mirror of
https://github.com/CHN-beta/nixpkgs.git
synced 2026-01-12 02:40:31 +08:00
36c667d9f4
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](60a0d83039...ed597411d8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit4ea8216576)
157 lines
5.0 KiB
YAML
157 lines
5.0 KiB
YAML
name: PR
|
|
|
|
on:
|
|
pull_request_target:
|
|
workflow_call:
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN:
|
|
required: true
|
|
NIXPKGS_CI_APP_PRIVATE_KEY:
|
|
required: true
|
|
OWNER_APP_PRIVATE_KEY:
|
|
# The Test workflow should not actually request reviews from owners.
|
|
required: false
|
|
OWNER_RO_APP_PRIVATE_KEY:
|
|
required: true
|
|
|
|
concurrency:
|
|
group: pr-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
prepare:
|
|
runs-on: ubuntu-24.04-arm
|
|
permissions:
|
|
# wrong branch review comment
|
|
pull-requests: write
|
|
outputs:
|
|
baseBranch: ${{ steps.prepare.outputs.base }}
|
|
headBranch: ${{ steps.prepare.outputs.head }}
|
|
mergedSha: ${{ steps.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ steps.prepare.outputs.targetSha }}
|
|
systems: ${{ steps.prepare.outputs.systems }}
|
|
touched: ${{ steps.prepare.outputs.touched }}
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
sparse-checkout-cone-mode: true # default, for clarity
|
|
sparse-checkout: |
|
|
ci/github-script
|
|
- id: prepare
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
require('./ci/github-script/prepare.js')({
|
|
github,
|
|
context,
|
|
core,
|
|
dry: context.eventName == 'pull_request',
|
|
})
|
|
|
|
check:
|
|
name: Check
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/check.yml
|
|
permissions:
|
|
# cherry-picks
|
|
pull-requests: write
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
OWNER_RO_APP_PRIVATE_KEY: ${{ secrets.OWNER_RO_APP_PRIVATE_KEY }}
|
|
with:
|
|
baseBranch: ${{ needs.prepare.outputs.baseBranch }}
|
|
headBranch: ${{ needs.prepare.outputs.headBranch }}
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
ownersCanFail: ${{ !contains(fromJSON(needs.prepare.outputs.touched), 'owners') }}
|
|
|
|
lint:
|
|
name: Lint
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/lint.yml
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
|
|
eval:
|
|
name: Eval
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/eval.yml
|
|
permissions:
|
|
# compare
|
|
statuses: write
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
systems: ${{ needs.prepare.outputs.systems }}
|
|
testVersions: ${{ contains(fromJSON(needs.prepare.outputs.touched), 'pinned') && !contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development') }}
|
|
|
|
labels:
|
|
name: Labels
|
|
needs: [prepare, eval]
|
|
uses: ./.github/workflows/labels.yml
|
|
permissions:
|
|
issues: write
|
|
pull-requests: write
|
|
secrets:
|
|
NIXPKGS_CI_APP_PRIVATE_KEY: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
|
|
with:
|
|
headBranch: ${{ needs.prepare.outputs.headBranch }}
|
|
|
|
reviewers:
|
|
name: Reviewers
|
|
needs: [prepare, eval]
|
|
if: |
|
|
needs.prepare.outputs.targetSha &&
|
|
!contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development')
|
|
uses: ./.github/workflows/reviewers.yml
|
|
secrets:
|
|
OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
|
|
|
|
build:
|
|
name: Build
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/build.yml
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
baseBranch: ${{ needs.prepare.outputs.baseBranch }}
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
|
|
# This job's only purpose is to create the target for the "Required Status Checks" branch ruleset.
|
|
# It "needs" all the jobs that should block merging a PR.
|
|
unlock:
|
|
if: github.event_name != 'pull_request'
|
|
# Modify this list to add or remove jobs from required status checks.
|
|
needs:
|
|
- check
|
|
- lint
|
|
- eval
|
|
- build
|
|
runs-on: ubuntu-24.04-arm
|
|
permissions:
|
|
statuses: write
|
|
steps:
|
|
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
const { serverUrl, repo, runId, payload } = context
|
|
const target_url =
|
|
`${serverUrl}/${repo.owner}/${repo.repo}/actions/runs/${runId}?pr=${payload.pull_request.number}`
|
|
await github.rest.repos.createCommitStatus({
|
|
...repo,
|
|
sha: payload.pull_request.head.sha,
|
|
// WARNING:
|
|
// Do NOT change the name of this, otherwise the rule will not catch it anymore.
|
|
// This would prevent all PRs from merging.
|
|
context: 'no PR failures',
|
|
state: 'success',
|
|
target_url,
|
|
})
|