Loading .github/labeler-development-branches.yml +1 −1 Original line number Diff line number Diff line # This file is used by .github/workflows/labels.yml # This file is used by .github/workflows/bot.yml # This version is only run for Pull Requests from development branches like staging-next, haskell-updates or python-updates. "4.workflow: package set update": Loading .github/labeler-no-sync.yml +1 −1 Original line number Diff line number Diff line # This file is used by .github/workflows/labels.yml # This file is used by .github/workflows/bot.yml # This version uses `sync-labels: false`, meaning that a non-match will NOT remove the label # keep-sorted start case=no numeric=yes newline_separated=yes skip_lines=1 Loading .github/labeler.yml +1 −1 Original line number Diff line number Diff line # This file is used by .github/workflows/labels.yml # This file is used by .github/workflows/bot.yml # This version uses `sync-labels: true`, meaning that a non-match will remove the label # keep-sorted start case=no numeric=yes newline_separated=yes skip_lines=1 Loading .github/workflows/labels.yml→.github/workflows/bot.yml +10 −5 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ # access to the GitHub API. This means that it should not evaluate user input in # a way that allows code injection. name: Labels name: Bot on: schedule: Loading @@ -21,7 +21,7 @@ on: concurrency: # This explicitly avoids using `run_id` for the concurrency key to make sure that only # *one* scheduled run can run at a time. group: labels-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number }} group: bot-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number }} # PR-triggered runs will be cancelled, but scheduled runs will be queued. cancel-in-progress: ${{ github.event_name != 'schedule' }} Loading @@ -36,9 +36,13 @@ defaults: shell: bash jobs: update: run: runs-on: ubuntu-24.04-arm if: github.event_name != 'schedule' || github.repository_owner == 'NixOS' env: # TODO: Remove after 2026-03-04, when Node 24 becomes the default. # https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/ FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: Loading @@ -56,6 +60,7 @@ jobs: with: app-id: ${{ vars.NIXPKGS_CI_APP_ID }} private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} permission-contents: write permission-issues: write permission-pull-requests: write Loading @@ -64,13 +69,13 @@ jobs: GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} run: gh api /rate_limit | jq - name: Labels from API data and Eval results - name: Run bot uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ steps.app-token.outputs.token || github.token }} retries: 3 script: | require('./ci/github-script/labels.js')({ require('./ci/github-script/bot.js')({ github, context, core, Loading .github/workflows/comment.yml 0 → 100644 +54 −0 Original line number Diff line number Diff line name: Comment on: issue_comment: types: [created] # This is used as fallback without app only. # This happens when testing in forks without setting up that app. permissions: pull-requests: write defaults: run: shell: bash jobs: # The `bot` workflow reacts to comments with @NixOS/nixpkgs-merge-bot references, but might only # pick up a comment after up to 10 minutes. To give the user instant feedback, this job adds # a reaction to these comments. react: name: React with eyes runs-on: ubuntu-24.04-arm timeout-minutes: 2 if: contains(github.event.comment.body, '@NixOS/nixpkgs-merge-bot merge') steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false sparse-checkout: | ci/github-script # Use the GitHub App to make sure the reaction happens with the same user who will later merge. - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 if: github.event_name != 'pull_request' && vars.NIXPKGS_CI_APP_ID id: app-token with: app-id: ${{ vars.NIXPKGS_CI_APP_ID }} private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} permission-pull-requests: write - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ steps.app-token.outputs.token || github.token }} retries: 3 script: | const { handleMergeComment } = require('./ci/github-script/merge.js') const { body, node_id } = context.payload.comment await handleMergeComment({ github, body, node_id, reaction: 'EYES', }) Loading
.github/labeler-development-branches.yml +1 −1 Original line number Diff line number Diff line # This file is used by .github/workflows/labels.yml # This file is used by .github/workflows/bot.yml # This version is only run for Pull Requests from development branches like staging-next, haskell-updates or python-updates. "4.workflow: package set update": Loading
.github/labeler-no-sync.yml +1 −1 Original line number Diff line number Diff line # This file is used by .github/workflows/labels.yml # This file is used by .github/workflows/bot.yml # This version uses `sync-labels: false`, meaning that a non-match will NOT remove the label # keep-sorted start case=no numeric=yes newline_separated=yes skip_lines=1 Loading
.github/labeler.yml +1 −1 Original line number Diff line number Diff line # This file is used by .github/workflows/labels.yml # This file is used by .github/workflows/bot.yml # This version uses `sync-labels: true`, meaning that a non-match will remove the label # keep-sorted start case=no numeric=yes newline_separated=yes skip_lines=1 Loading
.github/workflows/labels.yml→.github/workflows/bot.yml +10 −5 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ # access to the GitHub API. This means that it should not evaluate user input in # a way that allows code injection. name: Labels name: Bot on: schedule: Loading @@ -21,7 +21,7 @@ on: concurrency: # This explicitly avoids using `run_id` for the concurrency key to make sure that only # *one* scheduled run can run at a time. group: labels-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number }} group: bot-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number }} # PR-triggered runs will be cancelled, but scheduled runs will be queued. cancel-in-progress: ${{ github.event_name != 'schedule' }} Loading @@ -36,9 +36,13 @@ defaults: shell: bash jobs: update: run: runs-on: ubuntu-24.04-arm if: github.event_name != 'schedule' || github.repository_owner == 'NixOS' env: # TODO: Remove after 2026-03-04, when Node 24 becomes the default. # https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/ FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: Loading @@ -56,6 +60,7 @@ jobs: with: app-id: ${{ vars.NIXPKGS_CI_APP_ID }} private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} permission-contents: write permission-issues: write permission-pull-requests: write Loading @@ -64,13 +69,13 @@ jobs: GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} run: gh api /rate_limit | jq - name: Labels from API data and Eval results - name: Run bot uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ steps.app-token.outputs.token || github.token }} retries: 3 script: | require('./ci/github-script/labels.js')({ require('./ci/github-script/bot.js')({ github, context, core, Loading
.github/workflows/comment.yml 0 → 100644 +54 −0 Original line number Diff line number Diff line name: Comment on: issue_comment: types: [created] # This is used as fallback without app only. # This happens when testing in forks without setting up that app. permissions: pull-requests: write defaults: run: shell: bash jobs: # The `bot` workflow reacts to comments with @NixOS/nixpkgs-merge-bot references, but might only # pick up a comment after up to 10 minutes. To give the user instant feedback, this job adds # a reaction to these comments. react: name: React with eyes runs-on: ubuntu-24.04-arm timeout-minutes: 2 if: contains(github.event.comment.body, '@NixOS/nixpkgs-merge-bot merge') steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false sparse-checkout: | ci/github-script # Use the GitHub App to make sure the reaction happens with the same user who will later merge. - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 if: github.event_name != 'pull_request' && vars.NIXPKGS_CI_APP_ID id: app-token with: app-id: ${{ vars.NIXPKGS_CI_APP_ID }} private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} permission-pull-requests: write - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ steps.app-token.outputs.token || github.token }} retries: 3 script: | const { handleMergeComment } = require('./ci/github-script/merge.js') const { body, node_id } = context.payload.comment await handleMergeComment({ github, body, node_id, reaction: 'EYES', })
