gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #322512 from tweag/pinned-nixfmt

Browse Source 
Development shell with a pinned nixfmt
This commit is contained in:
Silvan Mosberger
2024-06-30 00:00:51 +02:00
committed by GitHub
parent e9620c8c25 58f98e4b1b
commit 81a775210c
7 changed files with 115 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/CODEOWNERS vendored
View File

@@ -11,11 +11,14 @@
# This also holds true for GitHub teams. Since almost none of our teams have write # This also holds true for GitHub teams. Since almost none of our teams have write
# permissions, you need to list all members of the team with commit access individually. # permissions, you need to list all members of the team with commit access individually.
# GitHub actions # CI
/.github/workflows @NixOS/Security @Mic92 @zowoq /.github/workflows @NixOS/Security @Mic92 @zowoq
/.github/workflows/check-nix-format.yml @infinisil
/ci @infinisil
# EditorConfig # Develompent support
/.editorconfig @Mic92 @zowoq /.editorconfig @Mic92 @zowoq
/shell.nix @infinisil @NixOS/Security
# Libraries # Libraries
/lib @infinisil /lib @infinisil

27
.github/workflows/check-nix-format.yml vendored
View File

@@ -19,13 +19,18 @@ jobs:
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
- name: Get Nixpkgs revision for nixfmt
run: |
# pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt
# from staging
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
with: with:
# explicitly enable sandbox # explicitly enable sandbox
extra_nix_config: sandbox = true extra_nix_config: sandbox = true
# fix a commit from nixpkgs-unstable to avoid e.g. building nixfmt nix_path: nixpkgs=${{ env.url }}
# from staging
nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/4b455dc2048f73a79eb3713f342369ff58f93e0b.tar.gz
- name: Install nixfmt - name: Install nixfmt
run: "nix-env -f '<nixpkgs>' -iAP nixfmt-rfc-style" run: "nix-env -f '<nixpkgs>' -iAP nixfmt-rfc-style"
- name: Check that Nix files are formatted according to the RFC style - name: Check that Nix files are formatted according to the RFC style
@@ -35,14 +40,14 @@ jobs:
NIX_FMT_PATHS_BSD: pkgs/os-specific/bsd NIX_FMT_PATHS_BSD: pkgs/os-specific/bsd
NIX_FMT_PATHS_MPVSCRIPTS: pkgs/applications/video/mpv/scripts NIX_FMT_PATHS_MPVSCRIPTS: pkgs/applications/video/mpv/scripts
# Format paths related to the Nixpkgs CUDA ecosystem. # Format paths related to the Nixpkgs CUDA ecosystem.
NIX_FMT_PATHS_CUDA: | NIX_FMT_PATHS_CUDA: |-
pkgs/development/cuda-modules pkgs/development/cuda-modules
pkgs/test/cuda pkgs/test/cuda
pkgs/top-level/cuda-packages.nix pkgs/top-level/cuda-packages.nix
NIX_FMT_PATHS_MAINTAINERS: | NIX_FMT_PATHS_MAINTAINERS: |-
maintainers/maintainer-list.nix maintainers/maintainer-list.nix
maintainers/team-list.nix maintainers/team-list.nix
NIX_FMT_PATHS_K3S: | NIX_FMT_PATHS_K3S: |-
nixos/modules/services/cluster/k3s nixos/modules/services/cluster/k3s
nixos/tests/k3s nixos/tests/k3s
pkgs/applications/networking/cluster/k3s pkgs/applications/networking/cluster/k3s
@@ -51,6 +56,7 @@ jobs:
NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php
# Iterate over all environment variables beginning with NIX_FMT_PATHS_. # Iterate over all environment variables beginning with NIX_FMT_PATHS_.
run: | run: |
unformattedPaths=()
for env_var in "${!NIX_FMT_PATHS_@}"; do for env_var in "${!NIX_FMT_PATHS_@}"; do
readarray -t paths <<< "${!env_var}" readarray -t paths <<< "${!env_var}"
if [[ "${paths[*]}" == "" ]]; then if [[ "${paths[*]}" == "" ]]; then
@@ -59,7 +65,12 @@ jobs:
fi fi
echo "Checking paths: ${paths[@]}" echo "Checking paths: ${paths[@]}"
if ! nixfmt --check "${paths[@]}"; then if ! nixfmt --check "${paths[@]}"; then
echo "Error: nixfmt failed." unformattedPaths+=("${paths[@]}")
exit 1
fi fi
done done
if (( "${#unformattedPaths[@]}" > 0 )); then
echo "Some required Nix files are not properly formatted"
echo "Please run the following in \`nix-shell\`:"
echo "nixfmt ${unformattedPaths[*]@Q}"
exit 1
fi

29
.github/workflows/check-shell.yml vendored Normal file
View File

@@ -0,0 +1,29 @@
name: "Check shell"
on:
pull_request_target:
permissions: {}
jobs:
x86_64-linux:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
- name: Build shell
run: nix-build shell.nix
aarch64-darwin:
runs-on: macos-latest
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
- name: Build shell
run: nix-build shell.nix

12
ci/README.md Normal file
View File

@@ -0,0 +1,12 @@
# CI support files
This directory contains files to support CI, such as [GitHub Actions](https://github.com/NixOS/nixpkgs/tree/master/.github/workflows) and [Ofborg](https://github.com/nixos/ofborg).
This is in contrast with [`maintainers/scripts`](`../maintainers/scripts`) which is for human use instead.
## Pinned Nixpkgs
CI may need certain packages from Nixpkgs.
In order to ensure that the needed packages are generally available without building,
[`pinned-nixpkgs.json`](./pinned-nixpkgs.json) contains a pinned Nixpkgs version tested by Hydra.
Run [`update-pinned-nixpkgs.sh`](./update-pinned-nixpkgs.sh) to update it.

4
ci/pinned-nixpkgs.json Normal file
View File

@@ -0,0 +1,4 @@
{
"rev": "cfb89a95f19bea461fc37228dc4d07b22fe617c2",
"sha256": "1yhsacvry6j8r02lk70p9dphjpi8lpzgq2qay8hiy4nqlys0mrch"
}

16
ci/update-pinned-nixpkgs.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p jq
set -euo pipefail
# https://stackoverflow.com/a/246128
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
repo=https://github.com/nixos/nixpkgs
branch=nixpkgs-unstable
file=$SCRIPT_DIR/pinned-nixpkgs.json
rev=$(git ls-remote "$repo" refs/heads/"$branch" | cut -f1)
sha256=$(nix-prefetch-url --unpack "$repo/archive/$rev.tar.gz" --name source)
jq -n --arg rev "$rev" --arg sha256 "$sha256" '$ARGS.named' | tee /dev/stderr > $file

30
shell.nix Normal file
View File

@@ -0,0 +1,30 @@
# A shell to get tooling for Nixpkgs development
#
# Note: We intentionally don't use Flakes here,
# because every time you change any file and do another `nix develop`,
# it would create another copy of the entire ~500MB tree in the store.
# See https://github.com/NixOS/nix/pull/6530 for the future
{
system ? builtins.currentSystem,
}:
let
pinnedNixpkgs = builtins.fromJSON (builtins.readFile ci/pinned-nixpkgs.json);
nixpkgs = fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/${pinnedNixpkgs.rev}.tar.gz";
sha256 = pinnedNixpkgs.sha256;
};
pkgs = import nixpkgs {
inherit system;
config = {};
overlays = [];
};
in
pkgs.mkShellNoCC {
packages = [
# The default formatter for Nix code
# https://github.com/NixOS/nixfmt
pkgs.nixfmt-rfc-style
];
}