diff options
Diffstat (limited to 'nixpkgs/.github')
27 files changed, 1596 insertions, 0 deletions
diff --git a/nixpkgs/.github/CODEOWNERS b/nixpkgs/.github/CODEOWNERS new file mode 100644 index 000000000000..278e11ce6863 --- /dev/null +++ b/nixpkgs/.github/CODEOWNERS @@ -0,0 +1,361 @@ +# CODEOWNERS file +# +# This file is used to describe who owns what in this repository. This file does not +# replace `meta.maintainers` but is instead used for other things than derivations +# and modules, like documentation, package sets, and other assets. +# +# For documentation on this file, see https://help.github.com/articles/about-codeowners/ +# Mentioned users will get code review requests. +# +# IMPORTANT NOTE: in order to actually get pinged, commit access is required. +# This also holds true for GitHub teams. Since almost none of our teams have write +# permissions, you need to list all members of the team with commit access individually. + +# GitHub actions +/.github/workflows @NixOS/Security @Mic92 @zowoq +/.github/workflows/merge-staging @FRidh + +# EditorConfig +/.editorconfig @Mic92 @zowoq + +# Libraries +/lib @infinisil +/lib/systems @alyssais @ericson2314 +/lib/generators.nix @infinisil @Profpatsch +/lib/cli.nix @infinisil @Profpatsch +/lib/debug.nix @infinisil @Profpatsch +/lib/asserts.nix @infinisil @Profpatsch +/lib/path.* @infinisil +/lib/fileset @infinisil +## Libraries / Module system +/lib/modules.nix @infinisil @roberth +/lib/types.nix @infinisil @roberth +/lib/options.nix @infinisil @roberth +/lib/tests/modules.sh @infinisil @roberth +/lib/tests/modules @infinisil @roberth + +# Nixpkgs Internals +/default.nix @Ericson2314 +/pkgs/top-level/default.nix @Ericson2314 +/pkgs/top-level/impure.nix @Ericson2314 +/pkgs/top-level/stage.nix @Ericson2314 +/pkgs/top-level/splice.nix @Ericson2314 +/pkgs/top-level/release-cross.nix @Ericson2314 +/pkgs/stdenv/generic @Ericson2314 +/pkgs/stdenv/generic/check-meta.nix @Ericson2314 @piegamesde +/pkgs/stdenv/cross @Ericson2314 +/pkgs/build-support/cc-wrapper @Ericson2314 +/pkgs/build-support/bintools-wrapper @Ericson2314 +/pkgs/build-support/setup-hooks @Ericson2314 +/pkgs/build-support/setup-hooks/auto-patchelf.sh @layus +/pkgs/build-support/setup-hooks/auto-patchelf.py @layus +/pkgs/pkgs-lib @infinisil +## Format generators/serializers +/pkgs/pkgs-lib/formats/libconfig @ckiee @h7x4 +/pkgs/pkgs-lib/formats/hocon @h7x4 + +# pkgs/by-name +/pkgs/test/nixpkgs-check-by-name @infinisil +/pkgs/by-name/README.md @infinisil +/pkgs/top-level/by-name-overlay.nix @infinisil +/.github/workflows/check-by-name.yml @infinisil + +# Nixpkgs build-support +/pkgs/build-support/writers @lassulus @Profpatsch + +# Nixpkgs make-disk-image +/doc/build-helpers/images/makediskimage.section.md @raitobezarius +/nixos/lib/make-disk-image.nix @raitobezarius + +# Nix, the package manager +pkgs/tools/package-management/nix/ @raitobezarius @ma27 +nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius @ma27 + +# Nixpkgs documentation +/maintainers/scripts/db-to-md.sh @jtojnar @ryantm +/maintainers/scripts/doc @jtojnar @ryantm + +# Contributor documentation +/CONTRIBUTING.md @infinisil +/.github/PULL_REQUEST_TEMPLATE.md @infinisil +/doc/contributing/ @infinisil +/doc/contributing/contributing-to-documentation.chapter.md @jtojnar @infinisil +/lib/README.md @infinisil +/doc/README.md @infinisil +/nixos/README.md @infinisil +/pkgs/README.md @infinisil +/maintainers/README.md @infinisil + +# User-facing development documentation +/doc/development.md @infinisil +/doc/development @infinisil + +# NixOS Internals +/nixos/default.nix @infinisil +/nixos/lib/from-env.nix @infinisil +/nixos/lib/eval-config.nix @infinisil +/nixos/modules/system @dasJ +/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius +/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius + +# NixOS integration test driver +/nixos/lib/test-driver @tfc + +# NixOS QEMU virtualisation +/nixos/virtualisation/qemu-vm.nix @raitobezarius + +# Systemd +/nixos/modules/system/boot/systemd.nix @NixOS/systemd +/nixos/modules/system/boot/systemd @NixOS/systemd +/nixos/lib/systemd-*.nix @NixOS/systemd +/pkgs/os-specific/linux/systemd @NixOS/systemd + +# Systemd-boot +/nixos/modules/system/boot/loader/systemd-boot @JulienMalka + +# Images and installer media +/nixos/modules/installer/cd-dvd/ @samueldr +/nixos/modules/installer/sd-card/ @samueldr + +# Updaters +## update.nix +/maintainers/scripts/update.nix @jtojnar +/maintainers/scripts/update.py @jtojnar +## common-updater-scripts +/pkgs/common-updater/scripts/update-source-version @jtojnar + +# Python-related code and docs +/maintainers/scripts/update-python-libraries @FRidh +/pkgs/development/interpreters/python @FRidh +/doc/languages-frameworks/python.section.md @FRidh @mweinelt +/pkgs/development/interpreters/python/hooks @FRidh @jonringer + +# Haskell +/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn @ncfavier +/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn @ncfavier +/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn @ncfavier +/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn @ncfavier +/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn @ncfavier +/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn @ncfavier +/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn @ncfavier + +# Perl +/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ +/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ +/pkgs/development/perl-modules @stigtsp @zakame @dasJ + +# R +/pkgs/applications/science/math/R @jbedo +/pkgs/development/r-modules @jbedo + +# Ruby +/pkgs/development/interpreters/ruby @marsam +/pkgs/development/ruby-modules @marsam + +# Rust +/pkgs/development/compilers/rust @Mic92 @zowoq @winterqt @figsoda +/pkgs/build-support/rust @zowoq @winterqt @figsoda +/doc/languages-frameworks/rust.section.md @zowoq @winterqt @figsoda + +# C compilers +/pkgs/development/compilers/gcc +/pkgs/development/compilers/llvm @RaitoBezarius +/pkgs/development/compilers/emscripten @raitobezarius +/doc/languages-frameworks/emscripten.section.md @raitobezarius + +# Audio +/nixos/modules/services/audio/botamusique.nix @mweinelt +/nixos/modules/services/audio/snapserver.nix @mweinelt +/nixos/tests/modules/services/audio/botamusique.nix @mweinelt +/nixos/tests/snapcast.nix @mweinelt + +# Browsers +/pkgs/applications/networking/browsers/firefox @mweinelt +/pkgs/applications/networking/browsers/chromium @emilylange +/nixos/tests/chromium.nix @emilylange + +# Certificate Authorities +pkgs/data/misc/cacert/ @ajs124 @lukegb @mweinelt +pkgs/development/libraries/nss/ @ajs124 @lukegb @mweinelt +pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt + +# Jetbrains +/pkgs/applications/editors/jetbrains @edwtjo + +# Licenses +/lib/licenses.nix @alyssais + +# Qt +/pkgs/development/libraries/qt-5 @NixOS/qt-kde +/pkgs/development/libraries/qt-6 @NixOS/qt-kde + +# KDE / Plasma 5 +/pkgs/applications/kde @NixOS/qt-kde +/pkgs/desktops/plasma-5 @NixOS/qt-kde +/pkgs/development/libraries/kde-frameworks @NixOS/qt-kde + +# KDE / Plasma 6 +/pkgs/kde @NixOS/qt-kde +/maintainers/scripts/kde @NixOS/qt-kde + +# PostgreSQL and related stuff +/pkgs/servers/sql/postgresql @thoughtpolice @marsam +/nixos/modules/services/databases/postgresql.xml @thoughtpolice +/nixos/modules/services/databases/postgresql.nix @thoughtpolice +/nixos/tests/postgresql.nix @thoughtpolice + +# Linux kernel +/pkgs/os-specific/linux/kernel @raitobezarius +/pkgs/top-level/linux-kernels.nix @raitobezarius + +# Hardened profile & related modules +/nixos/modules/profiles/hardened.nix @joachifm +/nixos/modules/security/hidepid.nix @joachifm +/nixos/modules/security/lock-kernel-modules.nix @joachifm +/nixos/modules/security/misc.nix @joachifm +/nixos/tests/hardened.nix @joachifm +/pkgs/os-specific/linux/kernel/hardened-config.nix @joachifm + +# Home Automation +/nixos/modules/services/misc/home-assistant.nix @mweinelt +/nixos/modules/services/misc/zigbee2mqtt.nix @mweinelt +/nixos/tests/home-assistant.nix @mweinelt +/nixos/tests/zigbee2mqtt.nix @mweinelt +/pkgs/servers/home-assistant @mweinelt +/pkgs/tools/misc/esphome @mweinelt + +# Network Time Daemons +/pkgs/tools/networking/chrony @thoughtpolice +/pkgs/tools/networking/ntp @thoughtpolice +/pkgs/tools/networking/openntpd @thoughtpolice +/nixos/modules/services/networking/ntp @thoughtpolice + +# Network +/pkgs/tools/networking/octodns @Janik-Haag +/pkgs/tools/networking/kea/default.nix @mweinelt +/pkgs/tools/networking/babeld/default.nix @mweinelt +/nixos/modules/services/networking/babeld.nix @mweinelt +/nixos/modules/services/networking/kea.nix @mweinelt +/nixos/modules/services/networking/knot.nix @mweinelt +/nixos/modules/services/monitoring/prometheus/exporters/kea.nix @mweinelt +/nixos/tests/babeld.nix @mweinelt +/nixos/tests/kea.nix @mweinelt +/nixos/tests/knot.nix @mweinelt + +# Web servers +/doc/packages/nginx.section.md @raitobezarius +/pkgs/servers/http/nginx/ @raitobezarius +/nixos/modules/services/web-servers/nginx/ @raitobezarius + +# Dhall +/pkgs/development/dhall-modules @Gabriella439 @Profpatsch @ehmry +/pkgs/development/interpreters/dhall @Gabriella439 @Profpatsch @ehmry + +# Idris +/pkgs/development/idris-modules @Infinisil + +# Bazel +/pkgs/development/tools/build-managers/bazel @Profpatsch + +# NixOS modules for e-mail and dns services +/nixos/modules/services/mail/mailman.nix @peti +/nixos/modules/services/mail/postfix.nix @peti +/nixos/modules/services/networking/bind.nix @peti +/nixos/modules/services/mail/rspamd.nix @peti + +# Emacs +/pkgs/applications/editors/emacs/elisp-packages @adisbladis +/pkgs/applications/editors/emacs @adisbladis +/pkgs/top-level/emacs-packages.nix @adisbladis + +# Neovim +/pkgs/applications/editors/neovim @figsoda @jonringer @teto + +# VimPlugins +/pkgs/applications/editors/vim/plugins @figsoda @jonringer + +# VsCode Extensions +/pkgs/applications/editors/vscode/extensions @jonringer + +# PHP interpreter, packages, extensions, tests and documentation +/doc/languages-frameworks/php.section.md @aanderse @drupol @globin @ma27 @talyz +/nixos/tests/php @aanderse @drupol @globin @ma27 @talyz +/pkgs/build-support/php/build-pecl.nix @aanderse @drupol @globin @ma27 @talyz +/pkgs/build-support/php @drupol +/pkgs/development/interpreters/php @jtojnar @aanderse @drupol @globin @ma27 @talyz +/pkgs/development/php-packages @aanderse @drupol @globin @ma27 @talyz +/pkgs/top-level/php-packages.nix @jtojnar @aanderse @drupol @globin @ma27 @talyz + +# Docker tools +/pkgs/build-support/docker @roberth +/nixos/tests/docker-tools* @roberth +/doc/build-helpers/images/dockertools.section.md @roberth + +# Blockchains +/pkgs/applications/blockchains @mmahut @RaghavSood + +# Go +/doc/languages-frameworks/go.section.md @kalbasit @Mic92 @zowoq +/pkgs/build-support/go @kalbasit @Mic92 @zowoq +/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq + +# GNOME +/pkgs/desktops/gnome @jtojnar +/pkgs/desktops/gnome/extensions @piegamesde @jtojnar +/pkgs/build-support/make-hardcode-gsettings-patch @jtojnar + +# Cinnamon +/pkgs/desktops/cinnamon @mkg20001 + +# nim +/pkgs/development/compilers/nim @ehmry +/pkgs/development/nim-packages @ehmry +/pkgs/top-level/nim-packages.nix @ehmry + +# terraform providers +/pkgs/applications/networking/cluster/terraform-providers @zowoq + +# Matrix +/pkgs/servers/heisenbridge @piegamesde +/pkgs/servers/matrix-conduit @piegamesde +/nixos/modules/services/misc/heisenbridge.nix @piegamesde +/nixos/modules/services/misc/matrix-conduit.nix @piegamesde +/nixos/tests/matrix-conduit.nix @piegamesde + +# Forgejo +nixos/modules/services/misc/forgejo.nix @bendlas @emilylange +pkgs/applications/version-management/forgejo @bendlas @emilylange + +# Dotnet +/pkgs/build-support/dotnet @IvarWithoutBones +/pkgs/development/compilers/dotnet @IvarWithoutBones +/pkgs/test/dotnet @IvarWithoutBones +/doc/languages-frameworks/dotnet.section.md @IvarWithoutBones + +# Node.js +/pkgs/build-support/node/build-npm-package @lilyinstarlight @winterqt +/pkgs/build-support/node/fetch-npm-deps @lilyinstarlight @winterqt +/doc/languages-frameworks/javascript.section.md @lilyinstarlight @winterqt + +# environment.noXlibs option aka NoX +/nixos/modules/config/no-x-libs.nix @SuperSandro2000 + +# OCaml +/pkgs/build-support/ocaml @ulrikstrid +/pkgs/development/compilers/ocaml @ulrikstrid +/pkgs/development/ocaml-modules @ulrikstrid + +# ZFS +pkgs/os-specific/linux/zfs/2_1.nix @raitobezarius +pkgs/os-specific/linux/zfs/generic.nix @raitobezarius +nixos/modules/tasks/filesystems/zfs.nix @raitobezarius +nixos/tests/zfs.nix @raitobezarius + +# Zig +/pkgs/development/compilers/zig @figsoda +/doc/hooks/zig.section.md @figsoda + +# Buildbot +nixos/modules/services/continuous-integration/buildbot @Mic92 @zowoq +nixos/tests/buildbot.nix @Mic92 @zowoq +pkgs/development/tools/continuous-integration/buildbot @Mic92 @zowoq diff --git a/nixpkgs/.github/ISSUE_TEMPLATE.md b/nixpkgs/.github/ISSUE_TEMPLATE.md new file mode 100644 index 000000000000..1913e321a8c8 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,11 @@ +## Issue description + + + +### Steps to reproduce + + + +## Technical details + +Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md b/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000000..d0473b9473fb --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,48 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '0.kind: bug' +assignees: '' + +--- + +### Describe the bug +A clear and concise description of what the bug is. + +### Steps To Reproduce +Steps to reproduce the behavior: +1. ... +2. ... +3. ... + +### Expected behavior +A clear and concise description of what you expected to happen. + +### Screenshots +If applicable, add screenshots to help explain your problem. + +### Additional context +Add any other context about the problem here. + +### Notify maintainers + +<!-- +Please @ people who are in the `meta.maintainers` list of the offending package or module. +If in doubt, check `git blame` for whoever last touched something. +--> + +### Metadata +Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. + +```console +[user@system:~]$ nix-shell -p nix-info --run "nix-info -m" +output here +``` + +--- + +Add a :+1: [reaction] to [issues you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md b/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md new file mode 100644 index 000000000000..cd01f2b063c0 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/build_failure.md @@ -0,0 +1,46 @@ +--- +name: Build failure +about: Create a report to help us improve +title: 'Build failure: PACKAGENAME' +labels: '0.kind: build failure' +assignees: '' + +--- + +### Steps To Reproduce + +Steps to reproduce the behavior: +1. build *X* + +### Build log + +``` +log here if short otherwise a link to a gist +``` + +### Additional context + +Add any other context about the problem here. + +### Notify maintainers + +<!-- +Please @ people who are in the `meta.maintainers` list of the offending package or module. +If in doubt, check `git blame` for whoever last touched something. +--> + +### Metadata + +Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. + +```console +[user@system:~]$ nix-shell -p nix-info --run "nix-info -m" +output here +``` + +--- + +Add a :+1: [reaction] to [issues you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/missing_documentation.md b/nixpkgs/.github/ISSUE_TEMPLATE/missing_documentation.md new file mode 100644 index 000000000000..6f8e583bd346 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/missing_documentation.md @@ -0,0 +1,38 @@ +--- +name: Missing or incorrect documentation +about: Help us improve the Nixpkgs and NixOS reference manuals +title: 'Documentation: ' +labels: '9.needs: documentation' +assignees: '' + +--- + +## Problem + +<!-- describe your problem --> + +## Proposal + +<!-- propose a solution (optional) --> + +## Checklist + +<!-- make sure this issue is not redundant or obsolete --> + +- [ ] checked [latest Nixpkgs manual] \([source][nixpkgs-source]) and [latest NixOS manual] \([source][nixos-source]) +- [ ] checked [open documentation issues] for possible duplicates +- [ ] checked [open documentation pull requests] for possible solutions + +[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/ +[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/ +[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc +[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual +[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22 +[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22 + +--- + +Add a :+1: [reaction] to [issues you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md b/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md new file mode 100644 index 000000000000..802f47935aee --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/out_of_date_package_report.md @@ -0,0 +1,35 @@ +--- +name: Out-of-date package reports +about: For packages that are out-of-date +title: 'Update request: PACKAGENAME OLDVERSION → NEWVERSION' +labels: '9.needs: package (update)' +assignees: '' + +--- + +- Package name: +- Latest released version: +<!-- Search your package here: https://search.nixos.org/packages?channel=unstable --> +- Current version on the unstable channel: +- Current version on the stable/release channel: +<!-- +Type the name of your package and try to find an open pull request for the package +If you find an open pull request, you can review it! +There's a high chance that you'll have the new version right away while helping the community! +--> +- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls) + +**Notify maintainers** + +<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. --> + +----- + +Note for maintainers: Please tag this issue in your PR. + +--- + +Add a :+1: [reaction] to [issues you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md b/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md new file mode 100644 index 000000000000..021c9060ebe5 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/packaging_request.md @@ -0,0 +1,26 @@ +--- +name: Packaging requests +about: For packages that are missing +title: 'Package request: PACKAGENAME' +labels: '0.kind: packaging request' +assignees: '' + +--- + +**Project description** + +<!-- Describe the project a little: --> + +**Metadata** + +* homepage URL: +* source URL: +* license: mit, bsd, gpl2+ , ... +* platforms: unix, linux, darwin, ... + +--- + +Add a :+1: [reaction] to [issues you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md b/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md new file mode 100644 index 000000000000..dd19abaf7588 --- /dev/null +++ b/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md @@ -0,0 +1,94 @@ +--- +name: Unreproducible package +about: A package that does not produce a bit-by-bit reproducible result each time it is built +title: '' +labels: [ '0.kind: enhancement', '6.topic: reproducible builds' ] +assignees: '' + +--- + +<!-- +Hello dear reporter, + +Thank you for bringing attention to this issue. Your insights are valuable to +us, and we appreciate the time you took to document the problem. + +I wanted to kindly point out that in this issue template, it would be beneficial +to replace the placeholder `<package>` with the actual, canonical name of the +package you're reporting the issue for. Doing so will provide better context and +facilitate quicker troubleshooting for anyone who reads this issue in the +future. + +Best regards +--> + +Building this package multiple times does not yield bit-by-bit identical +results, complicating the detection of Continuous Integration (CI) breaches. For +more information on this issue, visit +[reproducible-builds.org](https://reproducible-builds.org/). + +Fixing bit-by-bit reproducibility also has additional advantages, such as +avoiding hard-to-reproduce bugs, making content-addressed storage more effective +and reducing rebuilds in such systems. + +### Steps To Reproduce + +In the following steps, replace `<package>` with the canonical name of the +package. + +#### 1. Build the package + +This step will build the package. Specific arguments are passed to the command +to keep the build artifacts so we can compare them in case of differences. + +Execute the following command: + +``` +nix-build '<nixpkgs>' -A <package> && nix-build '<nixpkgs>' -A <package> --check --keep-failed +``` + +Or using the new command line style: + +``` +nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed +``` + +#### 2. Compare the build artifacts + +If the previous command completes successfully, no differences were found and +there's nothing to do, builds are reproducible. +If it terminates with the error message `error: derivation '<X>' may not be +deterministic: output '<Y>' differs from '<Z>'`, use `diffoscope` to investigate +the discrepancies between the two build outputs. You may need to add the +`--exclude-directory-metadata recursive` option to ignore files and directories +metadata (*e.g. timestamp*) differences. + +``` +nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z> +``` + +#### 3. Examine the build log + +To examine the build log, use: + +``` +nix-store --read-log $(nix-instantiate '<nixpkgs>' -A <package>) +``` + +Or with the new command line style: + +``` +nix log $(nix path-info --derivation nixpkgs#<package>) +``` + +### Additional context + +(please share the relevant fragment of the diffoscope output here, and any +additional analysis you may have done) + +--- + +Add a :+1: [reaction] to [issues you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md b/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000000000000..40ea13f131e8 --- /dev/null +++ b/nixpkgs/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,49 @@ +## Description of changes + +<!-- +For package updates please link to a changelog or describe changes, this helps your fellow maintainers discover breaking updates. +For new packages please briefly describe the package or provide a link to its homepage. +--> + +## Things done + +<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. --> + +- Built on platform(s) + - [ ] x86_64-linux + - [ ] aarch64-linux + - [ ] x86_64-darwin + - [ ] aarch64-darwin +- For non-Linux: Is sandboxing enabled in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html)) + - [ ] `sandbox = relaxed` + - [ ] `sandbox = true` +- [ ] Tested, as applicable: + - [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) + - and/or [package tests](https://nixos.org/manual/nixpkgs/unstable/#sec-package-tests) + - or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test) + - made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages +- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage) +- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`) +- [24.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) (or backporting [23.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2305.section.md) and [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) Release notes) + - [ ] (Package updates) Added a release notes entry if the change is major or breaking + - [ ] (Module updates) Added a release notes entry if the change is significant + - [ ] (Module addition) Added a release notes entry if adding a new NixOS module +- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). + +<!-- +To help with the large amounts of pull requests, we would appreciate your +reviews of other pull requests, especially simple package updates. Just leave a +comment describing what you have tested in the relevant package/service. +Reviewing helps to reduce the average time-to-merge for everyone. +Thanks a lot if you do! + +List of open PRs: https://github.com/NixOS/nixpkgs/pulls +Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions +--> + +--- + +Add a :+1: [reaction] to [pull requests you find important]. + +[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ +[pull requests you find important]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/nixpkgs/.github/STALE-BOT.md b/nixpkgs/.github/STALE-BOT.md new file mode 100644 index 000000000000..dff787300d40 --- /dev/null +++ b/nixpkgs/.github/STALE-BOT.md @@ -0,0 +1,36 @@ +# Stale bot information + +- Thanks for your contribution! +- Our stale bot will never close an issue or PR. +- To remove the stale label, just leave a new comment. +- _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.) +- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/), [our Matrix room](https://matrix.to/#/#nix:nixos.org), or on the [#nixos IRC channel](https://web.libera.chat/#nixos). + +## Suggestions for PRs + +1. GitHub sometimes doesn't notify people who commented / reviewed a PR previously, when you (force) push commits. If you have addressed the reviews you can [officially ask for a review](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review) from those who commented to you or anyone else. +2. If it is unfinished but you plan to finish it, please mark it as a draft. +3. If you don't expect to work on it any time soon, closing it with a short comment may encourage someone else to pick up your work. +4. To get things rolling again, rebase the PR against the target branch and address valid comments. +5. If you need a review to move forward, ask in [the Discourse thread for PRs that need help](https://discourse.nixos.org/t/prs-in-distress/3604). +6. If all you need is a merge, check the git history to find and [request reviews](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review) from people who usually merge related contributions. + +## Suggestions for issues + +1. If it is resolved (either for you personally, or in general), please consider closing it. +2. If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough. +3. If you still have interest in resolving it, try to ping somebody who you believe might have an interest in the topic. Consider discussing the problem in [our Discourse Forum](https://discourse.nixos.org/). +4. As with all open source projects, your best option is to submit a Pull Request that addresses this issue. We :heart: this attitude! + +**Memorandum on closing issues** + +Don't be afraid to close an issue that holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen--nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort. + +## Useful GitHub search queries + +- [Open PRs with any stale-bot interaction](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+) +- [Open PRs with any stale-bot interaction and `2.status: stale`](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%222.status%3A+stale%22) +- [Open PRs with any stale-bot interaction and NOT `2.status: stale`](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%222.status%3A+stale%22+) +- [Open Issues with any stale-bot interaction](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+) +- [Open Issues with any stale-bot interaction and `2.status: stale`](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%222.status%3A+stale%22+) +- [Open Issues with any stale-bot interaction and NOT `2.status: stale`](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%222.status%3A+stale%22+) diff --git a/nixpkgs/.github/dependabot.yml b/nixpkgs/.github/dependabot.yml new file mode 100644 index 000000000000..5ace4600a1f2 --- /dev/null +++ b/nixpkgs/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/nixpkgs/.github/labeler.yml b/nixpkgs/.github/labeler.yml new file mode 100644 index 000000000000..c3e834b0e7da --- /dev/null +++ b/nixpkgs/.github/labeler.yml @@ -0,0 +1,216 @@ +"6.topic: agda": + - doc/languages-frameworks/agda.section.md + - nixos/tests/agda.nix + - pkgs/build-support/agda/**/* + - pkgs/development/libraries/agda/**/* + - pkgs/top-level/agda-packages.nix + +"6.topic: cinnamon": + - pkgs/desktops/cinnamon/**/* + - nixos/modules/services/x11/desktop-managers/cinnamon.nix + - nixos/tests/cinnamon.nix + +"6.topic: emacs": + - nixos/modules/services/editors/emacs.nix + - nixos/modules/services/editors/emacs.xml + - nixos/tests/emacs-daemon.nix + - pkgs/applications/editors/emacs/elisp-packages/**/* + - pkgs/applications/editors/emacs/**/* + - pkgs/build-support/emacs/**/* + - pkgs/top-level/emacs-packages.nix + +"6.topic: Enlightenment DE": + - nixos/modules/services/x11/desktop-managers/enlightenment.nix + - pkgs/desktops/enlightenment/**/* + - pkgs/development/python-modules/python-efl/* + +"6.topic: erlang": + - doc/languages-frameworks/beam.section.md + - pkgs/development/beam-modules/**/* + - pkgs/development/interpreters/elixir/**/* + - pkgs/development/interpreters/erlang/**/* + - pkgs/development/tools/build-managers/rebar/**/* + - pkgs/development/tools/build-managers/rebar3/**/* + - pkgs/development/tools/erlang/**/* + - pkgs/top-level/beam-packages.nix + +"6.topic: fetch": + - pkgs/build-support/fetch*/**/* + +"6.topic: flakes": + - '**/flake.nix' + - lib/systems/flake-systems.nix + - nixos/modules/config/nix-flakes.nix + +"6.topic: GNOME": + - doc/languages-frameworks/gnome.section.md + - nixos/modules/services/desktops/gnome/**/* + - nixos/modules/services/x11/desktop-managers/gnome.nix + - nixos/tests/gnome-xorg.nix + - nixos/tests/gnome.nix + - pkgs/desktops/gnome/**/* + +"6.topic: golang": + - doc/languages-frameworks/go.section.md + - pkgs/build-support/go/**/* + - pkgs/development/compilers/go/**/* + +"6.topic: haskell": + - doc/languages-frameworks/haskell.section.md + - maintainers/scripts/haskell/**/* + - pkgs/development/compilers/ghc/**/* + - pkgs/development/haskell-modules/**/* + - pkgs/development/tools/haskell/**/* + - pkgs/test/haskell/**/* + - pkgs/top-level/haskell-packages.nix + - pkgs/top-level/release-haskell.nix + +"6.topic: jupyter": + - pkgs/development/python-modules/jupyter*/**/* + - pkgs/development/python-modules/mkdocs-jupyter/* + - nixos/modules/services/development/jupyter/**/* + - pkgs/applications/editors/jupyter-kernels/**/* + - pkgs/applications/editors/jupyter/**/* + +"6.topic: kernel": + - pkgs/build-support/kernel/**/* + - pkgs/os-specific/linux/kernel/**/* + +"6.topic: lib": + - lib/** + +"6.topic: lua": + - pkgs/development/interpreters/lua-5/**/* + - pkgs/development/interpreters/luajit/**/* + - pkgs/development/lua-modules/**/* + - pkgs/top-level/lua-packages.nix + +"6.topic: Lumina DE": + - nixos/modules/services/x11/desktop-managers/lumina.nix + - pkgs/desktops/lumina/**/* + +"6.topic: LXQt": + - nixos/modules/services/x11/desktop-managers/lxqt.nix + - pkgs/desktops/lxqt/**/* + +"6.topic: mate": + - nixos/modules/services/x11/desktop-managers/mate.nix + - nixos/tests/mate.nix + - pkgs/desktops/mate/**/* + +"6.topic: module system": + - lib/modules.nix + - lib/types.nix + - lib/options.nix + - lib/tests/modules.sh + - lib/tests/modules/** + +"6.topic: nixos": + - nixos/**/* + - pkgs/os-specific/linux/nixos-rebuild/**/* + +"6.topic: nim": + - doc/languages-frameworks/nim.section.md + - pkgs/development/compilers/nim/* + - pkgs/development/nim-packages/**/* + - pkgs/top-level/nim-packages.nix + +"6.topic: nodejs": + - doc/languages-frameworks/javascript.section.md + - pkgs/build-support/node/**/* + - pkgs/development/node-packages/**/* + - pkgs/development/tools/yarn/* + - pkgs/development/tools/yarn2nix-moretea/**/* + - pkgs/development/web/nodejs/* + +"6.topic: ocaml": + - doc/languages-frameworks/ocaml.section.md + - pkgs/development/compilers/ocaml/**/* + - pkgs/development/compilers/reason/**/* + - pkgs/development/ocaml-modules/**/* + - pkgs/development/tools/ocaml/**/* + - pkgs/top-level/ocaml-packages.nix + +"6.topic: pantheon": + - nixos/modules/services/desktops/pantheon/**/* + - nixos/modules/services/x11/desktop-managers/pantheon.nix + - nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix + - nixos/tests/pantheon.nix + - pkgs/desktops/pantheon/**/* + +"6.topic: policy discussion": + - .github/**/* + +"6.topic: printing": + - nixos/modules/services/printing/cupsd.nix + - pkgs/misc/cups/**/* + +"6.topic: python": + - doc/languages-frameworks/python.section.md + - pkgs/development/interpreters/python/**/* + - pkgs/development/python-modules/**/* + - pkgs/top-level/python-packages.nix + +"6.topic: qt/kde": + - doc/languages-frameworks/qt.section.md + - nixos/modules/services/x11/desktop-managers/plasma5.nix + - nixos/tests/plasma5.nix + - pkgs/applications/kde/**/* + - pkgs/desktops/plasma-5/**/* + - pkgs/development/libraries/kde-frameworks/**/* + - pkgs/development/libraries/qt-5/**/* + +"6.topic: ruby": + - doc/languages-frameworks/ruby.section.md + - pkgs/development/interpreters/ruby/**/* + - pkgs/development/ruby-modules/**/* + +"6.topic: rust": + - doc/languages-frameworks/rust.section.md + - pkgs/build-support/rust/**/* + - pkgs/development/compilers/rust/**/* + +"6.topic: stdenv": + - pkgs/stdenv/**/* + +"6.topic: steam": + - pkgs/games/steam/**/* + +"6.topic: systemd": + - pkgs/os-specific/linux/systemd/**/* + - nixos/modules/system/boot/systemd*/**/* + +"6.topic: TeX": + - doc/languages-frameworks/texlive.section.md + - pkgs/test/texlive/** + - pkgs/tools/typesetting/tex/**/* + +"6.topic: vim": + - doc/languages-frameworks/vim.section.md + - pkgs/applications/editors/vim/**/* + - pkgs/applications/editors/vim/plugins/**/* + - nixos/modules/programs/neovim.nix + - pkgs/applications/editors/neovim/**/* + +"6.topic: vscode": + - pkgs/applications/editors/vscode/**/* + +"6.topic: xfce": + - nixos/doc/manual/configuration/xfce.xml + - nixos/modules/services/x11/desktop-managers/xfce.nix + - nixos/tests/xfce.nix + - pkgs/desktops/xfce/**/* + +"6.topic: zig": + - pkgs/development/compilers/zig/**/* + - doc/hooks/zig.section.md + +"8.has: changelog": + - nixos/doc/manual/release-notes/**/* + +"8.has: documentation": + - doc/**/* + - nixos/doc/**/* + +"8.has: module (update)": + - nixos/modules/**/* diff --git a/nixpkgs/.github/stale.yml b/nixpkgs/.github/stale.yml new file mode 100644 index 000000000000..d6134c7ce112 --- /dev/null +++ b/nixpkgs/.github/stale.yml @@ -0,0 +1,9 @@ +# Configuration for probot-stale - https://github.com/probot/stale +daysUntilStale: 180 +daysUntilClose: false +exemptLabels: + - "1.severity: security" + - "2.status: never-stale" +staleLabel: "2.status: stale" +markComment: false +closeComment: false diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml new file mode 100644 index 000000000000..c49eeac5a20b --- /dev/null +++ b/nixpkgs/.github/workflows/backport.yml @@ -0,0 +1,35 @@ +name: Backport +on: + pull_request_target: + types: [closed, labeled] + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows write access to +# the GitHub repository. This means that it should not evaluate user input in a +# way that allows code injection. + +permissions: + contents: read + +jobs: + backport: + permissions: + contents: write # for korthout/backport-action to create branch + pull-requests: write # for korthout/backport-action to create PR to backport + name: Backport Pull Request + if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Create backport PRs + uses: korthout/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191 # v2.1.1 + with: + # Config README: https://github.com/korthout/backport-action#backport-action + copy_labels_pattern: 'severity:\ssecurity' + pull_description: |- + Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. + + * [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases). + * Even as a non-commiter, if you find that it is not acceptable, leave a comment. diff --git a/nixpkgs/.github/workflows/basic-eval.yml b/nixpkgs/.github/workflows/basic-eval.yml new file mode 100644 index 000000000000..a0cd990ebc73 --- /dev/null +++ b/nixpkgs/.github/workflows/basic-eval.yml @@ -0,0 +1,29 @@ +name: Basic evaluation checks + +on: + workflow_dispatch + # pull_request: + # branches: + # - master + # - release-** + # push: + # branches: + # - master + # - release-** +permissions: + contents: read + +jobs: + tests: + runs-on: ubuntu-latest + # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + # explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset + - run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]' diff --git a/nixpkgs/.github/workflows/check-by-name.yml b/nixpkgs/.github/workflows/check-by-name.yml new file mode 100644 index 000000000000..94875e67b649 --- /dev/null +++ b/nixpkgs/.github/workflows/check-by-name.yml @@ -0,0 +1,117 @@ +# Checks pkgs/by-name (see pkgs/by-name/README.md) +# using the nixpkgs-check-by-name tool (see pkgs/test/nixpkgs-check-by-name) +# +# When you make changes to this workflow, also update pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh adequately +name: Check pkgs/by-name + +# The tool is pinned to a pre-built version on Hydra, +# see pkgs/test/nixpkgs-check-by-name/scripts/README.md +on: + # Using pull_request_target instead of pull_request avoids having to approve first time contributors + pull_request_target: + # This workflow depends on the base branch of the PR, + # but changing the base branch is not included in the default trigger events, + # which would be `opened`, `synchronize` or `reopened`. + # Instead it causes an `edited` event, so we need to add it explicitly here + # While `edited` is also triggered when the PR title/body is changed, + # this PR action is fairly quick, and PR's don't get edited that often, + # so it shouldn't be a problem + types: [opened, synchronize, reopened, edited] + +permissions: + # We need this permission to cancel the workflow run if there's a merge conflict + actions: write + +jobs: + check: + # This is x86_64-linux, for which the tool is always prebuilt on the nixos-* channels, + # as specified in nixos/release-combined.nix + runs-on: ubuntu-latest + # This should take 1 minute at most, but let's be generous. + # The default of 6 hours is definitely too long + timeout-minutes: 10 + steps: + # This step has to be in this file, + # because it's needed to determine which revision of the repository to fetch, + # and we can only use other files from the repository once it's fetched. + - name: Resolving the merge commit + env: + GH_TOKEN: ${{ github.token }} + run: | + # This checks for mergeability of a pull request as recommended in + # https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests + + # Retry the API query this many times + retryCount=3 + # Start with 5 seconds, but double every retry + retryInterval=5 + while true; do + echo "Checking whether the pull request can be merged" + prInfo=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }}) + mergeable=$(jq -r .mergeable <<< "$prInfo") + mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo") + + if [[ "$mergeable" == "null" ]]; then + if (( retryCount == 0 )); then + echo "Not retrying anymore, probably GitHub is having internal issues" + exit 1 + else + (( retryCount -= 1 )) || true + + # null indicates that GitHub is still computing whether it's mergeable + # Wait a couple seconds before trying again + echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)" + sleep "$retryInterval" + + (( retryInterval *= 2 )) || true + fi + else + break + fi + done + + if [[ "$mergeable" == "true" ]]; then + echo "The PR can be merged, checking the merge commit $mergedSha" + else + echo "The PR cannot be merged, it has a merge conflict, cancelling the workflow.." + gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/cancel + sleep 60 + # If it's still not canceled after a minute, something probably went wrong, just exit + exit 1 + fi + echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: ${{ env.mergedSha }} + # Fetches the merge commit and its parents + fetch-depth: 2 + - name: Checking out base branch + run: | + base=$(mktemp -d) + git worktree add "$base" "$(git rev-parse HEAD^1)" + echo "base=$base" >> "$GITHUB_ENV" + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - name: Fetching the pinned tool + # Update the pinned version using pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh + run: | + # Get the direct /nix/store path from the pin to avoid having to evaluate Nixpkgs + toolPath=$(jq -r '."ci-path"' pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json) + # This asks the substituter for the path, which should be there because Hydra will have pre-built and pushed it + nix-store --realise "$toolPath" --add-root result + - name: Running nixpkgs-check-by-name + run: | + if result/bin/nixpkgs-check-by-name --base "$base" .; then + exit 0 + else + exitCode=$? + echo "To run locally: ./maintainers/scripts/check-by-name.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git" + exit "$exitCode" + fi diff --git a/nixpkgs/.github/workflows/check-maintainers-sorted.yaml b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml new file mode 100644 index 000000000000..074644153204 --- /dev/null +++ b/nixpkgs/.github/workflows/check-maintainers-sorted.yaml @@ -0,0 +1,24 @@ +name: "Check that maintainer list is sorted" + +on: + pull_request_target: + paths: + - 'maintainers/maintainer-list.nix' +permissions: + contents: read + +jobs: + nixos: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - name: Check that maintainer-list.nix is sorted + run: nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix diff --git a/nixpkgs/.github/workflows/editorconfig.yml b/nixpkgs/.github/workflows/editorconfig.yml new file mode 100644 index 000000000000..6b151d45be2a --- /dev/null +++ b/nixpkgs/.github/workflows/editorconfig.yml @@ -0,0 +1,41 @@ +name: "Checking EditorConfig" + +permissions: read-all + +on: + # avoids approving first time contributors + pull_request_target: + branches-ignore: + - 'release-**' + +jobs: + tests: + runs-on: ubuntu-latest + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + steps: + - name: Get list of changed files from PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api \ + repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \ + | jq '.[] | select(.status != "removed") | .filename' \ + > "$HOME/changed_files" + - name: print list of changed files + run: | + cat "$HOME/changed_files" + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + # nixpkgs commit is pinned so that it doesn't break + # editorconfig-checker 2.4.0 + nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz + - name: Checking EditorConfig + run: | + cat "$HOME/changed_files" | nix-shell -p editorconfig-checker --run 'xargs -r editorconfig-checker -disable-indent-size' + - if: ${{ failure() }} + run: | + echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again." diff --git a/nixpkgs/.github/workflows/labels.yml b/nixpkgs/.github/workflows/labels.yml new file mode 100644 index 000000000000..4dc690e88bbc --- /dev/null +++ b/nixpkgs/.github/workflows/labels.yml @@ -0,0 +1,24 @@ +name: "Label PR" + +on: + pull_request_target: + types: [edited, opened, synchronize, reopened] + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows some write +# access to the GitHub API. This means that it should not evaluate user input in +# a way that allows code injection. + +permissions: + contents: read + pull-requests: write + +jobs: + labels: + runs-on: ubuntu-latest + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + steps: + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + sync-labels: true diff --git a/nixpkgs/.github/workflows/manual-nixos.yml b/nixpkgs/.github/workflows/manual-nixos.yml new file mode 100644 index 000000000000..c9c2451a9df2 --- /dev/null +++ b/nixpkgs/.github/workflows/manual-nixos.yml @@ -0,0 +1,31 @@ +name: "Build NixOS manual" + +permissions: read-all + +on: + pull_request_target: + branches: + - master + paths: + - 'nixos/**' + +jobs: + nixos: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building NixOS manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux diff --git a/nixpkgs/.github/workflows/manual-nixpkgs.yml b/nixpkgs/.github/workflows/manual-nixpkgs.yml new file mode 100644 index 000000000000..d9a425a494ab --- /dev/null +++ b/nixpkgs/.github/workflows/manual-nixpkgs.yml @@ -0,0 +1,32 @@ +name: "Build Nixpkgs manual" + +permissions: read-all + +on: + pull_request_target: + branches: + - master + paths: + - 'doc/**' + - 'lib/**' + +jobs: + nixpkgs: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + with: + # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building Nixpkgs manual + run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests diff --git a/nixpkgs/.github/workflows/nix-parse.yml b/nixpkgs/.github/workflows/nix-parse.yml new file mode 100644 index 000000000000..e625cca93c5c --- /dev/null +++ b/nixpkgs/.github/workflows/nix-parse.yml @@ -0,0 +1,42 @@ +name: "Check whether nix files are parseable" + +permissions: read-all + +on: + # avoids approving first time contributors + pull_request_target: + branches-ignore: + - 'release-**' + +jobs: + tests: + runs-on: ubuntu-latest + if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')" + steps: + - name: Get list of changed files from PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api \ + repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \ + | jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \ + > "$HOME/changed_files" + if [[ -s "$HOME/changed_files" ]]; then + echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV" + fi + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }} + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + nix_path: nixpkgs=channel:nixpkgs-unstable + - name: Parse all changed or added nix files + run: | + ret=0 + while IFS= read -r file; do + out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; } + done < "$HOME/changed_files" + exit "$ret" + if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }} diff --git a/nixpkgs/.github/workflows/no-channel.yml b/nixpkgs/.github/workflows/no-channel.yml new file mode 100644 index 000000000000..90c38f22c007 --- /dev/null +++ b/nixpkgs/.github/workflows/no-channel.yml @@ -0,0 +1,26 @@ +name: "No channel PR" + +on: + pull_request: + branches: + - 'nixos-**' + - 'nixpkgs-**' + +permissions: + contents: read + +jobs: + fail: + permissions: + contents: none + name: "This PR is is targeting a channel branch" + runs-on: ubuntu-latest + steps: + - run: | + cat <<EOF + The nixos-* and nixpkgs-* branches are pushed to by the channel + release script and should not be merged into directly. + + Please target the equivalent release-* branch or master instead. + EOF + exit 1 diff --git a/nixpkgs/.github/workflows/ofborg-pending.yml b/nixpkgs/.github/workflows/ofborg-pending.yml new file mode 100644 index 000000000000..b5e0a7c46c8c --- /dev/null +++ b/nixpkgs/.github/workflows/ofborg-pending.yml @@ -0,0 +1,33 @@ +name: "Set pending OfBorg status" +on: + pull_request_target: + +# Sets the ofborg-eval status to "pending" to signal that we are waiting for +# OfBorg even if it is running late. The status will be overwritten by OfBorg +# once it starts evaluation. + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows (restricted) write access to +# the GitHub repository. This means that it should not evaluate user input in a +# way that allows code injection. + +permissions: + contents: read + +jobs: + action: + if: github.repository_owner == 'NixOS' + permissions: + statuses: write + runs-on: ubuntu-latest + steps: + - name: "Set pending OfBorg status" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -d '{"context": "ofborg-eval", "state": "pending", "description": "Waiting for OfBorg..."}' \ + "https://api.github.com/repos/NixOS/nixpkgs/commits/${{ github.event.pull_request.head.sha }}/statuses" diff --git a/nixpkgs/.github/workflows/periodic-merge-24h.yml b/nixpkgs/.github/workflows/periodic-merge-24h.yml new file mode 100644 index 000000000000..bd7aadfbade1 --- /dev/null +++ b/nixpkgs/.github/workflows/periodic-merge-24h.yml @@ -0,0 +1,60 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges (24h)" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 24 hours + - cron: '0 0 * * *' + workflow_dispatch: + +permissions: + contents: read + +jobs: + periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: haskell-updates + - from: release-23.11 + into: staging-next-23.11 + - from: staging-next-23.11 + into: staging-23.11 + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). diff --git a/nixpkgs/.github/workflows/periodic-merge-6h.yml b/nixpkgs/.github/workflows/periodic-merge-6h.yml new file mode 100644 index 000000000000..61a489ad7156 --- /dev/null +++ b/nixpkgs/.github/workflows/periodic-merge-6h.yml @@ -0,0 +1,58 @@ +# This action periodically merges base branches into staging branches. +# This is done to +# * prevent conflicts or rather resolve them early +# * make all potential breakage happen on the staging branch +# * and make sure that all major rebuilds happen before the staging +# branch get’s merged back into its base branch. + +name: "Periodic Merges (6h)" + + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Merge every 6 hours + - cron: '0 */6 * * *' + workflow_dispatch: + +permissions: + contents: read + +jobs: + periodic-merge: + permissions: + contents: write # for devmasx/merge-branch to merge branches + pull-requests: write # for peter-evans/create-or-update-comment to create or update comment + if: github.repository_owner == 'NixOS' + runs-on: ubuntu-latest + strategy: + # don't fail fast, so that all pairs are tried + fail-fast: false + # certain branches need to be merged in order, like master->staging-next->staging + # and disabling parallelism ensures the order of the pairs below. + max-parallel: 1 + matrix: + pairs: + - from: master + into: staging-next + - from: staging-next + into: staging + name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} + uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 + with: + type: now + from_branch: ${{ matrix.pairs.from }} + target_branch: ${{ matrix.pairs.into }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on failure + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + if: ${{ failure() }} + with: + issue-number: 105153 + body: | + Periodic merge from `${{ matrix.pairs.from }}` into `${{ matrix.pairs.into }}` has [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}). diff --git a/nixpkgs/.github/workflows/update-terraform-providers.yml b/nixpkgs/.github/workflows/update-terraform-providers.yml new file mode 100644 index 000000000000..77486c722287 --- /dev/null +++ b/nixpkgs/.github/workflows/update-terraform-providers.yml @@ -0,0 +1,69 @@ +name: "Update terraform-providers" + +on: + #schedule: + # - cron: "0 3 * * *" + workflow_dispatch: + +permissions: + contents: read + +jobs: + tf-providers: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR + if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + nix_path: nixpkgs=channel:nixpkgs-unstable + - name: setup + id: setup + run: | + echo "title=terraform-providers: update $(date -u +"%Y-%m-%d")" >> $GITHUB_OUTPUT + - name: update terraform-providers + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config user.name "github-actions[bot]" + echo | nix-shell \ + maintainers/scripts/update.nix \ + --argstr commit true \ + --argstr keep-going true \ + --argstr max-workers 2 \ + --argstr path terraform-providers + - name: get failed updates + run: | + echo 'FAILED<<EOF' >> $GITHUB_ENV + git ls-files --others >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + # cleanup logs of failed updates so they aren't included in the PR + - name: clean repo + run: | + git clean -f + - name: create PR + uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1 + with: + body: | + Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. + + https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }} + + These providers failed to update: + ``` + ${{ env.FAILED }} + ``` + + Check that all providers build with: + ``` + @ofborg build opentofu.full + ``` + If there is more than ten commits in the PR `ofborg` won't build it automatically and you will need to use the above command. + branch: terraform-providers-update + delete-branch: false + title: ${{ steps.setup.outputs.title }} + token: ${{ secrets.GITHUB_TOKEN }} |