0f5e504f9e
This forces better error handling as described in [1]. Without this change, bash would *not* run with `-o pipefail`, which means some errors go unnoticed. By naming `bash` explicitly, `-o pipefail` is enabled. 1: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#defaultsrunshell
43 lines
1.2 KiB
YAML
43 lines
1.2 KiB
YAML
name: Eval aliases
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- .github/workflows/eval-aliases.yml
|
|
pull_request_target:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
eval-aliases:
|
|
name: Eval nixpkgs with aliases enabled
|
|
runs-on: ubuntu-24.04-arm
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
sparse-checkout: .github/actions
|
|
- name: Check if the PR can be merged and checkout the merge commit
|
|
uses: ./.github/actions/get-merge-commit
|
|
with:
|
|
merged-as-untrusted: true
|
|
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
|
|
with:
|
|
extra_nix_config: sandbox = true
|
|
|
|
- name: Ensure flake outputs on all systems still evaluate
|
|
run: nix flake check --all-systems --no-build ./untrusted
|
|
|
|
- name: Query nixpkgs with aliases enabled to check for basic syntax errors
|
|
run: |
|
|
time nix-env -I ./untrusted -f ./untrusted -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null
|