tjh.dev
1name: Check
2
3on:
4 workflow_call:
5 inputs:
6 baseBranch:
7 required: true
8 type: string
9 headBranch:
10 required: true
11 type: string
12
13permissions: {}
14
15defaults:
16 run:
17 shell: bash
18
19jobs:
20 no-channel-base:
21 name: no channel base
22 if: contains(fromJSON(inputs.baseBranch).type, 'channel')
23 runs-on: ubuntu-24.04-arm
24 steps:
25 - run: |
26 cat <<EOF
27 The nixos-* and nixpkgs-* branches are pushed to by the channel
28 release script and should not be merged into directly.
29
30 Please target the equivalent release-* branch or master instead.
31 EOF
32 exit 1
33
34 cherry-pick:
35 if: |
36 github.event_name == 'pull_request' ||
37 (fromJSON(inputs.baseBranch).stable && !contains(fromJSON(inputs.headBranch).type, 'development'))
38 permissions:
39 pull-requests: write
40 runs-on: ubuntu-24.04-arm
41 steps:
42 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
43 with:
44 fetch-depth: 0
45 filter: tree:0
46 path: trusted
47
48 - name: Install dependencies
49 run: npm install bottleneck
50
51 - name: Log current API rate limits
52 env:
53 GH_TOKEN: ${{ github.token }}
54 run: gh api /rate_limit | jq
55
56 - name: Check cherry-picks
57 id: check
58 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
59 with:
60 script: |
61 require('./trusted/ci/github-script/commits.js')({
62 github,
63 context,
64 core,
65 dry: context.eventName == 'pull_request',
66 })
67
68 - name: Log current API rate limits
69 env:
70 GH_TOKEN: ${{ github.token }}
71 run: gh api /rate_limit | jq