tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / .github / workflows / lint.yml
at python-updates 3.7 kB view raw
1name: Lint 2 3on: 4 workflow_call: 5 inputs: 6 mergedSha: 7 required: true 8 type: string 9 targetSha: 10 required: true 11 type: string 12 13permissions: {} 14 15defaults: 16 run: 17 shell: bash 18 19jobs: 20 treefmt: 21 runs-on: ubuntu-24.04-arm 22 steps: 23 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 24 with: 25 sparse-checkout: .github/actions 26 - name: Check if the PR can be merged and checkout the merge commit 27 uses: ./.github/actions/get-merge-commit 28 with: 29 mergedSha: ${{ inputs.mergedSha }} 30 merged-as-untrusted: true 31 32 - uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31 33 with: 34 extra_nix_config: sandbox = true 35 36 - name: Check that files are formatted 37 run: | 38 # Note that it's fine to run this on untrusted code because: 39 # - There's no secrets accessible here 40 # - The build is sandboxed 41 if ! nix-build untrusted/ci -A fmt.check; then 42 echo "Some files are not properly formatted" 43 echo "Please format them by going to the Nixpkgs root directory and running one of:" 44 echo " nix-shell --run treefmt" 45 echo " nix develop --command treefmt" 46 echo " nix fmt" 47 echo "Make sure your branch is up to date with master; rebase if not." 48 echo "If you're having trouble, please ping @NixOS/nix-formatting" 49 exit 1 50 fi 51 52 parse: 53 runs-on: ubuntu-24.04-arm 54 steps: 55 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 56 with: 57 sparse-checkout: .github/actions 58 - name: Check if the PR can be merged and checkout the merge commit 59 uses: ./.github/actions/get-merge-commit 60 with: 61 mergedSha: ${{ inputs.mergedSha }} 62 merged-as-untrusted: true 63 64 - uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31 65 with: 66 extra_nix_config: sandbox = true 67 68 - name: Parse all nix files 69 run: | 70 # Tests multiple versions at once, let's make sure all of them run, so keep-going. 71 nix-build untrusted/ci -A parse --keep-going 72 73 nixpkgs-vet: 74 runs-on: ubuntu-24.04-arm 75 # This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long. 76 timeout-minutes: 10 77 steps: 78 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 79 with: 80 sparse-checkout: .github/actions 81 - name: Check if the PR can be merged and checkout merged and target commits 82 uses: ./.github/actions/get-merge-commit 83 with: 84 mergedSha: ${{ inputs.mergedSha }} 85 merged-as-untrusted: true 86 targetSha: ${{ inputs.targetSha }} 87 target-as-trusted: true 88 89 - uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31 90 with: 91 extra_nix_config: sandbox = true 92 93 - name: Running nixpkgs-vet 94 env: 95 # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/ 96 CLICOLOR_FORCE: 1 97 run: | 98 if nix-build untrusted/ci -A nixpkgs-vet --arg base "./trusted" --arg head "./untrusted"; then 99 exit 0 100 else 101 exitCode=$? 102 echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git" 103 echo "If you're having trouble, ping @NixOS/nixpkgs-vet" 104 exit "$exitCode" 105 fi