This doesn't really change the items, but shortens the writing a lot,
making them much more readable, especially while still drafting the PR.
Mentioning the release notes for the previous release is not really
important, because it doesn't apply for the big majority of pull
requests.
This *is* important, but is a niche detail which belongs into the
contributions guidelines - and not into the PR template. It's also out
of place for "what did you test?".
We expect the TODO list to be read through *on PR creation*, otherwise
the html comments would not make sense. Thus, we should make it even
only slightly readable, which was not at all the case before.
The links for release notes are removed, because the PR author has no
value from the *current* release notes. They will need to find the file
manually anyway.
While this note is important, it's also mostly invisible at this stage.
The comment only shows while creating the PR, but at this stage the
author really has other things to worry about.
If they care, they will read the contribution guidelines and will pick
up the pieces about reviewing that way. If they don't - they won't be
bothered by this notice either.
This checkbox has been used very incosistently and its meaning is not
entirely clear: What does it mean if both checkboxes are *unchecked*?
Does that mean the sandbox was disabled? Or does it mean the checkbox
was just not handled?
Also the new nixpkgs-review-gha, which is increasingly used to test
builds on darwin platforms shows this information as part of the review
- where it's in a much better place.
Most of the checks we do for cherry-picks are dismissable warnings, with
one exception: When a commit hash has been found, but this hash is not
available in any of the pickable branches, we raise this with
severity=error. This should also *block* the merge and not be
dismissable. That's because this is a fixable issue in every case.
This turns the check-cherry-pick script into a github-script based
JavaScript program. This makes it much easier to extend to check reverts
or merge commits later on.
Since all github-scripts need to be written in commonjs, we now default
to it by not setting package.json. Support from editors for .js files is
slightly better than .cjs. To still allow using module imports in the
test runner script, we trick node into loading the script itself as a
module again via `--import ./run`.
This just moves things around to use less specific naming - `labels` is
only *one* script that can potentially be run locally while still being
written in github-script. Later, we can add more.
When a PR is merged and labeled afterwards - with a non-backport label -
the following will happen:
- The first backport job is triggered on the merge.
- The second backport job is triggered on the label event.
- The second job will cancel the first one due to the concurrency group.
- The second job will cancel itself because the label event didn't
contain a backport label.
Both jobs end up cancelled and no backport happens.
We made the backport action idempotent upstream a while ago, so we don't
need to cancel those actions. Instead, we'll run all of them -
subsequent actions running through will just stay silent anyway.
Committers could get the false impression from, e.g., `PR / Build / aarch64-linux` that this workflow builds the packages changed in the current PR. Such a misunderstanding could pair poorly with the "enable auto-merge" button, once that's enabled.
By re-organizing the flow in `handle()` we can start labeling both
issues and pull requests, and only make the relevant API requests for
the PR-case.
At first glance, we might think that we only need to label the big batch
list of issues and not those recently updated: But that's wrong, for
recently updated issues it's important to label quickly, because the
stale label needs to be *removed*, too.
We already tried to fix this case earlier, but didn't account for all
cases: A scheduled workflow can also encounter a pull request with
failed PR workflow. This failure doesn't need to be in the Eval part, so
artifacts could *still* be available. To make sure PRs always get
rebuild labels, just ignore the status condition. Either the artifact is
there, or it is not.
The previous implementation had two problems:
- When switching from /search to /pulls, we disabled the additional GET
on each single pull request - which causes no test merge commit creation
for all PRs. This means, merge conflicts will not actually be detected.
- By using `item` in the pull-request triggered case, this goes back to
`context.payload.pull_request`, which is the state *at the beginning* of
the workflow run. But this renders our "let's wait 3 minutes before
checking merge_commit_sha" logic void. While we wait for 3 minutes, we
still use the *old* value afterwards...
Just making the extra request every time simplifies the logic and solves
both problems.
It's necessary to use a combination of different endpoints here, because
the /search endpoint only allows fetching the first 1000 items and will
fail with a higher page number (11+). On the flip side, the /pulls
endpoint doesn't allow counting the total number of results, so we can't
calculate the required page number with its response.
Putting both together should work, though.
This should make sure that the timer is cleaned up, no matter what. This
didn't seem to be the case before, where it would still be stuck
sometimes, when throwing an error somewhere.
When running in a pull_request context, the labels job is part of the
currently running workflow - which will never have succeeded, yet.
Apparently it could be failed already, so in this case we take *any*
workflow run, no matter its state.
This manages the `2. status: stale` label for pull requests only (not
issues, yet) with the following conditions:
- The last event on the timeline of the Pull Request counts.
- Labeling and unlabeling of any kind are ignored.
- Older than 180 days are stale.
- Security labeled PRs are never stale.
To handle this label correctly, it's important to go through all pull
requests. Any approach to limit the list of PRs via search are not going
to work:
- Filtering by `updated` is not going to work, because it includes the
last time that *a label was set* on the PR. To actually find out whether
a PR is stale or not, the timeline of events needs to be looked at.
- Filtering by an existing stale label is not going to work either,
because such a label might have been added manually and thus breaking
the rules we set up here. Thus any existing label needs to be confirmed
as well.
We keep working through the PR, even though we don't have any eval
results. This will allow actually managing labels for much older PRs as
well. Most importantly, it will allow merge-conflict and stale-labeling
next.
This replaces the manual dispatch trigger with a batched run through all
pull requests every day. This has the small benefit of not having to
worry about backfilling labeling after fixing bugs - and the much bigger
one in being able to handle merge-conflict and stale labels properly
later. For those, it's inevitable to eventually scan through all PRs.
At this stage, the vast majority of PRs will still be skipped, because
there won't be an eval run with artifact available. This will be
improved in the next step.
Technically, the workflow_dispatch trigger is kept to allow easily
testing this in forks, where the scheduled jobs are disabled. The
triggered job will behave similar to the scheduled job, though, and have
no special inputs.
