Unverified Commit 956d0a74 authored by Wolfgang Walther's avatar Wolfgang Walther
Browse files

workflows/check: allow owners to fail when ci/OWNERS is untouched 

The owners check is not reproducible, because it depends on the state of
the NixOS org on GitHub. Owners can rename their accounts or they can
leave the organisation and access to Nixpkgs can be removed from teams.
All of this breaks the owners check for reasons unrelated to the PR at
hand.

This PR makes the check for the owners file conditionally required: Only
when the ci/OWNERS file is actually modified a failed check will block
merging the PR. When that's not the case, the check will still fail
visibily in the checklist, but the failure can be ignored.

This is especially relevant for the Merge Queue, which should not be
entirely blocked whenever any of these events happen.

Also, it allows passing the checks in a fork when testing, where the
owners check will *always* fail, because the respective teams and
members are never part of the "user org" that a fork is.
parent 5ff32763

.github/workflows/check.yml

+4 −0
Original line number Diff line number Diff line
@@ -12,6 +12,9 @@ on: 
      mergedSha:

        required: true

        type: string

      ownersCanFail:

        required: true

        type: boolean

      targetSha:

        required: true

        type: string
@@ -94,6 +97,7 @@ jobs: 
  # handling untrusted PR input.

  owners:

    runs-on: ubuntu-24.04-arm

    continue-on-error: ${{ inputs.ownersCanFail }}

    timeout-minutes: 5

    steps:

      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

.github/workflows/pr.yml

+1 −0
Original line number Diff line number Diff line
@@ -61,6 +61,7 @@ jobs: 
      headBranch: ${{ needs.prepare.outputs.headBranch }}

      mergedSha: ${{ needs.prepare.outputs.mergedSha }}

      targetSha: ${{ needs.prepare.outputs.targetSha }}

      ownersCanFail: ${{ !contains(fromJSON(needs.prepare.outputs.touched), 'owners') }}



  lint:

    name: Lint

ci/github-script/prepare.js

+4 −2
Original line number Diff line number Diff line
@@ -76,8 +76,10 @@ module.exports = async ({ github, context, core }) => { 
      })

    ).map((file) => file.filename)



    if (files.includes('ci/pinned.json')) core.setOutput('touched', ['pinned'])

    else core.setOutput('touched', [])

    const touched = []

    if (files.includes('ci/pinned.json')) touched.push('pinned')

    if (files.includes('ci/OWNERS')) touched.push('owners')

    core.setOutput('touched', touched)



    return

  }