91c088d3b7
When a contributor mistakenly sets the wrong target branch for a Pull
Request, this can lead to bad consequences for CI. Most prominent is the
mass ping of codeowners, that is already handled in
`ci/request-reviews/verify-base-branch.sh`. But there are other things
that go wrong:
- After eval, a mass ping of maintainers would still be possible, in
theory. Practically, this doesn't happen, because we have a limit of 10
reviewer requests at the same time.
- This will most often contain a change to `ci/pinned.json`, thus the
full Eval matrix of all Lix/Nix versions will be run, burning a lot of
resources.
- The PR will be labelled with almost all labels that are available.
We can improve on the current situation with some API calls to determine
the "best" merge-base for the current PR. We then consider this as the
"real base". If the current target is not the real base, we fail the
prepare step, which is early enough to prevent all other CI from
running.
(cherry picked from commit 87d9b08ffb)
CI support files
This directory contains files to support CI, such as GitHub Actions and Ofborg.
This is in contrast with maintainers/scripts which is for human use instead.
Pinned Nixpkgs
CI may need certain packages from Nixpkgs.
In order to ensure that the needed packages are generally available without building, pinned.json contains a pinned Nixpkgs version tested by Hydra.
Run update-pinned.sh to update it.
ci/nixpkgs-vet.sh BASE_BRANCH [REPOSITORY]
Runs the nixpkgs-vet tool on the HEAD commit, closely matching what CI does.
This can't do exactly the same as CI, because CI needs to rely on GitHub's server-side Git history to compute the mergeability of PRs before the check can be started.
In turn, when contributors are running this tool locally, we don't want to have to push commits to test them, and we can also rely on the local Git history to do the mergeability check.
Arguments:
BASE_BRANCH: The base branch to use, e.g. master or release-24.05REPOSITORY: The repository from which to fetch the base branch. Defaults to https://github.com/NixOS/nixpkgs.git.
Branch classification
For the purposes of CI, branches in the NixOS/nixpkgs repository are classified as follows:
- Channel branches
nixos-ornixpkgs-prefix- Are only updated from
masterorrelease-branches, when hydra passes. - Otherwise not worked on, Pull Requests are not allowed.
- Long-lived, no deletion, no force push.
- Primary development branches
release-prefix andmaster- Pull Requests required.
- Long-lived, no deletion, no force push.
- Secondary development branches
staging-prefix andhaskell-updates- Pull Requests normally required, except when merging development branches into each other.
- Long-lived, no deletion, no force push.
- Work-In-Progress branches
backport-,revert-andwip-prefixes.- Deprecated: All other branches, not matched by channel/development.
- Pull Requests are optional.
- Short-lived, force push allowed, deleted after merge.
Some branches also have a version component, which is either unstable or YY.MM.
ci/supportedBranches.js is a script imported by CI to classify the base and head branches of a Pull Request.
This classification will then be used to skip certain jobs.
This script can also be run locally to print basic test cases.