From c69bf3d31096568b9fc4f4b455f7fc41ad36e2ef Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Thu, 29 May 2025 18:55:25 +0200 Subject: [PATCH 1/2] workflows: run without condition on changed paths To enable *required status checks / workflows* in the future, we'd like to run all workflows unconditionally. Since those workflows are already using cachix, the additional runs will be very cheap. Yes, we'll run additional jobs, but that will be temporary only, see next commits. The immediate upside is, that we're not going to accidentally miss some of the paths that would cause rebuilds as we did in the past. (cherry picked from commit 540fd4e30f7d3de2ee908febff560af23bd800ca) --- .github/workflows/check-shell.yml | 3 --- .github/workflows/lib-tests.yml | 3 --- .github/workflows/manual-nixos-v2.yml | 9 --------- .github/workflows/manual-nixpkgs-v2.yml | 4 ---- 4 files changed, 19 deletions(-) diff --git a/.github/workflows/check-shell.yml b/.github/workflows/check-shell.yml index 37eddde22529..5f25b45ac163 100644 --- a/.github/workflows/check-shell.yml +++ b/.github/workflows/check-shell.yml @@ -5,9 +5,6 @@ on: paths: - .github/workflows/check-shell.yml pull_request_target: - paths: - - 'shell.nix' - - 'ci/**' concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/lib-tests.yml b/.github/workflows/lib-tests.yml index 4a22a5e2dfdc..a8efbde6fd69 100644 --- a/.github/workflows/lib-tests.yml +++ b/.github/workflows/lib-tests.yml @@ -5,9 +5,6 @@ on: paths: - .github/workflows/lib-tests.yml pull_request_target: - paths: - - 'lib/**' - - 'maintainers/**' concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/manual-nixos-v2.yml b/.github/workflows/manual-nixos-v2.yml index f2728da91c93..347668a0ea79 100644 --- a/.github/workflows/manual-nixos-v2.yml +++ b/.github/workflows/manual-nixos-v2.yml @@ -8,15 +8,6 @@ on: branches: - master - release-* - paths: - - "nixos/**" - # Also build when the nixpkgs doc changed, since we take things like - # the release notes and some css and js files from there. - # See nixos/doc/manual/default.nix - - "doc/**" - # Build when something in lib changes - # Since the lib functions are used to 'massage' the options before producing the manual - - "lib/**" concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/manual-nixpkgs-v2.yml b/.github/workflows/manual-nixpkgs-v2.yml index f68fae524e90..1bd1e950578d 100644 --- a/.github/workflows/manual-nixpkgs-v2.yml +++ b/.github/workflows/manual-nixpkgs-v2.yml @@ -5,10 +5,6 @@ on: paths: - .github/workflows/manual-nixpkgs-v2.yml pull_request_target: - paths: - - 'doc/**' - - 'lib/**' - - 'pkgs/by-name/ni/nixdoc/**' concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} From d39cc5ac0d226472f663267b7ff1e88ffd2c3f41 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Thu, 29 May 2025 21:51:14 +0200 Subject: [PATCH 2/2] workflows/build: build all the basics in a single workflow This new workflow builds both manuals, the shell and the lib tests all in a matrix of four jobs. This allows re-using the shared checkout and the pinned nixpkgs download and saves time in the most likely cache: No changes, just download from cache. Each step checks the cancelled condition, which causes it to run even if the previous steps failed. This way we get a full picture even if the first step fails immediately. This could later be optimized to build more in parallel as well, but we'll first need to clear the conditions on building the manuals on the master branch only. This reduces the number of jobs from up to 8 to 4 for this part. (cherry picked from commit cd82aa54f525559f157360c3432d923bae3798a8) --- .../{manual-nixos-v2.yml => build.yml} | 46 ++++++++++++---- .github/workflows/check-shell.yml | 55 ------------------- .github/workflows/lib-tests.yml | 44 --------------- .github/workflows/manual-nixpkgs-v2.yml | 43 --------------- 4 files changed, 36 insertions(+), 152 deletions(-) rename .github/workflows/{manual-nixos-v2.yml => build.yml} (52%) delete mode 100644 .github/workflows/check-shell.yml delete mode 100644 .github/workflows/lib-tests.yml delete mode 100644 .github/workflows/manual-nixpkgs-v2.yml diff --git a/.github/workflows/manual-nixos-v2.yml b/.github/workflows/build.yml similarity index 52% rename from .github/workflows/manual-nixos-v2.yml rename to .github/workflows/build.yml index 347668a0ea79..d92f73eb0d3a 100644 --- a/.github/workflows/manual-nixos-v2.yml +++ b/.github/workflows/build.yml @@ -1,13 +1,10 @@ -name: "Build NixOS manual v2" +name: Build on: pull_request: paths: - - .github/workflows/manual-nixos-v2.yml + - .github/workflows/build.yml pull_request_target: - branches: - - master - - release-* concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} @@ -20,16 +17,24 @@ defaults: shell: bash jobs: - nixos: - name: nixos-manual-build + build: strategy: fail-fast: false matrix: include: - runner: ubuntu-24.04 system: x86_64-linux + builds: [shell,manual-nixos,lib-tests] - runner: ubuntu-24.04-arm system: aarch64-linux + builds: [shell,manual-nixos,manual-nixpkgs,manual-nixpkgs-tests] + - runner: macos-13 + system: x86_64-darwin + builds: [shell] + - runner: macos-14 + system: aarch64-darwin + builds: [shell] + name: ${{ matrix.system }} runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -50,13 +55,34 @@ jobs: name: nixpkgs-ci authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" + - name: Build shell + if: contains(matrix.builds, 'shell') + run: nix-build untrusted/ci -A shell + - name: Build NixOS manual - id: build-manual - run: nix-build untrusted/ci -A manual-nixos --argstr system ${{ matrix.system }} + if: | + contains(matrix.builds, 'manual-nixos') && !cancelled() && + (github.base_ref == 'master' || startsWith(github.base_ref, 'release-')) + run: nix-build untrusted/ci -A manual-nixos --argstr system ${{ matrix.system }} --out-link nixos-manual + + - name: Build Nixpkgs manual + if: contains(matrix.builds, 'manual-nixpkgs') && !cancelled() + run: nix-build untrusted/ci -A manual-nixpkgs -A manual-nixpkgs-tests + + - name: Build Nixpkgs manual tests + if: contains(matrix.builds, 'manual-nixpkgs-tests') && !cancelled() + run: nix-build untrusted/ci -A manual-nixpkgs-tests + + - name: Build lib tests + if: contains(matrix.builds, 'lib-tests') && !cancelled() + run: nix-build untrusted/ci -A lib-tests - name: Upload NixOS manual + if: | + contains(matrix.builds, 'manual-nixos') && !cancelled() && + (github.base_ref == 'master' || startsWith(github.base_ref, 'release-')) uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: nixos-manual-${{ matrix.system }} - path: result/ + path: nixos-manual if-no-files-found: error diff --git a/.github/workflows/check-shell.yml b/.github/workflows/check-shell.yml deleted file mode 100644 index 5f25b45ac163..000000000000 --- a/.github/workflows/check-shell.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: "Check shell" - -on: - pull_request: - paths: - - .github/workflows/check-shell.yml - pull_request_target: - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - shell-check: - strategy: - fail-fast: false - matrix: - include: - - runner: ubuntu-24.04 - system: x86_64-linux - - runner: ubuntu-24.04-arm - system: aarch64-linux - - runner: macos-13 - system: x86_64-darwin - - runner: macos-14 - system: aarch64-darwin - - name: shell-check-${{ matrix.system }} - runs-on: ${{ matrix.runner }} - - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - sparse-checkout: .github/actions - - name: Check if the PR can be merged and checkout the merge commit - uses: ./.github/actions/get-merge-commit - with: - merged-as-untrusted: true - - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 - - - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16 - with: - # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. - name: nixpkgs-ci - authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - - - name: Build shell - run: nix-build untrusted/ci -A shell diff --git a/.github/workflows/lib-tests.yml b/.github/workflows/lib-tests.yml deleted file mode 100644 index a8efbde6fd69..000000000000 --- a/.github/workflows/lib-tests.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: "Building Nixpkgs lib-tests" - -on: - pull_request: - paths: - - .github/workflows/lib-tests.yml - pull_request_target: - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - nixpkgs-lib-tests: - name: nixpkgs-lib-tests - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - sparse-checkout: .github/actions - - name: Check if the PR can be merged and checkout the merge commit - uses: ./.github/actions/get-merge-commit - with: - merged-as-untrusted: true - - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 - with: - extra_nix_config: sandbox = true - - - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16 - with: - # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. - name: nixpkgs-ci - authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - - - name: Building Nixpkgs lib-tests - run: | - nix-build untrusted/ci -A lib-tests diff --git a/.github/workflows/manual-nixpkgs-v2.yml b/.github/workflows/manual-nixpkgs-v2.yml deleted file mode 100644 index 1bd1e950578d..000000000000 --- a/.github/workflows/manual-nixpkgs-v2.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: "Build Nixpkgs manual v2" - -on: - pull_request: - paths: - - .github/workflows/manual-nixpkgs-v2.yml - pull_request_target: - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -permissions: {} - -defaults: - run: - shell: bash - -jobs: - nixpkgs: - name: nixpkgs-manual-build - runs-on: ubuntu-24.04-arm - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - sparse-checkout: .github/actions - - name: Check if the PR can be merged and checkout the merge commit - uses: ./.github/actions/get-merge-commit - with: - merged-as-untrusted: true - - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 - with: - extra_nix_config: sandbox = true - - - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16 - with: - # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. - name: nixpkgs-ci - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - - name: Building Nixpkgs manual - run: nix-build untrusted/ci -A manual-nixpkgs -A manual-nixpkgs-tests