# `nixpkgs-vet` is a tool to vet Nixpkgs: its architecture, package structure, and more. # Among other checks, it makes sure that `pkgs/by-name` (see `../../pkgs/by-name/README.md`) follows the validity rules outlined in [RFC 140](https://github.com/NixOS/rfcs/pull/140). # When you make changes to this workflow, please also update `ci/nixpkgs-vet.sh` to reflect the impact of your work to the CI. # See https://github.com/NixOS/nixpkgs-vet for details on the tool and its checks. name: Vet nixpkgs on: pull_request: paths: - .github/workflows/nixpkgs-vet.yml pull_request_target: permissions: {} # We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit trigger), and contributors would get notified on any canceled run. # There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015 jobs: check: name: nixpkgs-vet runs-on: ubuntu-24.04-arm # This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long. timeout-minutes: 10 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: .github/actions - name: Check if the PR can be merged and checkout merged and target commits uses: ./.github/actions/get-merge-commit with: merged-as-untrusted: true target-as-trusted: true - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - name: Running nixpkgs-vet env: # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/ CLICOLOR_FORCE: 1 run: | if nix-build untrusted/ci -A nixpkgs-vet --arg base "./trusted" --arg head "./untrusted"; then exit 0 else exitCode=$? echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git" echo "If you're having trouble, ping @NixOS/nixpkgs-vet" exit "$exitCode" fi