diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-01-20 12:31:50 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-01-20 12:32:25 +0100 |
commit | b7baf40e099b4215181fe7b0c63083b12ef2c7fb (patch) | |
tree | a6efabd31d05b6d0a36624729e80377bbbfb0149 /nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md | |
parent | 710028664e26e85cb831a869b3da9f6993902255 (diff) | |
parent | 0799f514b1cd74878174939df79ac60ca5036673 (diff) | |
download | nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.gz nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.bz2 nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.lz nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.xz nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.zst nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.zip |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
Diffstat (limited to 'nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md')
-rw-r--r-- | nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md b/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md index 41b3012b7d95..ccd4108ea288 100644 --- a/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md +++ b/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md @@ -1,6 +1,7 @@ # CI-related Scripts -This directory contains scripts used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). +This directory contains scripts and files used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. +See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). ## `./run-local.sh BASE_BRANCH [REPOSITORY]` @@ -15,12 +16,23 @@ Arguments: - `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11 - `REPOSITORY`: The repository to fetch the base branch from, defaults to https://github.com/NixOS/nixpkgs.git -## `./fetch-tool.sh BASE_BRANCH OUTPUT_PATH` +## `./update-pinned-tool.sh` -Fetches the Hydra-prebuilt nixpkgs-check-by-name to use from the NixOS channel corresponding to the given base branch. +Updates the pinned CI tool in [`./pinned-tool.json`](./pinned-tool.json) to the +[latest version from the `nixos-unstable` channel](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.tests.nixpkgs-check-by-name.x86_64-linux). -This script is used both by [`./run-local.sh`](#run-local-sh-base-branch-repository) and CI. +This script needs to be called manually when the CI tooling needs to be updated. + +The `pinned-tool.json` file gets populated with both: +- The `/nix/store` path for `x86_64-linux`, such that CI doesn't have to evaluate Nixpkgs and can directly fetch it from the cache instead. +- The Nixpkgs revision, such that the `./run-local.sh` script can be used to run the checks locally on any system. + +To ensure that the tool is always pre-built for `x86_64-linux` in the `nixos-unstable` channel, +it's included in the `tested` jobset description in [`nixos/release-combined.nix`](../../../nixos/release-combined.nix). + +Why not just build the tooling right from the PRs Nixpkgs version? +- Because it allows CI to check all PRs, even if they would break the CI tooling. +- Because it makes the CI check very fast, since no Nix builds need to be done, even for mass rebuilds. +- Because it improves security, since we don't have to build potentially untrusted code from PRs. + The tool only needs a very minimal Nix evaluation at runtime, which can work with [readonly-mode](https://nixos.org/manual/nix/stable/command-ref/opt-common.html#opt-readonly-mode) and [restrict-eval](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-restrict-eval). -Arguments: -- `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11 -- `OUTPUT_PATH`: The output symlink path for the tool |