646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
155 lines
4.9 KiB
YAML
155 lines
4.9 KiB
YAML
name: PR
|
|
|
|
on:
|
|
pull_request_target:
|
|
workflow_call:
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN:
|
|
required: true
|
|
NIXPKGS_CI_APP_PRIVATE_KEY:
|
|
required: true
|
|
OWNER_APP_PRIVATE_KEY:
|
|
# The Test workflow should not actually request reviews from owners.
|
|
required: false
|
|
|
|
concurrency:
|
|
group: pr-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
prepare:
|
|
runs-on: ubuntu-24.04-arm
|
|
permissions:
|
|
# wrong branch review comment
|
|
pull-requests: write
|
|
outputs:
|
|
baseBranch: ${{ steps.prepare.outputs.base }}
|
|
headBranch: ${{ steps.prepare.outputs.head }}
|
|
mergedSha: ${{ steps.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ steps.prepare.outputs.targetSha }}
|
|
systems: ${{ steps.prepare.outputs.systems }}
|
|
touched: ${{ steps.prepare.outputs.touched }}
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
sparse-checkout-cone-mode: true # default, for clarity
|
|
sparse-checkout: |
|
|
ci/github-script
|
|
- id: prepare
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
require('./ci/github-script/prepare.js')({
|
|
github,
|
|
context,
|
|
core,
|
|
dry: context.eventName == 'pull_request',
|
|
})
|
|
|
|
check:
|
|
name: Check
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/check.yml
|
|
permissions:
|
|
# cherry-picks
|
|
pull-requests: write
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
baseBranch: ${{ needs.prepare.outputs.baseBranch }}
|
|
headBranch: ${{ needs.prepare.outputs.headBranch }}
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
|
|
lint:
|
|
name: Lint
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/lint.yml
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
|
|
eval:
|
|
name: Eval
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/eval.yml
|
|
permissions:
|
|
# compare
|
|
statuses: write
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
systems: ${{ needs.prepare.outputs.systems }}
|
|
testVersions: ${{ contains(fromJSON(needs.prepare.outputs.touched), 'pinned') && !contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development') }}
|
|
|
|
labels:
|
|
name: Labels
|
|
needs: [prepare, eval]
|
|
uses: ./.github/workflows/labels.yml
|
|
permissions:
|
|
issues: write
|
|
pull-requests: write
|
|
secrets:
|
|
NIXPKGS_CI_APP_PRIVATE_KEY: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
|
|
with:
|
|
headBranch: ${{ needs.prepare.outputs.headBranch }}
|
|
|
|
reviewers:
|
|
name: Reviewers
|
|
needs: [prepare, eval]
|
|
if: |
|
|
needs.prepare.outputs.targetSha &&
|
|
!contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development')
|
|
uses: ./.github/workflows/reviewers.yml
|
|
secrets:
|
|
OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
|
|
|
|
build:
|
|
name: Build
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/build.yml
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
with:
|
|
baseBranch: ${{ needs.prepare.outputs.baseBranch }}
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
|
|
# This job's only purpose is to create the target for the "Required Status Checks" branch ruleset.
|
|
# It "needs" all the jobs that should block merging a PR.
|
|
unlock:
|
|
if: github.event_name != 'pull_request' && always()
|
|
# Modify this list to add or remove jobs from required status checks.
|
|
needs:
|
|
- check
|
|
- lint
|
|
- eval
|
|
- build
|
|
runs-on: ubuntu-24.04-arm
|
|
permissions:
|
|
statuses: write
|
|
steps:
|
|
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
env:
|
|
RESULTS: ${{ toJSON(needs.*.result) }}
|
|
with:
|
|
script: |
|
|
const { serverUrl, repo, runId, payload } = context
|
|
const target_url =
|
|
`${serverUrl}/${repo.owner}/${repo.repo}/actions/runs/${runId}?pr=${payload.pull_request.number}`
|
|
await github.rest.repos.createCommitStatus({
|
|
...repo,
|
|
sha: payload.pull_request.head.sha,
|
|
// WARNING:
|
|
// Do NOT change the name of this, otherwise the rule will not catch it anymore.
|
|
// This would prevent all PRs from merging.
|
|
context: 'no PR failures',
|
|
state: JSON.parse(process.env.RESULTS).every(status => status == 'success') ? 'success' : 'error',
|
|
target_url,
|
|
})
|