talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

workflows/{pr,push}: move prepare job from eval workflow

Browse Source 
This is only a refactor at this stage, but split into a separate commit
for better review. It's the base for the next two commits.
This commit is contained in:
Wolfgang Walther 2025-06-18 20:23:14 +02:00
parent 69ab2f4347
commit 9422f30e47
No known key found for this signature in database
GPG Key ID: B39893FA5F65CAE1
3 changed files with 65 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
.github/workflows/eval.yml vendored
View File

@ -2,6 +2,15 @@ name: Eval
on:
workflow_call:
inputs:
mergedSha:
required: true
type: string
targetSha:
type: string
systems:
required: true
type: string
secrets:
OWNER_APP_PRIVATE_KEY:
required: false
@ -13,34 +22,12 @@ defaults:
shell: bash
jobs:
prepare:
runs-on: ubuntu-24.04-arm
outputs:
mergedSha: ${{ steps.get-merge-commit.outputs.mergedSha }}
targetSha: ${{ steps.get-merge-commit.outputs.targetSha }}
systems: ${{ steps.systems.outputs.systems }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: |
.github/actions
ci/supportedSystems.json
- name: Check if the PR can be merged and get the test merge commit
uses: ./.github/actions/get-merge-commit
id: get-merge-commit
- name: Load supported systems
id: systems
run: |
echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"
eval:
runs-on: ubuntu-24.04-arm
needs: [prepare]
strategy:
fail-fast: false
matrix:
system: ${{ fromJSON(needs.prepare.outputs.systems) }}
system: ${{ fromJSON(inputs.systems) }}
name: ${{ matrix.system }}
steps:
- name: Enable swap
@ -53,7 +40,7 @@ jobs:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.prepare.outputs.mergedSha }}
ref: ${{ inputs.mergedSha }}
path: untrusted
- name: Install Nix
@ -78,12 +65,12 @@ jobs:
path: merged/*
- name: Get target run id
if: needs.prepare.outputs.targetSha
if: inputs.targetSha
id: targetRunId
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
MATRIX_SYSTEM: ${{ matrix.system }}
TARGET_SHA: ${{ needs.prepare.outputs.targetSha }}
TARGET_SHA: ${{ inputs.targetSha }}
with:
script: |
const system = process.env.MATRIX_SYSTEM
@ -145,8 +132,8 @@ jobs:
compare:
runs-on: ubuntu-24.04-arm
needs: [prepare, eval]
if: needs.prepare.outputs.targetSha
needs: [eval]
if: inputs.targetSha
permissions:
issues: write # needed to create *new* labels
pull-requests: write
@ -162,7 +149,7 @@ jobs:
- name: Check out the PR at the target commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.prepare.outputs.targetSha }}
ref: ${{ inputs.targetSha }}
path: trusted
- name: Install Nix
@ -180,8 +167,8 @@ jobs:
env:
AUTHOR_ID: ${{ github.event.pull_request.user.id }}
run: |
git -C trusted fetch --depth 1 origin ${{ needs.prepare.outputs.mergedSha }}
git -C trusted diff --name-only ${{ needs.prepare.outputs.mergedSha }} \
git -C trusted fetch --depth 1 origin ${{ inputs.mergedSha }}
git -C trusted diff --name-only ${{ inputs.mergedSha }} \
| jq --raw-input --slurp 'split("\n")[:-1]' > touched-files.json
# Use the target branch to get accurate maintainer info
@ -243,8 +230,8 @@ jobs:
# No dependency on "compare", so that it can start at the same time.
# We only wait for the "comparison" artifact to be available, which makes the start-to-finish time
# for the eval workflow considerably faster.
needs: [prepare, eval]
if: needs.prepare.outputs.targetSha
needs: [eval]
if: inputs.targetSha
uses: ./.github/workflows/reviewers.yml
secrets:
OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}

26
.github/workflows/pr.yml vendored
View File

@ -18,6 +18,27 @@ concurrency:
permissions: {}
jobs:
prepare:
runs-on: ubuntu-24.04-arm
outputs:
mergedSha: ${{ steps.get-merge-commit.outputs.mergedSha }}
targetSha: ${{ steps.get-merge-commit.outputs.targetSha }}
systems: ${{ steps.systems.outputs.systems }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: |
.github/actions
ci/supportedSystems.json
- name: Check if the PR can be merged and get the test merge commit
uses: ./.github/actions/get-merge-commit
id: get-merge-commit
- name: Load supported systems
id: systems
run: |
echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"
check:
name: Check
uses: ./.github/workflows/check.yml
@ -31,6 +52,7 @@ jobs:
eval:
name: Eval
needs: [prepare]
uses: ./.github/workflows/eval.yml
permissions:
# compare
@ -39,6 +61,10 @@ jobs:
statuses: write
secrets:
OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
with:
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
targetSha: ${{ needs.prepare.outputs.targetSha }}
systems: ${{ needs.prepare.outputs.systems }}
build:
name: Build

19
.github/workflows/push.yml vendored
View File

@ -18,8 +18,24 @@ on:
permissions: {}
jobs:
prepare:
runs-on: ubuntu-24.04-arm
outputs:
systems: ${{ steps.systems.outputs.systems }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: |
ci/supportedSystems.json
- name: Load supported systems
id: systems
run: |
echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"
eval:
name: Eval
needs: [prepare]
uses: ./.github/workflows/eval.yml
# Those are not actually used on push, but will throw an error if not set.
permissions:
@ -27,3 +43,6 @@ jobs:
issues: write
pull-requests: write
statuses: write
with:
mergedSha: ${{ github.sha }}
systems: ${{ needs.prepare.outputs.systems }}