would break the CI tooling.

-82

pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh

··· 1 1 - #!/usr/bin/env nix-shell 2 2 - #!nix-shell -i bash -p jq 3 3 - 4 4 - set -o pipefail -o errexit -o nounset 5 5 - 6 6 - trace() { echo >&2 "$@"; } 7 7 - 8 8 - tmp=$(mktemp -d) 9 9 - cleanup() { 10 10 - # Don't exit early if anything fails to cleanup 11 11 - set +o errexit 12 12 - 13 13 - trace -n "Cleaning up.. " 14 14 - 15 15 - [[ -e "$tmp/base" ]] && git worktree remove --force "$tmp/base" 16 16 - [[ -e "$tmp/merged" ]] && git worktree remove --force "$tmp/merged" 17 17 - [[ -e "$tmp/tool-nixpkgs" ]] && git worktree remove --force "$tmp/tool-nixpkgs" 18 18 - 19 19 - rm -rf "$tmp" 20 20 - 21 21 - trace "Done" 22 22 - } 23 23 - trap cleanup exit 24 24 - 25 25 - 26 26 - repo=https://github.com/NixOS/nixpkgs.git 27 27 - 28 28 - if (( $# != 0 )); then 29 29 - baseBranch=$1 30 30 - shift 31 31 - else 32 32 - trace "Usage: $0 BASE_BRANCH [REPOSITORY]" 33 33 - trace "BASE_BRANCH: The base branch to use, e.g. master or release-23.11" 34 34 - trace "REPOSITORY: The repository to fetch the base branch from, defaults to $repo" 35 35 - exit 1 36 36 - fi 37 37 - 38 38 - if (( $# != 0 )); then 39 39 - repo=$1 40 40 - shift 41 41 - fi 42 42 - 43 43 - if [[ -n "$(git status --porcelain)" ]]; then 44 44 - trace -e "\e[33mWarning: Dirty tree, uncommitted changes won't be taken into account\e[0m" 45 45 - fi 46 46 - headSha=$(git rev-parse HEAD) 47 47 - trace -e "Using HEAD commit \e[34m$headSha\e[0m" 48 48 - 49 49 - trace -n "Creating Git worktree for the HEAD commit in $tmp/merged.. " 50 50 - git worktree add --detach -q "$tmp/merged" HEAD 51 51 - trace "Done" 52 52 - 53 53 - trace -n "Fetching base branch $baseBranch to compare against.. " 54 54 - git fetch -q "$repo" refs/heads/"$baseBranch" 55 55 - baseSha=$(git rev-parse FETCH_HEAD) 56 56 - trace -e "\e[34m$baseSha\e[0m" 57 57 - 58 58 - trace -n "Creating Git worktree for the base branch in $tmp/base.. " 59 59 - git worktree add -q "$tmp/base" "$baseSha" 60 60 - trace "Done" 61 61 - 62 62 - trace -n "Merging base branch into the HEAD commit in $tmp/merged.. " 63 63 - git -C "$tmp/merged" merge -q --no-edit "$baseSha" 64 64 - trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m" 65 65 - 66 66 - trace -n "Reading pinned nixpkgs-check-by-name revision from pinned-tool.json.. " 67 67 - toolSha=$(jq -r .rev "$tmp/merged/pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json") 68 68 - trace -e "\e[34m$toolSha\e[0m" 69 69 - 70 70 - trace -n "Creating Git worktree for the nixpkgs-check-by-name revision in $tmp/tool-nixpkgs.. " 71 71 - git worktree add -q "$tmp/tool-nixpkgs" "$toolSha" 72 72 - trace "Done" 73 73 - 74 74 - trace "Building/fetching nixpkgs-check-by-name.." 75 75 - nix-build -o "$tmp/tool" "$tmp/tool-nixpkgs" \ 76 76 - -A tests.nixpkgs-check-by-name \ 77 77 - --arg config '{}' \ 78 78 - --arg overlays '[]' \ 79 79 - -j 0 80 80 - 81 81 - trace "Running nixpkgs-check-by-name.." 82 82 - "$tmp/tool/bin/nixpkgs-check-by-name" --base "$tmp/base" "$tmp/merged"

-40

pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh

··· 1 1 - #!/usr/bin/env nix-shell 2 2 - #!nix-shell -i bash -p jq 3 3 - 4 4 - set -o pipefail -o errexit -o nounset 5 5 - 6 6 - trace() { echo >&2 "$@"; } 7 7 - 8 8 - SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 9 9 - 10 10 - # Determined by `runs-on: ubuntu-latest` in .github/workflows/check-by-name.yml 11 11 - CI_SYSTEM=x86_64-linux 12 12 - 13 13 - channel=nixos-unstable 14 14 - pin_file=$SCRIPT_DIR/pinned-tool.json 15 15 - 16 16 - trace -n "Fetching latest version of channel $channel.. " 17 17 - # This is probably the easiest way to get Nix to output the path to a downloaded channel! 18 18 - nixpkgs=$(nix-instantiate --find-file nixpkgs -I nixpkgs=channel:"$channel") 19 19 - trace "$nixpkgs" 20 20 - 21 21 - # This file only exists in channels 22 22 - rev=$(<"$nixpkgs/.git-revision") 23 23 - trace -e "Git revision of channel $channel is \e[34m$rev\e[0m" 24 24 - 25 25 - trace -n "Fetching the prebuilt version of nixpkgs-check-by-name for $CI_SYSTEM.. " 26 26 - # This is the architecture used by CI, we want to prefetch the exact path to avoid having to evaluate Nixpkgs 27 27 - ci_path=$(nix-build --no-out-link "$nixpkgs" \ 28 28 - -A tests.nixpkgs-check-by-name \ 29 29 - --arg config '{}' \ 30 30 - --argstr system "$CI_SYSTEM" \ 31 31 - --arg overlays '[]' \ 32 32 - -j 0 \ 33 33 - | tee /dev/stderr) 34 34 - 35 35 - trace "Updating $pin_file" 36 36 - jq -n \ 37 37 - --arg rev "$rev" \ 38 38 - --arg ci-path "$ci_path" \ 39 39 - '$ARGS.named' \ 40 40 - > "$pin_file"