diff options
Diffstat (limited to 'nixpkgs/.github/workflows')
| -rw-r--r-- | nixpkgs/.github/workflows/backport.yml | 35 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/basic-eval.yml | 29 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/check-by-name.yml | 104 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/check-maintainers-sorted.yaml | 24 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/editorconfig.yml | 41 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/labels.yml | 24 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/manual-nixos.yml | 31 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/manual-nixpkgs.yml | 32 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/no-channel.yml | 26 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/ofborg-pending.yml | 33 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-24h.yml | 64 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/periodic-merge-6h.yml | 58 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/update-terraform-providers.yml | 69 |
13 files changed, 570 insertions, 0 deletions
diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml new file mode 100644 index 000000000000..c49eeac5a20b --- /dev/null +++ b/nixpkgs/.github/workflows/backport.yml @@ -0,0 +1,35 @@ +name: Backport +on: + pull_request_target: + types: [closed, labeled] + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows write access to +# the GitHub repository. This means that it should not evaluate user input in a +# way that allows code injection. + +permissions: + contents: read + +jobs: + backport: + permissions: + contents: write # for korthout/backport-action to create branch + pull-requests: write # for korthout/backport-action to create PR to backport + name: Backport Pull Request + if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Create backport PRs + uses: korthout/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191 # v2.1.1 + with: + # Config README: https://github.com/korthout/backport-action#backport-action + copy_labels_pattern: 'severity:\ssecurity' + pull_description: |- + Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. + + * [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases). + * Even as a non-commiter, if you find that it is not acceptable, leave a comment. diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml new file mode 100644 index 000000000000..46f87b0297c3 --- /dev/null +++ b/nixpkgs/.github/workflows/basic-eval.yml @@ -0,0 +1,29 @@ +name: Basic evaluation checks + +on: + workflow_dispatch + # pull_request: + # branches: + # - master + # - release-** + # push: + # branches: + # - master + # - release-** +permissions: + contents: read + +jobs: + tests: + runs-on: ubuntu-latest + # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee # v13 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + # explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset + - run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]' diff --git a/nixpkgs/.github/workflows/check-by-name.yml b/nixpkgs/.github/workflows/check-by-name.yml new file mode 100644 index 000000000000..a9a6181a47bd --- /dev/null +++ b/nixpkgs/.github/workflows/check-by-name.yml @@ -0,0 +1,104 @@ +# Checks pkgs/by-name (see pkgs/by-name/README.md) +# using the nixpkgs-check-by-name tool (see pkgs/test/nixpkgs-check-by-name) +# +# When you make changes to this workflow, also update pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh adequately +name: Check pkgs/by-name + +# The pre-built tool is fetched from a channel, +# making it work predictable on all PRs. +on: + # Using pull_request_target instead of pull_request avoids having to approve first time contributors + pull_request_target + +permissions: + # We need this permission to cancel the workflow run if there's a merge conflict + actions: write + +jobs: + check: + # This is x86_64-linux, for which the tool is always prebuilt on the nixos-* channels, + # as specified in nixos/release-combined.nix + runs-on: ubuntu-latest + # This should take 1 minute at most, but let's be generous. + # The default of 6 hours is definitely too long + timeout-minutes: 10 + steps: + # This step has to be in this file, + # because it's needed to determine which revision of the repository to fetch, + # and we can only use other files from the repository once it's fetched. + - name: Resolving the merge commit + env: + GH_TOKEN: ${{ github.token }} + run: | + # This checks for mergeability of a pull request as recommended in + # https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests + + # Retry the API query this many times + retryCount=3 + # Start with 5 seconds, but double every retry + retryInterval=5 + while true; do + echo "Checking whether the pull request can be merged" + prInfo=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }}) + mergeable=$(jq -r .mergeable <<< "$prInfo") + mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo") + + if [[ "$mergeable" == "null" ]]; then + if (( retryCount == 0 )); then + echo "Not retrying anymore, probably GitHub is having internal issues" + exit 1 + else + (( retryCount -= 1 )) || true + + # null indicates that GitHub is still computing whether it's mergeable + # Wait a couple seconds before trying again + echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)" + sleep "$retryInterval" + + (( retryInterval *= 2 )) || true + fi + else + break + fi + done + + if [[ "$mergeable" == "true" ]]; then + echo "The PR can be merged, checking the merge commit $mergedSha" + else + echo "The PR cannot be merged, it has a merge conflict, cancelling the workflow.." + gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/cancel + sleep 60 + # If it's still not canceled after a minute, something probably went wrong, just exit + exit 1 + fi + echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: ${{ env.mergedSha }} + # Fetches the merge commit and its parents + fetch-depth: 2 + - name: Checking out base branch + run: | + base=$(mktemp -d) + git worktree add "$base" "$(git rev-parse HEAD^1)" + echo "base=$base" >> "$GITHUB_ENV" + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + - name: Fetching the tool + run: pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh "$GITHUB_BASE_REF" result + - name: Running nixpkgs-check-by-name + run: | + if result/bin/nixpkgs-check-by-name --base "$base" .; then + exit 0 + else + exitCode=$? + echo "To run locally: ./maintainers/scripts/check-by-name.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git" + exit "$exitCode" + fi diff --git a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml new file mode 100644 index 000000000000..94f71ad7f894 --- /dev/null +++ b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml @@ -0,0 +1,24 @@ +name: "Check that maintainer list is sorted" + +on: + pull_request_target: + paths: + - 'maintainers/maintainer-list.nix' +permissions: + contents: read + +jobs: + nixos: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - name: Check that maintainer-list.nix is sorted + run: nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml new file mode 100644 index 000000000000..80067327fdb9 --- /dev/null +++ b/nixpkgs/.github/workflows/editorconfig.yml @@ -0,0 +1,41 @@ +name: "Checking EditorConfig" + +permissions: read-all + +on: + # avoids approving first time contributors + pull_request_target: + branches-ignore: + - 'release-**' + +jobs: + tests: + runs-on: ubuntu-latest + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + steps: + - name: Get list of changed files from PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api \ + repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \ + | jq '.[] | select(.status != "removed") | .filename' \ + > "$HOME/changed_files" + - name: print list of changed files + run: | + cat "$HOME/changed_files" + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + # nixpkgs commit is pinned so that it doesn't break + # editorconfig-checker 2.4.0 + nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz + - name: Checking EditorConfig + run: | + cat "$HOME/changed_files" | nix-shell -p editorconfig-checker --run 'xargs -r editorconfig-checker -disable-indent-size' + - if: ${{ failure() }} + run: | + echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again." diff --git a/nixpkgs/.github/workflows/labels.yml b/nixpkgs/.github/workflows/labels.yml new file mode 100644 index 000000000000..4dc690e88bbc --- /dev/null +++ b/nixpkgs/.github/workflows/labels.yml @@ -0,0 +1,24 @@ +name: "Label PR" + +on: + pull_request_target: + types: [edited, opened, synchronize, reopened] + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows some write +# access to the GitHub API. This means that it should not evaluate user input in +# a way that allows code injection. + +permissions: + contents: read + pull-requests: write + +jobs: + labels: + runs-on: ubuntu-latest + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + steps: + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + sync-labels: true diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml new file mode 100644 index 000000000000..2c42f83e3010 --- /dev/null +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -0,0 +1,31 @@ +name: "Build NixOS manual" + +permissions: read-all + +on: + pull_request_target: + branches: + - master + paths: + - 'nixos/**' + +jobs: + nixos: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee # v13 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building NixOS manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml new file mode 100644 index 000000000000..f33ca16f276a --- /dev/null +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -0,0 +1,32 @@ +name: "Build Nixpkgs manual" + +permissions: read-all + +on: + pull_request_target: + branches: + - master + paths: + - 'doc/**' + - 'lib/**' + +jobs: + nixpkgs: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee # v13 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building Nixpkgs manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests diff --git a/nixpkgs/.github/workflows/no-channel.yml b/nixpkgs/.github/workflows/no-channel.yml new file mode 100644 index 000000000000..90c38f22c007 --- /dev/null +++ b/nixpkgs/.github/workflows/no-channel.yml @@ -0,0 +1,26 @@ +name: "No channel PR" + +on: + pull_request: + branches: + - 'nixos-**' + - 'nixpkgs-**' + +permissions: + contents: read + +jobs: + fail: + permissions: + contents: none + name: "This PR is is targeting a channel branch" + runs-on: ubuntu-latest + steps: + - run: | + cat <<EOF + The nixos-* and nixpkgs-* branches are pushed to by the channel + release script and should not be merged into directly. + + Please target the equivalent release-* branch or master instead. + EOF + exit 1 diff --git a/nixpkgs/.github/workflows/ofborg-pending.yml b/nixpkgs/.github/workflows/ofborg-pending.yml new file mode 100644 index 000000000000..b5e0a7c46c8c --- /dev/null +++ b/nixpkgs/.github/workflows/ofborg-pending.yml @@ -0,0 +1,33 @@ +name: "Set pending OfBorg status" +on: + pull_request_target: + +# Sets the ofborg-eval status to "pending" to signal that we are waiting for +# OfBorg even if it is running late. The status will be overwritten by OfBorg +# once it starts evaluation. + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows (restricted) write access to +# the GitHub repository. This means that it should not evaluate user input in a +# way that allows code injection. + +permissions: + contents: read + +jobs: + action: + if: github.repository_owner == 'NixOS' + permissions: + statuses: write + runs-on: ubuntu-latest + steps: + - name: "Set pending OfBorg status" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -d '{"context": "ofborg-eval", "state": "pending", "description": "Waiting for OfBorg..."}' \ + "https://api.github.com/repos/NixOS/nixpkgs/commits/${{ github.event.pull_request.head.sha }}/statuses" diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml new file mode 100644 index 000000000000..9ce6a7c74cc1 --- /dev/null +++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml @@ -0,0 +1,64 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges (24h)" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 24 hours + - cron: '0 0 * * *' + workflow_dispatch: + +permissions: + contents: read + +jobs: + periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: haskell-updates + - from: release-23.05 + into: staging-next-23.05 + - from: staging-next-23.05 + into: staging-23.05 + - from: release-23.11 + into: staging-next-23.11 + - from: staging-next-23.11 + into: staging-23.11 + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml new file mode 100644 index 000000000000..f3151ead6a0f --- /dev/null +++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml @@ -0,0 +1,58 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges (6h)" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 6 hours + - cron: '0 */6 * * *' + workflow_dispatch: + +permissions: + contents: read + +jobs: + periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: staging-next + - from: staging-next + into: staging + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml new file mode 100644 index 000000000000..a67070fe6abe --- /dev/null +++ b/nixpkgs/.github/workflows/update-terraform-providers.yml @@ -0,0 +1,69 @@ +name: "Update terraform-providers" + +on: + #schedule: + # - cron: "0 3 * * *" + workflow_dispatch: + +permissions: + contents: read + +jobs: + tf-providers: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR + if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + nix_path: nixpkgs=channel:nixpkgs-unstable + - name: setup + id: setup + run: | + echo "title=terraform-providers: update $(date -u +"%Y-%m-%d")" >> $GITHUB_OUTPUT + - name: update terraform-providers + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config user.name "github-actions[bot]" + echo | nix-shell \ + maintainers/scripts/update.nix \ + --argstr commit true \ + --argstr keep-going true \ + --argstr max-workers 2 \ + --argstr path terraform-providers + - name: get failed updates + run: | + echo 'FAILED<<EOF' >> $GITHUB_ENV + git ls-files --others >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + # cleanup logs of failed updates so they aren't included in the PR + - name: clean repo + run: | + git clean -f + - name: create PR + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + with: + body: | + Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. + + https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }} + + These providers failed to update: + ``` + ${{ env.FAILED }} + ``` + + Check that all providers build with: + ``` + @ofborg build opentofu.full + ``` + If there is more than ten commits in the PR `ofborg` won't build it automatically and you will need to use the above command. + branch: terraform-providers-update + delete-branch: false + title: ${{ steps.setup.outputs.title }} + token: ${{ secrets.GITHUB_TOKEN }} |