diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-12-06 19:57:55 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:48:30 +0000 |
commit | bf3aadfdd39aa197e18bade671fab6726349ffa4 (patch) | |
tree | 698567af766ed441d757b57a7b21e68d4a342a2b /nixpkgs/.github/workflows | |
parent | f4afc5a01d9539ce09e47494e679c51f80723d07 (diff) | |
parent | 99665eb45f58d959d2cb9e49ddb960c79d596f33 (diff) | |
download | nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.gz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.bz2 nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.lz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.xz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.zst nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.zip |
Merge commit '99665eb45f58d959d2cb9e49ddb960c79d596f33'
Diffstat (limited to 'nixpkgs/.github/workflows')
-rw-r--r-- | nixpkgs/.github/workflows/backport.yml | 6 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/basic-eval.yml | 22 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/direct-push.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/editorconfig.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixos.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixpkgs.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/nixos-manual.yml | 12 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/no-channel.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/pending-clear.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/pending-set.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-24h.yml | 18 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-6h.yml | 6 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/update-terraform-providers.yml | 22 |
13 files changed, 83 insertions, 29 deletions
diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml index 4ee5adfaac1e..53066456f98d 100644 --- a/nixpkgs/.github/workflows/backport.yml +++ b/nixpkgs/.github/workflows/backport.yml @@ -8,8 +8,14 @@ on: # the GitHub repository. This means that it should not evaluate user input in a # way that allows code injection. +permissions: + contents: read + jobs: backport: + permissions: + contents: write # for zeebe-io/backport-action to create branch + pull-requests: write # for zeebe-io/backport-action to create PR to backport name: Backport Pull Request if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml index 51429ae40bee..2d31392caf45 100644 --- a/nixpkgs/.github/workflows/basic-eval.yml +++ b/nixpkgs/.github/workflows/basic-eval.yml @@ -1,21 +1,25 @@ name: Basic evaluation checks on: - pull_request: - branches: - - master - - release-** - push: - branches: - - master - - release-** + workflow_dispatch + # pull_request: + # branches: + # - master + # - release-** + # push: + # branches: + # - master + # - release-** +permissions: + contents: read + jobs: tests: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 - uses: cachix/cachix-action@v10 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. diff --git a/nixpkgs/.github/workflows/direct-push.yml b/nixpkgs/.github/workflows/direct-push.yml index 082a4806e619..167253ac6db6 100644 --- a/nixpkgs/.github/workflows/direct-push.yml +++ b/nixpkgs/.github/workflows/direct-push.yml @@ -4,8 +4,13 @@ on: branches: - master - release-** +permissions: + contents: read + jobs: build: + permissions: + contents: write # for peter-evans/commit-comment to comment on commit runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' env: diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml index de49e55ef2a7..5b57614e1107 100644 --- a/nixpkgs/.github/workflows/editorconfig.yml +++ b/nixpkgs/.github/workflows/editorconfig.yml @@ -28,7 +28,7 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 with: # nixpkgs commit is pinned so that it doesn't break # editorconfig-checker 2.4.0 diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml index 61a8a217651d..64829a191369 100644 --- a/nixpkgs/.github/workflows/manual-nixos.yml +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -18,7 +18,7 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 with: # explicitly enable sandbox extra_nix_config: sandbox = true diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml index 70d9aab69828..2aebeeeea2ab 100644 --- a/nixpkgs/.github/workflows/manual-nixpkgs.yml +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -18,7 +18,7 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 with: # explicitly enable sandbox extra_nix_config: sandbox = true diff --git a/nixpkgs/.github/workflows/nixos-manual.yml b/nixpkgs/.github/workflows/nixos-manual.yml index bd70f228d462..5453513a53a6 100644 --- a/nixpkgs/.github/workflows/nixos-manual.yml +++ b/nixpkgs/.github/workflows/nixos-manual.yml @@ -19,8 +19,16 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 - name: Check DocBook files generated from Markdown are consistent run: | nixos/doc/manual/md-to-db.sh - git diff --exit-code + git diff --exit-code || { + echo + echo 'Generated manual files are out of date.' + echo 'Please run' + echo + echo ' nixos/doc/manual/md-to-db.sh' + echo + exit 1 + } diff --git a/nixpkgs/.github/workflows/no-channel.yml b/nixpkgs/.github/workflows/no-channel.yml index fb9a95851f06..90c38f22c007 100644 --- a/nixpkgs/.github/workflows/no-channel.yml +++ b/nixpkgs/.github/workflows/no-channel.yml @@ -6,8 +6,13 @@ on: - 'nixos-**' - 'nixpkgs-**' +permissions: + contents: read + jobs: fail: + permissions: + contents: none name: "This PR is is targeting a channel branch" runs-on: ubuntu-latest steps: diff --git a/nixpkgs/.github/workflows/pending-clear.yml b/nixpkgs/.github/workflows/pending-clear.yml index d06b1e2143f1..7e8960597e5c 100644 --- a/nixpkgs/.github/workflows/pending-clear.yml +++ b/nixpkgs/.github/workflows/pending-clear.yml @@ -4,8 +4,13 @@ on: check_suite: types: [ completed ] +permissions: + contents: read + jobs: action: + permissions: + statuses: write runs-on: ubuntu-latest steps: - name: clear pending status diff --git a/nixpkgs/.github/workflows/pending-set.yml b/nixpkgs/.github/workflows/pending-set.yml index b15e4847e67c..0dc3031d87c0 100644 --- a/nixpkgs/.github/workflows/pending-set.yml +++ b/nixpkgs/.github/workflows/pending-set.yml @@ -8,8 +8,13 @@ on: # the GitHub repository. This means that it should not evaluate user input in a # way that allows code injection. +permissions: + contents: read + jobs: action: + permissions: + statuses: write runs-on: ubuntu-latest steps: - name: set pending status diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml index 027c63aad9a2..2eec69f65257 100644 --- a/nixpkgs/.github/workflows/periodic-merge-24h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml @@ -14,8 +14,14 @@ on: # Merge every 24 hours - cron: '0 0 * * *' +permissions: + contents: read + jobs: periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + issues: write # for peter-evans/create-or-update-comment to create or update comment if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest strategy: @@ -28,14 +34,10 @@ jobs: pairs: - from: master into: haskell-updates - - from: release-21.05 - into: staging-next-21.05 - - from: staging-next-21.05 - into: staging-21.05 - - from: release-21.11 - into: staging-next-21.11 - - from: staging-next-21.11 - into: staging-21.11 + - from: release-22.05 + into: staging-next-22.05 + - from: staging-next-22.05 + into: staging-22.05 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - uses: actions/checkout@v3 diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml index 5588d216ea03..bcc9f4883588 100644 --- a/nixpkgs/.github/workflows/periodic-merge-6h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml @@ -14,8 +14,14 @@ on: # Merge every 6 hours - cron: '0 */6 * * *' +permissions: + contents: read + jobs: periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + issues: write # for peter-evans/create-or-update-comment to create or update comment if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest strategy: diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml index 0c775cb6e402..1650f537b7bc 100644 --- a/nixpkgs/.github/workflows/update-terraform-providers.yml +++ b/nixpkgs/.github/workflows/update-terraform-providers.yml @@ -2,16 +2,23 @@ name: "Update terraform-providers" on: schedule: - - cron: "14 3 * * 1" + - cron: "14 3 * * 0" workflow_dispatch: +permissions: + contents: read + jobs: tf-providers: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + issues: write # for peter-evans/create-or-update-comment to create or update comment + pull-requests: write # for peter-evans/create-pull-request to create a PR if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 - name: setup id: setup run: | @@ -25,14 +32,15 @@ jobs: git commit -m "${{ steps.setup.outputs.title }}" providers.json popd - name: create PR - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v4 with: body: | - Automatic update of terraform providers. - - Created by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. + Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. - Check that all providers build with `@ofborg build terraform-full` + Check that all providers build with: + ``` + @ofborg build terraform.full + ``` branch: terraform-providers-update delete-branch: false labels: "2.status: work-in-progress" |