Unverified Commit 008527d7 authored by Wolfgang Walther's avatar Wolfgang Walther
Browse files

workflows/eval: move eval-aliases back into eval 

We previously moved this out of the main eval workflow to avoid running
it on push and/or undrafting the PR. The latter has been removed in the
meantime and the former can be checked with a simple condition. Thus we
move it back in, to make it part of the 4 main workflows, which will be
required before merge eventually.
parent 959eed1f

.github/workflows/eval-aliases.yml

deleted100644 → 0
+0 −42
Original line number Diff line number Diff line 
name: Eval aliases



on:

  pull_request:

    paths:

      - .github/workflows/eval-aliases.yml

  pull_request_target:



concurrency:

  group: eval-aliases-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}

  cancel-in-progress: true



permissions: {}



defaults:

  run:

    shell: bash



jobs:

  eval-aliases:

    name: Eval nixpkgs with aliases enabled

    runs-on: ubuntu-24.04-arm

    steps:

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

        with:

          sparse-checkout: .github/actions

      - name: Check if the PR can be merged and checkout the merge commit

        uses: ./.github/actions/get-merge-commit

        with:

          merged-as-untrusted: true



      - name: Install Nix

        uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31

        with:

          extra_nix_config: sandbox = true



      - name: Ensure flake outputs on all systems still evaluate

        run: nix flake check --all-systems --no-build ./untrusted



      - name: Query nixpkgs with aliases enabled to check for basic syntax errors

        run: |

          time nix-env -I ./untrusted -f ./untrusted -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null

.github/workflows/eval.yml

+24 −0
Original line number Diff line number Diff line
@@ -253,3 +253,27 @@ jobs: 
    uses: ./.github/workflows/reviewers.yml

    secrets:

      OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}



  misc:

    if: ${{ github.event_name != 'push' }}

    runs-on: ubuntu-24.04-arm

    steps:

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

        with:

          sparse-checkout: .github/actions

      - name: Check if the PR can be merged and checkout the merge commit

        uses: ./.github/actions/get-merge-commit

        with:

          merged-as-untrusted: true



      - name: Install Nix

        uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31

        with:

          extra_nix_config: sandbox = true



      - name: Ensure flake outputs on all systems still evaluate

        run: nix flake check --all-systems --no-build ./untrusted



      - name: Query nixpkgs with aliases enabled to check for basic syntax errors

        run: |

          time nix-env -I ./untrusted -f ./untrusted -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null