diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-12-06 19:57:55 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:48:30 +0000 |
commit | bf3aadfdd39aa197e18bade671fab6726349ffa4 (patch) | |
tree | 698567af766ed441d757b57a7b21e68d4a342a2b /nixpkgs/.github | |
parent | f4afc5a01d9539ce09e47494e679c51f80723d07 (diff) | |
parent | 99665eb45f58d959d2cb9e49ddb960c79d596f33 (diff) | |
download | nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.gz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.bz2 nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.lz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.xz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.zst nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.zip |
Merge commit '99665eb45f58d959d2cb9e49ddb960c79d596f33'
Diffstat (limited to 'nixpkgs/.github')
-rw-r--r-- | nixpkgs/.github/CODEOWNERS | 99 | ||||
-rw-r--r-- | nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md | 34 | ||||
-rw-r--r-- | nixpkgs/.github/PULL_REQUEST_TEMPLATE.md | 2 | ||||
-rw-r--r-- | nixpkgs/.github/STALE-BOT.md | 1 | ||||
-rw-r--r-- | nixpkgs/.github/labeler.yml | 3 | ||||
-rw-r--r-- | nixpkgs/.github/stale.yml | 3 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/backport.yml | 6 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/basic-eval.yml | 22 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/direct-push.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/editorconfig.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixos.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixpkgs.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/nixos-manual.yml | 12 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/no-channel.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/pending-clear.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/pending-set.yml | 5 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-24h.yml | 18 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-6h.yml | 6 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/update-terraform-providers.yml | 22 |
19 files changed, 164 insertions, 90 deletions
diff --git a/nixpkgs/.github/CODEOWNERS b/nixpkgs/.github/CODEOWNERS index 9117a44b9fc2..c7aa63d40f43 100644 --- a/nixpkgs/.github/CODEOWNERS +++ b/nixpkgs/.github/CODEOWNERS @@ -10,9 +10,6 @@ # IMPORTANT NOTE: in order to actually get pinged, commit access is required. # This also holds true for GitHub teams. Since almost none of our teams have write # permissions, you need to list all members of the team with commit access individually. -# We still add the team to the list next to its members, this helps keeping things -# in sync. (Put non team members before the team to distinguish them.) -# See https://github.com/NixOS/nixpkgs/issues/124085 for more details # This file /.github/CODEOWNERS @edolstra @@ -39,17 +36,19 @@ /pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer /pkgs/top-level/splice.nix @Ericson2314 @matthewbauer /pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer -/pkgs/stdenv/generic @Ericson2314 @matthewbauer @cab404 +/pkgs/stdenv/generic @Ericson2314 @matthewbauer /pkgs/stdenv/cross @Ericson2314 @matthewbauer -/pkgs/build-support/cc-wrapper @Ericson2314 @orivej -/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej +/pkgs/build-support/cc-wrapper @Ericson2314 +/pkgs/build-support/bintools-wrapper @Ericson2314 /pkgs/build-support/setup-hooks @Ericson2314 -/pkgs/build-support/setup-hooks/auto-patchelf.sh @aszlig +/pkgs/build-support/setup-hooks/auto-patchelf.sh @layus +/pkgs/build-support/setup-hooks/auto-patchelf.py @layus # Nixpkgs build-support /pkgs/build-support/writers @lassulus @Profpatsch # Nixpkgs documentation +/doc @fricklerhandwerk /maintainers/scripts/db-to-md.sh @jtojnar @ryantm /maintainers/scripts/doc @jtojnar @ryantm /doc/build-aux/pandoc-filters @jtojnar @@ -97,17 +96,16 @@ /pkgs/development/python-modules @FRidh @jonringer /doc/languages-frameworks/python.section.md @FRidh /pkgs/development/tools/poetry2nix @adisbladis -/pkgs/development/interpreters/python/hooks @FRidh @jonringer @DavHau -/pkgs/development/interpreters/python/conda @DavHau +/pkgs/development/interpreters/python/hooks @FRidh @jonringer # Haskell -/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn @expipiplus1 -/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn @expipiplus1 -/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn @expipiplus1 -/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn @expipiplus1 -/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn @expipiplus1 -/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn @expipiplus1 -/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn @expipiplus1 +/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn +/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn +/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn +/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn +/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn +/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn +/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn # Perl /pkgs/development/interpreters/perl @stigtsp @zakame @@ -115,8 +113,8 @@ /pkgs/development/perl-modules @stigtsp @zakame # R -/pkgs/applications/science/math/R @jbedo @bcdarwin -/pkgs/development/r-modules @jbedo @bcdarwin +/pkgs/applications/science/math/R @jbedo +/pkgs/development/r-modules @jbedo # Ruby /pkgs/development/interpreters/ruby @marsam @@ -127,10 +125,6 @@ /pkgs/build-support/rust @zowoq /doc/languages-frameworks/rust.section.md @zowoq -# Darwin-related -/pkgs/stdenv/darwin @NixOS/darwin-maintainers -/pkgs/os-specific/darwin @NixOS/darwin-maintainers - # C compilers /pkgs/development/compilers/gcc @matthewbauer /pkgs/development/compilers/llvm @matthewbauer @@ -139,15 +133,6 @@ /pkgs/top-level/unix-tools.nix @matthewbauer /pkgs/development/tools/xcbuild @matthewbauer -# Beam-related (Erlang, Elixir, LFE, etc) -/pkgs/development/beam-modules @gleber -/pkgs/development/interpreters/erlang @gleber -/pkgs/development/interpreters/lfe @gleber -/pkgs/development/interpreters/elixir @gleber -/pkgs/development/tools/build-managers/rebar @gleber -/pkgs/development/tools/build-managers/rebar3 @gleber -/pkgs/development/tools/erlang @gleber - # Audio /nixos/modules/services/audio/botamusique.nix @mweinelt /nixos/modules/services/audio/snapserver.nix @mweinelt @@ -208,14 +193,14 @@ /nixos/tests/knot.nix @mweinelt # Dhall -/pkgs/development/dhall-modules @Gabriel439 @Profpatsch @ehmry -/pkgs/development/interpreters/dhall @Gabriel439 @Profpatsch @ehmry +/pkgs/development/dhall-modules @Gabriella439 @Profpatsch @ehmry +/pkgs/development/interpreters/dhall @Gabriella439 @Profpatsch @ehmry # Idris /pkgs/development/idris-modules @Infinisil # Bazel -/pkgs/development/tools/build-managers/bazel @mboes @Profpatsch +/pkgs/development/tools/build-managers/bazel @Profpatsch # NixOS modules for e-mail and dns services /nixos/modules/services/mail/mailman.nix @peti @@ -243,38 +228,36 @@ /nixos/tests/prometheus-exporters.nix @WilliButz # PHP interpreter, packages, extensions, tests and documentation -/doc/languages-frameworks/php.section.md @NixOS/php @aanderse @etu @globin @ma27 @talyz -/nixos/tests/php @NixOS/php @aanderse @etu @globin @ma27 @talyz -/pkgs/build-support/build-pecl.nix @NixOS/php @aanderse @etu @globin @ma27 @talyz -/pkgs/development/interpreters/php @jtojnar @NixOS/php @aanderse @etu @globin @ma27 @talyz -/pkgs/development/php-packages @NixOS/php @aanderse @etu @globin @ma27 @talyz -/pkgs/top-level/php-packages.nix @jtojnar @NixOS/php @aanderse @etu @globin @ma27 @talyz +/doc/languages-frameworks/php.section.md @aanderse @etu @globin @ma27 @talyz +/nixos/tests/php @aanderse @etu @globin @ma27 @talyz +/pkgs/build-support/build-pecl.nix @aanderse @etu @globin @ma27 @talyz +/pkgs/development/interpreters/php @jtojnar @aanderse @etu @globin @ma27 @talyz +/pkgs/development/php-packages @aanderse @etu @globin @ma27 @talyz +/pkgs/top-level/php-packages.nix @jtojnar @aanderse @etu @globin @ma27 @talyz # Podman, CRI-O modules and related -/nixos/modules/virtualisation/containers.nix @NixOS/podman @zowoq @adisbladis -/nixos/modules/virtualisation/cri-o.nix @NixOS/podman @zowoq @adisbladis -/nixos/modules/virtualisation/podman @NixOS/podman @zowoq @adisbladis -/nixos/tests/cri-o.nix @NixOS/podman @zowoq @adisbladis -/nixos/tests/podman @NixOS/podman @zowoq @adisbladis +/nixos/modules/virtualisation/containers.nix @zowoq @adisbladis +/nixos/modules/virtualisation/cri-o.nix @zowoq @adisbladis +/nixos/modules/virtualisation/podman @zowoq @adisbladis +/nixos/tests/cri-o.nix @zowoq @adisbladis +/nixos/tests/podman @zowoq @adisbladis # Docker tools -/pkgs/build-support/docker @roberth @utdemir -/nixos/tests/docker-tools-overlay.nix @roberth -/nixos/tests/docker-tools.nix @roberth -/doc/builders/images/dockertools.xml @roberth +/pkgs/build-support/docker @roberth +/nixos/tests/docker-tools* @roberth +/doc/builders/images/dockertools.section.md @roberth # Blockchains /pkgs/applications/blockchains @mmahut @RaghavSood # Go /doc/languages-frameworks/go.section.md @kalbasit @Mic92 @zowoq +/pkgs/build-support/go @kalbasit @Mic92 @zowoq /pkgs/development/compilers/go @kalbasit @Mic92 @zowoq -/pkgs/development/go-modules @kalbasit @Mic92 @zowoq -/pkgs/development/go-packages @kalbasit @Mic92 @zowoq # GNOME -/pkgs/desktops/gnome @NixOS/GNOME @jtojnar @hedning -/pkgs/desktops/gnome/extensions @piegamesde @NixOS/GNOME @jtojnar @hedning +/pkgs/desktops/gnome @jtojnar +/pkgs/desktops/gnome/extensions @piegamesde @jtojnar # Cinnamon /pkgs/desktops/cinnamon @mkg20001 @@ -295,10 +278,14 @@ # Matrix /pkgs/servers/heisenbridge @piegamesde -/pkgs/servers/matrix-conduit @piegamesde @pstn +/pkgs/servers/matrix-conduit @piegamesde /pkgs/servers/matrix-synapse/matrix-appservice-irc @piegamesde /nixos/modules/services/misc/heisenbridge.nix @piegamesde /nixos/modules/services/misc/matrix-appservice-irc.nix @piegamesde -/nixos/modules/services/misc/matrix-conduit.nix @piegamesde @pstn +/nixos/modules/services/misc/matrix-conduit.nix @piegamesde /nixos/tests/matrix-appservice-irc.nix @piegamesde -/nixos/tests/matrix-conduit.nix @piegamesde @pstn +/nixos/tests/matrix-conduit.nix @piegamesde + +# Dotnet +/pkgs/build-support/dotnet @IvarWithoutBones +/pkgs/development/compilers/dotnet @IvarWithoutBones diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md b/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md new file mode 100644 index 000000000000..7e57b2e208a5 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md @@ -0,0 +1,34 @@ +--- +name: Build failure +about: Create a report to help us improve +title: '' +labels: '0.kind: build failure' +assignees: '' + +--- + +### Steps To Reproduce +Steps to reproduce the behavior: +1. build *X* + +### Build log +``` +log here if short otherwise a link to a gist +``` + +### Additional context +Add any other context about the problem here. + +### Notify maintainers +<!-- +Please @ people who are in the `meta.maintainers` list of the offending package or module. +If in doubt, check `git blame` for whoever last touched something. +--> + +### Metadata +Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. + +```console +[user@system:~]$ nix-shell -p nix-info --run "nix-info -m" +output here +``` diff --git a/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md b/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md index 397e5ff5d175..47857a8ca4c3 100644 --- a/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md +++ b/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md @@ -22,7 +22,7 @@ For new packages please briefly describe the package or provide a link to its ho - made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages - [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage) - [ ] Tested basic functionality of all binary files (usually in `./result/bin/`) -- [22.05 Release Notes (or backporting 21.11 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2205-release-notes) +- [22.11 Release Notes (or backporting 22.05 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2211-release-notes) - [ ] (Package updates) Added a release notes entry if the change is major or breaking - [ ] (Module updates) Added a release notes entry if the change is significant - [ ] (Module addition) Added a release notes entry if adding a new NixOS module diff --git a/nixpkgs/.github/STALE-BOT.md b/nixpkgs/.github/STALE-BOT.md index 0c5a21cc3524..dff787300d40 100644 --- a/nixpkgs/.github/STALE-BOT.md +++ b/nixpkgs/.github/STALE-BOT.md @@ -1,6 +1,7 @@ # Stale bot information - Thanks for your contribution! +- Our stale bot will never close an issue or PR. - To remove the stale label, just leave a new comment. - _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.) - You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/), [our Matrix room](https://matrix.to/#/#nix:nixos.org), or on the [#nixos IRC channel](https://web.libera.chat/#nixos). diff --git a/nixpkgs/.github/labeler.yml b/nixpkgs/.github/labeler.yml index a48f60e77638..94dfec05c9fd 100644 --- a/nixpkgs/.github/labeler.yml +++ b/nixpkgs/.github/labeler.yml @@ -40,9 +40,8 @@ "6.topic: golang": - doc/languages-frameworks/go.section.md + - pkgs/build-support/go/**/* - pkgs/development/compilers/go/**/* - - pkgs/development/go-modules/**/* - - pkgs/development/go-packages/**/* "6.topic: haskell": - doc/languages-frameworks/haskell.section.md diff --git a/nixpkgs/.github/stale.yml b/nixpkgs/.github/stale.yml index b5e6ec93baf9..d6134c7ce112 100644 --- a/nixpkgs/.github/stale.yml +++ b/nixpkgs/.github/stale.yml @@ -5,6 +5,5 @@ exemptLabels: - "1.severity: security" - "2.status: never-stale" staleLabel: "2.status: stale" -markComment: | - I marked this as stale due to inactivity. → [More info](https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md) +markComment: false closeComment: false diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml index 4ee5adfaac1e..53066456f98d 100644 --- a/nixpkgs/.github/workflows/backport.yml +++ b/nixpkgs/.github/workflows/backport.yml @@ -8,8 +8,14 @@ on: # the GitHub repository. This means that it should not evaluate user input in a # way that allows code injection. +permissions: + contents: read + jobs: backport: + permissions: + contents: write # for zeebe-io/backport-action to create branch + pull-requests: write # for zeebe-io/backport-action to create PR to backport name: Backport Pull Request if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml index 51429ae40bee..2d31392caf45 100644 --- a/nixpkgs/.github/workflows/basic-eval.yml +++ b/nixpkgs/.github/workflows/basic-eval.yml @@ -1,21 +1,25 @@ name: Basic evaluation checks on: - pull_request: - branches: - - master - - release-** - push: - branches: - - master - - release-** + workflow_dispatch + # pull_request: + # branches: + # - master + # - release-** + # push: + # branches: + # - master + # - release-** +permissions: + contents: read + jobs: tests: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 - uses: cachix/cachix-action@v10 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. diff --git a/nixpkgs/.github/workflows/direct-push.yml b/nixpkgs/.github/workflows/direct-push.yml index 082a4806e619..167253ac6db6 100644 --- a/nixpkgs/.github/workflows/direct-push.yml +++ b/nixpkgs/.github/workflows/direct-push.yml @@ -4,8 +4,13 @@ on: branches: - master - release-** +permissions: + contents: read + jobs: build: + permissions: + contents: write # for peter-evans/commit-comment to comment on commit runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' env: diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml index de49e55ef2a7..5b57614e1107 100644 --- a/nixpkgs/.github/workflows/editorconfig.yml +++ b/nixpkgs/.github/workflows/editorconfig.yml @@ -28,7 +28,7 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 with: # nixpkgs commit is pinned so that it doesn't break # editorconfig-checker 2.4.0 diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml index 61a8a217651d..64829a191369 100644 --- a/nixpkgs/.github/workflows/manual-nixos.yml +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -18,7 +18,7 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 with: # explicitly enable sandbox extra_nix_config: sandbox = true diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml index 70d9aab69828..2aebeeeea2ab 100644 --- a/nixpkgs/.github/workflows/manual-nixpkgs.yml +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -18,7 +18,7 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 with: # explicitly enable sandbox extra_nix_config: sandbox = true diff --git a/nixpkgs/.github/workflows/nixos-manual.yml b/nixpkgs/.github/workflows/nixos-manual.yml index bd70f228d462..5453513a53a6 100644 --- a/nixpkgs/.github/workflows/nixos-manual.yml +++ b/nixpkgs/.github/workflows/nixos-manual.yml @@ -19,8 +19,16 @@ jobs: with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 - name: Check DocBook files generated from Markdown are consistent run: | nixos/doc/manual/md-to-db.sh - git diff --exit-code + git diff --exit-code || { + echo + echo 'Generated manual files are out of date.' + echo 'Please run' + echo + echo ' nixos/doc/manual/md-to-db.sh' + echo + exit 1 + } diff --git a/nixpkgs/.github/workflows/no-channel.yml b/nixpkgs/.github/workflows/no-channel.yml index fb9a95851f06..90c38f22c007 100644 --- a/nixpkgs/.github/workflows/no-channel.yml +++ b/nixpkgs/.github/workflows/no-channel.yml @@ -6,8 +6,13 @@ on: - 'nixos-**' - 'nixpkgs-**' +permissions: + contents: read + jobs: fail: + permissions: + contents: none name: "This PR is is targeting a channel branch" runs-on: ubuntu-latest steps: diff --git a/nixpkgs/.github/workflows/pending-clear.yml b/nixpkgs/.github/workflows/pending-clear.yml index d06b1e2143f1..7e8960597e5c 100644 --- a/nixpkgs/.github/workflows/pending-clear.yml +++ b/nixpkgs/.github/workflows/pending-clear.yml @@ -4,8 +4,13 @@ on: check_suite: types: [ completed ] +permissions: + contents: read + jobs: action: + permissions: + statuses: write runs-on: ubuntu-latest steps: - name: clear pending status diff --git a/nixpkgs/.github/workflows/pending-set.yml b/nixpkgs/.github/workflows/pending-set.yml index b15e4847e67c..0dc3031d87c0 100644 --- a/nixpkgs/.github/workflows/pending-set.yml +++ b/nixpkgs/.github/workflows/pending-set.yml @@ -8,8 +8,13 @@ on: # the GitHub repository. This means that it should not evaluate user input in a # way that allows code injection. +permissions: + contents: read + jobs: action: + permissions: + statuses: write runs-on: ubuntu-latest steps: - name: set pending status diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml index 027c63aad9a2..2eec69f65257 100644 --- a/nixpkgs/.github/workflows/periodic-merge-24h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml @@ -14,8 +14,14 @@ on: # Merge every 24 hours - cron: '0 0 * * *' +permissions: + contents: read + jobs: periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + issues: write # for peter-evans/create-or-update-comment to create or update comment if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest strategy: @@ -28,14 +34,10 @@ jobs: pairs: - from: master into: haskell-updates - - from: release-21.05 - into: staging-next-21.05 - - from: staging-next-21.05 - into: staging-21.05 - - from: release-21.11 - into: staging-next-21.11 - - from: staging-next-21.11 - into: staging-21.11 + - from: release-22.05 + into: staging-next-22.05 + - from: staging-next-22.05 + into: staging-22.05 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - uses: actions/checkout@v3 diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml index 5588d216ea03..bcc9f4883588 100644 --- a/nixpkgs/.github/workflows/periodic-merge-6h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml @@ -14,8 +14,14 @@ on: # Merge every 6 hours - cron: '0 */6 * * *' +permissions: + contents: read + jobs: periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + issues: write # for peter-evans/create-or-update-comment to create or update comment if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest strategy: diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml index 0c775cb6e402..1650f537b7bc 100644 --- a/nixpkgs/.github/workflows/update-terraform-providers.yml +++ b/nixpkgs/.github/workflows/update-terraform-providers.yml @@ -2,16 +2,23 @@ name: "Update terraform-providers" on: schedule: - - cron: "14 3 * * 1" + - cron: "14 3 * * 0" workflow_dispatch: +permissions: + contents: read + jobs: tf-providers: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + issues: write # for peter-evans/create-or-update-comment to create or update comment + pull-requests: write # for peter-evans/create-pull-request to create a PR if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v17 - name: setup id: setup run: | @@ -25,14 +32,15 @@ jobs: git commit -m "${{ steps.setup.outputs.title }}" providers.json popd - name: create PR - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v4 with: body: | - Automatic update of terraform providers. - - Created by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. + Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. - Check that all providers build with `@ofborg build terraform-full` + Check that all providers build with: + ``` + @ofborg build terraform.full + ``` branch: terraform-providers-update delete-branch: false labels: "2.status: work-in-progress" |