diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
| commit | 99fcaeccb89621dd492203ce1f2d551c06f228ed (patch) | |
| tree | 41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/.github | |
| parent | 59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff) | |
| parent | 75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff) | |
| download | nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2 nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip | |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/config/console.nix nixpkgs/nixos/modules/services/mail/mailman.nix nixpkgs/nixos/modules/services/mail/public-inbox.nix nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix nixpkgs/pkgs/applications/networking/irc/weechat/default.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/interpreters/python/default.nix nixpkgs/pkgs/development/node-packages/overrides.nix nixpkgs/pkgs/development/tools/b4/default.nix nixpkgs/pkgs/servers/dict/dictd-db.nix nixpkgs/pkgs/servers/mail/public-inbox/default.nix nixpkgs/pkgs/tools/security/pinentry/default.nix nixpkgs/pkgs/tools/text/unoconv/default.nix nixpkgs/pkgs/top-level/all-packages.nix
Diffstat (limited to 'nixpkgs/.github')
27 files changed, 388 insertions, 220 deletions
diff --git a/nixpkgs/.github/CODEOWNERS b/nixpkgs/.github/CODEOWNERS index c7aa63d40f43..d831893b9018 100644 --- a/nixpkgs/.github/CODEOWNERS +++ b/nixpkgs/.github/CODEOWNERS @@ -22,60 +22,60 @@ /.editorconfig @Mic92 @zowoq # Libraries -/lib @edolstra @nbp @infinisil -/lib/systems @alyssais @nbp @ericson2314 @matthewbauer -/lib/generators.nix @edolstra @nbp @Profpatsch -/lib/cli.nix @edolstra @nbp @Profpatsch -/lib/debug.nix @edolstra @nbp @Profpatsch -/lib/asserts.nix @edolstra @nbp @Profpatsch +/lib @edolstra @infinisil +/lib/systems @alyssais @ericson2314 @matthewbauer +/lib/generators.nix @edolstra @Profpatsch +/lib/cli.nix @edolstra @Profpatsch +/lib/debug.nix @edolstra @Profpatsch +/lib/asserts.nix @edolstra @Profpatsch +/lib/path.* @infinisil @fricklerhandwerk # Nixpkgs Internals -/default.nix @nbp -/pkgs/top-level/default.nix @nbp @Ericson2314 -/pkgs/top-level/impure.nix @nbp @Ericson2314 -/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer +/default.nix @Ericson2314 +/pkgs/top-level/default.nix @Ericson2314 +/pkgs/top-level/impure.nix @Ericson2314 +/pkgs/top-level/stage.nix @Ericson2314 @matthewbauer /pkgs/top-level/splice.nix @Ericson2314 @matthewbauer /pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer /pkgs/stdenv/generic @Ericson2314 @matthewbauer +/pkgs/stdenv/generic/check-meta.nix @Ericson2314 @matthewbauer @piegamesde /pkgs/stdenv/cross @Ericson2314 @matthewbauer /pkgs/build-support/cc-wrapper @Ericson2314 /pkgs/build-support/bintools-wrapper @Ericson2314 /pkgs/build-support/setup-hooks @Ericson2314 /pkgs/build-support/setup-hooks/auto-patchelf.sh @layus /pkgs/build-support/setup-hooks/auto-patchelf.py @layus +/pkgs/pkgs-lib @infinisil # Nixpkgs build-support /pkgs/build-support/writers @lassulus @Profpatsch +# Nixpkgs make-disk-image +/doc/builders/images/makediskimage.section.md @raitobezarius +/nixos/lib/make-disk-image.nix @raitobezarius + # Nixpkgs documentation -/doc @fricklerhandwerk /maintainers/scripts/db-to-md.sh @jtojnar @ryantm /maintainers/scripts/doc @jtojnar @ryantm + /doc/build-aux/pandoc-filters @jtojnar -/doc/contributing/contributing-to-documentation.chapter.md @jtojnar +/doc/contributing/ @fricklerhandwerk +/doc/contributing/contributing-to-documentation.chapter.md @jtojnar @fricklerhandwerk # NixOS Internals -/nixos/default.nix @nbp @infinisil -/nixos/lib/from-env.nix @nbp @infinisil -/nixos/lib/eval-config.nix @nbp @infinisil -/nixos/doc/manual/configuration/abstractions.xml @nbp -/nixos/doc/manual/configuration/config-file.xml @nbp -/nixos/doc/manual/configuration/config-syntax.xml @nbp -/nixos/doc/manual/configuration/modularity.xml @nbp -/nixos/doc/manual/development/assertions.xml @nbp -/nixos/doc/manual/development/meta-attributes.xml @nbp -/nixos/doc/manual/development/option-declarations.xml @nbp -/nixos/doc/manual/development/option-def.xml @nbp -/nixos/doc/manual/development/option-types.xml @nbp -/nixos/doc/manual/development/replace-modules.xml @nbp -/nixos/doc/manual/development/writing-modules.xml @nbp -/nixos/doc/manual/man-nixos-option.xml @nbp -/nixos/modules/installer/tools/nixos-option.sh @nbp +/nixos/default.nix @infinisil +/nixos/lib/from-env.nix @infinisil +/nixos/lib/eval-config.nix @infinisil /nixos/modules/system @dasJ +/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius +/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius # NixOS integration test driver /nixos/lib/test-driver @tfc +# NixOS QEMU virtualisation +/nixos/virtualisation/qemu-vm.nix @raitobezarius + # Systemd /nixos/modules/system/boot/systemd.nix @NixOS/systemd /nixos/modules/system/boot/systemd @NixOS/systemd @@ -91,10 +91,8 @@ # Python-related code and docs /maintainers/scripts/update-python-libraries @FRidh -/pkgs/top-level/python-packages.nix @FRidh @jonringer /pkgs/development/interpreters/python @FRidh -/pkgs/development/python-modules @FRidh @jonringer -/doc/languages-frameworks/python.section.md @FRidh +/doc/languages-frameworks/python.section.md @FRidh @mweinelt /pkgs/development/tools/poetry2nix @adisbladis /pkgs/development/interpreters/python/hooks @FRidh @jonringer @@ -108,9 +106,9 @@ /pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn # Perl -/pkgs/development/interpreters/perl @stigtsp @zakame -/pkgs/top-level/perl-packages.nix @stigtsp @zakame -/pkgs/development/perl-modules @stigtsp @zakame +/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ +/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ +/pkgs/development/perl-modules @stigtsp @zakame @dasJ # R /pkgs/applications/science/math/R @jbedo @@ -121,13 +119,13 @@ /pkgs/development/ruby-modules @marsam # Rust -/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq -/pkgs/build-support/rust @zowoq -/doc/languages-frameworks/rust.section.md @zowoq +/pkgs/development/compilers/rust @Mic92 @zowoq @winterqt @figsoda +/pkgs/build-support/rust @zowoq @winterqt @figsoda +/doc/languages-frameworks/rust.section.md @zowoq @winterqt @figsoda # C compilers /pkgs/development/compilers/gcc @matthewbauer -/pkgs/development/compilers/llvm @matthewbauer +/pkgs/development/compilers/llvm @matthewbauer @RaitoBezarius # Compatibility stuff /pkgs/top-level/unix-tools.nix @matthewbauer @@ -142,6 +140,11 @@ # Browsers /pkgs/applications/networking/browsers/firefox @mweinelt +# Certificate Authorities +pkgs/data/misc/cacert/ @ajs124 @lukegb @mweinelt +pkgs/development/libraries/nss/ @ajs124 @lukegb @mweinelt +pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt + # Jetbrains /pkgs/applications/editors/jetbrains @edwtjo @@ -188,6 +191,7 @@ /nixos/modules/services/networking/babeld.nix @mweinelt /nixos/modules/services/networking/kea.nix @mweinelt /nixos/modules/services/networking/knot.nix @mweinelt +/nixos/modules/services/monitoring/prometheus/exporters/kea.nix @mweinelt /nixos/tests/babeld.nix @mweinelt /nixos/tests/kea.nix @mweinelt /nixos/tests/knot.nix @mweinelt @@ -214,10 +218,10 @@ /pkgs/top-level/emacs-packages.nix @adisbladis # Neovim -/pkgs/applications/editors/neovim @jonringer @teto +/pkgs/applications/editors/neovim @figsoda @jonringer @teto # VimPlugins -/pkgs/applications/editors/vim/plugins @jonringer +/pkgs/applications/editors/vim/plugins @figsoda @jonringer # VsCode Extensions /pkgs/applications/editors/vscode/extensions @jonringer @@ -258,6 +262,7 @@ # GNOME /pkgs/desktops/gnome @jtojnar /pkgs/desktops/gnome/extensions @piegamesde @jtojnar +/pkgs/build-support/make-hardcode-gsettings-patch @jtojnar # Cinnamon /pkgs/desktops/cinnamon @mkg20001 @@ -279,13 +284,27 @@ # Matrix /pkgs/servers/heisenbridge @piegamesde /pkgs/servers/matrix-conduit @piegamesde -/pkgs/servers/matrix-synapse/matrix-appservice-irc @piegamesde /nixos/modules/services/misc/heisenbridge.nix @piegamesde -/nixos/modules/services/misc/matrix-appservice-irc.nix @piegamesde /nixos/modules/services/misc/matrix-conduit.nix @piegamesde -/nixos/tests/matrix-appservice-irc.nix @piegamesde /nixos/tests/matrix-conduit.nix @piegamesde # Dotnet /pkgs/build-support/dotnet @IvarWithoutBones /pkgs/development/compilers/dotnet @IvarWithoutBones + +# Node.js +/pkgs/build-support/node/build-npm-package @winterqt +/pkgs/build-support/node/fetch-npm-deps @winterqt +/doc/languages-frameworks/javascript.section.md @winterqt + +# OCaml +/pkgs/build-support/ocaml @romildo @ulrikstrid +/pkgs/development/compilers/ocaml @romildo @ulrikstrid +/pkgs/development/ocaml-modules @romildo @ulrikstrid + +# ZFS +pkgs/os-specific/linux/zfs @raitobezarius +nixos/lib/make-single-disk-zfs-image.nix @raitobezarius +nixos/lib/make-multi-disk-zfs-image.nix @raitobezarius +nixos/modules/tasks/filesystems/zfs.nix @raitobezarius +nixos/tests/zfs.nix @raitobezarius diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md b/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md index c197f0340239..258c85f9dde8 100644 --- a/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md +++ b/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md @@ -26,6 +26,7 @@ If applicable, add screenshots to help explain your problem. Add any other context about the problem here. ### Notify maintainers + <!-- Please @ people who are in the `meta.maintainers` list of the offending package or module. If in doubt, check `git blame` for whoever last touched something. diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md b/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md index 7e57b2e208a5..dd6d681775ac 100644 --- a/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md +++ b/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md @@ -1,31 +1,36 @@ --- name: Build failure about: Create a report to help us improve -title: '' +title: 'Build failure: PACKAGENAME' labels: '0.kind: build failure' assignees: '' --- ### Steps To Reproduce + Steps to reproduce the behavior: 1. build *X* ### Build log + ``` log here if short otherwise a link to a gist ``` ### Additional context + Add any other context about the problem here. ### Notify maintainers + <!-- Please @ people who are in the `meta.maintainers` list of the offending package or module. If in doubt, check `git blame` for whoever last touched something. --> ### Metadata + Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. ```console diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/missing_documentation.md b/nixpkgs/.github/ISSUE_TEMPLATE/missing_documentation.md new file mode 100644 index 000000000000..3018b6b99448 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/missing_documentation.md @@ -0,0 +1,32 @@ +--- +name: Missing or incorrect documentation +about: Help us improve the Nixpkgs and NixOS reference manuals +title: 'Documentation: ' +labels: '9.needs: documentation' +assignees: '' + +--- + +## Problem + +<!-- describe your problem --> + +## Proposal + +<!-- propose a solution (optional) --> + +## Checklist + +<!-- make sure this issue is not redundant or obsolete --> + +- [ ] checked [latest Nixpkgs manual] \([source][nixpkgs-source]) and [latest NixOS manual] \([source][nixos-source]) +- [ ] checked [open documentation issues] for possible duplicates +- [ ] checked [open documentation pull requests] for possible solutions + +[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/ +[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/ +[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc +[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual +[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22 +[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22 + diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md b/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md index f1535526c2a7..2735534b0bc9 100644 --- a/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md +++ b/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md @@ -1,24 +1,17 @@ --- name: Out-of-date package reports about: For packages that are out-of-date -title: '' +title: 'Update request: PACKAGENAME OLDVERSION → NEWVERSION' labels: '9.needs: package (update)' assignees: '' --- - -###### Checklist - -<!-- Note that these are hard requirements --> - -<!-- -You can use the "Go to file" functionality on GitHub to find the package -Then you can go to the history for this package -Find the latest "package_name: old_version -> new_version" commit -The "new_version" is the current version of the package ---> -- [ ] Checked the [nixpkgs master branch](https://github.com/NixOS/nixpkgs) +- Package name: +- Latest released version: +<!-- Search your package here: https://search.nixos.org/packages?channel=unstable --> +- Current version on the unstable channel: +- Current version on the stable/release channel: <!-- Type the name of your package and try to find an open pull request for the package If you find an open pull request, you can review it! @@ -26,23 +19,10 @@ There's a high chance that you'll have the new version right away while helping --> - [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls) -###### Project name -`nix search` name: -<!-- -The current version can be found easily with the same process as above for checking the master branch -If an open PR is present for the package, take this version as the current one and link to the PR ---> -current version: -desired version: - -###### Notify maintainers -<!-- -Search your package here: https://search.nixos.org/packages?channel=unstable -If no maintainer is listed for your package, tag the person that last updated the package ---> +**Notify maintainers** -maintainers: +<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. --> -###### Note for maintainers +----- -Please tag this issue in your PR. +Note for maintainers: Please tag this issue in your PR. diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md b/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md index 1ddcd983f31b..a76741fa8e6a 100644 --- a/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md +++ b/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md @@ -1,14 +1,15 @@ --- name: Packaging requests about: For packages that are missing -title: '' +title: 'Package request: PACKAGENAME' labels: '0.kind: packaging request' assignees: '' --- **Project description** -_describe the project a little_ + +<!-- Describe the project a little: --> **Metadata** diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md b/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md new file mode 100644 index 000000000000..a868c26ca54b --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md @@ -0,0 +1,31 @@ +--- +name: Unreproducible package +about: A package that does not produce a bit-by-bit reproducible result each time it is built +title: '' +labels: [ '0.kind: enhancement', '6.topic: reproducible builds' ] +assignees: '' + +--- + +Building this package twice does not produce the bit-by-bit identical result each time, making it harder to detect CI breaches. You can read more about this at https://reproducible-builds.org/ . + +Fixing bit-by-bit reproducibility also has additional advantages, such as avoiding hard-to-reproduce bugs, making content-addressed storage more effective and reducing rebuilds in such systems. + +### Steps To Reproduce + +``` +nix-build '<nixpkgs>' -A ... --check --keep-failed +``` + +You can use `diffoscope` to analyze the differences in the output of the two builds. + +To view the build log of the build that produced the artifact in the binary cache: + +``` +nix-store --read-log $(nix-instantiate '<nixpkgs>' -A ...) +``` + +### Additional context + +(please share the relevant fragment of the diffoscope output here, +and any additional analysis you may have done) diff --git a/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md b/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md index 47857a8ca4c3..4fb4c0f68f9b 100644 --- a/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md +++ b/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md @@ -22,11 +22,10 @@ For new packages please briefly describe the package or provide a link to its ho - made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages - [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage) - [ ] Tested basic functionality of all binary files (usually in `./result/bin/`) -- [22.11 Release Notes (or backporting 22.05 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2211-release-notes) +- [23.11 Release Notes (or backporting 23.05 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2305-release-notes) - [ ] (Package updates) Added a release notes entry if the change is major or breaking - [ ] (Module updates) Added a release notes entry if the change is significant - [ ] (Module addition) Added a release notes entry if adding a new NixOS module - - [ ] (Release notes changes) Ran `nixos/doc/manual/md-to-db.sh` to update generated release notes - [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). <!-- diff --git a/nixpkgs/.github/dependabot.yml b/nixpkgs/.github/dependabot.yml new file mode 100644 index 000000000000..5ace4600a1f2 --- /dev/null +++ b/nixpkgs/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/nixpkgs/.github/labeler.yml b/nixpkgs/.github/labeler.yml index 94dfec05c9fd..44e5dcbf657d 100644 --- a/nixpkgs/.github/labeler.yml +++ b/nixpkgs/.github/labeler.yml @@ -7,6 +7,8 @@ "6.topic: cinnamon": - pkgs/desktops/cinnamon/**/* + - nixos/modules/services/x11/desktop-managers/cinnamon.nix + - nixos/tests/cinnamon.nix "6.topic: emacs": - nixos/modules/services/editors/emacs.nix @@ -17,6 +19,11 @@ - pkgs/build-support/emacs/**/* - pkgs/top-level/emacs-packages.nix +"6.topic: Enlightenment DE": + - nixos/modules/services/x11/desktop-managers/enlightenment.nix + - pkgs/desktops/enlightenment/**/* + - pkgs/development/python-modules/python-efl/* + "6.topic: erlang": - doc/languages-frameworks/beam.section.md - pkgs/development/beam-modules/**/* @@ -63,6 +70,19 @@ - pkgs/development/lua-modules/**/* - pkgs/top-level/lua-packages.nix +"6.topic: Lumina DE": + - nixos/modules/services/x11/desktop-managers/lumina.nix + - pkgs/desktops/lumina/**/* + +"6.topic: LXQt": + - nixos/modules/services/x11/desktop-managers/lxqt.nix + - pkgs/desktops/lxqt/**/* + +"6.topic: mate": + - nixos/modules/services/x11/desktop-managers/mate.nix + - nixos/tests/mate.nix + - pkgs/desktops/mate/**/* + "6.topic: nixos": - nixos/**/* - pkgs/os-specific/linux/nixos-rebuild/**/* @@ -141,6 +161,9 @@ - nixos/modules/programs/neovim.nix - pkgs/applications/editors/neovim/**/* +"6.topic: vscode": + - pkgs/applications/editors/vscode/**/* + "6.topic: xfce": - nixos/doc/manual/configuration/xfce.xml - nixos/modules/services/x11/desktop-managers/xfce.nix diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml index 53066456f98d..60ceb304ee8a 100644 --- a/nixpkgs/.github/workflows/backport.yml +++ b/nixpkgs/.github/workflows/backport.yml @@ -14,26 +14,20 @@ permissions: jobs: backport: permissions: - contents: write # for zeebe-io/backport-action to create branch - pull-requests: write # for zeebe-io/backport-action to create PR to backport + contents: write # for korthout/backport-action to create branch + pull-requests: write # for korthout/backport-action to create PR to backport name: Backport Pull Request if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: - # required to find all branches - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs - # should be kept in sync with `version` - uses: zeebe-io/backport-action@v0.0.5 + uses: korthout/backport-action@v1.2.0 with: - # Config README: https://github.com/zeebe-io/backport-action#backport-action - github_token: ${{ secrets.GITHUB_TOKEN }} - github_workspace: ${{ github.workspace }} - # should be kept in sync with `uses` - version: v0.0.5 + # Config README: https://github.com/korthout/backport-action#backport-action + copy_labels_pattern: 'severity:\ssecurity' pull_description: |- Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml index 2d31392caf45..3af716e88976 100644 --- a/nixpkgs/.github/workflows/basic-eval.yml +++ b/nixpkgs/.github/workflows/basic-eval.yml @@ -19,8 +19,8 @@ jobs: # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v17 - - uses: cachix/cachix-action@v10 + - uses: cachix/install-nix-action@v21 + - uses: cachix/cachix-action@v12 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. name: nixpkgs-ci diff --git a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml new file mode 100644 index 000000000000..c72679af4a9e --- /dev/null +++ b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml @@ -0,0 +1,24 @@ +name: "Check that maintainer list is sorted" + +on: + pull_request_target: + paths: + - 'maintainers/maintainer-list.nix' +permissions: + contents: read + +jobs: + nixos: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@v3 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v21 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - name: Check that maintainer-list.nix is sorted + run: nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix diff --git a/nixpkgs/.github/workflows/compare-manuals.sh b/nixpkgs/.github/workflows/compare-manuals.sh new file mode 100755 index 000000000000..b2cc68c7831d --- /dev/null +++ b/nixpkgs/.github/workflows/compare-manuals.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p html-tidy + +set -euo pipefail +shopt -s inherit_errexit + +normalize() { + tidy \ + --anchor-as-name no \ + --coerce-endtags no \ + --escape-scripts no \ + --fix-backslash no \ + --fix-style-tags no \ + --fix-uri no \ + --indent yes \ + --wrap 0 \ + < "$1" \ + 2> /dev/null +} + +diff -U3 <(normalize "$1") <(normalize "$2") diff --git a/nixpkgs/.github/workflows/direct-push.yml b/nixpkgs/.github/workflows/direct-push.yml index 167253ac6db6..9046022af662 100644 --- a/nixpkgs/.github/workflows/direct-push.yml +++ b/nixpkgs/.github/workflows/direct-push.yml @@ -21,7 +21,7 @@ jobs: id: ismerge run: | ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any') - echo "::set-output name=ismerge::$ISMERGE" + echo "ismerge=$ISMERGE" >> $GITHUB_OUTPUT # github events are eventually consistent, so wait until changes propagate to thier DB - run: sleep 60 if: steps.ismerge.outputs.ismerge != 'true' diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml index 5b57614e1107..f62ab05da452 100644 --- a/nixpkgs/.github/workflows/editorconfig.yml +++ b/nixpkgs/.github/workflows/editorconfig.yml @@ -11,7 +11,7 @@ on: jobs: tests: runs-on: ubuntu-latest - if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip editorconfig]')" + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" steps: - name: Get list of changed files from PR env: @@ -28,16 +28,14 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v17 + - uses: cachix/install-nix-action@v21 with: # nixpkgs commit is pinned so that it doesn't break # editorconfig-checker 2.4.0 nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz - - name: install editorconfig-checker - run: nix-env -iA editorconfig-checker -f '<nixpkgs>' - name: Checking EditorConfig run: | - cat "$HOME/changed_files" | xargs -r editorconfig-checker -disable-indent-size + cat "$HOME/changed_files" | nix-shell -p editorconfig-checker --run 'xargs -r editorconfig-checker -disable-indent-size' - if: ${{ failure() }} run: | echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again." diff --git a/nixpkgs/.github/workflows/labels.yml b/nixpkgs/.github/workflows/labels.yml index 5f949ddc56b1..35f5f24ce309 100644 --- a/nixpkgs/.github/workflows/labels.yml +++ b/nixpkgs/.github/workflows/labels.yml @@ -16,7 +16,7 @@ permissions: jobs: labels: runs-on: ubuntu-latest - if: github.repository_owner == 'NixOS' + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" steps: - uses: actions/labeler@v4 with: diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml index 64829a191369..30cecf607d17 100644 --- a/nixpkgs/.github/workflows/manual-nixos.yml +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -18,14 +18,22 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v17 + - uses: cachix/install-nix-action@v21 with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@v10 + - uses: cachix/cachix-action@v12 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. name: nixpkgs-ci signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - - name: Building NixOS manual + - name: Building NixOS manual with DocBook options run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux + - name: Building NixOS manual with Markdown options + run: | + export NIX_PATH=nixpkgs=$(pwd) + nix-build \ + --option restrict-eval true \ + --arg configuration '{ documentation.nixos.options.allowDocBook = false; }' \ + nixos/release.nix \ + -A manual.x86_64-linux diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml index 2aebeeeea2ab..43ee63af127d 100644 --- a/nixpkgs/.github/workflows/manual-nixpkgs.yml +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -8,6 +8,7 @@ on: - master paths: - 'doc/**' + - 'lib/**' jobs: nixpkgs: @@ -18,11 +19,11 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v17 + - uses: cachix/install-nix-action@v21 with: # explicitly enable sandbox extra_nix_config: sandbox = true - - uses: cachix/cachix-action@v10 + - uses: cachix/cachix-action@v12 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. name: nixpkgs-ci diff --git a/nixpkgs/.github/workflows/manual-rendering.yml b/nixpkgs/.github/workflows/manual-rendering.yml new file mode 100644 index 000000000000..dbaea583ef7d --- /dev/null +++ b/nixpkgs/.github/workflows/manual-rendering.yml @@ -0,0 +1,64 @@ +name: "Check NixOS Manual DocBook rendering against MD rendering" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Check every 24 hours + - cron: '0 0 * * *' + +permissions: + contents: read + +jobs: + check-rendering-equivalence: + permissions: + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v21 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v12 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + + - name: Build DocBook and MD manuals + run: | + export NIX_PATH=nixpkgs=$(pwd) + nix-build \ + --option restrict-eval true \ + -o docbook nixos/release.nix \ + -A manual.x86_64-linux + nix-build \ + --option restrict-eval true \ + --arg configuration '{ documentation.nixos.options.allowDocBook = false; }' \ + -o md nixos/release.nix \ + -A manual.x86_64-linux + + - name: Compare DocBook and MD manuals + id: check + run: | + export NIX_PATH=nixpkgs=$(pwd) + .github/workflows/compare-manuals.sh \ + docbook/share/doc/nixos/options.html \ + md/share/doc/nixos/options.html + + # if the manual can't be built we don't want to notify anyone. + # while this may temporarily hide rendering failures it will be a lot + # less noisy until all nixpkgs pull requests have stopped using + # docbook for option docs. + - name: Comment on failure + uses: peter-evans/create-or-update-comment@v3 + if: ${{ failure() && steps.check.conclusion == 'failure' }} + with: + issue-number: 189318 + body: | + Markdown and DocBook manuals do not agree. + + Check https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }} for details. diff --git a/nixpkgs/.github/workflows/nixos-manual.yml b/nixpkgs/.github/workflows/nixos-manual.yml deleted file mode 100644 index 5453513a53a6..000000000000 --- a/nixpkgs/.github/workflows/nixos-manual.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: NixOS manual checks - -permissions: read-all - -on: - pull_request_target: - branches-ignore: - - 'release-**' - paths: - - 'nixos/**/*.xml' - - 'nixos/**/*.md' - -jobs: - tests: - runs-on: ubuntu-latest - if: github.repository_owner == 'NixOS' - steps: - - uses: actions/checkout@v3 - with: - # pull_request_target checks out the base branch by default - ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v17 - - name: Check DocBook files generated from Markdown are consistent - run: | - nixos/doc/manual/md-to-db.sh - git diff --exit-code || { - echo - echo 'Generated manual files are out of date.' - echo 'Please run' - echo - echo ' nixos/doc/manual/md-to-db.sh' - echo - exit 1 - } diff --git a/nixpkgs/.github/workflows/ofborg-pending.yml b/nixpkgs/.github/workflows/ofborg-pending.yml new file mode 100644 index 000000000000..b5e0a7c46c8c --- /dev/null +++ b/nixpkgs/.github/workflows/ofborg-pending.yml @@ -0,0 +1,33 @@ +name: "Set pending OfBorg status" +on: + pull_request_target: + +# Sets the ofborg-eval status to "pending" to signal that we are waiting for +# OfBorg even if it is running late. The status will be overwritten by OfBorg +# once it starts evaluation. + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows (restricted) write access to +# the GitHub repository. This means that it should not evaluate user input in a +# way that allows code injection. + +permissions: + contents: read + +jobs: + action: + if: github.repository_owner == 'NixOS' + permissions: + statuses: write + runs-on: ubuntu-latest + steps: + - name: "Set pending OfBorg status" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -d '{"context": "ofborg-eval", "state": "pending", "description": "Waiting for OfBorg..."}' \ + "https://api.github.com/repos/NixOS/nixpkgs/commits/${{ github.event.pull_request.head.sha }}/statuses" diff --git a/nixpkgs/.github/workflows/pending-clear.yml b/nixpkgs/.github/workflows/pending-clear.yml deleted file mode 100644 index 7e8960597e5c..000000000000 --- a/nixpkgs/.github/workflows/pending-clear.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "clear pending status" - -on: - check_suite: - types: [ completed ] - -permissions: - contents: read - -jobs: - action: - permissions: - statuses: write - runs-on: ubuntu-latest - steps: - - name: clear pending status - if: github.repository_owner == 'NixOS' && github.event.check_suite.app.name == 'OfBorg' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - curl \ - -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -d '{"state": "success", "target_url": " ", "description": " ", "context": "Wait for ofborg"}' \ - "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.check_suite.head_sha }}" diff --git a/nixpkgs/.github/workflows/pending-set.yml b/nixpkgs/.github/workflows/pending-set.yml deleted file mode 100644 index 0dc3031d87c0..000000000000 --- a/nixpkgs/.github/workflows/pending-set.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: "set pending status" - -on: - pull_request_target: - -# WARNING: -# When extending this action, be aware that $GITHUB_TOKEN allows write access to -# the GitHub repository. This means that it should not evaluate user input in a -# way that allows code injection. - -permissions: - contents: read - -jobs: - action: - permissions: - statuses: write - runs-on: ubuntu-latest - steps: - - name: set pending status - if: github.repository_owner == 'NixOS' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - curl \ - -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -d '{"state": "pending", "target_url": " ", "description": "This pending status will be cleared when ofborg starts eval.", "context": "Wait for ofborg"}' \ - "https://api.github.com/repos/NixOS/nixpkgs/statuses/${{ github.event.pull_request.head.sha }}" diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml index 2eec69f65257..dd0c1a233300 100644 --- a/nixpkgs/.github/workflows/periodic-merge-24h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml @@ -21,7 +21,7 @@ jobs: periodic-merge: permissions: contents: write # for devmasx/merge-branch to merge branches - issues: write # for peter-evans/create-or-update-comment to create or update comment + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest strategy: @@ -34,10 +34,14 @@ jobs: pairs: - from: master into: haskell-updates - - from: release-22.05 - into: staging-next-22.05 - - from: staging-next-22.05 - into: staging-22.05 + - from: release-22.11 + into: staging-next-22.11 + - from: staging-next-22.11 + into: staging-22.11 + - from: release-23.05 + into: staging-next-23.05 + - from: staging-next-23.05 + into: staging-23.05 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - uses: actions/checkout@v3 @@ -51,7 +55,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Comment on failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@v3 if: ${{ failure() }} with: issue-number: 105153 diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml index bcc9f4883588..300c418054d7 100644 --- a/nixpkgs/.github/workflows/periodic-merge-6h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml @@ -21,7 +21,7 @@ jobs: periodic-merge: permissions: contents: write # for devmasx/merge-branch to merge branches - issues: write # for peter-evans/create-or-update-comment to create or update comment + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest strategy: @@ -49,7 +49,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Comment on failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@v3 if: ${{ failure() }} with: issue-number: 105153 diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml index 1650f537b7bc..1276a0867aac 100644 --- a/nixpkgs/.github/workflows/update-terraform-providers.yml +++ b/nixpkgs/.github/workflows/update-terraform-providers.yml @@ -2,7 +2,7 @@ name: "Update terraform-providers" on: schedule: - - cron: "14 3 * * 0" + - cron: "0 3 * * *" workflow_dispatch: permissions: @@ -11,45 +11,59 @@ permissions: jobs: tf-providers: permissions: - contents: write # for peter-evans/create-pull-request to create branch - issues: write # for peter-evans/create-or-update-comment to create or update comment - pull-requests: write # for peter-evans/create-pull-request to create a PR + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v17 + - uses: cachix/install-nix-action@v21 + with: + nix_path: nixpkgs=channel:nixpkgs-unstable - name: setup id: setup run: | - echo ::set-output name=title::"terraform-providers: update $(date -u +"%Y-%m-%d")" + echo "title=terraform-providers: update $(date -u +"%Y-%m-%d")" >> $GITHUB_OUTPUT - name: update terraform-providers + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.name "github-actions[bot]" - pushd pkgs/applications/networking/cluster/terraform-providers - ./update-all-providers --no-build - git commit -m "${{ steps.setup.outputs.title }}" providers.json - popd + echo | nix-shell \ + maintainers/scripts/update.nix \ + --argstr commit true \ + --argstr keep-going true \ + --argstr max-workers 2 \ + --argstr path terraform-providers + - name: get failed updates + run: | + echo 'FAILED<<EOF' >> $GITHUB_ENV + git ls-files --others >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + # cleanup logs of failed updates so they aren't included in the PR + - name: clean repo + run: | + git clean -f - name: create PR - uses: peter-evans/create-pull-request@v4 + uses: peter-evans/create-pull-request@v5 with: body: | Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. + https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }} + + These providers failed to update: + ``` + ${{ env.FAILED }} + ``` + Check that all providers build with: ``` @ofborg build terraform.full ``` + If there is more than ten commits in the PR `ofborg` won't build it automatically and you will need to use the above command. branch: terraform-providers-update delete-branch: false - labels: "2.status: work-in-progress" title: ${{ steps.setup.outputs.title }} token: ${{ secrets.GITHUB_TOKEN }} - - name: comment on failure - uses: peter-evans/create-or-update-comment@v2 - if: ${{ failure() }} - with: - issue-number: 153416 - body: | - Automatic update of terraform providers [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). |