Skip to content
review

review #387620 #211

Sign in to view logs

review #387620

review #387620 #211

Workflow file for this run

.github/workflows/review.yml at c7ee297
name: review
run-name: "review #${{ inputs.pr }}"
on:
workflow_dispatch:
inputs:
pr:
description: "Pull Request Number"
required: true
type: string
x86_64-linux:
description: "Run on x86_64-linux"
required: true
type: boolean
default: true
aarch64-linux:
description: "Run on aarch64-linux"
required: true
type: boolean
default: true
x86_64-darwin:
description: "Run on x86_64-darwin"
required: true
type: boolean
default: true
aarch64-darwin:
description: "Run on aarch64-darwin"
required: true
type: boolean
default: true
upstream-eval-timeout:
description: "How long to wait for upstream eval (in seconds)"
required: true
type: number
default: 900
local-eval:
description: "Force local eval"
required: true
type: boolean
default: false
attic:
description: "Push to attic"
required: true
type: boolean
default: true
upterm:
description: "Start upterm session after nixpkgs-review"
required: true
type: boolean
default: false
post-result:
description: "Post Result"
required: true
type: boolean
default: true
jobs:
review:
strategy:
fail-fast: false
matrix:
system:
- x86_64-linux
- aarch64-linux
- x86_64-darwin
- aarch64-darwin
exclude:
- system: ${{ !inputs.x86_64-linux && 'x86_64-linux' || '' }}
- system: ${{ !inputs.aarch64-linux && 'aarch64-linux' || '' }}
- system: ${{ !inputs.x86_64-darwin && 'x86_64-darwin' || '' }}
- system: ${{ !inputs.aarch64-darwin && 'aarch64-darwin' || '' }}
runs-on: >-
${{ (matrix.system == 'x86_64-linux' && 'ubuntu-latest')
|| (matrix.system == 'aarch64-linux' && 'ubuntu-24.04-arm')
|| (matrix.system == 'x86_64-darwin' && 'macos-13')
|| (matrix.system == 'aarch64-darwin' && 'macos-latest') }}
outputs:
report_x86_64-linux: ${{ steps.report.outputs.report_x86_64-linux }}
report_aarch64-linux: ${{ steps.report.outputs.report_aarch64-linux }}
report_x86_64-darwin: ${{ steps.report.outputs.report_x86_64-darwin }}
report_aarch64-darwin: ${{ steps.report.outputs.report_aarch64-darwin }}
fetch_cmd_x86_64-linux: ${{ steps.report.outputs.fetch_cmd_x86_64-linux }}
fetch_cmd_aarch64-linux: ${{ steps.report.outputs.fetch_cmd_aarch64-linux }}
fetch_cmd_x86_64-darwin: ${{ steps.report.outputs.fetch_cmd_x86_64-darwin }}
fetch_cmd_aarch64-darwin: ${{ steps.report.outputs.fetch_cmd_aarch64-darwin }}
steps:
- name: prepare /nix
run: sudo mkdir /mnt/nix && sudo mount -m -o bind /mnt/nix /nix
if: ${{ matrix.system == 'x86_64-linux' || matrix.system == 'aarch64-linux' }}
- name: install nix
uses: DeterminateSystems/nix-installer-action@v16
- name: clone nixpkgs
uses: actions/checkout@v4
with:
repository: NixOS/nixpkgs
- name: wait for upstream eval
if: ${{ inputs.upstream-eval-timeout > 0 && !inputs.local-eval }}
env:
GH_TOKEN: ${{ github.token }}
run: |
start=$(date +%s)
timeout=${{ inputs.upstream-eval-timeout }}
timeout=${timeout%.*}
while [[ $(( $(date +%s) - $start )) -lt $timeout ]]; do
status=$(gh pr -R nixos/nixpkgs checks ${{ inputs.pr }} --json 'state,name,workflow' -q '.[]|select(.name=="Process" and (.workflow=="Eval" or .workflow==".github/workflows/eval.yml"))|.state')
if [[ -z "$status" ]]; then echo "Failed to find eval check"
else echo "Eval status: ${status}"; fi
if [[ "$status" = "SUCCESS" ]]; then break; fi
sleep 10
done
- name: run nixpkgs-review
run: |
nix run github:nixos/nixpkgs/nixos-unstable#nixpkgs-review -- \
pr ${{ inputs.pr }} \
--eval ${{ inputs.local-eval && 'local' || 'auto' }} \
--no-shell \
--no-headers \
--print-result \
--build-args="-L" \
|| true
env:
GITHUB_TOKEN: ${{ github.token }}
- name: push results to attic
if: ${{ inputs.attic && vars.ATTIC_SERVER != '' && vars.ATTIC_CACHE != '' }}
run: |
set -ex
attic=$(nix build --no-link --print-out-paths github:nixos/nixpkgs/nixos-unstable#attic-client)/bin/attic
realpath=$(nix build --no-link --print-out-paths github:nixos/nixpkgs/nixos-unstable#coreutils)/bin/realpath
$attic login default "$ATTIC_SERVER" "$ATTIC_TOKEN"
$attic cache info "$ATTIC_CACHE"
($realpath -qe ~/.cache/nixpkgs-review/pr-${{ inputs.pr }}/results/* || true) > paths
$attic push --stdin "$ATTIC_CACHE" < paths
info=$(curl -f -H "Authorization: Bearer ${ATTIC_TOKEN}" "${ATTIC_SERVER}_api/v1/cache-config/${ATTIC_CACHE}")
substituter_endpoint=$(jq -r .substituter_endpoint <<< "$info")
public_key=$(jq -r .public_key <<< "$info")
is_public=$(jq -r .is_public <<< "$info")
echo "nix-store -r --add-root nixpkgs-pr-${{ inputs.pr }}-${{ matrix.system }} \\" >> fetch_cmd
echo " --option binary-caches 'https://cache.nixos.org/ $substituter_endpoint' \\" >> fetch_cmd
echo " --option trusted-public-keys '" >> fetch_cmd
echo " cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> fetch_cmd
echo " $public_key" >> fetch_cmd
echo -n " '" >> fetch_cmd
ok=0
for p in $(cat paths); do
echo -e " \\" >> fetch_cmd
echo -n " $p" >> fetch_cmd
ok=1
done
[[ "$is_public" = "true" ]] && [[ $ok = 1 ]] || rm fetch_cmd
env:
ATTIC_SERVER: ${{ vars.ATTIC_SERVER }}
ATTIC_CACHE: ${{ vars.ATTIC_CACHE }}
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
- name: start upterm session
if: ${{ inputs.upterm }}
uses: owenthereal/action-upterm@v1
with:
limit-access-to-actor: true
- name: generate report
id: report
run: |
base64=$(nix build --no-link --print-out-paths github:nixos/nixpkgs/nixos-unstable#coreutils)/bin/base64
if [[ -s fetch_cmd ]]; then
cat fetch_cmd
echo fetch_cmd_${{ matrix.system }}=$($base64 -w0 fetch_cmd) >> "$GITHUB_OUTPUT"
fi
report=~/.cache/nixpkgs-review/pr-${{ inputs.pr }}/report.md
cat $report
echo report_${{ matrix.system }}=$($base64 -w0 $report) >> "$GITHUB_OUTPUT"
report:
runs-on: ubuntu-latest
needs: [review]
outputs:
report: ${{ steps.report.outputs.report }}
steps:
- name: generate report
id: report
run: |
echo -e "## \`nixpkgs-review\` result\n" >> report.md
echo -e "Generated using [\`nixpkgs-review-gha\`](https://github.com/Defelo/nixpkgs-review-gha)\n" >> report.md
echo -e "Command: \`nixpkgs-review pr ${{ inputs.pr }}\`\n" >> report.md
echo -e "Logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\n" >> report.md
mkdir .tmp
cd .tmp
echo ${{ needs.review.outputs.fetch_cmd_x86_64-linux }} | base64 -d > x86_64-linux
echo ${{ needs.review.outputs.fetch_cmd_aarch64-linux }} | base64 -d > aarch64-linux
echo ${{ needs.review.outputs.fetch_cmd_x86_64-darwin }} | base64 -d > x86_64-darwin
echo ${{ needs.review.outputs.fetch_cmd_aarch64-darwin }} | base64 -d > aarch64-darwin
for system in x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin; do
[[ -s $system ]] || continue
echo -e "<li><details><summary><code>$system</code></summary>\n\n\`\`\`shell" >> ../cache.md
cat $system >> ../cache.md
echo -e "\n\`\`\`\n</details></li>" >> ../cache.md
done
cd ..
if [[ -s cache.md ]]; then
echo -e "<details><summary>Download packages from cache:</summary><ul>" >> report.md
cat cache.md >> report.md
echo -e "</ul></details>\n" >> report.md
fi
echo ${{ needs.review.outputs.report_x86_64-linux }} | base64 -d >> report.md
echo ${{ needs.review.outputs.report_aarch64-linux }} | base64 -d >> report.md
echo ${{ needs.review.outputs.report_x86_64-darwin }} | base64 -d >> report.md
echo ${{ needs.review.outputs.report_aarch64-darwin }} | base64 -d >> report.md
cat report.md
echo report=$(base64 -w0 report.md) >> "$GITHUB_OUTPUT"
post-result:
runs-on: ubuntu-latest
needs: [report]
if: ${{ inputs.post-result }}
environment: post-result
steps:
- name: fetch report
run: echo ${{ needs.report.outputs.report }} | base64 -d > report.md
- name: post comment
run: |
if [[ -n "$GH_TOKEN" ]]; then
gh pr -R NixOS/nixpkgs comment ${{ inputs.pr }} -F report.md
fi
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}