ci: add keep-sorted workflow

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
2025-03-18 22:26:31 +01:00 · 2025-03-18 22:26:31 +01:00 · 60b30dd316
commit 60b30dd316
parent cb755af536
1 changed files with 40 additions and 0 deletions
--- a/.github/workflows/keep-sorted.yml
+++ b/.github/workflows/keep-sorted.yml
@ -0,0 +1,40 @@
+name: Check that files are sorted
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+permissions: {}
+
+jobs:
+  get-merge-commit:
+    uses: ./.github/workflows/get-merge-commit.yml
+
+  nixos:
+    name: keep-sorted
+    runs-on: ubuntu-24.04
+    needs: get-merge-commit
+    if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
+
+      - name: Get Nixpkgs revision for keep-sorted
+        run: |
+          # Pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt from staging.
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          rev=$(jq -r .rev ci/pinned-nixpkgs.json)
+          echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
+
+      - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
+        with:
+          extra_nix_config: sandbox = true
+          nix_path: nixpkgs=${{ env.url }}
+
+      - name: Install keep-sorted
+        run: "nix-env -f '<nixpkgs>' -iAP keep-sorted"
+
+      - name: Check that Nix files are sorted
+        run: |
+          git ls-files | xargs keep-sorted --mode lint