Skip to content

workflows: switch to NIXPKGS_CI specific variables#373935

Merged
JohnRTitor merged 3 commits intomasterfrom
ci/nixpkgs-ci-migration
Jan 15, 2025
Merged

workflows: switch to NIXPKGS_CI specific variables#373935
JohnRTitor merged 3 commits intomasterfrom
ci/nixpkgs-ci-migration

Conversation

@JohnRTitor
Copy link
Member

@JohnRTitor JohnRTitor commented Jan 15, 2025

This will allow GitHub to run actions on those commits, specifically Eval action. Currently as these merges are commited by github-actions, Eval doesn't run on the commits.

ie, https://github.com/NixOS/nixpkgs/actions/runs/12646467735/job/35237397411?pr=371701 Processing failed due to fa2d66f commit was done by github-actions.

With this every periodic merge will be authored and commited by the nixpkgs-ci bot.

Supercedes #372041

Relevant org discussion: NixOS/org#54

PR created from a NixOS/nixpkgs branch as to make it easier to test.

@JohnRTitor
workflows/backport: switch to new variables
f697628 
As per NixOS/org#54, new variables are now NIXPKGS_CI_APP_ID and NIXPKGS_CI_APP_PRIVATE_KEY.
@JohnRTitor
workflows/periodic-merges: use nixpkgs-ci's token
6ab6314
@github-actions github-actions bot added 6.topic: policy discussion Discuss policies to work in and around Nixpkgs 6.topic: continuous integration Affects continuous integration (CI) in Nixpkgs, including Ofborg and GitHub Actions labels Jan 15, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Jan 15, 2025
@JohnRTitor
Copy link
Member Author

JohnRTitor commented Jan 15, 2025

Humm, seems like secrets are not being passed properly? https://github.com/NixOS/nixpkgs/actions/runs/12781938173/job/35630648144

@JohnRTitor
workflows/periodic-merges: explicitly inherit the secrets
38ebbf7 
Apparently since we are callling a reusable workflow here, we need to explicitly pass the secrets. :(
@JohnRTitor
Copy link
Member Author

JohnRTitor commented Jan 15, 2025

Nice, looks like this works now! https://github.com/NixOS/nixpkgs/actions/runs/12782225893/job/35631361946

wolfgangwalther
wolfgangwalther approved these changes Jan 15, 2025
View reviewed changes
Copy link
Contributor

@wolfgangwalther wolfgangwalther left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Should we use the new token for the codeowners workflow, too? (Not sure whether it has the right permissions)

@JohnRTitor
Copy link
Member Author

JohnRTitor commented Jan 15, 2025

Should we use the new token for the codeowners workflow, too? (Not sure whether it has the right permissions)

nixpkgs-ci has the permissions I believe, but no we should not use it there. nix-owners bot only has access to requesting review, adding labels and other non-write permissions, and for security reasons, apps/workflows should only have access to the things that are deemed absolutely necessary.

@JohnRTitor JohnRTitor merged commit 6e263e8 into master Jan 15, 2025
23 of 27 checks passed
@JohnRTitor JohnRTitor deleted the ci/nixpkgs-ci-migration branch January 15, 2025 14:21
@JohnRTitor JohnRTitor mentioned this pull request Jan 15, 2025
Closed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Jan 19, 2025

Backport failed for release-24.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-24.11
git worktree add -d .worktree/backport-373935-to-release-24.11 origin/release-24.11
cd .worktree/backport-373935-to-release-24.11
git switch --create backport-373935-to-release-24.11
git cherry-pick -x f6976283058deb6d6eaa30967c09b4ee471e3193 6ab6314d06d25d77c3052fb00c4bdf3d7a5027a2 38ebbf7c4fc018170ac80582f83eb076694ab010

@infinisil
Copy link
Member

infinisil commented Jan 27, 2025

Because I was confused for a sec: This PR doesn't need to be backported because:

  • The backport action is only useful on master branches (you don't need to backport PRs that are already going to the release branch)
  • The periodic actions are only triggered based on the master branch

@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Jan 27, 2025

Correct - I tried backporting to minimize conflicts, but then concluded the same.

@leona-ya
Copy link
Member

leona-ya commented Jan 31, 2025
edited
Loading

As this is not backported, this action now fails with (some?) backport PRs after they're merged:

I'm not really sure why this step runs?

@wolfgangwalther wolfgangwalther mentioned this pull request Feb 1, 2025
Merged
1 task
@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Feb 1, 2025

As this is not backported, this action now fails with (some?) backport PRs after they're merged:

I had the same errors on every backport PR I did. After doing the backport of this in #378508, those seem to be gone now.

wolfgangwalther added a commit to wolfgangwalther/nixpkgs that referenced this pull request Feb 2, 2025
@wolfgangwalther
workflows/eval: fail hard without target run
86a38d4 
Without a target run, we won't get any rebuild labels, rebuild counts or
maintainer pings. This might have been correct before NixOS#373935, but by
now we run eval on all commits on the target branch, so we should treat
it as a failure if we can't find the run.
@wolfgangwalther wolfgangwalther mentioned this pull request Feb 2, 2025
Merged
1 task
nixpkgs-ci bot pushed a commit that referenced this pull request Feb 4, 2025
@wolfgangwalther @github-actions
workflows/eval: fail hard without target run
0efb3c5 
Without a target run, we won't get any rebuild labels, rebuild counts or
maintainer pings. This might have been correct before #373935, but by
now we run eval on all commits on the target branch, so we should treat
it as a failure if we can't find the run.

(cherry picked from commit 86a38d4)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfgangwalther wolfgangwalther wolfgangwalther approved these changes

@Mic92 Mic92 Awaiting requested review from Mic92

@infinisil infinisil Awaiting requested review from infinisil

@risicle risicle Awaiting requested review from risicle

@LeSuisse LeSuisse Awaiting requested review from LeSuisse

@zowoq zowoq Awaiting requested review from zowoq

@mweinelt mweinelt Awaiting requested review from mweinelt

@azuwis azuwis Awaiting requested review from azuwis

Assignees

No one assigned

Labels

6.topic: continuous integration Affects continuous integration (CI) in Nixpkgs, including Ofborg and GitHub Actions 6.topic: policy discussion Discuss policies to work in and around Nixpkgs 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@JohnRTitor @infinisil @wolfgangwalther @leona-ya