movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

workflows/nixpkgs-vet: use nixpkgs-vet from pinned nixpkgs

Browse source 
We have added nixpkgs-vet as a regular package to nixpkgs a while ago,
so we can now use it from pinned nixpkgs. This avoids pulling a
platform-specific binary version from upstream.

This change also allows to run the tool easily locally, the same way as
other tools:

  nix-build ci -A nixpkgs-vet

This will do a full check of the repo with the exception of
nixpkgs-vet's "ratchet" checks: Those depend on having two branches to
compare, but the default is to only look at the head branch. Those
ratchet checks will still be run in CI, though.
This commit is contained in:
Wolfgang Walther 2025-05-24 15:01:44 +02:00
parent 6720d25429
commit 942c377476
No known key found for this signature in database
GPG key ID: B39893FA5F65CAE1
4 changed files with 35 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ci/default.nix
View file

@ -84,6 +84,7 @@ in
manual-nixos = (import ../nixos/release.nix { }).manual.${system} or null;
manual-nixpkgs = (import ../pkgs/top-level/release.nix { }).manual;
manual-nixpkgs-tests = (import ../pkgs/top-level/release.nix { }).manual.tests;
nixpkgs-vet = pkgs.callPackage ./nixpkgs-vet.nix { };
parse = pkgs.lib.recurseIntoAttrs {
latest = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.latest; };
lix = pkgs.callPackage ./parse.nix { nix = pkgs.lix; };

31
ci/nixpkgs-vet.nix Normal file
View file

@ -0,0 +1,31 @@
{
lib,
nix,
nixpkgs-vet,
runCommand,
}:
{
base ? ../.,
head ? ../.,
}:
let
filtered =
with lib.fileset;
path:
toSource {
fileset = (gitTracked path);
root = path;
};
in
runCommand "nixpkgs-vet"
{
nativeBuildInputs = [
nixpkgs-vet
];
env.NIXPKGS_VET_NIX_PACKAGE = nix;
}
''
nixpkgs-vet --base ${filtered base} ${filtered head}
touch $out
''

4
ci/nixpkgs-vet.sh
View file

@ -65,7 +65,5 @@ trace -n "Reading pinned nixpkgs-vet version from pinned-version.txt.. "
toolVersion=$(<"$tmp/merged/ci/nixpkgs-vet/pinned-version.txt")
trace -e "\e[34m$toolVersion\e[0m"
trace -n "Building tool.. "
nix-build https://github.com/NixOS/nixpkgs-vet/tarball/"$toolVersion" -o "$tmp/tool" -A build
trace "Running nixpkgs-vet.."
"$tmp/tool/bin/nixpkgs-vet" --base "$tmp/base" "$tmp/merged"
nix-build ci -A nixpkgs-vet --argstr base "$tmp/base" --argstr head "$tmp/merged"