diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-04-28 14:39:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-06-10 08:52:36 +0000 |
commit | 693e64ef7421374338ddb1dc12b9573feec75972 (patch) | |
tree | 2526ac075d248699c35d63e04499890ee4381f5f /nixpkgs/.github | |
parent | 7014df2256694d97093d6f2bb1db340d346dea88 (diff) | |
parent | 8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17 (diff) | |
download | nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.gz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.bz2 nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.lz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.xz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.zst nixlib-693e64ef7421374338ddb1dc12b9573feec75972.zip |
Merge commit '8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17'
Diffstat (limited to 'nixpkgs/.github')
-rw-r--r-- | nixpkgs/.github/CODEOWNERS | 5 | ||||
-rw-r--r-- | nixpkgs/.github/labeler.yml | 4 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/direct-push.yml | 29 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/labels.yml | 4 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixos.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixpkgs.yml | 2 |
6 files changed, 42 insertions, 4 deletions
diff --git a/nixpkgs/.github/CODEOWNERS b/nixpkgs/.github/CODEOWNERS index b15d89219f43..fc116b32d5f3 100644 --- a/nixpkgs/.github/CODEOWNERS +++ b/nixpkgs/.github/CODEOWNERS @@ -11,7 +11,7 @@ /.github/CODEOWNERS @edolstra # GitHub actions -/.github/workflows @Mic92 @zowoq +/.github/workflows @NixOS/Security @Mic92 @zowoq /.github/workflows/merge-staging @FRidh # EditorConfig @@ -126,9 +126,6 @@ # Jetbrains /pkgs/applications/editors/jetbrains @edwtjo -# Eclipse -/pkgs/applications/editors/eclipse @rycee - # Licenses /lib/licenses.nix @alyssais diff --git a/nixpkgs/.github/labeler.yml b/nixpkgs/.github/labeler.yml index 77422234ab3d..1b0392692ed8 100644 --- a/nixpkgs/.github/labeler.yml +++ b/nixpkgs/.github/labeler.yml @@ -5,6 +5,10 @@ - pkgs/development/libraries/agda/**/* - pkgs/top-level/agda-packages.nix +"6.topic: bsd": + - pkgs/os-specific/bsd/**/* + - pkgs/stdenv/freebsd/**/* + "6.topic: cinnamon": - pkgs/desktops/cinnamon/**/* diff --git a/nixpkgs/.github/workflows/direct-push.yml b/nixpkgs/.github/workflows/direct-push.yml new file mode 100644 index 000000000000..6177004295ff --- /dev/null +++ b/nixpkgs/.github/workflows/direct-push.yml @@ -0,0 +1,29 @@ +name: "Direct Push Warning" +on: + push: + branches: + - master + - release-** +jobs: + build: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REPOSITORY: ${{ github.repository }} + steps: + - name: Check if commit is a merge commit + id: ismerge + run: | + ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any') + echo "::set-output name=ismerge::$ISMERGE" + - name: Warn if the commit was a direct push + if: steps.ismerge.outputs.ismerge != 'true' + uses: peter-evans/commit-comment@v1 + with: + body: | + @${{ github.actor }}, you pushed a commit directly to master/release branch + instead of going through a Pull Request. + + That's highly discouraged beyond the few exceptions listed + on https://github.com/NixOS/nixpkgs/issues/118661 diff --git a/nixpkgs/.github/workflows/labels.yml b/nixpkgs/.github/workflows/labels.yml index 4232ceb62368..4d1e2a2a0f95 100644 --- a/nixpkgs/.github/workflows/labels.yml +++ b/nixpkgs/.github/workflows/labels.yml @@ -4,6 +4,10 @@ on: pull_request_target: types: [edited, opened, synchronize, reopened] +permissions: + contents: read + pull-requests: write + jobs: labels: runs-on: ubuntu-latest diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml index fa1f8fc6911e..c885f6f7665c 100644 --- a/nixpkgs/.github/workflows/manual-nixos.yml +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -1,5 +1,7 @@ name: "Build NixOS manual" +permissions: read-all + on: pull_request_target: branches: diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml index 192a4c6868a4..6f7ad10efd90 100644 --- a/nixpkgs/.github/workflows/manual-nixpkgs.yml +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -1,5 +1,7 @@ name: "Build Nixpkgs manual" +permissions: read-all + on: pull_request_target: branches: |