diff options
Diffstat (limited to 'nixpkgs/.github/workflows')
-rw-r--r-- | nixpkgs/.github/workflows/backport.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/basic-eval.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/check-by-name.yml | 11 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/check-maintainers-sorted.yaml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/editorconfig.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixos.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/manual-nixpkgs.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-24h.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-6h.yml | 2 | ||||
-rw-r--r-- | nixpkgs/.github/workflows/update-terraform-providers.yml | 2 |
10 files changed, 17 insertions, 12 deletions
diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml index 131a52b0560b..d174203238c8 100644 --- a/nixpkgs/.github/workflows/backport.yml +++ b/nixpkgs/.github/workflows/backport.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml index 5fdba5da54fa..9eb5efabc373 100644 --- a/nixpkgs/.github/workflows/basic-eval.yml +++ b/nixpkgs/.github/workflows/basic-eval.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 - uses: cachix/cachix-action@v12 with: diff --git a/nixpkgs/.github/workflows/check-by-name.yml b/nixpkgs/.github/workflows/check-by-name.yml index e2126152fe5b..7a3598dbe2a4 100644 --- a/nixpkgs/.github/workflows/check-by-name.yml +++ b/nixpkgs/.github/workflows/check-by-name.yml @@ -3,8 +3,10 @@ name: Check pkgs/by-name # The pre-built tool is fetched from a channel, -# making it work predictable on all PRs -on: pull_request +# making it work predictable on all PRs. +on: + # Using pull_request_target instead of pull_request avoids having to approve first time contributors + pull_request_target # The tool doesn't need any permissions, it only outputs success or not based on the checkout permissions: {} @@ -15,7 +17,10 @@ jobs: # as specified in nixos/release-combined.nix runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v23 - name: Determining channel to use for dependencies run: | diff --git a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml index 0238d3c84940..d399951f65df 100644 --- a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml +++ b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml index 9ee722f8c7f9..b5c3c7fd95cd 100644 --- a/nixpkgs/.github/workflows/editorconfig.yml +++ b/nixpkgs/.github/workflows/editorconfig.yml @@ -24,7 +24,7 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml index 9cb5cb85c879..6be47caf278d 100644 --- a/nixpkgs/.github/workflows/manual-nixos.yml +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml index ee4b4b788099..f148aee076d5 100644 --- a/nixpkgs/.github/workflows/manual-nixpkgs.yml +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml index abfb51244fd6..32c32397dc08 100644 --- a/nixpkgs/.github/workflows/periodic-merge-24h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml @@ -40,7 +40,7 @@ jobs: into: staging-23.05 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@1.4.0 diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml index 300c418054d7..687c1b99adb2 100644 --- a/nixpkgs/.github/workflows/periodic-merge-6h.yml +++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml @@ -38,7 +38,7 @@ jobs: into: staging name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@1.4.0 diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml index 3b8f8f6174f5..5aa1693bc9b3 100644 --- a/nixpkgs/.github/workflows/update-terraform-providers.yml +++ b/nixpkgs/.github/workflows/update-terraform-providers.yml @@ -16,7 +16,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 with: nix_path: nixpkgs=channel:nixpkgs-unstable |