about summary refs log tree commit diff
path: root/nixpkgs/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/.github/workflows')
-rw-r--r--nixpkgs/.github/workflows/backport.yml2
-rw-r--r--nixpkgs/.github/workflows/basic-eval.yml2
-rw-r--r--nixpkgs/.github/workflows/check-by-name.yml11
-rw-r--r--nixpkgs/.github/workflows/check-maintainers-sorted.yaml2
-rw-r--r--nixpkgs/.github/workflows/editorconfig.yml2
-rw-r--r--nixpkgs/.github/workflows/manual-nixos.yml2
-rw-r--r--nixpkgs/.github/workflows/manual-nixpkgs.yml2
-rw-r--r--nixpkgs/.github/workflows/periodic-merge-24h.yml2
-rw-r--r--nixpkgs/.github/workflows/periodic-merge-6h.yml2
-rw-r--r--nixpkgs/.github/workflows/update-terraform-providers.yml2
10 files changed, 17 insertions, 12 deletions
diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml
index 131a52b0560b..d174203238c8 100644
--- a/nixpkgs/.github/workflows/backport.yml
+++ b/nixpkgs/.github/workflows/backport.yml
@@ -20,7 +20,7 @@ jobs:
     if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Create backport PRs
diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml
index 5fdba5da54fa..9eb5efabc373 100644
--- a/nixpkgs/.github/workflows/basic-eval.yml
+++ b/nixpkgs/.github/workflows/basic-eval.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: cachix/install-nix-action@v23
     - uses: cachix/cachix-action@v12
       with:
diff --git a/nixpkgs/.github/workflows/check-by-name.yml b/nixpkgs/.github/workflows/check-by-name.yml
index e2126152fe5b..7a3598dbe2a4 100644
--- a/nixpkgs/.github/workflows/check-by-name.yml
+++ b/nixpkgs/.github/workflows/check-by-name.yml
@@ -3,8 +3,10 @@
 name: Check pkgs/by-name
 
 # The pre-built tool is fetched from a channel,
-# making it work predictable on all PRs
-on: pull_request
+# making it work predictable on all PRs.
+on:
+  # Using pull_request_target instead of pull_request avoids having to approve first time contributors
+  pull_request_target
 
 # The tool doesn't need any permissions, it only outputs success or not based on the checkout
 permissions: {}
@@ -15,7 +17,10 @@ jobs:
     # as specified in nixos/release-combined.nix
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+        with:
+          # pull_request_target checks out the base branch by default
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
       - uses: cachix/install-nix-action@v23
       - name: Determining channel to use for dependencies
         run: |
diff --git a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml
index 0238d3c84940..d399951f65df 100644
--- a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml
+++ b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # pull_request_target checks out the base branch by default
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml
index 9ee722f8c7f9..b5c3c7fd95cd 100644
--- a/nixpkgs/.github/workflows/editorconfig.yml
+++ b/nixpkgs/.github/workflows/editorconfig.yml
@@ -24,7 +24,7 @@ jobs:
     - name: print list of changed files
       run: |
         cat "$HOME/changed_files"
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         # pull_request_target checks out the base branch by default
         ref: refs/pull/${{ github.event.pull_request.number }}/merge
diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml
index 9cb5cb85c879..6be47caf278d 100644
--- a/nixpkgs/.github/workflows/manual-nixos.yml
+++ b/nixpkgs/.github/workflows/manual-nixos.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # pull_request_target checks out the base branch by default
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml
index ee4b4b788099..f148aee076d5 100644
--- a/nixpkgs/.github/workflows/manual-nixpkgs.yml
+++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # pull_request_target checks out the base branch by default
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml
index abfb51244fd6..32c32397dc08 100644
--- a/nixpkgs/.github/workflows/periodic-merge-24h.yml
+++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml
@@ -40,7 +40,7 @@ jobs:
             into: staging-23.05
     name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
         uses: devmasx/merge-branch@1.4.0
diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml
index 300c418054d7..687c1b99adb2 100644
--- a/nixpkgs/.github/workflows/periodic-merge-6h.yml
+++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml
@@ -38,7 +38,7 @@ jobs:
             into: staging
     name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
         uses: devmasx/merge-branch@1.4.0
diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml
index 3b8f8f6174f5..5aa1693bc9b3 100644
--- a/nixpkgs/.github/workflows/update-terraform-providers.yml
+++ b/nixpkgs/.github/workflows/update-terraform-providers.yml
@@ -16,7 +16,7 @@ jobs:
     if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v23
         with:
           nix_path: nixpkgs=channel:nixpkgs-unstable
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-16 05:22:56 +0000