Merge master into staging-nixos

            echo "If you're having trouble, ping @NixOS/nixpkgs-vet"

            exit "$exitCode"

          fi

  commits:

    runs-on: ubuntu-slim

    timeout-minutes: 5

    steps:

      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

        with:

          persist-credentials: false

          path: trusted

          sparse-checkout: |

            ci/github-script

      - name: Check commit messages

        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0

        with:

          script: |

            const checkCommitMessages = require('./trusted/ci/github-script/lint-commits.js')

            checkCommitMessages({

              github,

              context,

              core,

            })

// @ts-check

const { classify } = require('../supportedBranches.js')

/**

 * @param {{

 *  github: InstanceType<import('@actions/github/lib/utils').GitHub>,

 *  context: import('@actions/github/lib/context').Context

 *  core: import('@actions/core')

 * }} CheckCommitMessagesProps

 */

async function checkCommitMessages({ github, context, core }) {

  // Do not run on merge groups: it'd be much harder, and there is no need

  // (changes to the target branch can't change commit messages on the base branch).

  const pull_number = context.payload.pull_request?.number

  if (!pull_number) {

    core.info('This is not a pull request. Skipping checks.')

    return

  }

  const pr = (

    await github.rest.pulls.get({

      ...context.repo,

      pull_number,

    })

  ).data

  const baseBranchType = classify(

    pr.base.ref.replace(/^refs\/heads\//, ''),

  ).type

  const headBranchType = classify(

    pr.head.ref.replace(/^refs\/heads\//, ''),

  ).type

  if (

    baseBranchType.includes('development') &&

    headBranchType.includes('development')

  ) {

    // This matches, for example, PRs from staging-next to master, or vice versa.

    // Ignore them: we should only care about PRs introducing *new* commits.

    core.info(

      'This PR is from one development branch to another. Skipping checks.',

    )

    return

  }

  const commits = await github.paginate(github.rest.pulls.listCommits, {

    ...context.repo,

    pull_number,

  })

  const failures = new Set()

  for (const commit of commits) {

    const message = commit.commit.message

    const firstLine = message.split('\n')[0]

    const logMsgStart = `Commit ${commit.sha}'s message's subject ("${firstLine}")`

    if (!firstLine.includes(':')) {

      core.error(

        `${logMsgStart} was detected as not meeting our guidelines because ` +

          'it does not contain a colon. There are likely other issues as well.',

      )

      failures.add(commit.sha)

    }

    if (firstLine.endsWith('.')) {

      core.error(

        `${logMsgStart} was detected as not meeting our guidelines because ` +

          'it ends in a period. There may be other issues as well.',

      )

      failures.add(commit.sha)

    }

    if (!failures.has(commit.sha)) {

      core.info(`${logMsgStart} passed our automated checks!`)

    }

  }

  if (failures.size !== 0) {

    core.error(

      'Please review the guidelines at ' +

        'https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#commit-conventions, ' +

        'as well as the applicable area-specific guidelines linked there.',

    )

    core.setFailed('Committers: merging is discouraged.')

  }

}

module.exports = checkCommitMessages

    await run(getTeams, owner, repo, undefined, { ...options, outFile })

  })

program

  .command('lint-commits')

  .description('Lint for common errors in commit messages')

  .argument('<owner>', 'Owner of the GitHub repository to run on (Example: NixOS)')

  .argument('<repo>', 'Name of the GitHub repository to run on (Example: nixpkgs)')

  .argument('<pr>', 'Number of the Pull Request to run on')

  .action(async (owner, repo, pr, options) => {

    const checkCommitMessages = (await import('./lint-commits.js')).default

    await run(checkCommitMessages, owner, repo, pr, options)

  })

await program.parse()

### pnpm {#javascript-pnpm}

Pnpm is available as the top-level package `pnpm`. Additionally, there are variants pinned to certain major versions, like `pnpm_8` and `pnpm_9`, which support different sets of lock file versions.

pnpm is available as the top-level package `pnpm`. Additionally, there are variants pinned to certain major versions, like `pnpm_8`, `pnpm_9` and `pnpm_10`, which support different sets of lock file versions.

When packaging an application that includes a `pnpm-lock.yaml`, you need to fetch the pnpm store for that project using a fixed-output-derivation. The functions `pnpm_8.fetchDeps` and `pnpm_9.fetchDeps` can create this pnpm store derivation. In conjunction, the setup hooks `pnpm_8.configHook` and `pnpm_9.configHook` will prepare the build environment to install the pre-fetched dependencies store. Here is an example for a package that contains `package.json` and a `pnpm-lock.yaml` files using the above `pnpm_` attributes:

When packaging an application that includes a `pnpm-lock.yaml`, you need to fetch the pnpm store for that project using a fixed-output-derivation. The function `fetchPnpmDeps` can create this pnpm store derivation. In conjunction, the setup hook `pnpmConfigHook` will prepare the build environment to install the pre-fetched dependencies store. Here is an example for a package that contains `package.json` and a `pnpm-lock.yaml` files using the fetcher and setup hook above:

```nix

{

  stdenv,

  fetchPnpmDeps,

  nodejs,

  # This is pinned as { pnpm = pnpm_9; }

  pnpm,

  pnpmConfigHook,

  stdenv,

}:

stdenv.mkDerivation (finalAttrs: {

  };

  nativeBuildInputs = [

    nodejs

    pnpm.configHook

    nodejs # in case scripts are run outside of a pnpm call

    pnpmConfigHook

    pnpm # At least required by pnpmConfigHook, if not other (custom) phases

  ];

  pnpmDeps = pnpm.fetchDeps {

  pnpmDeps = fetchPnpmDeps {

    inherit (finalAttrs) pname version src;

    fetcherVersion = 3;

    hash = "...";

})

```

NOTE: It is highly recommended to use a pinned version of pnpm (i.e., `pnpm_8` or `pnpm_9`), to increase future reproducibility. It might also be required to use an older version if the package needs support for a certain lock file version.

In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e., `inherit (finalAttrs) patches`.

It is highly recommended to use a pinned version of pnpm (i.e., `pnpm_9` or `pnpm_10`), to increase future reproducibility. It might also be required to use an older version if the package needs support for a certain lock file version. To do so, you can pass the `pnpm` argument to `fetchPnpmDeps` and override the `pnpm` arg in `pnpmConfigHook`. Here are the changes in the example above to use a pinned pnpm version:

`pnpm.configHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array:

```nix

{ pnpm }:

<!-- TODO: Does splicing still work when overriding in nativeBuildInputs here? -->

```diff

 {

   fetchPnpmDeps,

   nodejs,

-  pnpm,

+  pnpm_10,

   pnpmConfigHook,

   stdenv,

 }:

+let

+  # Optionally override pnpm to use a custom nodejs version

+  # Make sure that the same nodejs version is referenced in nativeBuildInputs

+  # pnpm = pnpm_10.override { nodejs = nodejs_20; };

+in

 stdenv.mkDerivation (finalAttrs: {

   pname = "foo";

   version = "0-unstable-1980-01-01";

     #...

   };

  pnpmInstallFlags = [ "--shamefully-hoist" ];

   nativeBuildInputs = [

     nodejs # in case scripts are run outside of a pnpm call

     pnpmConfigHook

-    pnpm # At least required by pnpmConfigHook, if not other (custom) phases

+    pnpm_10 # At least required by pnpmConfigHook, if not other (custom) phases

   ];

  pnpmDeps = pnpm.fetchDeps { inherit (finalAttrs) pnpmInstallFlags; };

   pnpmDeps = fetchPnpmDeps {

     inherit (finalAttrs) pname version src;

+    pnpm = pnpm_10;

     fetcherVersion = 3;

     hash = "...";

   };

 })

```

In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e., `inherit (finalAttrs) patches`.

`pnpmConfigHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array:

```nix

{

  # ...

  pnpmDeps = fetchPnpmDeps {

    # ...

    inherit (finalAttrs) pnpmInstallFlags;

  };

  pnpmInstallFlags = [ "--shamefully-hoist" ];

}

```

#### Dealing with `sourceRoot` {#javascript-pnpm-sourceRoot}

If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`.

If `sourceRoot` is different between the parent derivation and `fetchDeps`, you will have to set `pnpmRoot` to effectively be the same location as it is in `fetchDeps`.

If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchPnpmDeps`.

If `sourceRoot` is different between the parent derivation and `fetchPnpmDeps`, you will have to set `pnpmRoot` to effectively be the same location as it is in `fetchPnpmDeps`.

Assuming the following directory structure, we can define `sourceRoot` and `pnpmRoot` as follows:

```nix

{

  # ...

  pnpmDeps = pnpm.fetchDeps {

  pnpmDeps = fetchPnpmDeps {

    # ...

    sourceRoot = "${finalAttrs.src.name}/frontend";

  };

#### PNPM Workspaces {#javascript-pnpm-workspaces}

If you need to use a PNPM workspace for your project, then set `pnpmWorkspaces = [ "<workspace project name 1>" "<workspace project name 2>" ]`, etc, in your `pnpm.fetchDeps` call,

If you need to use a PNPM workspace for your project, then set `pnpmWorkspaces = [ "<workspace project name 1>" "<workspace project name 2>" ]`, etc, in your `fetchPnpmDeps` call,

which will make PNPM only install dependencies for those workspace packages.

For example:

{

  # ...

  pnpmWorkspaces = [ "@astrojs/language-server" ];

  pnpmDeps = pnpm.fetchDeps {

    inherit (finalAttrs) pnpmWorkspaces;

  pnpmDeps = fetchPnpmDeps {

    #...

    inherit (finalAttrs) pnpmWorkspaces;

  };

}

```

The above would make `pnpm.fetchDeps` call only install dependencies for the `@astrojs/language-server` workspace package.

The above would make `fetchPnpmDeps` call only install dependencies for the `@astrojs/language-server` workspace package.

Note that you do not need to set `sourceRoot` to make this work.

Usually, in such cases, you'd want to use `pnpm --filter=<pnpm workspace name> build` to build your project, as `npmHooks.npmBuildHook` probably won't work. A `buildPhase` based on the following example will probably fit most workspace projects:

  prePnpmInstall = ''

    pnpm config set dedupe-peer-dependents false

  '';

  pnpmDeps = pnpm.fetchDeps {

  pnpmDeps = fetchPnpmDeps {

    inherit (finalAttrs) prePnpmInstall;

    # ...

  };

}

```

In this example, `prePnpmInstall` will be run by both `pnpm.configHook` and by the `pnpm.fetchDeps` builder.

In this example, `prePnpmInstall` will be run by both `pnpmConfigHook` and by the `fetchPnpmDeps` builder.

#### PNPM `fetcherVersion` {#javascript-pnpm-fetcherVersion}

#### pnpm `fetcherVersion` {#javascript-pnpm-fetcherVersion}

This is the version of the output of `pnpm.fetchDeps`, if you haven't set it already, you can use `1` with your current hash:

This is the version of the output of `fetchPnpmDeps`, if you haven't set it already, you can use `1` with your current hash:

```nix

{

  # ...

  pnpmDeps = pnpm.fetchDeps {

  pnpmDeps = fetchPnpmDeps {

    # ...

    fetcherVersion = 1;

    hash = "..."; # you can use your already set hash here

```nix

{

  # ...

  pnpmDeps = pnpm.fetchDeps {

  pnpmDeps = fetchPnpmDeps {

    # ...

    fetcherVersion = 2;

    hash = "..."; # clear this hash and generate a new one

}

```

This variable ensures that we can make changes to the output of `pnpm.fetchDeps` without breaking existing hashes.

This variable ensures that we can make changes to the output of `fetchPnpmDeps` without breaking existing hashes.

Changes can include workarounds or bug fixes to existing PNPM issues.

##### Version history {#javascript-pnpm-fetcherVersion-versionHistory}

  If your SQLite database is corrupted, the migration might fail and require [manual intervention](https://github.com/louislam/uptime-kuma/issues/5281).

  See the [migration guide](https://github.com/louislam/uptime-kuma/wiki/Migration-From-v1-To-v2) for more information.

- `fetchPnpmDeps` and `pnpmConfigHook` were added as top-level attributes, replacing the now deprecated `pnpm.fetchDeps` and `pnpm.configHook` attributes.

- Added `dell-bios-fan-control` package and service.

- We now use the upstream wrapper script for Gradle, supporting both the `JAVA_HOME` and `GRADLE_OPTS` environment variables.