Unverified Commit 81a77521 authored by Silvan Mosberger's avatar Silvan Mosberger Committed by GitHub
Browse files

Merge pull request #322512 from tweag/pinned-nixfmt 

Development shell with a pinned nixfmt
parents e9620c8c 58f98e4b

.github/CODEOWNERS

+5 −2
Original line number Diff line number Diff line
@@ -11,11 +11,14 @@ 
# This also holds true for GitHub teams. Since almost none of our teams have write

# permissions, you need to list all members of the team with commit access individually.



# GitHub actions

# CI

/.github/workflows @NixOS/Security @Mic92 @zowoq

/.github/workflows/check-nix-format.yml @infinisil

/ci @infinisil



# EditorConfig

# Develompent support

/.editorconfig @Mic92 @zowoq

/shell.nix @infinisil @NixOS/Security



# Libraries

/lib                        @infinisil

.github/workflows/check-nix-format.yml

+19 −8
Original line number Diff line number Diff line
@@ -19,13 +19,18 @@ jobs: 
        with:

          # pull_request_target checks out the base branch by default

          ref: refs/pull/${{ github.event.pull_request.number }}/merge

      - name: Get Nixpkgs revision for nixfmt

        run: |

          # pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt

          # from staging

          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!

          rev=$(jq -r .rev ci/pinned-nixpkgs.json)

          echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"

      - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26

        with:

          # explicitly enable sandbox

          extra_nix_config: sandbox = true

          # fix a commit from nixpkgs-unstable to avoid e.g. building nixfmt

          # from staging

          nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/4b455dc2048f73a79eb3713f342369ff58f93e0b.tar.gz

          nix_path: nixpkgs=${{ env.url }}

      - name: Install nixfmt

        run: "nix-env -f '<nixpkgs>' -iAP nixfmt-rfc-style"

      - name: Check that Nix files are formatted according to the RFC style
@@ -35,14 +40,14 @@ jobs: 
          NIX_FMT_PATHS_BSD: pkgs/os-specific/bsd

          NIX_FMT_PATHS_MPVSCRIPTS: pkgs/applications/video/mpv/scripts

          # Format paths related to the Nixpkgs CUDA ecosystem.

          NIX_FMT_PATHS_CUDA: |

          NIX_FMT_PATHS_CUDA: |-

            pkgs/development/cuda-modules

            pkgs/test/cuda

            pkgs/top-level/cuda-packages.nix

          NIX_FMT_PATHS_MAINTAINERS: |

          NIX_FMT_PATHS_MAINTAINERS: |-

            maintainers/maintainer-list.nix

            maintainers/team-list.nix

          NIX_FMT_PATHS_K3S: |

          NIX_FMT_PATHS_K3S: |-

            nixos/modules/services/cluster/k3s

            nixos/tests/k3s

            pkgs/applications/networking/cluster/k3s
@@ -51,6 +56,7 @@ jobs: 
          NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php

        # Iterate over all environment variables beginning with NIX_FMT_PATHS_.

        run: |

          unformattedPaths=()

          for env_var in "${!NIX_FMT_PATHS_@}"; do

            readarray -t paths <<< "${!env_var}"

            if [[ "${paths[*]}" == "" ]]; then
@@ -59,7 +65,12 @@ jobs: 
            fi

            echo "Checking paths: ${paths[@]}"

            if ! nixfmt --check "${paths[@]}"; then

              echo "Error: nixfmt failed."

              exit 1

              unformattedPaths+=("${paths[@]}")

            fi

          done

          if (( "${#unformattedPaths[@]}" > 0 )); then

            echo "Some required Nix files are not properly formatted"

            echo "Please run the following in \`nix-shell\`:"

            echo "nixfmt ${unformattedPaths[*]@Q}"

            exit 1

          fi

.github/workflows/check-shell.yml

0 → 100644
+29 −0
Original line number Diff line number Diff line 
name: "Check shell"



on:

  pull_request_target:



permissions: {}



jobs:

  x86_64-linux:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

        with:

          # pull_request_target checks out the base branch by default

          ref: refs/pull/${{ github.event.pull_request.number }}/merge

      - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26

      - name: Build shell

        run: nix-build shell.nix



  aarch64-darwin:

    runs-on: macos-latest

    steps:

      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

        with:

          # pull_request_target checks out the base branch by default

          ref: refs/pull/${{ github.event.pull_request.number }}/merge

      - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26

      - name: Build shell

        run: nix-build shell.nix

ci/README.md

0 → 100644
+12 −0
Original line number Diff line number Diff line 
# CI support files



This directory contains files to support CI, such as [GitHub Actions](https://github.com/NixOS/nixpkgs/tree/master/.github/workflows) and [Ofborg](https://github.com/nixos/ofborg).

This is in contrast with [`maintainers/scripts`](`../maintainers/scripts`) which is for human use instead.



## Pinned Nixpkgs



CI may need certain packages from Nixpkgs.

In order to ensure that the needed packages are generally available without building,

[`pinned-nixpkgs.json`](./pinned-nixpkgs.json) contains a pinned Nixpkgs version tested by Hydra.



Run [`update-pinned-nixpkgs.sh`](./update-pinned-nixpkgs.sh) to update it.

ci/pinned-nixpkgs.json

0 → 100644
+4 −0
Original line number Diff line number Diff line 
{

  "rev": "cfb89a95f19bea461fc37228dc4d07b22fe617c2",

  "sha256": "1yhsacvry6j8r02lk70p9dphjpi8lpzgq2qay8hiy4nqlys0mrch"

}