Safer releases #85

Workflow file for this run

	name: CI
	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main

	# This makes sure to only run one instance of this workflow per individual PR and pushes.
	# We need this especially for the release step, because it has side effects.
	# But it's also good in general, there's no need to finish action runs for commits
	# when you push another one right after.
	# Assumption: We push less frequently than it takes for this workflow to finish
	concurrency:
	# For a push to the main branch, github.ref is refs/heads/<branch_name>
	# For a pull request, github.ref is refs/pull/<pr_number>/merge
	group: ${{ github.ref }}
	# We don't want to cancel in progress workflows for pushes to the main branch,
	# because it could be in the process of doing a release.
	# Better wait until it's done
	cancel-in-progress: ${{ github.event_name != 'pull' }}

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: cachix/install-nix-action@v26

	- name: build
	run: nix-build -A ci

	- name: release
	if: ${{ github.event_name == 'push' }}
	run: scripts/release.sh
	env:
	GH_TOKEN: ${{ github.token }}

	test-update:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: cachix/install-nix-action@v26

	- name: test update script
	run: \|
	nix-build -A autoPrUpdate
	{
	result/bin/auto-pr-update .
	echo ""
	echo '```diff'
	git diff
	echo '```'
	} > $GITHUB_STEP_SUMMARY
	env:
	GH_TOKEN: ${{ github.token }}

	nixpkgs-pr:
	runs-on: ubuntu-latest
	if: ${{ github.event_name == 'push' }}
	needs: build
	steps:
	- uses: actions/checkout@v4
	with:
	repository: NixOS/nixpkgs

	- name: Update nixpkgs-check-by-name in Nixpkgs
	run: \|
	echo "rev=$(git rev-parse HEAD)" >> $GITHUB_ENV
	echo "before=$(<pkgs/test/check-by-name/pinned-version.txt)" >> $GITHUB_ENV

	# We run bash explicitly instead of using the files shebang,
	# because the shebang is using nix-shell with dependencies we already have by default
	bash pkgs/test/check-by-name/update-pinned-tool.sh

	echo "after=$(<pkgs/test/check-by-name/pinned-version.txt)" >> $GITHUB_ENV

	- name: Create Pull Request
	uses: peter-evans/create-pull-request@v6
	with:
	# To trigger CI for automated PRs, we use a separate machine account
	# See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
	# and https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork
	token: ${{ secrets.MACHINE_USER_PAT }}
	push-to-fork: infinixbot/nixpkgs
	committer: infinixbot <[email protected]>
	author: infinixbot <[email protected]>
	branch: update/nixpkgs-check-by-name
	commit-message: \|
	nixpkgs-check-by-name: ${{ env.before }} -> ${{ env.after }}

	https://github.com/NixOS/nixpkgs-check-by-name/releases/tag/${{ env.after }}
	title: "nixpkgs-check-by-name: ${{ env.before }} -> ${{ env.after }}"
	body: >
	This is an automated PR to update the version of [nixpkgs-check-by-name](https://github.com/NixOS/nixpkgs-check-by-name),
	which is used by CI to [check the `pkgs/by-name`](https://github.com/NixOS/nixpkgs/tree/${{ env.rev }}/pkgs/by-name#validation) directory.
	The update was performed by running [`pkgs/test/check-by-name/update-pinned-tool.sh`](https://github.com/NixOS/nixpkgs/tree/${{ env.rev }}/pkgs/test/check-by-name#update-pinned-toolsh).

	This PR updates the tool to [version ${{ env.after }}](https://github.com/NixOS/nixpkgs-check-by-name/releases/tag/${{ env.after }}).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Safer releases #85

Workflow file

Safer releases #85

Jobs

Run details

Workflow file for this run