diff options
Diffstat (limited to 'nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md')
-rw-r--r-- | nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md b/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md index 41b3012b7d95..ccd4108ea288 100644 --- a/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md +++ b/nixpkgs/pkgs/test/nixpkgs-check-by-name/scripts/README.md @@ -1,6 +1,7 @@ # CI-related Scripts -This directory contains scripts used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). +This directory contains scripts and files used and related to the CI running the `pkgs/by-name` checks in Nixpkgs. +See also the [CI GitHub Action](../../../../.github/workflows/check-by-name.yml). ## `./run-local.sh BASE_BRANCH [REPOSITORY]` @@ -15,12 +16,23 @@ Arguments: - `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11 - `REPOSITORY`: The repository to fetch the base branch from, defaults to https://github.com/NixOS/nixpkgs.git -## `./fetch-tool.sh BASE_BRANCH OUTPUT_PATH` +## `./update-pinned-tool.sh` -Fetches the Hydra-prebuilt nixpkgs-check-by-name to use from the NixOS channel corresponding to the given base branch. +Updates the pinned CI tool in [`./pinned-tool.json`](./pinned-tool.json) to the +[latest version from the `nixos-unstable` channel](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.tests.nixpkgs-check-by-name.x86_64-linux). -This script is used both by [`./run-local.sh`](#run-local-sh-base-branch-repository) and CI. +This script needs to be called manually when the CI tooling needs to be updated. + +The `pinned-tool.json` file gets populated with both: +- The `/nix/store` path for `x86_64-linux`, such that CI doesn't have to evaluate Nixpkgs and can directly fetch it from the cache instead. +- The Nixpkgs revision, such that the `./run-local.sh` script can be used to run the checks locally on any system. + +To ensure that the tool is always pre-built for `x86_64-linux` in the `nixos-unstable` channel, +it's included in the `tested` jobset description in [`nixos/release-combined.nix`](../../../nixos/release-combined.nix). + +Why not just build the tooling right from the PRs Nixpkgs version? +- Because it allows CI to check all PRs, even if they would break the CI tooling. +- Because it makes the CI check very fast, since no Nix builds need to be done, even for mass rebuilds. +- Because it improves security, since we don't have to build potentially untrusted code from PRs. + The tool only needs a very minimal Nix evaluation at runtime, which can work with [readonly-mode](https://nixos.org/manual/nix/stable/command-ref/opt-common.html#opt-readonly-mode) and [restrict-eval](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-restrict-eval). -Arguments: -- `BASE_BRANCH`: The base branch to use, e.g. master or release-23.11 -- `OUTPUT_PATH`: The output symlink path for the tool |